It may be the most fundamental of all existential questions: Who am I?

In the physical world, the answer varies given the multiple roles we play in our family, professional and social lives. In the digital world, we often create our own digital identity and shape it with the choices we make online.

And that’s a big cybersecurity problem. Identity and access management (IAM) isn’t just an element of security; it’s at the very core of it. The goal of any security solution is to empower defenders and keep attackers out — or at least to detect threats and limit their impact. Doing so first requires knowing who’s online.

Connecting the Real World to the Digital World

As the well-known speaker Jacoba Sieders noted, identity is “deep, broad and large.” Identity has as many facets as a diamond and appears different depending on the angle you view it from. In many ways, it’s more art than science.

To connect the real world to the digital world, we can create digital identity models. These logical models represent a person with different attributes, characteristics and goals. Subsets of these can be related to different contexts — for example, buying goods at a company, working for an enterprise, etc. — and are often referred to as personae.

The persona in an IT environment would incorporate attributes assigned to that entity, such as name, organizational unit and unique identifier, to reliably connect the digital identity with the real-world identity. This persona would also include assigned entitlements, user accounts, and access rights, such as Active Directory group memberships, SAP roles and Lightweight Directory Access Protocol (LDAP) groups.

Reuse Your Digital Identity Models

In the digital world, who you are determines what you can do, where you can go and how much freedom you have to access functions in the enterprise; it’s the security equivalent of “Halt! Who goes there?”

Not only are digital identity models useful, they are also reusable. When you craft a model, you create processes and procedures around a persona. Is this user a joiner, mover or leaver in the organization? Is he or she changing positions? Relevant technical support can then be built around processes such as provisioning, authentication and authorization.

Rinse and repeat for other entities, such as servers, applications, smart meters and other internet of things (IoT) devices. Even if you have to adapt some technology, the model should still stand, and you’ll end up with better identity management.

Identity Is at the Heart of Cybersecurity

Last year, I attended the KuppingerCole European Identity and Cloud Conference where I met Pamela Dingle, one of the founders of the Women in Identity group. With growing support for women in the cybersecurity industry, I was curious why there was a need for a special group centered around identity. The conversations I had solidified in my mind that everything in security is related to identity.

These wise women are not operating in a silo, but instead are sharing ideas and experiences that get to the heart of cybersecurity. In addition to Pamela and Jacoba, I’d like to thank Barbara Mandl, Vivian Haag and Kim Cameron — author of “The Laws of Identity” — for sharing their expertise.

As the Charter of Trust expands and more major companies sign on to protect our digital world, it’s important to remember that identity and access management is critical to the foundation.

More from Identity & Access

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…