Identity Management Day: Cause for Celebration or Concern?
Securing your network is a journey, not a destination. Not just on one day, but every day. One only needs to look to recent cyberattacks to know that is too often an afterthought.
Join the DZone community and get the full member experience.Join For Free
Tuesday, April 13 marks Identity Management Day — a time to bring awareness to business leaders, IT decision-makers, and others about the importance of managing and securing digital identities. It’s a nice concept: businesses coming together to share best practices, vendors supporting the cause, and an overall push for better security hygiene. But is there actually a reason to celebrate?
Securing your network is a journey, not a destination. Not just on one day, but every day. As such, identity management (IM) shouldn’t be celebrated as a singular component of security, but rather a capability that should be ingrained in the data governance fabric of every organization. With the ability to safeguard information, facilitate compliance, and streamline work processes, it's hard to believe that it’s not already.
But one only needs to look to recent cyberattacks to know that IM is too often an afterthought. Gone are the days that passwords were the pinnacle of IT security and humans held the role of gatekeepers, manually denying or granting access to users. Yet, here we are decades after securing digital identities became a necessity for enterprise organizations, and still not much has changed.
The advent of remote and hybrid working environments and the mass exodus to the cloud in recent years has only exacerbated the problem. People are logging into their work systems on faulty Starbucks WiFi, sharing and storing company data across platforms not sanctioned by their IT departments, and using passwords that don’t pass the test. Attackers know this, and they’re exploiting bad security practices any chance they get.
Even organizations that are addressing these vulnerabilities are sometimes missing the mark. Implementing best practices like multi-factor authentication and proper provisioning and de-provisioning are great steps to a better IM strategy, but present other challenges. For example, if employees forget a physical token as their second form of authentication or remembering multiple passwords becomes too burdensome, it will hurt productivity and workflow. In terms of provisioning, if it takes months to remove access to internal systems for a former employee, that’s months of exposure to your sensitive company information.
In addition to managing employees and their IM habits, let’s not forget the infrastructure challenges. This alone is enough to hinder the adoption of better IM practices. Integrating new IT systems is never easy, and removing legacy systems and existing business silos is even harder. When considering the cost and resources associated with stripping the old and installing the new, IM slides further down the list. After all, businesses already have some safeguards in place, right?
In order to overcome these barriers and others, organizations need to start thinking of IM as part of their mission-critical operations and treat it as such. Security touches every aspect of a business, and it should be a consideration from the inception of a company, product, or solution. That said, it’s not too late to improve, and there are small steps all businesses can take to better their IM posture:
Don’t start from scratch — Forget a cumbersome IT overhaul and start small. Look for IM solutions that work on top of or with your existing systems to ease the transition for employees, while eliminating major tech outages.
Do your homework — Securing your network is one thing, but choosing partners and providers who do the same due diligence is another story. Make sure to properly vet third parties your business works with to make sure your data doesn’t get into the wrong hands.
Don’t stop — It would be foolish to think the work is done once you’ve implemented the technology, tools, and solutions. A solid IM strategy takes constant testing, tweaking, and upgrading. As threats evolve, your strategy should, too.
While a pat on the back seems preemptive, what we can celebrate on this Identity Management Day is the promise of identity management. Automation technologies like artificial intelligence (AI) and solutions for better workflow management are reasons to get excited about what’s ahead in the space, but we’re not there yet. And if history has taught us anything, it’s that it will likely take many more high-profile breaches and headaches before businesses make identity the priority it should be.
Opinions expressed by DZone contributors are their own.