Identity and Access Management – who you are, and where you need to be


Remember your first day on the job? You might groan just thinking about it, or maybe you are filled with the optimistic nostalgia of all the great things you set out to accomplish.  It’s all a matter of your current perspective.  One of the greatest apprehensions about that first day is meeting all of your new colleagues.  Someone probably gave you a tour of the office, introducing you to all the new faces, as you wondered how you will remember all the names.  It is like the first day of school, without the hormonal awkwardness.  That’s the human side of office life.

The technical introductions are always a bit more challenging.  What computer will you have?  Will you have both a desktop and a laptop? Perhaps an all-purpose tablet that you must care for like a new pet, remembering to not leave it unattended, or forgetting it on a mass-transit system.  Then, there is the login process.

Are you Authentic?

Usually, a new system will display the login screen, showing a name other than your own.  While it may seem trivial to log in as “Other user”, with all the new information coming at you on the first day, this could be just enough to throw off your otherwise confident flow.  Then comes the dreaded “create a new password” moment.

For the non-technical folks, the login process can be one of the most stressful moments of the day, even if it is not the first day on the job.  Why is that?  One of the reasons is because it is the equivalent of the company receptionist asking for your identification card every day that you arrive in the office.  A bit frustrating after about the third day.

However, the machines don’t know who you are from one moment to the next.  They need constant validation that you are who you purport to be.  Sort of like a clumsy dance partner.  Since the machine has no way of recognizing you, it needs your identity, in the form of your username, passphrase, and maybe even the added security of multi-factor authentication.  While mobile phones boast the use of facial recognition as an authentication mechanism, this has been shown to not only in some cases to be weak, but also suffers various biases.

These days, being authentic has a wonderfully warm connotation in social contexts, meaning that you are genuine, with the hopes that you are also empathetic and a nice person.  In computer parlance, authentication is similar, just verifying that you are the real you, and not an imposter.  That is all part of the authentication process.  It’s all just a part of verifying who you are.

Where Are You, Exactly?

Once you successfully satisfy the authentication process, the next step is the authorization process.  Authentication and authorization are two entirely different things.  Authorization is what enables you to access the things that you need to accomplish your job.  Identification is the ticket into the concert arena, whereas authorization is whether you are in the audience, or if you have a back-stage pass.

Authorization can be controlled on a broad level, such as allowing access from a particular network segment, or a set of IP addresses.  This is what is known as Rule-Based Access Control (RBAC).  An easy way to think about how RBAC works is that it is verifying where you are.  When you think about how you need to set up a travel alert to use your credit card in a geographical region other than where you live, you are dealing with rule-based controls.

What Are You?

Another form of RBAC is Role-Based Access Control.  (Since there are two types of RBAC, some people refer to RuBAC, and RoBAC to distinguish between Rule-Based, and Role-Based Access Control.)  When your access is based on your role, it is governed by your specific job function. 

If you are a member of the Finance Team, then you are granted access to the Finance information.  If you are a member of the Human Resources (HR) Team, then you make have a mix of visibility into all of the HR information, as well as some of the financial information, such as the payroll files.

Identity and Access Management (IAM) is a detail-oriented, and specialized skill.  Each aspect of identification and authorization can be customized for specific needs.  Part of the responsibilities of the IAM administrators is to remain aware of any changes to a person’s employment status, as well as any promotions or transfers within the organization.

Rise of The Machines

A new realm of IAM now includes machine identities.  Networked machines communicate with each other all the time.  Without this inter-network communication, networks would not function with their current efficiency.  With the maturity of cloud computing, machine identities must now be protected with the same vigilance as human identities, or they can be compromised and used in similar ways as our personal identities to steal information.

Welcome Aboard!

Whether it is your first day on the job, or just any old morning, and you find yourself slogging through the login process, just remember that the process you are participating in is part of a finely choreographed dance, serving to make everything flow smoothly.  The process is not there to be your enemy, rather, it is your partner.  Dance with the process, and make it a productive day.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.



Source link