Advertisment

How Secure is your Identity?

author-image
PCQ Bureau
New Update

Today we talk of 'collaboration' a lot. And if we look at it in context

of IT, the biggest challenge confronting us is managing the digital presence of

every user across all organizations and business units. Today an enterprise user

faces multiple computer interfaces to fulfill his job. It can be his mail

account, bank account password, corporate intranet, a B2B or B2C site, or even

his workstation. And everywhere he has to be authenticated. Due to this trend of

multiple authentications, it becomes quite natural for an enterprise user to

become careless about the whole process. This leads to mismanagement of online

identity or identity theft. While it might sound harmless, it can lead to

drastic results. For example, say, in your organization you have given access to

mobile users to log in to your corporate network from anywhere in the world.

Now, you cannot keep a check on who is logging on to the network by any physical

means. In case this ID gets hacked, your whole enterprise network can get

compromised. Here, you might ask how is this possible and what is the role of

Identity Management (IDM) in preventing such a scenario. Let's suppose that your

organization doesn't have any kind of Identity Management implementation and

users are free to choose any password they want, for accessing any resources.

So, the users will naturally be inclined to use the same or very easy to

remember (and guess) passwords across all the resources. So you might have

secured your critical resources with state of the art firewalls, IPS, anti

viruses, encryption, etc. But this weakest link could very well be misused by a

hacker. If a user has used the same password across, the hacker could attack the

easiest resource to acquire it. For instance, most e-mail clients and servers

communicate in plain text and a hacker could easily intercept and capture it.

Advertisment

Identity theft is becoming the fastest growing crime in the world. With

increased presence of ordinary citizens on the Internet and access to crucial

resources such as online banking, transactions and purchases, simple passwords

no more provide adequate protection. Whosoever is accessing your systems, be it

employees on your LAN or Wi-Fi network, partners on your extranet, or customers

on your e-commerce sites, they need to have a reliable means of authentication.

Stronger forms, such as USB tokens or smart cards, may be required to ensure the

identity of users nowadays.

Challenges for enterprise



The key challenge for an enterprise is to maintain a common and managed dentity
for two different types of user groups- namely, insiders and outsiders.

Insiders are the internal employees of an organization, while externals are the

customers or partners of an enterprise.

Advertisment

Out of the two, insiders are the ones who are generally hooked inside the

corporate network and spend most of their working hours engaged with the

enterprise. They typically access multiple internal systems of the enterprise

and their identity profiles are relatively detailed. Outsiders on the other hand

are those who access only a few systems of the enterprise such as CRM and

e-Commerce, and access these systems occasionally. Identity profiles about

outsiders are less detailed and less accurate than those of insiders.

At Crest we use 'multiple applications' with 'multiple users' having 'roaming profiles,' by deploying Identity Management SSO (Single Sign on).It helps us to integrate applications and users to increase efficiency of production. IDM also helps our organization to analyze resources utilized on various projects, for better 'project management planning' and 'cost calculation' amongst various departments suchas HR, Finance and Production. 
P

Krishna Prasad, Head IT, Crest Animation Studio

Now, as both types of users are of different nature, the technology used to

manage them is also different. Let us now see some key trends and solutions that

an enterprise can use to manage users.

Advertisment

Trends and solutions



To achieve Identity Management, a host of technologies are brought together to
meet business and technical needs. Identity Management has its own life cycle,

which includes user provisioning (activation and deactivation of employee

accounts), and account management. Other tasks of IDM are password management

and access management, and allocation according to identity. As employees change

position or address and other work/personal information, multiple systems need

to be updated in multiple places. Identity management solutions offer the

ability to self-serve this and synchronize and automate these tasks.

Now the biggest drawback with vendors in this space today is that most of

them provide incomplete products. For example, you have different products to

achieve different functionalities of Identity Management. Single Sign On (SSO),

which is a key component of IDM, can be achieved by proper implementation of any

Directory Service such as MS-ADS (Microsoft's Active Directory Service). Now

if you talk about key or hardware based Identity management solutions, you have

RSA in place. So, today the key trend which we can see is the integration of the

ID and access management suite of all major technology vendors such as BMC

Software, IBM, CA, RSA, Microsoft, etc to achieve a full fledged IDM system.



The other trend that we see is the integration of access and management
technologies with other technologies such as Help Desk, Service Management,

Configuration Management and Monitoring, eventually leading to Business Services

Management.

Our organization deals with IT and ITES (BPOs

and call centers). Most of our customers implement their global

development centers from our premises. In addition to iGATE specific

security implementation, these customers want to implement their own

security solutions for projects and processes.

Due to this, handling and deploying security processes (which include

access rights permission) to folders and applications, has become

cumbersome. iGATE operates on heterogeneous systems due to its client

requirements.



Managing user accounts and associated passwords on a heterogeneous system
is a cumbersome and difficult process. Due to above challenges, iGATE is

evaluating various IDM solutions.

Shiva M,

Vice President, Global IT Infra Support and Purchases, iGATE
Advertisment

Types of IDMs



Following are a few types of Identity Management solutions that are available.

Single Sign-on: This is a mechanism with which a single action of

authentication can grant a user access to all his system and network resources

where he has access permissions. While doing this, you don't even need to

enter multiple passwords and face multiple authentication interfaces. SSO or

Single Sign-on reduces human error by reducing the number of authentications

required. Some examples of Single Sign-on are Microsoft Passport and Kerberos.

Two Factor Sign in: This is a mechanism with which a user gets an

additional layer of protection with a hardware token or card based

authentication, coupled with a standard PIN or password. In such a scenario, at

the first stage a user has to authenticate himself by either swapping an RF or

Magnetic card or by providing a random number generated by a hardware device

(called a token) to the system. In the second stage, the user has to provide a

standard PIN or password to gain the full authentication.

Advertisment

Policy based automated provisioning: It's a system for creating and

managing multiple instances of a service within a shared IT infrastructure. The

network administrator maintains a set of computing resources that can be

allocated to different services and then to users based on policies. The users

can then request to access services of a particular type, and instances of these

services are then provisioned to meet their requirements.

Role based access control: There are roles for different job related

functions. And then permission is allotted according to the type of roles. Now,

instead of assigning direct policies to a certain user or group, they are

assigned roles. And through those role assignments, the users get the required



permissions to perform any particular task in the network. As users/groups are
not assigned policies directly but have acquired the policies through roles,

management of individual user/group rights becomes very easy. All you have to do

in this case is to allocate proper role to a given user.



This simplifies the task of editing a user, changing user policies or even
adding new users. This feature can be achieved by using any LDAP server.

Microsoft is a vendor in this space.

Conclusion



Because of the huge threat posed by identity theft and requirements of MNCs, who
come to India for offshoring, it has become very important for Indian IT and

ITES companies to deploy Identity Management for their users and customers. This

market is buzzing around with new technologies and players. So do your proper

homework properly before selecting the right solution for your enterprise.

Useful Links
RSA: http://www.rsasecurity.com/node.asp?id=1191





Microsoft: http://tinyurl.com/z98dr




Sun: http://www.sun.com/software/products/identity/index.jsp




BMC Software: http://www.bmc.com/corporate/nr2005/032305_1.html




CA: http://www3.ca.com/Press/PressRelease.aspx?CID=82552


Advertisment