Four Questions to Ask Your Identity and Access Management Vendor
Strong identity and access management (IAM) is vital to securing your business against cyber attacks, thwarting social engineering attempts and stopping hackers from stealing credentials. You need a solution that provides robust authentication and authorization, balanced with ease of use, to secure your sensitive data and systems.
With so many IAM solutions on the market, how do you choose the right one for your business?
Start by asking your IAM vendor these four questions:
1. Does the IAM solution provide true protection across all technology environments?
The modern enterprise uses multiple technology environments — from entire IT ecosystems that exist in a local data center, a public or private cloud, or a hybrid combination of any of these systems; to the parts of that environment like development, testing, staging and live. A strong IAM solution should work flawlessly across any environment, wherever it is located.
By determining the patterns of how your security teams set policies, how your users interact with the system, and the methods of deploying and maintaining your IAM solution; you can implement an IAM solution that is as “environmentally agnostic” as possible. Thus eliminating the need to retrain staff and deal with hundreds of configurations for every different aspect of your technology.
2. Can the IAM solution offer different authentication approaches tailored to various criteria?
There are many ways that users can authenticate themselves — from weak single-factor passwords to stronger approaches like two-factor and multi-factor authentication. Be sure that your IAM vendor provides multiple authentication options out of the box, so your security team can set granular authentication requirements based on criteria including:
- The role of the employee accessing the system
- The context of the user (location, time, device, etc.)
- The systems they are accessing
- The sensitivity of the information
- Principles of least privilege
This will help to balance the need for strong authorization with simplicity and speed.
3. Does the IAM solution support single sign-on and adaptive authentication?
One of the most effective ways to reduce employee frustration with authentication, while still providing strong protection, is to combine single sign-on (SSO) and adaptive authentication. SSO authenticates a user once, then provides secure access to other systems within that same user session. This typically means that users only need to log in once at the beginning of their day and that they will be granted access to other systems until they log out.
Adaptive authentication allows your security team to customize policies to require additional authentication based on various factors. When necessary, adaptive authentication uses algorithms to determine if a person is a legitimate user through criteria including:
- Credentials of the individual user and their role-based access needs
- Systems they are attempting to sign into
- Physical location of the user
- Recent use history
- Devices they are using
- Access point — inside or outside the company network
- Time and date of request and whether they should be working
If anything seems unusual, adaptive authentication can require greater levels of authorization and credentials prior to granting access.
4. Can the IAM solution integrate with multiple types of hardware and end-user devices?
You don’t want to spend too much time customizing an IAM solution to work with your existing hardware and infrastructure. Ideally, it should work across your network, servers, connected hardware and other infrastructure without much specialist configuration. You should also be able to easily deploy it across multiple end-user devices — desktops, laptops, tablets and smartphones.
HID IAM solutions serve digital security needs across all industries. Flexible configurations provide an adaptive authentication solution that’s unmatched in the industry and transforms the way IT executives protect the integrity of their digital organization.
Get the latest blogs on identity and access management delivered straight to your inbox
Jeff Carpenter is Director of Cloud Authentication at HID Global. In his 15+ years in cybersecurity, Jeff has held positions with several top tier cybersecurity and technology companies including Crossmatch and RSA, a Dell Technologies company. He holds both a Certified Information Systems Security Professional (CISSP) and a Certified Cloud Security Professional (CCSP) designation.