Risk
5/6/2010
03:32 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

7 Steps To Better Identity Management

Here's what you need to know about managing employee identities in this age of outsourcing and SaaS.

InformationWeek Green - May 10, 2010 InformationWeek Green
Download the entire May 10, 2010 issue of InformationWeek, distributed in an all-digital format as part of our Green Initiative
(Registration required.)
We will plant a tree
for each of the first 5,000 downloads.

7 Steps To Better Identity Management Managing employees' identities, passwords, and access rights has always been a challenge. And now, increased use of outsourcing and software-as-a-service offerings have further complicated things, requiring the use of federated identity management outside the corporate walls.

Setting up and managing federated IDM, which makes users' identity data portable across autonomous security domains, can be complicated and cumbersome. With distributed systems, employees around the globe, and an endless number of technologies to integrate, it's not for the faint of heart.

But if planned properly, there are significant benefits, including improved security, reduced operational overhead, lower support costs, and a better user experience. Identity management lets IT understand who users are, what applications and networks they have access to, and in most cases their job functions. It enables the complete management of an identity, versus providing an isolated view of a single account in a single system.

The key is to understand what identity management technologies are in your environment, how people interact with them, and how they all tie together. What follows are seven steps for tackling these issues and improving the control you have over your environment.

What Are You Managing?

Before you can manage user identities, step one is to know what you're managing. Your identity management approach will depend on how much you have to spend, the technologies that require identity management, and how sophisticated and comprehensive the system needs to be.

Does your company need basic user admin support, or everything from provisioning new users to single sign-on to deprovisioning of users who've left? If your company's growing, adding locations and employees, opting for SaaS applications instead of bringing more applications in-house, then you're better off with more automation of current IDM processes than spending money to bring in new solutions.

Fully automating the provisioning and deprovisioning of employees will cut back on mistakes, provide better security, and result in fewer audit issues. You can go a step further and create templates and expiration dates for employee accounts for application and network access; that will make your auditors happy.

If your company gives system access to outsourced partners, particularly third-party developers with high turnover, then automation is critical. Too often, contractors' accounts are left active long after they leave, or new contractors use the account of the person they replaced because the access provisioning process is so painful.

To read the rest of the article,
Download the May 10, 2010 issue of InformationWeek



Never Miss A Report

Become an InformationWeek Analytics subscriber: $99 per person per month, multiseat discounts available

Get All Our Reports

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0607
Published: 2014-07-24
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.

CVE-2014-1419
Published: 2014-07-24
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

CVE-2014-2360
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

CVE-2014-2361
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

CVE-2014-2362
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.