Identity Management
What is Identity Management?
Identity management is a method of verifying the identities of network entities and the level of access for enterprise network resources. It helps keep IT systems, networks, and data secure.
What is the goal of identity management?
The main goal of identity management (also referred to as ID Management or IdM) is to ensure that only authenticated users, whether individuals or devices, are granted access to the specific applications, components, and systems for which they are authorized. Because IT security is closely associated with access control, identity management serves as a critical component of overall IT security.
How does identity management work?
A key function of identity management is to assign a digital identity to each network entity. Once that digital identity has been established, an identity management system enables those identities to be maintained, modified, and monitored throughout each user’s or device’s access lifecycle.
What are the benefits of identity management?
Tracking identity information for the many entities using an enterprise network is a challenge without a proper system in place. The knowledge that only certain entities can access specific applications and data enhances both security and operations within an organization. Identity management provides a first line of protection against cyber threats, whether from inside or outside the enterprise firewall.
Identity management systems enable administrators to automate many user account–related tasks, including onboarding new employees and adding new devices to the network, granting them access to the appropriate systems and applications based on their role. This accelerates time to value for new users who need access to enterprise resources, often speeding this process from days to just minutes.
Employees often cannot remember and maintain multiple secure passwords to access the resources they need to get their jobs done. By streamlining communication processes and access control, identity management not only improves IT security, it improves the user experience as well. Identity management systems make it possible for employees to securely and conveniently access the apps and data they need to do their work no matter where they are, enabling them to be more productive.
What are the differences between identity management and access management?
The terms identity management and access management are often used interchangeably or in combination. But a distinction does exist between the two concepts.
Identity management focuses on managing the attributes related to the user, group of users, devices, or other network entities that require access to resources. It also serves to protect identities through a variety of digital identity technologies, such as passwords, multi-factor authentication (MFA), single sign-on (SSO), biometrics, and more. This is usually achieved by adopting identity management software applications and platforms.
Tracking and managing the changes to the attributes that define an identity in an organization’s network is a critical function of identity management. Such changes can generally only be made by a select few individuals in the organization, such as network administrators, application owners, or human resources personnel.
In contrast, access management focuses on evaluating user or device attributes based on an organization’s existing policies and governance, then determining whether that network entity should be granted access to specific resources based on those attributes. Access rights decisions are simply a yes or no decision.
Just because a network entity is authorized to be on the enterprise network does not mean it can automatically access every application or data set within the network. User access to specific resources is granted based on the identity’s attributes, such as what role it has, its level in the organization, or which groups it belongs to.
What are the main concepts of identity management?
Identity management involves three main concepts: identification, authorization, and authentication.
Identification
Identification is the ability to uniquely identify a user, device, or application within the enterprise network based on its attributes. Some examples include user names, process IDs, email addresses, and employee numbers. Security systems use this identity when determining if a subject can access an object.
Authentication
Authentication is the process of verifying the identity claimed by a network entity based on its credentials. Three factors can be used for verification:
1. Knowledge factor, based on something the user knows such as a password or PIN
2. Ownership factor, based on an item the user has such as an identity card, smart card, or security token
3. Inherence factor, based on a user attribute such as fingerprints or other biometrics
Authorization
Authorization is the process of granting access to network resources for a specific entity or type of user identity in a manner consistent with the enterprise’s policies and governance. For example, granting a user permission to edit a shared file on a network involves authorization. In short, authentication establishes who a user is and authorization establishes what that user can do. To maintain a secure network environment, authentication must take place before authorization.
How can HPE help with identity management?
As organizations use more Software-as-a-Service (SaaS) applications, embrace multi-cloud environments, support increasingly distributed workforces, and connect more Internet of Things (IoT) devices to their networks, identity management is becoming a more complex endeavor. Different components of the network ecosystem may lack support for open, flexible identity and access control standards. In today’s hybrid environment, enterprises need a modern, integrated identity management system that spans edge to cloud and provides a common control plane to manage identities, credentials, devices, and apps, as well as access to them.
Project Cosigno, based on the open source SPIFFE and SPIRE projects, provides a service identity fabric and helps establish a standards-based service authentication layer to support a zero trust security model in a hybrid environment. Part of the HPE Ezmeral software ecosystem, it enables organizations to deploy standard, cryptographic service identities across heterogeneous platforms including cloud, containers, and on-premises infrastructure.
HPE Pointnext Services can help you architect and build a tailored, future-proof identity management platform for your hybrid IT operation, empowering employees and enhancing productivity. Working closely with your team and our solution partners, we can take you every step of the way, from an initial assessment of your existing environment to roadmap development and solution implementation.