Cyber Attack
8
Sep

Identity and Access Management: Preventing a Cyber Attack


Digital identity is a significant component of any organization’s digital strategy. It ensures the delivery and security of systems, data, and applications. On the contrary, Identity and Access Management (IAM) is a framework designed for various business policies, processes, and technologies to manage digital identities. IAM framework enables IT managers to control user access to critical data while system administrators can regulate the role-based user access to systems/networks. It plays a critical role in the security plan as well as the productivity of the organizations. In simple words, IAM verifies how enterprises allow their staff to access pivotal data and applications. With different roles and responsibilities, every employee has its own set of requirements. Thus, IAM allows and limits the access of different employees according to their roles. Beyond that, access from different infrastructures (cloud, on-premise, and hybrid) and devices (tablets, smartphones, and laptops) is another concern of IAM. 

Understanding the Fundamentals of Identity and Access Management 

Identity and access management (IAM) defines and manages privileges provided to the account holders. IAM also looks after the cases in which the individuals will be granted or denied special privileges. The primary focus of IAM systems is to provide each individual (associated employees and customers) their own unique digital identity. This unique identity should be established, monitored, maintained, and modified under the “access lifecycle” of each individual.  

The three major pillars of identity and access management are:  

  • Identification  
  • Authentication 
  • Authorization 

Whenever users try to access any resource or system, they would enter their authorized login credentials for identification. Their credentials then go through the authentication process. Authentication either uses basic knowledge-based mechanism, such as passwords or advanced techniques like multi-factor authentication. It can use biometrics. Once the authentication process is successful, IAM will initiate the authorization process. This process ensures whether the identified user is authorized to perform the intended operations. 

The general identity and access management policies include – 

  • A mechanism to ‘identify’ the users and the roles they are entitled to perform 
  • Protecting systems, applications, and data 
  • Deploying correct levels of security as per the sensitivity of the data, systems, and locations 
  • Adding/Removing/Revising the authenticated users of the IAM system 
  • Adding/Removing/Revising the access rights of each registered user of the IAM system 

 

Key Benefits of Identity and Access Management (IAM) in Cybersecurity 

The four primary functions of identity and access management are the basis of how IAM can benefit us.  

  1. Pure Identity Function 

The pure identity function is about creating, managing, and deleting the identified users to change the status of their access privileges. A ‘pure identity’ is represented by a set of axioms in a given namespace, which is generally associated with real-world entities.  

In simpler words, an entity (either real or virtual) can have multiple identities. Again, each of these identities can have multiple attributes, which can be unique in a given namespace. 

  1. User Access (Log On) Function

User access function allows users to undertake a digital identity and to correspond all the access controls with it. For instance, a smart card assigned to a customer stores all the associated data and activities linked to offered services. The use of a single digital identity across various platforms simplifies the administrator’s task. It gets easy to monitor, verify, and manage the privileges of the customer.  

An organization when relies on the ‘user access’ function of IAM, focuses more on limiting and granting required privileges to the concerned users. 

  1. Service Function

As organizations are adding new services for internal as well as external users (i.e., customers), the need for identity management becomes more important. Also, identity management has been separated from application functions. This step helps in managing a single digital identity for an individual, which can then be associated with his multiple activities. IAM is also evolving to control device access.  

It’s been noticed that every evoked service looks to access massive data (usually private data). In such a scenario, maintaining confidentiality requirements become a must. 

  1. Identity Federation

Under this arrangement, one or more systems combine to form a single centralized unit. This unit then allows the user to log in after authenticating it against the participating systems. Such an arrangement is based on trust among all the participating systems. This setup is often known as the “Circle of Trust.” Identity federation has two dedicated systems – Identity Provider (IdP) and Service Provider (SP). So, when users request to access a service, IdP first authenticates users to allow them to use the services controlled by the SP. For that, a secure assertion, SAML assertions, is sent from IdP to SP. This statement verifies if users are reliable or not. 

How Can IAM Prevent a Cyber Attack? 

After the United States Office of Personnel Management (OPM) confirmed a data breach on June 2015, which affected nearly four million people; it released a list of practices on how IAM can prevent an organization from a cyber attack 

  1. Automating the access privilege provision

For every new employee addition, assign all the privileges based on their roles and business rules. It’s better to have workflow automation. Also, for every employee resignation or termination, ensure that all the privileges will be taken away automatically. This practice will help in limiting and preventing unnecessary privileges. 

  1. Privileged Account Controls

Generally, the state-sponsored and organized attacks target the privileged accounts of the organization. Once a privileged account gets compromised, it increases the chances of a massive security breach. Social engineering and phishing attacks are some common ways of tricking privileged users in sharing their passwords. Such attacks can remain undetected for a longer period. A robust set of controls on such accounts can help in limiting the compromise of privileged accounts. 

  1. Frequent Change in Passwords

Employees of the organization should be asked to frequently change their passwords, possibly once or twice in a month. This suggestion should be made compulsory for privilege account holders and administrators. Frequent change of passwords protects the organization from undetected breaches. 

  1. Strong Password Policy

Increasing the complexity of a password makes it difficult to guess or crack. If enterprises prevent the use of weak passwords by enforcing every employee to fulfill some criteria while creating a password. Mandatory use of special characters, numbers, capital letters, makes a few great suggestions. Such a practice can work against the brute-force attack. 

  1. Use of Multi-Factor Authentication

Adding an extra layer in security precautions, make a cybercriminal’s task difficult. Using OTP (One Time Password), token, and smart card for multi-factor authentication fortifies the security infrastructure.  

  1. Rotation of Encryption Keys

Rotating encryption keys for databases mitigate the risk of identity theft. This is the most recommendable practice whenever a breach is suspected. Rotation of encryption keys should be scheduled regularly or can be done manually. 

  1. Removal of Orphan Accounts

Any inactive or unmanaged account pose as a potential threat. Removing such accounts from the servers will help you to prevent a cyber attack. As idle accounts can be used for fraudulent activities, so does the idle servers. Scheduling a routine report for identifying all the inactive accounts will help in mitigating the risk. 

Identity and Access Management (IAM) can be considered a discipline which ensures all the right users get the authorized access to the critical systems and assets of the organization. It offers properly authenticated, authorized, and audited access privileges. This is possible with the provision of singular digital identity for every individual, who can then use this identity for managing multiple accounts. It also uses several practices to avoid potential threats from transforming into colossal cyber attacks. 

Editor's Note:
Reviewed by Dr. Ranjeet Kumar Singh CEO of Sherlock Institute of Forensic Science India.
get certified from ec-council
Write for Us