May 28, 2021
Identity and access management (IAM) is a crucial part of any organisation's security strategy, especially in the age of flexible and remote working.
Essentially, IAM ensures only authorised people can access data and files through user rights and control. Within IAM, Identity as a Service (IDaaS) is a growing category. IDaaS describes cloud-based authentication built and operated by a specialist provider, such as Azure B2C, Auth0 and Okta.
These providers offer services that ensure users are who they say they are, and according to their role have access to the software applications, files and resources when and as they need them. IDaaS also includes collecting intelligence, such as logging events and reporting on who accessed what information and when, to better understand, monitor and improve behaviours.
Within IDaaS solutions are key offerings and considerations, including multi-factor authentication (MFA), single sign-on (SSO) and passwords, regulations and provisioning, and BYOD.
Multi-factor authentication, an increasingly popular way to verify identity, is where users submit multiple factors to gain entry to the network. Access is granted dynamically, depending on how much risk the user presents.
Typically, two or more criteria are required. For instance, the user may have to present their knowledge, such as a password or information, possession, such as a mobile device or email account that receives an additional code, or biology, such as a fingerprint or retina for scanning. As such, if a hacker is able to acquire a password, they still aren’t able to gain access to the network or account.
Another popular form of MFA is time and location authentication, used by the likes of Google 2-Step Verification and Microsoft Authenticator. Both of these rely on a time-based one-time password algorithm, whereby the computer generates a one-time password which uses the current time as a source of uniqueness.
Despite the increasing popularity of MFA techniques, it still presents challenges. Two top challenges are the fact that it requires user involvement through additional sign-ups and interconnection with other accounts or devices, and that cyber threats are constantly evolving - for instance, faking SMS messages to trick users into giving up credentials.
Even so, the avenue is constantly under development, with the likes of biometrics, voice and typing recognition making it harder for non-users to enter an account and easier for the account owner to gain access.
We couldn’t write on the topic of IAM and not talk about passwords. It goes without saying that it’s very important for organisations to integrate healthy password practices into their security strategy - including establishing policies and investing in education.
For instance, businesses can protect credentials through PAM solutions, implement biometric authentication, establish a rule where employees aren’t able to write down or share their passwords, and create a mandate that employees aren’t able to repeat passwords.
One feature of IAM or IDaaS solutions is single sign-on (SSO). SSO lets users access their network, cloud-based and on-premise solutions through a single password, which can also be used across multiple domains. Within this, an organisation can implement another layer of security by only making certain resources accessible with SSO and higher levels of information requiring further authentication.
Prior to COVID-19, BYOD strategies were already on the rise, and following nationwide lockdowns and subsequent mass moves to remote working, BYOD is on the radar of every business decision maker.
A variety of stakeholders, including employees, partners, customers and visitors, all need to connect to the business network using their own devices - whether on site or from another location. As a result, IT teams must protect company data while still giving users the freedom to access the network from their own devices.
When a business builds infrastructure on site, they face each problem as it arises. For example, if BYOD employees are changing to different types of phones, the local identity provisioning has to adapt accordingly.
IDaaS enables businesses to implement a centralised cloud-based system that has been created by and is maintained by specialists in the field. IDaaS solutions enable companies to grant and restrict access to applications and networks on both employee and company-owned devices quickly and securely.
A IDaaS solution also enables businesses to automate the provisioning and deprovisioning process. With IDaaS, IT teams use a centralised system to set up access, and give new users access to accounts, networks, file servers, emails and more. This streamlined system can save the business money through reducing expenditure on server upkeep, software installs and upgrades, backups, hosting, network security and more so teams are only paying for the subscription fee and administration work. It can also reduce the potential for human error.
While the user has access, IT teams retain full control over rights and can set temporary permissions or change entry for sensitive data, for instance. Then, when the user leaves, permissions can be easily revoked to minimise spread or leakage of data.
As we look to the future, we see IDaaS as a continually growing field within IAM. Our increasingly digital and remote world, the evolution of security threats and advancing technology is all leading to the increased adoption and capabilities of IDaaS solutions.
We see cloud continuing to open up cost savings, efficiency and expertise to more businesses of every industry. We see significant implications for government and public services as well as the private sector, as organisations look to provide a better, more secure service to employees and customers alike.
Initiate the discussion now
Get in touch with an expert at Sush Labs.