How secure is your identity management solution?

0
267

Identity management is an important element of both data security and physical security in an organisation. But all ID management solutions are not the same—especially when it comes to security.There are no uniform security standards for the industry, and many off-the-shelf systems fall short when it comes to data protection. To protect people, property, and data, make sure you select a system that maximises security at every stage.

Identity management—also known as ID Management (IdM) or Identity and Access Management (AIM)—is a framework for managing digital identities and controlling who has access to what. It includes both policies laying out what types of access different people should have and technologies for enabling and enforcing those access controls. An identity management system makes it easy for IT to define access levels for individuals or groups within the organisation.

These systems enable companies to increase security and productivity while reducing the costs and labour associated with security efforts. At the lowest level, identity management involves defining what a user is allowed to do on a network, with what devices, and under what circumstances. Each user is assigned a unique identity within the system with specific user rights and restrictions.

For example, what files, business systems, and programs is the user allowed to access? What are they allowed to do within a specific business system? What physical locations and resources are they allowed to access, and at what times? Access rights and restrictions may be role-based or individualised. An IdM system may provide the backend for a Single Sign-on (SSO) system that controls access to everything on the network with one user identification key.

Many security products focus on mobile device management (MDM) systems that control access of devices to the corporate network. As more workers shift to remote and hybrid models, managing what devices are authorised to connect to the network, how users are authenticated when they log on to the device, the activities that can be performed by these devices while on the network, and the data and applications they have access to while offline is essential.

In an IdM solution, the user administration system that provisions the roles and rights within the system is linked to an access system that verifies the identity of the user. Ultimately, the ID management system is only as secure as the access system it connects to.

Access systems include input screens for passwords or PINs, biometric input systems (such as fingerprint or facial recognition), or readers that connect to identification media (such as an ID badge or smartphone) via Radio-Frequency Identification (RFID), Bluetooth® Low Energy (BLE), or Near-Field Communication (NFC). Some systems may require multifactor identification. RFID and smartphone-enabled BLE and NFC access systems are highly popular for their combination of security, reliability, user convenience, and ease of administration. While there are many access systems available, there are no uniform standards for security—and many standard systems are not very secure.

When evaluating security for an IdM and access system, there are two important aspects to consider.
Data storage: How is data stored in the IdM system and on the local reader or input device? Are user identities, rights, and activity logs stored in an unencrypted table on a single server or device? Is a blockchain system used for data storage? Or something in between?
Data transmission: How is data transmitted between the access system and the user administration system? Is data transmitted in encrypted form? Is the Advanced Encryption Standard (AES) used?

Security starts with the creation of the user ID and identification medium. To protect business data and systems, organisations should look for an IdM solution that uses industry best practices for encrypted data storage and transmission. If using ID badges—as a majority of organisations still do—they also need to consider how and where those badges are produced.

For example, our partner evolutionID offers a secure ID-Management system with extended security functions. In-house badge production enhances security by eliminating the need to send sensitive, personalised data to a third-party badge printer. It also streamlines the badge production process, so employees can get their badges right away without waiting.
With the creation of the identification medium, individual security features such as biometric properties, user ID, and permissions can be programmed directly onto the transponder card using an RFID reader or distributed to relevant systems by interfaces. This system maximises security and gives organisations the tools they need to customise their security concept for their needs. On top, cost-saving self-service features such as image acquisition or badge management are available for every employee on any device.