09 Aug How does Identity Management fit into the concept of Digital Transformation?
In the past few years, there has been some momentum around this concept of Digital Transformation. According to Wikipedia, “Digital transformation is the change associated with the application of digital technology in all aspects of human society.”. As more organizations of all shapes, sizes, geographies, from different industries start to embrace the cloud and mobility alongside with infusing machine learning and artificial intelligence into their products and services, these changes open possibilities and value to customers that were previously unimaginable.
This is positive transformation. These organizations have access to computing power and technology at a cost that is affordable and often reduces their current operational cost to deliver the same services or product, up until recently, most of these technologies and computing power were only available to the big IT companies.
At the center of this Digital Transformation, there is Identity Management. Identity Management is the science of identifying an individual that has access to your system or systems. Managing Identity properly will allow you to deliver your services or products and control access for these individuals by understanding who they are, what can they do in your system and how to make sure the proper rights and restrictions are in place. The idea is, instead of having every organization who wants to provide their services developing the capability to create an identity (credentials), manage passwords and implement all the mechanisms to protect these user names and passwords, they avoid the effort and maintenance required and depend on other major Identity Providers. These Identity Providers include Facebook, Hotmail, Google, LinkedIn, and others. The credentials from these Providers can be leveraged to either grant or deny access to the organization’s own systems – avoiding the effort of development and maintenance of the user credentials.
The reason identity management is so important is that many of the cyber-attacks leverage weak or stolen passwords. We are now connecting so many devices to our network infrastructure, wherever there is a connection established, there is a potential for data leak which could include user names and passwords. Aside from different devices connected to your network, people are connecting from different places, different networks, and they may access the organization’s data using a third-party application that was not developed by the organization itself. All of this opens the possibility for identity theft.
Protecting the identity (or credentials), has become one of the most important aspects of cyber security today, and using technologies that will allow the organization to leverage the major identity providers described above is one step forward securing user’s identities.
The dilemma is to find the right balance of convenience to the user of the services or product while protecting the environment at the same time. Microsoft Azure Active Directory (Azure AD) is one option to help organizations stay secure and yet also provide a convenient way for clients, associates and employees to have a seamless experience to digitally interact with the organization.
Azure AD already has connections to thousands of most popular SaaS applications, allowing the users of Office 365 to log in with the same identity to all of them. Organizations can choose to require Multi Factor Authentication (MFA) under certain conditions. For example, if the user is connecting from a new location, the system can send him a code via text message, or via an automated call and he will only be allowed to log in if he enters the provided code.
In addition to the technical implementation of provisioning, managing and purging identities, Azure AD is also comprehensive and integrated with all the Microsoft ecosystem, both in the cloud and on premise, Azure AD, is also connected to the intelligence system at Microsoft called the Microsoft Intelligent Security Graph where they analyze about 450 billion authentications every month, looking for anomalies and potential threat and proactively address those threats to prevent Azure customers from becoming a victim of cyber-attack.
When you think about identity-driven security capabilities, they fall under 3 categories:
- Protect the front door – Implement capabilities such as conditional access, MFA and other intelligent ways to validate that the user is indeed who he is claiming to be.
- Patrol the environment – Look for user behavior patterns while in the network. If they are doing something different from what they usually do, that might be a red flag.
- Act in case of incident – Have the appropriate tools to block any further penetration and stop the ability of the perpetrator to do any damage to the system even when he/she has successfully penetrated.
Identity is the new perimeter of network security. Moving forward, it is going to be more important than ever for both organizations and individuals to ask the question… ”Am I doing everything I can to systematically protect my personal and my clients or associates identities in my systems?”