GUEST ESSAY: ‘Identity Management Day’ highlights the importance of securing digital IDs
The second Tuesday of April has been christened “Identity Management Day” by the Identity Defined Security Alliance, a trade group that provides free, vendor-neutral cybersecurity resources to businesses.
Related: The role of facial recognition
Today, indeed, is a good a time as any to raise awareness about cyber exposures that can result from casually or improperly managing and securing digital identities. Here are five tips for securely managing identities across the new, hybrid work environment:
•Think granularly. The first mistake a lot of organizations make when planning their identity management strategy is not considering every identity on their network. Sure, a lot think about their users and what types of credentials they’ll need for their various systems. But what about the numerous machines on a company’s network, like mobile devices, servers, applications, and IoT devices?
Machines are dramatically increasing, and require a solution that will identify these identities, authenticate them, and then secure their interactions across the network. IT leaders need to consider PKI-based solutions for managing their machine identities, so their IT teams can issue certificates to their machines, track what is on their network, and encrypt the communication between the devices. This will prevent falsified entities from entering the network and putting data at risk.
•Verify email. In the face of phishing threats, many companies focus their investments on anti-malware software or new technology to prevent threats from getting through. Unfortunately, some of these emails will inevitably slip through the cracks.
Becquart
This is why IT leaders should take an identity-centric approach to help their employees secure their emails and protect themselves against scams. Enterprises should implement email and document signing with certificates to accomplish this. By digitally signing emails, email recipients can quickly confirm the identity of the sender and ensure that the email is legitimate.
The same goes for documents – if you can digitally sign a contract or purchase request with a certificate, your business can operate with a higher level of trust. This also reduces the wet-ink hassle of printing and scanning documents while working remotely.
•Simplify ID management. Amid the transition to the hybrid workforce, both your IT team and your employees are likely stretched thin. Credential management should be automated for your IT team, and simple for your employees to manage. Your business can do this by offering a unified experience for all your various credentials.
Adopt a solution where both IT teams and employees can issue, manage, and troubleshoot their various credentials whether they’re hardware tokens, smartcards, TPM, mobile authenticators, etc. End users no longer need to juggle different software and don’t need to ask IT for help, allowing everyone to focus on moving your business forward.
•Know, trust, verify. When considering every identity you need to manage and secure, many enterprises struggle to first verify the identity of their employees, end customers, or partners before issuing them their credential.
With the increase of digital interactions, your business needs to find a streamlined solution to reduce identity fraud, follow regulations, and ultimately ensure complete trust for every entity.
Identity proofing technology is essential for businesses that need to ensure that customers or users are who they say they are, and can accelerate verification with ID document and biometric capture.
•Keep high standards. Your business can invest in multiple identity credentials to defend every use case and identity on your network, but it all goes to waste if users don’t follow best practices or find workarounds in your system.
If you’re faced with a dispersed workforce, it can be even harder to ensure all your employees are adhering to your security policies and are using their required authentication tools.
Look for technology that can help shape user behavior, ensure best security practices are followed, and prevent workarounds that can lead to security vulnerabilities.
About the essayist: Jerome Becquart, is Chief Operating Officer of Axiad, a leading provider of cloud-based passwordless authentication and secure interactions for users and machines based in Santa Clara, Calif. He has over 20 years of experience in identity and access management solutions, including chairing the GlobalPlatform Government Task Force for three years, and serving on the board of directors of this Industry organization.
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-identity-management-day-highlights-the-importance-of-securing-digital-ids/
