The term "identity management" broadly refers to a set of policies, processes, and technologies used for controlling user access to critical information within an organization. Policies define how user identities must be managed including identification, authentication and assignment of authorized access privileges. The processes ensure policies are followed on a consistent basis regardless of who implements the policies. And, identity management systems provide business managers the necessary tools for streamlining the establishment of user roles and access privileges as well as automating many of the services including account reset and monitoring.
Although identity management principles apply to digital and non-digital identities, the majority of policies, processes and controls apply to digital identities as most data reside within systems, and most transactions occur over the Internet. In addition, most users own multiple devices some of which are used for business and personal reasons. Therefore, identity management tools are used to define roles within systems based on business requirements, which are then assigned the appropriate access to resources and information based on their roles. Many regulations are increasingly focused on user identification, tracking and reporting which has made the identity management function an integral part of information security and in some cases, an independent function within the IT organization which interacts with other business groups such as information security, privacy and the rest of the information technology group.
In addition to meeting business and regulatory requirements, identity management systems are designed to make the entire identity lifecycle management more efficient by offering self service features to users and enabling single sign-on across the enterprise to make access provisioning for multiple systems seamless.
There are many other factors contributing to the growing need for identity management technologies (and professionals). First, the number of devices and their users are growing. These devices are increasingly interconnected and must communicate with one another in order to authenticate the machines and users for requesting services and completing transactions.
Managing access for dispersed and diverse users such as employees, customers, and business partners to systems whether hosted internally or externally is another challenge as users require quick access while businesses and regulators need to identify users, and authorize the appropriate access consistent with rapidly changing user roles and responsibilities. In fast paced organizations with a high user turnover rate, identity and access management is even more challenging and important to reduce fraud and secure data.
Lastly, decentralized and unstructured nature of many directory services has led to an inefficient and sometimes unmanageable user access provisioning, auditing, and reporting, exposing organizations to significant security, reputation, and regulatory compliance risks. Centralizing distributed directories is critical for efficient management of user identities, and, compliance with related regulations, although it centralization is not without risks.
There are many components within an identity management system which facilitate various tasks such as authentication, access provisioning, policy enforcement, reporting and monitoring, and identity repository or directory management services.
In order to address various identity management risks and challenges some of which are described above, organizations are increasingly considering technology solutions to enable centralized and automated user access management.
Identity management is a collection of technology components and processes. One of the major components of an identity management architecture is a directory service or repository of the identity information such as user name, department, email, and access rights. The service interacts with other components to authenticate users and manage access to authorized functions and records. Distributed directory services are commonly used, however, the ultimate goal is to centralize and integrate identity management as much as possible to improve the identity management process and efficiency.
Although the rewards of implementing an identity management solution are immense, such initiatives are often very challenging and require the expertise of identity management experts to create and manage teams, gather the requirements, design the system, develop project plans, and oversee the successful implementation and deployment of the system.
Implementing an identity management technology solution is a challenging task. There are many business requirements, users, and systems which must be considered to be managed in a cohesive manner.
A successful implementation requires a tremendous amount of planning to design and approve the architecture before selecting and implementing a system. The business and IT objectives must be set up-front, and, stakeholders must be identified and engaged before even the project starts.
Identity management centralization from a process and technology standpoint has been broadly accepted as the most efficient method for managing user identities, however, from a hacker’s perspective, centralization also pays off immensely when unauthorized access is obtained to a central repository of thousands of user roles, information, and access rights.
Watch a Video