An SC Magazine eBook Publication – Identity Access Management, by Karen Epper Hoffman, October 2015
Security executives are looking beyond basic user name and password to secure access to the enterprise, which is becoming more complicated with remote access, cloud services and personal devices.
Knowing who is on your network and able to access your information and resources is arguably the basic foundation on which good enterprise security is built. Conversely, if that foundation starts to crack, the whole enterprise security structure comes crashing down.
While identity management has come a long way in recent years, the challenge of detecting and protecting identity and authenticating users is becoming increasingly complex as informational assets are moved into the cloud and employees become more dispersed. There is little doubt that password hygiene and user awareness around security issues among user groups of all kinds is incomplete and insufficient. And, with so many ways to crack the code designed to keep them out, cyberthieves have grown adept at finding what they need to gain access without the victim recognizing the compromise.
Paul Hill, a senior consultant at SystemExperts a Sudbury, Mass.-based IT security consulting firm, says that the heart of many of these transitions is moving away from the dependence on passwords and toward using multifactor authentication through biometrics, cards, tokens or other means of identification. This often flies in the face of what is most convenient, familiar and frictionless for the user, he says, and can lead to pushback or frustration from employees who do not understand the depth of the security issues and who may be concerned about the privacy implications of biometrics.
To download and read the full report on Managing IAM, click here.