Light Dark
October 13, 2015 By Brian T. Mulligan 3 min read
Identity & Access

Most recent cyberattacks have utilized stolen user credentials that allowed the attackers through their victims’ virtual front door. Getting through the front door should not be this easy, but recent IT trends make managing access increasingly complex.

As business has become more digital, the number of applications has grown, and different groups of users — for example, employees, contractors, customers and business partners — were given their own access controls, often built into individual applications. Second, the adoption of mobile and cloud computing has blurred previously distinct enterprise boundaries, resulting in separate mobile- and cloud-focused access controls.

This has left organizations with fragmented, heterogeneous access management systems and difficulty establishing uniform, intelligent security policies. In short, it has made them an easier target for potential attackers.

https://www.youtube.com/watch?v=MzvgJNmgCzE

What You Need to Guard the Front Door

Fortunately, all is not lost. Access management technologies have evolved to address the complexity that many organizations face today. A robust, centralized access management platform must have three key characteristics.

1. Mobile

It is not sufficient to have strong access controls that only work for one type of interaction, such as Web browsers or a single application. Users are accessing sensitive IT systems from mobile phones, tablets and smart devices, and a growing API ecosystem is making it easier for developers to create rich user experiences across platforms.

To increase security and enable centralization, an access management platform must be able to create and enforce policies in each of these settings, or attackers will quickly exploit the weak links.

2. Risk-Based Access Controls

Usernames and passwords alone provide insufficient security. Intelligently analyzing additional context about the user’s interaction to determine a level of risk and taking action accordingly can greatly improve security outcomes.

What does this look like in practice? If a user who usually logs in from one device logs in from a new device, he or she can be prompted for an additional factor of authentication. Or certain types of sensitive actions (fund transfers, for instance) might only be permitted if a user is connected directly to the corporate network and on a device in compliance with corporate security standards.

This kind of intelligence not only increases security, but also improves the end user experience because the context is evaluated transparently in the background and only disrupts the user’s activity if the risk is high.

3. Federation

Cloud-delivered software-as-a-service (SaaS) applications can boost productivity and reduce costs. Business partners can achieve new levels of efficiency and collaboration by granting each other’s users access to their applications. However, these relationships create a serious access management challenge as security administrators attempt to maintain synchronized and current user lists across systems. In some cases, cross-domain user administration is completely impossible.

An access management platform that includes support for federated access allows users to bring their identity with them from their organization or a social identity provider (e.g., Google, Facebook). When federation is an integral part of access management, security administrators can extend the benefits of mobile and risk-based access control to users accessing cloud applications. In addition, users can authenticate once for both enterprise-hosted and cloud applications, saving time and multiple-password frustration.

Finding a Solution

By deploying a centralized access management platform that supports mobile access, risk-based access and identity federation, organizations can untangle the web of access technologies that has evolved over time. They can confidently reestablish user access as a key security control and, in the process, enhance user experience by reducing authentication interruptions and increasing user productivity.

Strong, centralized, intelligent access management helps shut the door on attackers.

IBM has recently announced a new version of its access management platform, IBM Security Access Manager (ISAM). It helps organizations take back control of access management.

Register for the Oct. 22 webinar to Learn more about IBM Security Access Manager

 |  |  |  |  |  |  | 
Brian T. Mulligan
Offering Manager for Security Access and Directory Products, IBM

More from Identity & Access
October 23, 2023

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

September 13, 2023

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

August 1, 2023

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature