Identity and access management is a core requirement when it comes to liberating your workforce.
Businesses today are faced with a number of different issues. Requests for flexible working, demand for productivity increases and a skills shortage. Providing the flexibility for users to work wherever they are whilst remaining secure is becoming more and more important. By implementing good identity and access management, companies can be sure that the right people are gaining access to the right information when they need it.
It feels like the requirement for working flexibly is nothing new. Remote dial-in facilities have been supported on networks in one form or another since the mid-1980s. Using dial-up modems (with lots of clicking, hissing and beeping while they got started) provided upload and download speeds of 1200 bits per second (remember that a simple ADSL line today is around 4,000,000 bits per second and we think that that’s slow…).
It made it easy (but time consuming) to get patches and updates from the office (or a bulletin board site). To get in, a user had to know all of the details (phone number, ID and password) that were created by internal IT. The PC had to have the right software (again controlled by IT) and be configured correctly.
Over time the configuration became easier (with tools like Systems Center to control workstations) and LAN links allowed for more streamlined access to data. In the mid-90s VPNs became more common, allowing users a LAN-like feel to their access and with the advent of the Internet, flexible working became more straightforward.
View 'Safeguard your data and applications with conditional access controls and multi-factor authentication' and discover:
Fast forward to today and we have devices capable of connecting to the Internet at speeds of up to 300,000,000 bits per second (4G operates at up to 300Mbps) giving the users better access to the Internet than many people have at home (average BT fibre speed is 52Mbps). This means they can access their data better from a mobile device than a desktop.
At the same time, the millennial generation is working with services that are always online and respond immediately. Many want to use the same, familiar, devices that they have at home to do their work. Creating and updating shared spreadsheets and documents as part of their job, cooperatively working with other members of their team.
This creates a problem for the Internal IT team, as they can no longer proscribe the devices that are being used by the user. Instead of having a strategy of Compaq PCs running Windows, there are a number of different types of machine, running different operating systems (Windows 7, 8, 8.1, 10; Android, iOS and macOS) all with their own operating differences.
“Today, the use of an ID and password on their own may not be enough to correctly identify a user.”
The only thing really left under the control of IT is the user themselves. IT know who the user is and that they should have access. By implementing a good identity management process, they can be sure that only known employees have access to the systems and therefore the data. More specifically, they should also know which data sets and applications the user has access to. The access management here is based on the identity of the user and the day-to-day activities of their role within the business.
Today, many organisations understand that the use of an ID and password on their own may not be enough to correctly identify a user. Adding in an extra identity factor using a hardware token is something that companies like RSA have been doing for over 20 years.
Knowing when these additional verifications are needed is important. If IT understands where a user normally authenticates from (home or the office) then the second factor is probably not needed, but if access comes from somewhere else, then it should be required. The device itself can also be recognised (if not owned and managed) so a new device can require a second factor until it is registered.
The inclusion of these conditions for controlling access makes the whole system more secure. When a user comes in from a known location, on a known device, their access is granted. When they come in from an unusual location, or from an unknown device, they are asked to provide the additional authentication.
One of the issues with systems like RSA or Vasco is the reliance on a token of some kind. Rather than provide a token, Microsoft utilise a mobile phone. This doesn’t have to be a smartphone as authentication can be made via a phone call. Smartphones can enhance this function by allowing a notification through an app. These different options can avoid the traditional issues with tokens such as a ‘man-in-the-middle’ attack.
Keeping track of all these authentications through an audit trail is also vital, as it will ensure that the authentications are being managed and controlled, while allowing users to access systems correctly.
The use of both an identity management and an access management strategy provides a secure way to authenticate and authorise a user’s access to the data they need, from the relevant device, when they need it, from any supported location.
To be able to take advantage of all of the flexibility provided by new technologies and co-operative working, a good identity and access management system is essential.
Discover what else IAM can do for your users by joining our Senior Consultant, Ian Bassi, for a deep dive into the Microsoft identity stack.
Simply request a free Vision Call. We can help you with solution ideas, technology education, best practice advice and more.Request Vision Call
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.