How to avoid flaws in identity management

Security threats are increasingly becoming focused on where an enterprise keeps its critical data: the servers, databases, directories and in other technologies. If these are accessed by unauthorised users, the risk of a business critical data breach, revenue loss, and compliance fines could emerge.

With the best of intentions, a simple mistake within a directory-based application among which the above technologies are acting as 'managed resources' can knock out access for many people, and for some organisations, can cost substantial amounts of money.

A significant challenge faced by organisations today is related to the implementation of intelligent and integrated management of user activity and their access to appropriate systems. Time, money, and effort are invested in collecting security trends about what is happening. However, problems continue to occur because getting a long list of 'what' does not contribute much to addressing the issue unless it is paired with the 'whom' and the 'when'.

Correlation of identity, event, and data provides the most direct route to identifying threats before significant damage is done, but subtracting any one of those reduces the significance of security information so much that the value is doubted.

Distributed environments and complex data centres are already hard enough to manage. If you add an army of power users within an organisation that needs appropriate access to all this technology, it's imperative that an identity management solution is implemented effectively and promptly. IT managers need a secure and cost-effective approach to identity and access management by:

• centralising and automating administration;
• eliminating the complexity of managing multiple identities;
• enforcing controls necessary to achieve compliance;
• capturing and securely storing audit events; and
• easily producing meaningful reports.

However, there are three major flaws or stumbling blocks to proper implementation of such solutions.

Flaw 1: Employee de-provisioning

It has been an ongoing problem for organisations to properly de-provision a user who has left the company. Too often, accounts are still active, or some kind of accessibility to enter the corporate network from an external location is still possible. This gives an opportunity to take information or - if the person is so inclined - leave corruptive malware behind.

There is a need for organisations to tighten their security measures and workflows for de-provisioning to eliminate former employees' accessibility.

Integration with the human resources databases to ensure faster response on the elimination of accessibility is the key. Also, organisations must watch shared accounts and be prepared to raise the level of activity monitoring if needed.

Finally, automated workflows would be the safest approach to ensure all accounts are dealt with and fully documented so they can always be referenced.

Flaw 2: Lack of a centralised identity management solution

Organisations should consolidate and centralise the access controls with one directory service. From here, the access can be extended to other systems and applications to encourage consistent security and configuration policies. Driving down the management headache should also drive down the management cost. 

Risking having multiple accounts to manage on various systems gives way for a lack of synchronisation and upkeep, as well as multiple points of a breach that can be hard to track if there are many diverse systems. It's easy to stay under the radar when not everything is accessible from a central location and a generic system that isn't centrally managed may be the back door that allows for unauthorised access.

Flaw 3:  No secure privilege delegation

As we delve deeper into IT security and privilege in the data centre, we must understand how the definition of privilege is evolving. The excessive privileged and access control rights for users have critical financial impact on organisations with regard to the risk of a data breach, revenue loss and compliance fines.

To reduce the chances of unwanted solicitation of data by outsiders, it is recommended that organisations implement tighter control by reducing the number of administrators. It eliminates the risk of accidents by managing tightly who can do what, improve auditing, streamlining and simplifying compliance.

Managing the identity and integrating identity into an organisation helps protect assets and reduces the impact of a breach. Risks can be properly mitigated, compliance penalties may be avoided, and in general, the overall access to critical information is under tighter control.

David Bell is a senior solutions specialist at NetIQ.