What is identity management?
Identity management is a method of verifying the identities of network entities and the level of access for enterprise network resources. It helps keep IT systems, networks and data secure.
What is the goal of identity management?
The main goal of identity management (also referred to as ID management or IdM) is to ensure that only authenticated users, whether individuals or devices, are granted access to the specific applications, components and systems for which they are authorised. Because IT security is closely associated with access control, identity management serves as a critical component of overall IT security.
How does identity management work?
A key function of identity management is to assign a digital identity to each network entity. Once that digital identity has been established, an identity management system enables those identities to be maintained, modified and monitored throughout each user’s or device’s access life cycle.
What are the benefits of identity management?
Tracking identity information for the many entities using an enterprise network is a challenge without a proper system in place. The knowledge that only certain entities can access specific applications and data enhances both security and operations within an organisation. Identity management provides a first line of protection against cyberthreats, whether from inside or outside the enterprise firewall.
Identity management systems enable administrators to automate many user account-related tasks, including onboarding new employees and adding new devices to the network, granting them access to the appropriate systems and applications based on their role. This accelerates time to value for new users who need access to enterprise resources, often speeding up this process from days to just minutes.
Employees often cannot remember and maintain multiple secure passwords to access the resources they need to get their jobs done. By streamlining communication processes and access control, identity management improves not only IT security but also the user experience. Identity management systems make it possible for employees to securely and conveniently access the apps and data they need to do their work no matter where they are, enabling them to be more productive.
What are the differences between identity management and access management?
The terms identity management and access management are often used interchangeably or in combination. But a distinction does exist between the two concepts.
Identity management focuses on managing the attributes related to the user, group of users, devices or other network entities that require access to resources. It also serves to protect identities through a variety of digital identity technologies, such as passwords, multi-factor authentication (MFA), single sign-on (SSO), biometrics and more. This is usually achieved by adopting identity management software applications and platforms.
Tracking and managing the changes to the attributes that define an identity in an organisation’s network is a critical function of identity management. Such changes can generally only be made by a select few individuals in the organisation, such as network administrators, application owners or human resources personnel.
In contrast, access management focuses on evaluating user or device attributes based on an organisation’s existing policies and governance, then determining whether that network entity should be granted access to specific resources based on those attributes. Access rights decisions are simply a yes or no decision.
Just because a network entity is authorised to be on the enterprise network does not mean it can automatically access every application or data set within the network. User access to specific resources is granted based on the identity’s attributes, such as what role it has, its level in the organisation or to which groups it belongs.
What are the main concepts of identity management?
Identity management involves three main concepts: identification, authorisation and authentication.
Identification is the ability to uniquely identify a user, device or application within the enterprise network based on its attributes. Some examples include user names, process IDs, email addresses and employee numbers. Security systems use this identity when determining if a subject can access an object.
Authentication is the process of verifying the identity claimed by a network entity based on its credentials. Three factors can be used for verification:
1. Knowledge factor, based on something the user knows such as a password or PIN
2. Ownership factor, based on an item that the user has such as an identity card, smart card or security token
3. Inherence factor, based on a user attribute such as fingerprints or other biometrics
Authorisation is the process of granting access to network resources for a specific entity or type of user identity in a manner consistent with the enterprise’s policies and governance. For example, granting a user permission to edit a shared file on a network involves authorisation. In short, authentication establishes who a user is and authorisation establishes what that user can do. To maintain a secure network environment, authentication must take place before authorisation.
How can HPE help with identity management?
As organisations use more software-as-a-service (SaaS) applications, embrace multicloud environments, support increasingly distributed workforces and connect more Internet of Things (IoT) devices to their networks, identity management is becoming a more complex endeavour. Different components of the network ecosystem may lack support for open, flexible identity and access control standards. In today’s hybrid environment, enterprises need a modern, integrated identity management system that spans edge to cloud and provides a common control plane to manage identities, credentials, devices and apps as well as access to them.
Project Cosigno, based on the open-source SPIFFE and SPIRE projects, provides a service identity fabric and helps establish a standards-based service authentication layer to support a Zero Trust security model in a hybrid environment. Part of the HPE Ezmeral software ecosystem, it enables organisations to deploy standard, cryptographic service identities across heterogeneous platforms, including cloud, containers and on-prem infrastructure.
HPE Pointnext Services can help you architect and build a tailored, future-proof identity management platform for your hybrid IT operation, empowering employees and enhancing productivity. Working closely with your team and our solution partners, we can take you every step of the way, from an initial assessment of your existing environment to road map development and solution implementation.