What is Identity Management
Identity management (ID management) is the organizational process for identifying, authenticating and authorizing individuals or groups of people to have access to applications, systems or networks by associating user rights and restrictions with established identities. The managed identities can also refer to software processes and devices that need access to organizational systems.
Identity management includes authenticating users and determining whether they’re allowed access to particular systems. ID management works hand-in-hand with identity access management systems. Identity management is focused on authentication, while access management is aimed at authorization.
How Identity Management Works
ID management determines whether a user has access to systems, but also sets the level of access and permissions a user has on a particular system. For instance, a user may be authorized to access a system but be restricted from some of its components.
The main goal of identity management is to ensure that only authenticated users are granted access to the specific applications, systems or IT environments for which they are authorized. This includes control over user provisioning and the process of onboarding new users such as employees, partners, clients and other stakeholders. Identity management also includes control over the process of authorizing system or network permissions for existing users and the offboarding of users who are no longer authorized to access organization systems.
Identity governance, the policies and processes that guide how roles and user access should be administered across a business environment, is also an important aspect of identity management. Identity governance is key to successfully managing role-based access management systems.
Importance of Identity Management
Identity management is an important part of the enterprise security plan, as it is linked to both the security and productivity of the organization.
In many organizations, users are granted more access privileges than they need to perform their functions. Attackers can take advantage of compromised user credentials to gain access to organizations’ network and data. Using identity management, organizations can safeguard their corporate assets against many threats including hacking, ransomware, phishing and other malware attacks.
Identity management systems can add an additional layer of protection by ensuring user access policies and rules are applied consistently across an organization.
An identity and access management (IAM) system can provide a framework that includes the policies and technology needed to support the management of electronic or digital identities. Many of today’s IAM systems use federated identity, which allows a single digital identity to be authenticated and stored across multiple disparate systems.
The Primary Security Issue facing all Identity Access Management Systems
Traditional, centralized identity access management (IAM) systems are the primary weakness responsible for a large percentage of the major personal data breaches.
These centralized identity systems are highly vulnerable, functioning as a single point of failure, attracting continuous attempts by hackers to gain access to the entire repository due to the concentration of high value user data.
Once a breach is achieved, since all of the user passwords are stored in a single place, a hacker can effectively gain access to every users’ personal data in the entire system. Centralized system breaches are difficult to detect and the remedies for a breach are slow to execute as fake identities, compromised credentials, devices and firmware can’t be excluded with high confidence.
Whether encrypted or not, if the password database is compromised it provides an attacker with a source to verify his guesses at speeds limited only by his hardware and technology resources.
Identity and Access Management
How Vouch decentralized Identity and Access Management solves the Primary Security Issue facing all Identity Access Management Systems
This encryption is the same level of cryptography protecting today’s cryto-currency systems, which as of the time of this writing, it’s estimated that one hour of computing cost to attempt break a bitcoin block is over $1,000,000/US/hour. If a hacker were to be able to crack an individual identity block on the chain, they would only get access to a single user’s credentials (that actually contain no PII), ensuring that the effort is simply not worth the reward for the hacker.
Multi-factor Authentication (MFA)
How Vouch Brings Innovation to Multi-factor Authentication
Multi-factor authentication is the process of identifying an online user by validating two or more claims presented by the user, each from a different category of factors. Traditional approaches to Multi-factor authentication combine two or more independent credentials:
- What the user knows (password)
- What the user has (security token)
- What the user is (biometric verification)
The goal of MFA is to create a layered defense and make it more difficult for an unauthorized person to access a target such as a physical location, computing device, network or database. If one factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target.
MFA has proven itself to be effective at enhancing security. Traditional usernames and passwords can be stolen, and they’ve become increasingly more vulnerable to brute force attacks. MFA creates multiple layers of security to help increase the confidence that the user requesting access is actually who they claim to be. With MFA, a cybercriminal may steal one credential but will be thwarted by having to verify identity in a different manner (i.e. another factor).
Vouch brings innovation to multi-factor authentication (MFA) incorporating modern security factors, mobile-first user simplicity, and decentralized blockchain technology in a SaaS offering that lowers cost and increases your company’s security compared to traditional password-based systems (like the one your company is using now!!).
Single Sign-On (SSO)
How Vouch Improves SSO
Single sign-on (SSO) is a user authentication service that permits an end user to enter one set of login credentials (such as a name and password) and be able to access multiple applications.
SSO is heavily utilized in enterprises due to its ability to simplify the user experience. Instead of employees having to remember multiple passwords for the various systems they login to and services they use, they can get into everything they need with a single password.
Other SSO benefits include productivity gains from users having to enter less passwords and reducing the time Help Desk employees spend dealing with password resets and helping users who get locked out of their accounts.
SSO and the use of a single password does present serious security vulnerabilities and other issues. Having separate passwords for various services limits the amount of data that can be breached if a password is stolen. In an SSO configuration, when a single password is compromised, it then allows a hacker to gain access to every system that the compromised user credentials are authorized to access.
Vouch improves upon the user login simplicity offered by SSO by incorporating a user’s biometrics as a security factor, instead of passwords, so there is nothing that the user has to remember, they simply supply a FaceID or TouchID to login.
Importantly, a user’s biometrics can’t be stolen, meaning that the actual security factor itself (biometrics) is more secure than your average password.