Most recent cyberattacks have utilized stolen user credentials that allowed the attackers through their victims’ virtual front door. Getting through the front door should not be this easy, but recent IT trends make managing access increasingly complex.
As business has become more digital, the number of applications has grown, and different groups of users — for example, employees, contractors, customers and business partners — were given their own access controls, often built into individual applications. Second, the adoption of mobile and cloud computing has blurred previously distinct enterprise boundaries, resulting in separate mobile- and cloud-focused access controls.
This has left organizations with fragmented, heterogeneous access management systems and difficulty establishing uniform, intelligent security policies. In short, it has made them an easier target for potential attackers.
What You Need to Guard the Front Door
Fortunately, all is not lost. Access management technologies have evolved to address the complexity that many organizations face today. A robust, centralized access management platform must have three key characteristics.
It is not sufficient to have strong access controls that only work for one type of interaction, such as Web browsers or a single application. Users are accessing sensitive IT systems from mobile phones, tablets and smart devices, and a growing API ecosystem is making it easier for developers to create rich user experiences across platforms.
To increase security and enable centralization, an access management platform must be able to create and enforce policies in each of these settings, or attackers will quickly exploit the weak links.
2. Risk-Based Access Controls
Usernames and passwords alone provide insufficient security. Intelligently analyzing additional context about the user’s interaction to determine a level of risk and taking action accordingly can greatly improve security outcomes.
What does this look like in practice? If a user who usually logs in from one device logs in from a new device, he or she can be prompted for an additional factor of authentication. Or certain types of sensitive actions (fund transfers, for instance) might only be permitted if a user is connected directly to the corporate network and on a device in compliance with corporate security standards.
This kind of intelligence not only increases security, but also improves the end user experience because the context is evaluated transparently in the background and only disrupts the user’s activity if the risk is high.
Cloud-delivered software-as-a-service (SaaS) applications can boost productivity and reduce costs. Business partners can achieve new levels of efficiency and collaboration by granting each other’s users access to their applications. However, these relationships create a serious access management challenge as security administrators attempt to maintain synchronized and current user lists across systems. In some cases, cross-domain user administration is completely impossible.
An access management platform that includes support for federated access allows users to bring their identity with them from their organization or a social identity provider (e.g., Google, Facebook). When federation is an integral part of access management, security administrators can extend the benefits of mobile and risk-based access control to users accessing cloud applications. In addition, users can authenticate once for both enterprise-hosted and cloud applications, saving time and multiple-password frustration.
Finding a Solution
By deploying a centralized access management platform that supports mobile access, risk-based access and identity federation, organizations can untangle the web of access technologies that has evolved over time. They can confidently reestablish user access as a key security control and, in the process, enhance user experience by reducing authentication interruptions and increasing user productivity.
Strong, centralized, intelligent access management helps shut the door on attackers.
IBM has recently announced a new version of its access management platform, IBM Security Access Manager (ISAM). It helps organizations take back control of access management.