„Identity is the How, not the Why“ – Allan Foster, KuppingerCole
Digital identity and its management is not why IAM exists. It is a means to an end and the end is access control.
It’s about ensuring that the right user has the right access to the right resources and vice versa, that all the wrong users are denied access.
There are a few things to keep in mind when doing this:
Security of authentication procedures
Costs and benefits
User-friendliness is our top priority. This is based on years of experience. If the system is too cumbersome, too complicated or otherwise not user-friendly, it will fail. No matter how good it may be technically.
The key factors of user-friendliness:
Single Sign On: I log in once and after that I’m in everywhere.
Convenient authentication methods: Cumbersome password policies destroy any user experience in seconds. Yet there are so many alternatives to passwords.
Easy self-service: It’s just as destructive if I can’t log in and get help. Can I help myself within seconds if I have an authentication problem?
Human risk factor
The biggest risk factor is the human being. He uses insecure passwords, writes them down in insecure places, uses the same password everywhere, etc.
Studies show various numbers on how many hacks, breaches, and data incidents involve stolen or carelessly used user credentials, but virtually none go below the two-thirds figure. Most are talking more like 90% or more.
The point is: breaking into a system without credentials is really difficult. It is much more promising to get passwords by phishing or other methods. Preferably, of course, from the administrator with root rights. That’s why there is a separate sector within IAM called Privileged Account Management (PAM), which only deals with admin accounts and other high-risk accesses.
The most important solutions from the Access Management portfolio:
|Advanced Authentication||Extremely flexible authentication solution for all requirements. Overcomes the limitations of username and password, protects data and applications, and makes users’ lives easier with a variety of alternative authentication methods.||https://www.microfocus.com/en-us/cyberres/identity-access-management/advanced-authentication|
|Access Manager||The SSO solution for all web applications, whether internal or in the cloud: a simple, single sign-on for all your users, whether they are internal, external, mobile or remote. Works great in combination with Advanced Authentication.||https://www.microfocus.com/en-us/cyberres/identity-access-management/access-manager|
|SecureLogin||The desktop SSO solution for Windows, Citrix, VMware VDI, etc. With SecureLogin almost all applications can be addressed and easily integrated using the integration wizard. SecureLogin also works without a network connection.||https://www.microfocus.com/de-de/products/netiq-securelogin/overview|
|Privileged Access Management||Identity lifecycle management of privileged users and centralized credential management for least privilege through risk assessment, monitoring, and activity logging.||https://www.microfocus.com/en-us/cyberres/identity-access-management/privilege-management|
Quick Win: Advanced Authentication
A real quick win for security and usability is the use of advanced authentication.
On the one hand, this involves implementing additional factors that a user must pass through in order to log in (multi-factor authentication, MFA). The type and quantity of these factors can be variably controlled based on the risk.
On the other hand, it is also about alternatives to the password. Unfortunately, the password is one of the most insecure authentication methods available. To make it more secure, inconvenient policies are imposed on users such as the use of special characters, changing the password regularly, etc. This is extremely detrimental to user experience.
Die Alternative sind Dinge, die man hat oder ist:
Password, PIN, security questions, etc.
Smartphone, Smartcard, physical token Token, key, etc.
Fingerprint, Iris-Scan, voice, etc.
Through an app, for example, a very secure and convenient multi-factor chain can be built. First, the user enters his user name, then he receives a push in his app, and confirms it via fingerprint on his smartphone. Secure and without a password!
Advanced Authentication from OpenText combines remote authentication and desktop authentication in one solution. The comprehensive support of devices, methods, and standards means not only an extremely broad selection of authentication methods and platforms but also the flexibility to adapt to the specific needs of any industry and company size. In this, the solution is unmatched in the market to date.
- Over 30 authentication methods, number increasing
- All methods can be combined in any way (chains)
- Extensive integration options through support of all important standards
- Integrates Active Directory / eDirectory / all LDAP-enabled directories
- Integrates Radius, Mac, Windows, Linux, API’s etc.
- Can be scaled up and down to any environment size
- Multi-tenant and for highly available across any location.
In short, a single framework for all authentication needs.
We are happy to support you.
Take advantage of our years of experience! Our experts will advise you independently and individually, we will suggest the appropriate hardware and software, and you will receive comprehensive support during the project as well as afterwards. If you wish, we can even take over the complete operation for you.
Can we help you today with a non-binding consultation?