| |||||||||
| |||||||||
Current Filter: Security>>>>>Feature> Single point of control Editorial Type: Date: 03-2015 Views: 5172 Key Topics: Security Identity Access Management BYOD The Intenet of Things (IoT) Single sign-on (SSO) Key Companies: Symantec Distributed Management Systems (DMS) ForgeRock Aruba Networks NetIQ Key Products: Key Industries: Health | |||
| Identity and access management solutions - how much of a difference do they really make to an enterprise's defences? Computing Security asks those in the know. An IAM solution should indeed be part of an organisation's global security strategy, states Nico Popp, vice president information protection, Symantec, designed so that it is a single point of control for access to company resources, business critical applications and data. "A well implemented IAM solution should simplify the IT environment, consolidating user directories to establish a single source of truth for user management, Single Sign-On (SSO) capabilities to reduce the number of passwords and one point to authenticate all users," he points out. One of the most important capabilities of a strong IAM solution is the ability to set granular access policies. "It is through these policies that IT administrators can ensure users are not subject to a host of applications they don't need to do their jobs and, perhaps more importantly, not gaining access to applications where they can inadvertently put sensitive company data at risk. Providing identity and context-based access controls gives IT the tools they need to craft the right policies for the individual or group." Once a user's identity has been established, data loss prevention capabilities can associate any data that is accessed with a particular individual. "Content-based data access policies allow IT to more finely establish a set of controls, with the flexibility to provide gentle warnings or block an attempt, if a user tries to move specific data outside the enterprise," adds Popp. Putting in place a common control point allows IT to:
• Authenticate all users, so only legitimate ones gain access to sensitive data "The key is creating a user-friendly central control point and establishing a policy of use for all users: remote or on-premise," he concludes. "If users can gain access through numerous access points and authentication is not strictly enforced, then there is no concept of identity, users become invisible, tracking access to data becomes impossible and the information IAM provides becomes suspect, making proving compliance unachievable."
UNCERTAINTY AND TRUST "However, the fundamental weakness is the uncertainty of trust in certificates that underlies this technology. Several reasons are given for this, including advances in factorisation of RSA, the uncertainty of what private keys have been revealed - particularly after Heartbleed, the exploits of spoofing certificates and the resultant continuing menace of Man-in-the Middle (MiM) attacks." The objective is to provide a completely new and more relevant approach, better suited to the evolving Internet of Things where command and control functions need protection and efficiency, and importantly need a different communication topology. "The aim is to produce a methodology that provides mutual authentication and secure sessions, but which resists Insider Attacks and MiM attacks," he advises. "In the IoT, the typical topology is not just server and web client, but server, local hub and local satellites. Examples of this tri-party communication include server, ground station and local UAVs, and server, home hub and local, intelligent sensor-based controllers. There is little degradation expected between the hub and the local satellites, so efficient, encrypted UDP messages can be used."
| ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |