The Gartner Symposium ITxpo tends to be broad and scattered with numerous IT security and risk management solutions. Generally, at the Gartner ITxpo, participants do not naturally see the connection between identity management and information security. At this year’s
2015 ITxpo, the roadmap to security appears to be veering toward prevention. Last year, with all the highly publicized security hacks, the symposium clearly emphasized risk detection technologies as the focus.
While a holistic security model includes processes and technologies for detection, prevention and response, they often do not receive equal attention. I attribute the lack of focus on prevention to personal health. Where many people schedule annual visits to the doctor, their aim is to detect and respond to critical concerns. Yet, during the other 364 days, they may do little to prevent such issues through diet, exercise and healthy habits.
Similarly at ITxpo, the buzz relates to detection and response even though they represent investments that are proven to be costly and less reliable. This year prevention solutions clearly entered into the gamut of information technology controls security professionals seek.
Identity Management IT Security Preventative Controls
Access Management: provide access management controls that lower security costs through automated policy enforcement for self-service web access, single sign-on (SSO), and entitlement management.
Attestation Certification: reduce security threats via automated recertification access controls that support on-demand and scheduled user lifecycle and event-triggered attestations certification access reviews.
Authentication Management: offer a secure configurable framework for managing and authenticating application logins while eliminating the cost and need for developing custom access controls.
Encryption Key Rotation: enable rotation of encryption keys to prevent zero-day exploits by adding a security layer on top of the most current encryption technology.
Excessive Privileges: stop the grandfathering of access privileges through the employee lifecycle as people change jobs and roles within an enterprise by automating account terminations.
Multifactor Authentication: integrate two-factor and multifactor authentication into applications without interrupting operations through one-time password tokens, SMS, questions, smart cards, and email authentication.
Orphaned Accounts: detect and remove stale user accounts across Active Directory, LDAP, and relational database management systems outside of policies and operation controls.
Password Synchronization: avoid the high cost of federated solutions for managing business partners, consultants, and suppliers’ passwords, access and group memberships.
Policy Management: automate workflow enabled access management policies with IT audit, compliance reporting, and alerts for out of norm privileges and when policy and governance rules change.
Risk Intelligence: develop risk profiles for roles, privileges and assets to deter fraud, spoofing and phishing through transparent easy to configure and monitor controls.
Role Management: provision users, services, assignments, facility access and even groups through an online store providing better overall visibility, security controls, and asset budgeting.
Security Audits: simplify tracking and sleuthing through user access logs when security breaches and concerns arise to significantly reduce the time required to investigate security incidences.
Separation of Duties (SoD): maintain rules dictating, which applications and entitlements can be assigned to a user’s profile for governance and compliance reporting.
Single Sign-On: unify web access and enterprise access to applications; systems, software and services through an application portal or app store with automatic decommission capabilities.
Strong Passwords: enforce password strength and a strong password policy to remove weak application-level passwords, system vulnerabilities and access risks throughout an enterprise.
Subscription Management: eliminate stale cloud subscriptions by reporting access to IaaS and SaaS applications to remove unnecessary costs and risks from unauthorized access.
In the past, interest in identity management stemmed mostly from operational efficiency gained through self-service password management and by automating compliance reviews. As this year’s Gartner ITxpo shows, identity management is crucial to improving a company’s overall security posture. By preventing compromised credentials, identity management represents a critical cost effective security investment.
Get the Top 10 Identity Manager Migration Best Practices Workbook
Start your migration from legacy software with the Top 10 Identity Manager Migration Best Practices Workbook. Use this workbook to think through your information security risk before you transition to next generation identity manager software.