The characteristics of Identity Management

Identity management is the process and the technologies individuals use together to manage organisations users and their access rights.  Identity management systems and projects intend to make this potentially Goliath task more efficient and easier to handle.

Most of the time identity management is about centralising this process so that it is done as few times as possible.  This is to save resources and to help eliminate duplication, and delays in both the creation and deletion of accounts.  Take a moment to think about the vast array of different systems organisations are using. A lot of these systems and applications will have their own authentication configuration.

Challenges for identity management include:

• where possible preventing and if not possible managing the backlog of requests
• the more complex a policy the more likely it is to go wrong
• incomplete information being provided by the individual making the request
• keeping good audit trails is rare therefore answering questions about prior requests can be either impossible or difficult
• most organisations fail to remove accounts that are no longer needed
• management may have a JFDI approach and thereby try to bypass procedure

Laws, regulations and customer or supplier requirements for this field are vast and expanding. Whilst there is not likely one that mandates the use of identity management it will help.

Centralisation and Identity Management

Centralisation tends to be the way forward for identity management systems. Meaning that all requests go via the same person/department etc. But it can have some side-effects that we need to take into consideration.  Firstly, it should allow the consistent following of policy and correct technical implementation. 

Decentralisation though potentially less consistent and more haphazard. It does allow the information owners to provide access as they see fit. As a result that the users are likely to be provided with a more precise set of access rights.  This is because the information owners are the ones who know it best. Therefore can with the most authority deem who needs access to it.  The flip side of this is that if enforcement of the policies is non-ecxistent. The information owners could be brash with providing access and give everyone full access to everything.

Learn how you can be more secure