Essential Guide

Get started Bring yourself up to speed with our introductory content.

How to deal with Identity and access management systems

Identity and access management systems keeps getting more complex, what with cloud and mobile devices complicating the network security picture. This guide offers concrete advice on how to stay on top of the IAM environment in your enterprise.

Introduction

Disruptive technologies of the past several years, including cloud, mobile apps and the internet of things, makes it tougher than ever for infosec pros to ensure efficient and effective use of their company's identity and access management system. This guide covers the fundamentals of IAM systems and IAM-associated issues, including the business concept and technology. It delves into how mobility affects an IAM system and also covers issues like password policy and management, Azure AD and provisioning tools for the enterprise user. It also delves into the now critical issue of privilege creep -- how to recognize it and remedies to stop it. This guide will help infosec pros implement and oversee their identity and access management system.

1IAM CONCEPTS-

Basic essentials of IAM systems

IAM is nothing new but it certainly is changing, just as the network too is changing. While always intended to keep the network secure by building controls around who can access it, now a company's identity and access management sytem must also adapt to so many new tech advances, from the cloud to employee-owned devices, not to mention ever-changing, always-complex compliance requirements. In this section, you'll gain a better understanding of the general concept of IAM, and how IAM systems are adapting to technological advances.

Tip

Why enterprise cloud IAM policies need to be stronger

A cloud IAM policy is crucial to protecting an organization from external and internal threats. Expert Rob Shapland discusses how to bolster cloud IAM. Continue Reading

Tip

When your IAM policy encounters the internet of things

Aging identity and access management tools, and technical innovations like the internet of things, make it imperative that you update your enterprise IAM policy now. Here's how. Continue Reading

Tip

The cloud IAM market evolves to meet old and new IT challenges

Single sign-on continues to be the main driver for cloud identity and access management systems, but BYOD and shadow IT bring new challenges for these tools to solve. Continue Reading

Tip

Set up an identity and access management system for public cloud

To increase security and monitor user access to public cloud resources such as compute and APIs, admins can use federated identity and access management. Continue Reading

Tip

Update your IAM strategy for integration with new technology

Revise your enterprise's IAM strategy for better integration with emerging technologies, such as cloud services and software-defined everything. Expert Johna Till Johnson explains. Continue Reading

2PASSWORDS-

Password management and policy in IAM systems

Passwords are central to securing the network and, therefore, password management is central to any identity and access management system. This section examines the password management tools available, how best to use them and what to avoid.

Tip

Major password breaches: How can enterprises manage user risk?

With the large number of password breaches happening, enterprises should look into new methods of protecting their resources. Expert Nick Lewis explains how to reduce user risk. Continue Reading

Opinion

Security Think Tank: Password management tops list of access control issues

In the modern business environment, what are the most common access control mistakes and how best are these corrected? Continue Reading

Opinion

The problem with passwords: how to make it easier for employees to stay secure

An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems Continue Reading

Tip

FIDO authentication standard could signal the passing of passwords

The FIDO authentication standard could eventually bypass passwords, or at least augment them, as government and industry turns to more effective authentication technologies. Continue Reading

Answer

What new NIST password recommendations should enterprises adopt?

NIST is coming up with new password recommendations for the U.S. government. Expert Michael Cobb covers the most important changes that enterprises should note. Continue Reading

Answer

How are weak passwords banned with Microsoft's Smart Password Lockout?

Microsoft is banning weak passwords on many of its services with the Smart Password Lockout feature. Expert Michael Cobb explains how it works, and if it will be beneficial. Continue Reading

Opinion

If only security experts could persuade us to change passwords

The inability for most users to grasp the importance of the password is something that Nick Booth thinks needs to be better addressed Continue Reading

3PRIVILEGES-

Privileged users, privilege creep and tools that can manage them

Edward Snowden, the NSA employee who stole and released thousands of sensitive documents, undertook a security breach that succeeded in making enterprises more aware of the threat of "inside" attacks on their system security. But has awareness led to action? In this section learn about the issue of insider attacks, the danger of so-called privilege creep and ways to manage such security hazards in general and via an IAM system.

Tip

Preventing privilege creep: How to keep access and roles aligned

Privilege creep can result in the abuse of user access and security incidents. Expert Michael Cobb explains how enterprises can keep user roles and privileges aligned. Continue Reading

Feature

The cyber threats lurking within every company

Insider threats have been around for a long time, but it is only recently that people have begun to acknowledge the true danger they pose Continue Reading

Answer

How can privileged access accounts be managed in large companies?

Network administrators typically resist policies for separate accounts when performing different tasks. Expert Michael Cobb explains the risk of privileged access. Continue Reading

Tip

How to handle privileged user management in the cloud

Privileged user management is important for enterprises operating on the cloud. Expert Dave Shackleford discusses some best practices to help secure cloud access control. Continue Reading

4MOBILE-

Handling mobile in an identity and access management system

Once employee-owned mobile devices hit the enterprise, and BYOD became the norm, IAM got a whole lot more complicated. In this section, learn how to secure identity and access even in a large enterprise where employees bring in multiple personal devices each day. Mobility has changed just about everything in the information security world, including the challenges a corporate identity and access management system must face.

News

Active Directory management gets easier with mobile apps for IT admins

Software vendors are increasingly offering admin-facing mobile apps, allowing IT to use their mobile devices to remotely manage users. Take ADManager Plus for Active Directory management, for example. Continue Reading

Feature

Mobile identity management and authentication FAQ

ID management and authentication help IT answer the burning questions of who is accessing the company network, when, where and on what device. Continue Reading

Feature

Discover the advancements and risks of mobile biometrics

As mobile biometrics technology becomes increasingly common, it is important for IT to know how to support this kind of authentication and the security vulnerabilities it may still bring. Continue Reading

Tip

How to balance access needs and mobile data security concerns

Mobile workers need to access corporate data, but giving them open access is often easier said than done. Businesses must balance users' wants with mobile data security concerns. Continue Reading

Tip

Make mobile data access and security top priorities

Information is king for today's workers, but it isn't always as easy as it should be to access mobile data. Businesses must also consider mobile data security. Continue Reading

5AD, AZURE AD-

Where AD and Azure AD fit into any IAM system

Active Directory (AD) is a key aspect of any identity and access management system today. A directory holds user account information and AD is Microsoft's trademarked system to, among other things, authenticate and authorize users and computers by checking submitted passwords and determining whether the person signing on is a regular user or an administrator. With the huge increase in dependence on cloud, companies have needed a cloud-based AD. Azure Active Directory (Azure AD) is Microsoft's multi-tenant directory based in cloud that manages identity services. This section of our guide looks in depth at both AD and Azure AD, reviewing recent developments and methods of making these vital services, and related ones, more secure.

Answer

How does privileged identity management work in Azure Active Directory?

Organizations that assign privileged access to certain users can lose track of who has access to what. Privileged user monitoring ensures users comply with corporate policies. Continue Reading

Answer

When to use AWS IAM roles vs. users or groups

We have restrictions imposed on in-house IT staff with AWS Identity and Access Management. How do IAM roles protect access to services, applications and end users? Continue Reading

Answer

How do AWS IAM permissions manage resource access?

We use AWS Identity and Access Management for cloud security, but aren't sure how roles, permissions and policies differ in a cloud security strategy. How do they protect resources? Continue Reading

Tip

'Federated' identity and access management tools

Federated identity management has clear security advantages. Learn ways to use Microsoft's AD FS and AWS AD Connector as identity and access management tools in the cloud. Continue Reading

Tip

Active Directory cleanup trims database bloat

Administrators can avoid unnecessary risks and potential performance issues by removing unneeded and outdated objects from Active Directory. Continue Reading

6VIDEO -

Watch as experts delve into current IAM issues

Watch these videos for expert insights into the issues affecting identity and access management systems today.

Video

Expanding the IAM infrastructure to meet emerging challenges

Your IAM infrastructure should cut through the 'access excess' that is plaguing most companies. Learn how to overcome the challenges posed by migration to cloud and mobility.

Video

Privileged user access: Managing and monitoring accounts

Maintaining the security principle of least privilege can prevent abuse of privileged user accounts. Learn about the best practices for monitoring privileged access.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close