Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/6/2010
03:32 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

7 Steps To Better Identity Management

Here's what you need to know about managing employee identities in this age of outsourcing and SaaS.

InformationWeek Green - May 10, 2010 InformationWeek Green
Download the entire May 10, 2010 issue of InformationWeek, distributed in an all-digital format as part of our Green Initiative
(Registration required.)
We will plant a tree
for each of the first 5,000 downloads.

7 Steps To Better Identity Management Managing employees' identities, passwords, and access rights has always been a challenge. And now, increased use of outsourcing and software-as-a-service offerings have further complicated things, requiring the use of federated identity management outside the corporate walls.

Setting up and managing federated IDM, which makes users' identity data portable across autonomous security domains, can be complicated and cumbersome. With distributed systems, employees around the globe, and an endless number of technologies to integrate, it's not for the faint of heart.

But if planned properly, there are significant benefits, including improved security, reduced operational overhead, lower support costs, and a better user experience. Identity management lets IT understand who users are, what applications and networks they have access to, and in most cases their job functions. It enables the complete management of an identity, versus providing an isolated view of a single account in a single system.

The key is to understand what identity management technologies are in your environment, how people interact with them, and how they all tie together. What follows are seven steps for tackling these issues and improving the control you have over your environment.

What Are You Managing?

Before you can manage user identities, step one is to know what you're managing. Your identity management approach will depend on how much you have to spend, the technologies that require identity management, and how sophisticated and comprehensive the system needs to be.

Does your company need basic user admin support, or everything from provisioning new users to single sign-on to deprovisioning of users who've left? If your company's growing, adding locations and employees, opting for SaaS applications instead of bringing more applications in-house, then you're better off with more automation of current IDM processes than spending money to bring in new solutions.

Fully automating the provisioning and deprovisioning of employees will cut back on mistakes, provide better security, and result in fewer audit issues. You can go a step further and create templates and expiration dates for employee accounts for application and network access; that will make your auditors happy.

If your company gives system access to outsourced partners, particularly third-party developers with high turnover, then automation is critical. Too often, contractors' accounts are left active long after they leave, or new contractors use the account of the person they replaced because the access provisioning process is so painful.

To read the rest of the article,
Download the May 10, 2010 issue of InformationWeek



Never Miss A Report

Become an InformationWeek Analytics subscriber: $99 per person per month, multiseat discounts available

Get All Our Reports

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...
CVE-2020-15504
PUBLISHED: 2020-07-10
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other version...
CVE-2020-8190
PUBLISHED: 2020-07-10
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.
CVE-2020-8191
PUBLISHED: 2020-07-10
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).