Home » Articles » Identity and Access Management Best Practices: The Key to Cloud and Mobile Security

Identity and Access Management Best Practices: The Key to Cloud and Mobile Security

When we talk about data security, we’re basically talking about two things: making sure information and applications are available to people who are authorized to use them, and keeping everyone else away. Identity management, also known as identity and access management, is key to our ability to do that.

Identity management is the process of defining who you are and what you’re allowed to do with corporate resources. It involves three steps:

First, we identify you with your username.

Second, we verify that you are who you say you are, generally with a password, and often with a second form of authentication, like a code sent to your phone that you then have to input. (This is called two-factor authentication, or 2FA.)

Finally, once we know you are who you claim to be, we need to determine what you’re authorized to do.

Identity management becomes increasingly important as corporate assets get spread out over multiple service providers in remote data centers or in the cloud. For example, you may use Microsoft Office 365 for e-mail, online file sharing and collaboration but Salesforce for CRM and NetSuite for accounting. Your identity is the one thing that remains the same no matter which service you’re using. Imagine you have an employee named Susan who works in your finance department. When she logs in, your authentication server says, “Hello, Susan. I know who you are and I know what you do, so I’m going to give you access to all the applications, files, and data related to finance, both on-premise and in the cloud.”

In the era of mobile computing, increasingly aggressive cybercriminals and enhanced compliance requirements, traditional authentication may not be enough for some companies. That’s why Xantrion offers a cloud identity management system, which enables single sign-on and optional two factor authentication which aims to cover all company services. This identity management system is a part of our Managed Security service, which provides a comprehensive suite of security services which enhance the practices included in our Certified Support service.

Using a cloud identity management system lets you monitor each individual user’s access at a far more granular level than traditionally possible, making it much harder for hackers to compromise your systems. It can see, for example, not just that Susan in finance is requesting access to the corporate network, but which geographic region that request is coming from, at what time, on what device, and in what way. It can then use that detailed information to decide how and whether the person claiming to be Susan is really her.

For example, Susan might be able to download files to a company-owned device, but have read-only access on her personal devices. Or if the system notes that Susan’s account is trying to access the corporate network at the unusual hour of 3:30 am, or that her laptop is trying to connect from China when Susan’s schedule places her in California, it might decide her account or laptop has been compromised. It could then automatically require 2FA for login, block access to specific resources, or deny the login entirely while alerting network administrators of suspicious activity.

Identity management ensures that authorized users, and authorized users only, can access the data and applications they need. In addition, it simplifies access monitoring and management at the company level. Being able to use one login, makes it easy to add someone to all company services in an instant when they join the company and block their access just as easily when they leave. It centralizes auditing and reporting logs for all service providers, which makes proof of compliance with process controls easier. It also makes it easier to spot suspicious behavior through patterns of login attempts.

If you would like a higher level of security, especially if you’re in a regulated industry and must demonstrate compliance or make use of many cloud services, contact us about implementing Xantrion’s Managed Security service, which includes an identity management system that lets users sign on once to access all the services they’re allowed, while giving you tighter, more granular control over what they can do.