Crash Course: What Is Identity Management? - Security Boulevard

SBN Crash Course: What Is Identity Management?

The easiest way for malicious hackers to access a company’s digital assets is through a stolen set of credentials. In fact, compromised identities are the number one way today’s organizations are undermined. 

That means that controlling user access is an IT department’s most critical responsibility; made more complex by the constant need to balance efficiency, productivity, and security. But how do you give verified users easy access to the IT resources they need without compromising security? 

FinConDX 2021

Identity management is the process of verifying and permissioning users. And it’s the secret weapon against cyberattacks. 

What Is Identity Management?

At its core, identity management is the process of giving users access to their company’s IT resources. While the terms are often used interchangeably, Identity management is actually one-half of identity and access management (IAM). While the broader term covers both who is accessing IT resources and which resources they’re using, identity management is primarily concerned with the “who.” The most common method to deliver an identity is to first confirm the user is who they say they are (whenever that individual requests access to a resource for the first time), then create a set of credentials consisting of a username and password for them to use to access that resource or set of resources.

Difference Between Identity Management and Access Management

From a user perspective, identity management is really the only part of the security strategy they see, because it is what requires them to enter credentials like usernames and passwords. Access management, on the other hand, is more subtle. It’s IT’s back-end role of provisioning those verified users. 

Another way to think of the difference: identity management is how users are authenticated, while access management is how those users are authorized. While most users don’t know the difference, malicious hackers do — and IT admins need to as well. 

If your security strategy focuses solely on identity management — the authentication piece — you’re leaving your organization highly vulnerable. Once the user is identified, they have access to all your applications and networks, so (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Molly Murphy. Read the original post at: