“I yam what I yam, and that’s all what I yam!” Popeye the Sailor echoed these words decades ago. One can only guess how Popeye would respond to identity and access management in the 21st century. After all, Popeye was famous for telling everyone who he was and he was used to getting his way.
How would Popeye deal with today’s plethora of sites and services requiring some sort of authentication and authorization? Not to mention if Popeye was at risk for some “Brutus” Force Attack against his credentials which provide the access to his spinach supply chain.
Identity and access management (IAM) continues to be one of the top challenges organizations are grappling with. While it may not grab the headlines like the Internet of Things, it’s grabbing headlines for other reasons – such as stolen credentials leading to a corporate compromise from just one employee. The Internet of Things may be more buzz worthy, but this identity crisis isn’t going away anytime soon. There are plenty of industry leaders in this space including SafeNet, EMC (RSA), Gemalto, CA, Vasco, and nearly 20-year veteran, Entrust.
securitycurrent’s executive editor, Richard Stiennon, and research director, Mike Saurbaugh, worked with Entrust’s senior product manager Chris Taylor, and head of malware research, Jason Soroko, for a webinar on identity-based security. Entrust’s sponsored webinar allowed attendees to hear firsthand some of the industry challenges facing companies managing identities and access, and how Entrust is solving these challenges, especially in the wake of identity-stealing malware.
Saurbaugh’s opening set the stage for the current challenges across multiple channels including, cloud, mobile, physical, and logical boundaries. The employee is now the perimeter, wherever that may be. Not only do employee’s need access to do their jobs; they’re demanding it as well. This forces the enterprise to look for solutions that may allow for user self-provisioning, are easy to manage, provide support for legacy applications, and are manageable from a single-pane of glass.
Stiennon then walked viewers through the identity-based security landscape with his rich security background as an industry analyst spanning decades. Lately there’s been some speculation as to weaknesses built into products, but as Stiennon quipped, and quoted Bruce Schneier, “trust the math.” In other words, the underlying technology is good. Stiennon explained, identity management is an operational/process issue requiring:
- On boarding, enrollment
- Delivery of authenticators
- Authorizations
- Tracking usage, logging
- Setting policy (who, what, where, when, how?)
- Re-issue
- Revocation
- Auditing
Additional focal areas for organization’s may be in supplying a Federated deployment, re-keying, and the never-ending hassle of tracking expired certificates used for trusted authentication. For these aforementioned issues, organizations are seeking solution providers who enable them to deploy traditional username and passwords, hard tokens, and certificates, but also user-friendly soft tokens, which leverage mobile devices rather than resist them. Stiennon pointed out the features of identity platforms not only need to address Saurbaugh’s comments about cloud, mobile, physical, and logical, but also need to be flexible and extensible. Furthermore, allowing users to self-enroll and reset themselves, continue to be high on the priority list as well as reducing overhead costs.
Entrust concurred with Stiennon and Saurbaugh’s comments and took attendees into their product capabilities and how it can be an ally against credential-targeting malware. Entrust’s team of researchers headed by Soroko is where Taylor initially focused to address the unstoppable rate of malware proliferation.
Entrust believes identity-based security is a strategy organizations can leverage against today’s fraud and malicious threats. Entrust’s solution addresses the concerns and requirements brought up by Stiennon and Saurbaugh, and are supporting traditional deployments as well as mobile. In fact, Entrust’s research suggests that while no OS is risk-free, mobile continues to withstand traditional attacks largely targeted at PCs. This is not to say the threat landscape won’t change, but for the time-being Entrust is embracing mobile rather than shunning it. With over 5,000 customers in 85 countries, Entrust’s solution is proving beneficial for organizations looking to get control of identity and access.
Concluding the webinar, Entrust and securitycurrent advised attendees to seek quick wins for their identity solution. While no two organizations will face the same challenges, vendors in this space are able to work alongside organizations to address critical pain-points and reduce overall costs to manage. In the meantime, organizations should take a step back and evaluate where their greatest impact to the business can be made so that they can hit the ground running when partnering with a vendor in the identity and access management space.
You are what you are but managing who your users are could profit from an Identity Platform.