October 13, 2015 By Brian T. Mulligan 3 min read

Most recent cyberattacks have utilized stolen user credentials that allowed the attackers through their victims’ virtual front door. Getting through the front door should not be this easy, but recent IT trends make managing access increasingly complex.

As business has become more digital, the number of applications has grown, and different groups of users — for example, employees, contractors, customers and business partners — were given their own access controls, often built into individual applications. Second, the adoption of mobile and cloud computing has blurred previously distinct enterprise boundaries, resulting in separate mobile- and cloud-focused access controls.

This has left organizations with fragmented, heterogeneous access management systems and difficulty establishing uniform, intelligent security policies. In short, it has made them an easier target for potential attackers.


What You Need to Guard the Front Door

Fortunately, all is not lost. Access management technologies have evolved to address the complexity that many organizations face today. A robust, centralized access management platform must have three key characteristics.

1. Mobile

It is not sufficient to have strong access controls that only work for one type of interaction, such as Web browsers or a single application. Users are accessing sensitive IT systems from mobile phones, tablets and smart devices, and a growing API ecosystem is making it easier for developers to create rich user experiences across platforms.

To increase security and enable centralization, an access management platform must be able to create and enforce policies in each of these settings, or attackers will quickly exploit the weak links.

2. Risk-Based Access Controls

Usernames and passwords alone provide insufficient security. Intelligently analyzing additional context about the user’s interaction to determine a level of risk and taking action accordingly can greatly improve security outcomes.

What does this look like in practice? If a user who usually logs in from one device logs in from a new device, he or she can be prompted for an additional factor of authentication. Or certain types of sensitive actions (fund transfers, for instance) might only be permitted if a user is connected directly to the corporate network and on a device in compliance with corporate security standards.

This kind of intelligence not only increases security, but also improves the end user experience because the context is evaluated transparently in the background and only disrupts the user’s activity if the risk is high.

3. Federation

Cloud-delivered software-as-a-service (SaaS) applications can boost productivity and reduce costs. Business partners can achieve new levels of efficiency and collaboration by granting each other’s users access to their applications. However, these relationships create a serious access management challenge as security administrators attempt to maintain synchronized and current user lists across systems. In some cases, cross-domain user administration is completely impossible.

An access management platform that includes support for federated access allows users to bring their identity with them from their organization or a social identity provider (e.g., Google, Facebook). When federation is an integral part of access management, security administrators can extend the benefits of mobile and risk-based access control to users accessing cloud applications. In addition, users can authenticate once for both enterprise-hosted and cloud applications, saving time and multiple-password frustration.

Finding a Solution

By deploying a centralized access management platform that supports mobile access, risk-based access and identity federation, organizations can untangle the web of access technologies that has evolved over time. They can confidently reestablish user access as a key security control and, in the process, enhance user experience by reducing authentication interruptions and increasing user productivity.

Strong, centralized, intelligent access management helps shut the door on attackers.

IBM has recently announced a new version of its access management platform, IBM Security Access Manager (ISAM). It helps organizations take back control of access management.

Register for the Oct. 22 webinar to Learn more about IBM Security Access Manager

More from Identity & Access

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today