The domain of identity management is to achieve security through proper management of users and their corresponding rights. The first thing to be done in managing the users is to have visibility over the users (who) and the respective resources (what) that they have access to. This pool of users range from external customers, partners (external parties working closely with the organization) to internal users (employees of the organizations).
Each type of user can then be split to normal users (non-administrative) and privileged users (administrative). Proper Identity Management should include at least the following:
- Privileged Identity and Access Management (PIAM) is usually the first control to be put in place to monitor and manage administrator activities. Access control rights and password management would be the outcome of implementing such solutions. At this stage, the organization should also evaluate a road map to scale up to identity and access management.
- Identity and Access Management (IAM) is the core of identity management domain, and the crucial step to achieve automated user enrolment and a full identity lifecycle management. The process of automated on-boarding and off-boarding a user will ensure that when an employee leaves the organization, the person will no longer have the access that was once granted.
- Ability to uniquely identify each user will be key to enforce accountability onto users. Once a user is successfully authenticated, identity theft will be prevented and this ensures that the person will be accountable for tasks performed. Two-Factor Authentication has quickly become the de-facto standard.
- User Behavioural Analysis is the next critical solution that will be deployed in many large organizations to understand the ever-changing user behaviours. Knowing enough will empower customers on where and how to manage the users.