How to implement a robust identity management strategy

Anurag Kahol, CTO of Bitglass, puts together his top tips for implementing a robust identity management strategy using best practice

To address data privacy regulations and reduce the risk of a data breach, organisations need to follow best practices in Identity and Access Management (IAM). This means leaving behind the cumbersome and risky password approach and instead adopting more vigilant technologies that streamline the user’s login experience and mitigate the risk of unauthorised access to personal data. 

Companies should consider these three key best practice approaches: monitoring user behaviour and activity, verifying user identity with authentication solutions, and educating employees and customers on good identity management.

Monitoring user behaviour and activity

This is where real-time data analytics come into play. User and entity behaviour analytics (UEBA) automatically detect potential intrusions, unusual activity, or any other anomalies within a multi-cloud infrastructure. The system will send an alert if, for example, a new device login is detected. Or it will lock out a user if they have experienced multiple failed log-in attempts within a short timeframe. Context-based step-up authentication can also verify users based on their precise location, device and normal online activities. 

Verifying user identity with authentication solutions

Companies should abandon the password approach and instead invest in tools such as multi-factor authentication (MFA) or single sign-on (SSO) for a more secure log-in process. MFA provides an additional security step, such as sending the user an SMS token via email or through a third-party tool such as Google Authenticator. 

SSO involves users logging in once from a single portal to access multiple cloud applications, with limits on who is authorised to access certain information. This guarantees that all employees and customers are authenticated before accessing their accounts, and specified data is protected against unauthorised users. 

Educating employees and customers on identity management

Cybersecurity training for employees should be mandatory so they learn the importance of protecting their own Personal Identifiable Information (PII) and the steps they need to take to do that. They need to know how to control what data they choose to share and understand the daily risks they face. 

Similarly, organisations need to educate customers on how to protect themselves. They need to understand what constitutes a suspicious email, text or link so they don’t actively expose personal or corporate data. When given the choice, customers should know to select an alternative method of log-in other than a password, such as MFA or face ID scans. 

Organisations that follow best practices in IAM strategy will be taking great strides in protecting their business and customer data within a modern IT infrastructure. 

About the author

Anurag Kahol is Founder and CTO of Bitglass. Kahol expedites technology direction and architecture. He was director of engineering in Juniper Networks’ Security Business Unit before co-founding Bitglass. Anurag received a global education, earning an M.S. in computer science from Colorado State University, and a B.S. in computer science from the Motilal Nehru National Institute Of Technology.

 

Share

Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security