The majority of data security solutions and practices concentrate on preventing or identifying and responding to intrusions. Discussions of security often center on automated protections such as antivirus, anti-spyware, and firewalls or the policies and tactics of administrators. Until recently, data security has not been approached as a user-centric process. But security experts have begun to focus more on identity management—or the management of authenticators (such as passwords) and permissions. Identity management (or IdM) has risen in importance because: 1) many data breaches occur because of poorly selected or managed passwords; 2) it is more important to establish the identity of users of cloud computing (who do not have to be in the same location as the hardware they are accessing) as opposed to internal resources and networks that have to be accessed from on-site workstation; 3) of the need for off-site contractors and business partners to access the same IT resources as on-site employees without compromising security.
Identity management has several main components: password management, provisioning, and policy enforcement. A more descriptive term for IdM would be “identity lifecycle management.” Usually a long-term process, the identity management lifecycle begins with the introduction of any new employee, contractor, or business partner to a company or project team. All the new users have to be “provisioned” an account, usernames, passwords, biometric (fingerprint or retina scans) or physical (tokens or smartcards) authenticators, and access to computing resources such as virtual desktops, applications, and databases. The IdM system then manages these identifiers and permissions over the course of the users’ tenure with the company. Password management will ensure that the user adopts security best practices such as selecting strong passwords (with numerals, symbols, and a sufficient length) and switching passwords for each account every 90 days to a year. The identity management system will also provision and de-provision based upon the progress, decline, or completion of a user’s career. For example, employees that have earned a promotion may have to be given access to the more secure areas of a company’s IT infrastructure. Instead of providing them with a new “executive” account, the IdM system provisions high-security clearance to their existing accounts and retains the users’ singular virtual identities.
Maintaining consistent user identities in an organization: 1) makes it easier for users to retrieve forgotten passwords; 2) allows companies to protect the more sensitive parts of their infrastructure from unauthorized access; 3) creates a reliable audit trail of user activity for regulatory purposes; 4) makes it easier for intrusion detection systems to spot unusual user behavior (for example, a user that consistently only logs in between 9 AM-5 PM accessing the system at 3 AM); 5) helps administrators to keep track of all the accounts, passwords, devices, and permissions of all users (especially important when needing to revoke access for departed employees and given the increasingly large number of users that access the infrastructure from multiple devices such as laptops, smartphones, and tablets). To enact identity management, companies need identity management software; automated registering, monitoring, and recordkeeping tools tied together with middleware; or manual management tools overseen by IT administrators with good memories.
Trust networks are a recent trend in identity management. With a trust network, not every website or service has its own internally-managed authentication system. Instead, a user has to set up an account with a credential provider. The user can then log in to any of the sites and services of a trust network with their account info (username, password, and other authenticators) from the credential provider. Behind the scenes, the credential provider confirms the user’s identity to the members of a trust network in Security Assertion Markup Language (SAML). With trust networks, users only have to remember one password or authentication process for multiple sites and web-based services (in the same way that consumers do not need a new credit card and PIN number for each ATM). Credential providers (in theory at least) will make the authentication process more reliable, secure, and private by absolutely guaranteeing the identity of the user (through two-factor authentication, security tokens, or personalized questionnaires) and sharing only relevant information to sites and services through SAML (for example, intuitively sending account numbers to banking and e-commerce websites but not to social networks and online email services). The U.S. federal government has already allotted $25 million for its National Strategy for Trusted Identities in Cyberspace (NSTIC) program to test out better authentication methods for both government and commercial networks.
Companies do not have to wait for the result of any experimental program to enjoy highly personalized and secure IT solutions. With IronOrbit Hosted Desktops, users maintain a consistent virtual identity by logging in to their assigned virtual operating system. From within their Virtual Desktop they can access any of the sites and services they need, including the Internet and all the applications (Microsoft Office, QuickBooks, and millions of options) packaged with their customized IronOrbit solutions. And, like with a trust network, with IronOrbit users only need to remember one password. We also uniquely support our desktops with a combination of multi-dimensional security—protecting your data at every phase and from every kind of threat—comprehensive audit trails for regulatory compliance, strict enforcement of security policies and permissions, 24x7x365 network and infrastructure monitoring, and high-performance Atomic Speed Technology. True to our name, IronOrbit provides companies with true virtual workplaces of individualized hosted desktops and fully-integrated applications.