As the global digital economy grows, the number of digital identities rises, and so does the need to protect and manage how personal information is collected, used and distributed. Managing digital identities is key in the online world and finding the proper way to authenticate legitimate users is one of the greatest challenges. When digital identities are not secured or distributed properly, information can be exposed and used for illicit purposes such as identity theft.
The Power of Identity Management
A stolen identity is a powerful tool in today’s world. It can be used to facilitate a coordinated insider attack, sold on the Deep Web, and used for credit card fraud, mail theft and other criminal acts. Incidents such as these can result in financial loss, reputational damage and erosion of customer trust for any businesses involved.
Digital business is a dynamic environment. Technologies are changing swiftly, and organizations have new ways of working. As employees become more mobile, the bring-your-own-identity trend grows, as does the need to make enterprise services accessible remotely. Information security leaders must tailor their enterprise mobility and risk management strategies to the needs and goals of the business.
All this mobility generates problems related to multiple identities, many of which can be solved using distributed identities. This implies the secure exchange of identity information across one or multiple trusted domains, providing users the ability to use one set of login credentials to access multiple applications.
A Risk-Based Approach
The concept of security combines both people and assets. Security of people is very important, because with proper training and rehearsals of events, employees will know how to prevent physical unauthorized access, avert danger or disaster, react quickly and respond as a team. Safety of assets implies physical security mechanisms such as locks, fences, surveillance, lighting, etc. Both aspects play important roles in IT security.
Business data is now distributed through different dynamic environments, detached from the traditional enterprise. Managing risk is a crucial part of securing business data and driving desired outcomes. A risk-based approach will ensure that flexible and responsive security solutions are adopted to meet business needs. A risk-adjusted value management model can also integrate IT risk into corporate performance. As a result, the risk is addressed and business value is added.
Embracing Federated Identity Management
The concept of federated identity management is based on the creation of globally interoperable online business identities that incorporate various applications and system identities. It is more effective and efficient to use single sign-on (SSO) because a single user can have many accounts, passwords and usernames across dozens of systems.
Federated identity management also indirectly aims to improve the cost efficiency of a system because it removes the need for many administrative roles. This approach eliminates the need to create and manage multiple accounts, passwords and users from other systems, thus undermining cybercriminal efforts.
For example, the infrastructure of IBM Tivoli Federated Identity Manager enables identity propagation through SSO capabilities. Identities can be federated through multiple security infrastructures.
With a wide range of supported open standards and cryptographic protocols, Tivoli Federated Identity Manager provides security customization and web service protection. Authentication information is managed through open standards-based identity and a built-in security token service (STS). This facilitates identity mediation, which enables the managing, mapping and propagating of identities. The module expands on the capabilities of the core federation solution for SSO, and identity mediation for enterprise applications and software-as-a-service (SaaS).
The advanced access control module has risk-based access capabilities that calculate risk and protect information flow. Risk-based access tools enhance the security of authentication and authorization mechanisms, estimate the risk and calculate the risk score. This results in new policy rules to determine whether a user’s request to access information should be permitted, denied or challenged.
Connecting the Business Ecosystem
As the digital era expands, cybercriminal tactics will evolve. Threats such as ransomware, distributed denial-of-service (DDoS) and Internet of Things (IoT) botnets will increase in scope and volume.
Today, more than ever, the business ecosystem needs to be carefully designed and connected. Federated SSO extends the availability and accessibility of applications to business partners, customers and consumers. As a result, resources are better protected and easily accessible, and the system integration cost is reduced.
Watch the video to learn more about Identity Federation and how to achieve it
Security Specialist, OmnitechIT
Technical Sales and Solutions Leader in Europe, IBM Security
Professor, Singidunum University