Dragon Bane, Psycho the Clown, and Texano Jr. No, not members of some alternate Marvel superhero group, but wrestlers on the Lucha Libre Worldwide (AAA) roster. The ‘Triple A’: an organizing body behind – among others – WrestleMania.
Mexican professional wrestling: men of fearsome reputation, skills, and...masks! Indeed, real identities are hidden with great zeal by all combatants – which brings us to another ‘Triple A’, this time associated with Identity and Access Management (IAM).
IAM. You most likely know the headlines behind this technology: an information security framework focused on securing digital identities in the workplace – and controlling access to company resources.
Where the triple A bit comes in, is with the three ‘sub-components’ involved:
This used to be easy – but then came along the cloud and mobile computing, and it got really complex, really fast. Now, identity has become the primary security boundary; Where the emphasis is now on confirming people are who they say they are – with access rights attributed to the back of it.
The challenge here being that once “you’ve” been authenticated and let in the door, IT has little insight into who’s actually behind the mask. Hence the growing interest in providing different levels of authentication:
The principal question to be answered here is simple: what resources can a user be allowed to access? Well it sounds simple at least. The reality is that getting it right requires IT to strike a delicate balance between security and usability.
Central to the process of authorization is Access Control – where you set conditions for the apps, data, and devices a user can get his/her hands on. For smaller organizations, such limits can be agreed at individual level. But for larger enterprises comprising thousands of employees, broader frameworks are required – including role-based access controls that automatically create ‘personas’ based on job function and position.
To this can be added the emerging concept of ‘continuous authentication’. Where an individual is allowed access, but constantly monitored thereafter (think keystrokes etc.) to spot any suspicious behavior.
In order to complete the security picture, you need to enable auditing, to have a record of which users have logged in and what resources those users accessed. Obviously such a record can prove essential when responding to a potential cyber attack. It can also help with the wider software audit picture, by confirming who’s using which apps and services.
Equally, auditing can be a core building block for GDPR compliance – with identities covering more than just employees (partners, customers etc.). Done correctly, IAM can enable you to:
Wrestle your way to effective identity and access management
IAM brings with it many immediate benefits: ranging from the mitigation of security breaches and the prevention of data loss, to greater GDPR compliance and improved IT efficiency through automation. This all helps make IAM an absolute necessity for today’s business leaders. To find out more about COMPAREX’s IAM capabilities, experience, and solutions...