As you might have guessed, Identity and Access Management (IAM, or Identity Management for short) basically refers to the IT security discipline of managing digital identities. This includes the provisioning (and de-provisioning) of identities, securing and authenticating identities, and granting authorizations related to access and abilities – think delegating email account access, editing & reporting abilities in an online database, or access to network drives.
The overarching goal for IAM is to ensure that any given identity has access to the right resources (applications, databases, networks, etc.) and within the correct context.
Because IAM is so important to IT security, it’s important to have some policies and plans in place that will help your users handle their access responsibly and safely – the consequences of being careless can be quite damaging to your business.
With that in mind, here are six tips to help you strengthen how your business deals with Identity and Access Management:
Enforcing a Strong Password Policy is Key
This one is obvious but bears repeating – it’s time to enforce a strong password policy. The number of users who default to easily guessable passwords like “123456” or “qwerty” is still surprisingly high, and even slightly more complicated ones – like a name combined with a birthday – can be easily cracked.
Perhaps more importantly, it’s important that users are not employing the same password across multiple services; once cracked, it can have a domino effect.
By mandating (and checking up on) appropriate levels of password complexity and stressing the importance of keeping them secure, you lessen the chance of an employee access being a vulnerability. Password management tools might be worth looking into as well.
Related Blog: Best Practices for Creating and Using Passwords
Make it Easy (and Fast) to Disable Identities
If an identity *does* become compromised, the faster you can shut it down, the better. This is not the time when you want to be scrambling to revoke access. Ideally, you’ll be able to lock down everything associated with the compromised account from one place.
If you don’t know where to go, or are trying to do this through multiple admin portals, you’re giving a potential cyberattacker more time to do damage and increasing the risk that you might miss something.
Give Only Appropriate Permissions
When you need something done *now*, it can be easy just to bump up someone’s access level to higher than required as a ‘blanket solution’ that ensures they’ll be able to access what they need – even when it gives them access to things they don’t.
While the threat of internal maliciousness may be low, consider what could happen if the account was compromised by someone who was intent on doing damage. Limiting access permissions to only what is necessary is just good practice.
Know How to Audit Identity Activities
Auditing your corporate accounts can be the fastest way to identify and address a data breach – unusual activities, log-in IPs or other red flags will often clue you in to which one of the accounts has been compromised.
Aside from monitoring network activities, certain enterprise applications, such as Office 365, have built-in investigation and audit log search tools that can record user and admin activities, including user activity in SharePoint Online and OneDrive for Business, Exchange Online, and more.
Make Use of Multi-factor Authorization
This solution may seem a little low-tech, but it can be effective. Multi-factor authentication is basically a double-check anytime an attempt is made to log into an account.
The most common method is when an SMS code is sent to the registered user’s mobile phone, meaning they have to have the device on them, and enter the one-time code within a specified time period to actually log in.
So even if someone steals an account password, they would have to also have access to the connected phone number and a way to retrieve incoming SMS messages to actually log-in. This can provide an extra layer of security and peace-of-mind.
Ensure you Have an Employee-Friendly Identity and Access Management Solution
“Do as we say, not as we do.” Setting up policies and rules, but not providing your employees with the support or tools to work with them leads to workarounds and shortcuts – and this applies not only to users, but to your IT administrators as well.
What kind of workarounds? Well, if your help desk is overwhelmed and can’t provide timely password resets, you might find employees reverting to simple or shared passwords, maybe displayed prominently on sticky notes. If your document management system is labyrinthine and slow, users may start using insecure cloud services tied to personal accounts. Harried sysadmins may start granting global permissions rather than role-specific ones.
Effective IAM isn’t just about IT security, but about productivity and efficiency. And if your organization is finding that IT is holding your team back, it’s time to find and develop solutions. For example, would a self-service password reset tool get employees back to work quicker?
At Discovernet, our goal is to make your daily operations more focused and effective – and we achieve this by streamlining your systems and processes to make them more responsive and efficient, eliminating unseen security risks, and implementing proven solutions to help increase employee productivity.
And as you know know, Identity and Access Management plays a large role in all of the above. If you would like to learn more about this, or other managed IT solutions for your business, we are here to help!