classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2018


Awareness and trust in context
November 2017, Access Control & Identity Management, Security Services & Risk Management

Identity management is often seen as a specialised field that is applied somewhere in an organisation to control who has access to what, sometimes in both the digital and physical realm. Yet, while IAM is definitely a specialised field, it is one that is central and crucial to the concept of secure computing.

Markus Krauss, senior director, Digital Identity and Security, CA Technologies says identity management today is central to all forms of authentication and communication, whether it’s between people or things, or people and things – referring to the Internet of Things (IoT). Moreover, central to all identity management is the concept of trust: someone is granted access to something because you trust that the person is who they claim they are and that identity has permission to do whatever they are trying to do.

Within an enterprise, for example, if a person logs into their PC and wants to access certain information, applications or authorise transactions, they will have the ‘privilege’ of open access to those assets due to their position and permissions granted when they started their job. If a person is doing something that is higher risk, such as authorising a payment, the system may automatically ask for additional verification, a second factor to provide additional proof the person actually is the person who is authorised to do the transaction.

Hence the term ‘privileged access management’. The company decides your identity has certain privileges based on your job, and the identity management systems grants you access to those assets and prevents you from accessing or even seeing what you don’t have the privilege to see. In certain conditions, it requires something in addition to a password to ensure that high-risk activities are more secure.

Getting this right in an organisation is not easy, however. We have all heard of identity management projects that have failed for a variety of reasons. Nowadays, it’s even harder as an organisation is no longer bound by walls and buildings. Although it may not be advised, your CEO (or any approved person) can authorise transactions from anywhere, even via his/her mobile device. This takes the concept of trust and privilege to another level.

Trust is relative

This is where additional attributes are required in the trust relationship: the company’s identity management system must now incorporate other factors into the trust it assigns. If the CEO is logging in from home on the company laptop, it’s a known device and location so there may be very little change in the trust assigned. If the login is on another device that the organisation doesn’t control, it’s a different matter.

If the login is from a public Wi-Fi at an airport, for example, the trust issue is escalated as there are a number of additional attributes to take into account. In a case like this, additional authentication factors are not the answer because no matter how sure we are of the identity requesting access, the environment is not trusted because it is out of the control of the organisation and is known to be insecure. In this case, taking the all attributes into account will increase the risk of access and decrease the trust assigned, meaning that the CEO may be allowed only restricted access to certain company digital assets.

The same process applies to everyone associated with the company, from the CEO to clerks and other employees. In addition, Krauss explains that the same process can be applied to the IoT. Just because it is a device wanting access, doesn’t mean the company can simply allow it – we have all heard of security breaches being conducted through devices such as security cameras and recorders. Today there are no ‘dumb’ devices, only insecure devices that can be exploited by those with malicious intent.

Controllable billions

This may seem a bit much as we hear about the billions of devices that will be connected in the IoT in the near future; and who can manage billions of identities? It is manageable, however, as Kraus explains that while there are many devices, many of them are the same devices performing the same functions. And the context, once again, defines the trust assigned. For example, a camera overlooking a parking lot needs to be secured, but it doesn’t need as much protection and trust associated with it as one in your living room.

Just as we have privileged access management in organisations for people, the IoT will require similar ‘Identity of Things’ processes to ensure that data transfers are managed effectively and securely. The good news is that the trust concept in today’s privileged identity management systems can be extended to things and the relationships between them, and between them and humans. When the data being transferred is the temperature of a generator outside your office, you don’t need to go crazy worrying about risk and trust. However, when you are monitoring the temperature and other readings from nuclear reactors, the importance of trust becomes critical.

Of course, trusting things is much easier than people because they are predictable in what they do and how they operate. When it comes to people, there is always the human factor to consider when ascribing trust and risk levels. Edward Snowden is a good example. He had all the clearances to access sensitive information, but his behaviour was not as expected, but nobody picked up on it. An IAM tool that assigns a risk score which is used to define the level of trust is therefore critical, but so is the ability to use behavioural analysis as an additional level of risk measurement.

For example, Snowden accessing files his employers considered sensitive was acceptable, but was copying them to a USB drive within his normal behaviour patterns? We don’t know the exact story of how and why he was able to collect so much information, but the principle applies to any company. Does your sales person really need a copy of the entire customer database on a USB drive or on their mobile phone?

Identity for all

CA is a company that has been operating for around four decades and over the years has developed one of the leading IAM solutions in the market. Krauss says that for much of its existence, CA focused on a limited number of customers, specifically the Top 500 companies globally. During this time it acquired a number of technology companies and expanded its portfolio of solutions and services which it supplied to its 500 customers.

Over the past few years, however, the company has changed its focus and is now more open to partnerships and bringing its technology to a broader market. One of the ways it is doing this is by combining its technical expertise into a single product that can cater to the simplest as well as the most complex installations.

It accomplishes this through its virtual appliance (the CA Identity Suite – Virtual Appliance) which Krauss says can be deployed in as little as 7 minutes and then be configured to the organisation’s requirements via a web-based interface. It’s one virtual service that can be scaled and updated easily as required, depending on the customer’s identity management and governance requirements. The virtual appliance is, of course, sold in addition to the various products the company has developed over time.


Credit(s)
  Share via Twitter   Share via LinkedIn      

Further reading:

  • Directory of access and identity management suppliers 2019
    November 2018, Access Control & Identity Management

  • Open source identity initiative
    November 2018, Access Control & Identity Management
    Industry-first open source identity initiative promises to eliminate vendor lock-in and reduce costs for governments around the world.
  • Significant differences in ­perceptions on state of digital trust
    November 2018, CA Southern Africa, Access Control & Identity Management, Security Services & Risk Management
    Nearly half of businesses admit to selling customer data, despite claiming data ­protection as paramount; consumer behaviour shows strong correlation between loss of business and lack of digital trust.
  • Trust but continually verify
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Hi-Tech Security Solutions looks at access and identity management and asks some industry players what ‘zero trust’ and ‘least privilege’ access means.
  • The expanding role of IT in access control
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, IT infrastructure
    What role is IT playing in the world of physical access control and how far will its role expand in future?
  • Taking augmented identity to the world
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    Hi-Tech Security Solutions spoke to Gary Jones, VP Global Channel and Marketing biometric access and time solutions) at IDEMIA (formerly Morpho) about his career with the company and its new vision of Augmented Identity.
  • A scan of fingerprint biometrics
    November 2018, Technews Publishing, Access Control & Identity Management
    Given the increase in the use of fingerprint technology in public and private organisations, as well as some recent announcements on the reliability or lack or reliability of certain types of sensors and algorithms in the fingerprint biometric market, Hi-Tech Security Solutions spoke to some of the leading fingerprint biometric vendors in the market to find out more about the state of this market.
  • BIMS set to change identity ­management
    November 2018, Technews Publishing, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Local biometrics integrator, Ideco Biometric Security Solutions, has announced that its Biometric Identity Management System (BIMS) has been launched to market.
  • Tracking biometrics into a brave new digital world
    November 2018, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    The industry is increasingly transitioning from unimodal to more integrated multimodal biometric solutions for more accurate identity verification and faster real-time results.
  • Panasonic’s Face Recognition Server
    November 2018, Panasonic South Africa, Access Control & Identity Management, CCTV, Surveillance & Remote Monitoring, Products
    Panasonic has adopted deep learning technology in its face recognition products that overcomes the difficulties of conventional technologies.
  • A better approach to fingerprint biometrics
    November 2018, This Week's Editor's Pick, Access Control & Identity Management
    Not all optical biometric fingerprint scanners are created equal. The type of sensor used has a powerful impact on speed, accuracy, reliability and portability.
  • Your face tells a story
    November 2018, Technews Publishing, Access Control & Identity Management, CCTV, Surveillance & Remote Monitoring, Government and Parastatal (Industry)
    Facial recognition has advanced to the point where it can be rolled out over large areas and accuracy is no longer a hit-and-miss affair.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.