The identity of the user is the linchpin

The flexibilization and acceleration in the use of IT services and information resources, for example with BYOD, mobile working and cloud services, poses new challenges for IT security.

If you don't want to stand in the way of modern working concepts, security can no longer be established by restricting hardware or controlling network paths alone.

Rather, there is only one constant that endures regardless of the IT device used and beyond the point of access, and that is the identity of the user.

With a conceptually and technically sound authentication, identity and access management system (IAM), the corresponding risks can be reliably assessed and minimized.

While basic user accounts, roles and corresponding authorizations are defined and managed in identity management, access management is used to control and manage individual access rights to specific parts of the physical or virtual infrastructure.

With fixed specifications for the precise division of responsibilities ("Segregation of Duties"), the sensible grouping of authorizations into roles and the tool-supported handling of personnel changes, as well as intelligent provisioning, holistic support of the entire identity management lifecycle becomes tangible.

The resulting transparency of all accesses is also an important building block for governance and compliance with legal requirements.

An increasingly important challenge in this context is the management of access rights for particularly authorized persons. This is because certain users sometimes require far-reaching authorizations for their work.

These "privileged users" pose a particular challenge to IT security because they can inadvertently, through criminal energy or because their access data falls into the wrong hands, put their organization's IT resources and data at risk.

When dealing with these "privileges", Privileged User Management solutions take care of managing the special access roles such as Administrator or Root Access.

The goal of all integrated approaches in identity, access and privileged user management must always be to balance high security standards with the most comprehensive possible automation in administration, convenience in use and thus high acceptance.

Because as soon as users perceive the secure access and usage paths as too complicated or do not have sufficient authorizations, they will adopt simplified ways of working that undermine existing security measures.

However, in order for access management to be able to fulfill its task as an access control system at all, the proper identification of the user must be ensured at the outset and a suitable mechanism selected for this purpose.

In particular, classic password-protected access is increasingly criticized here, because in order to be sufficiently secure, password specifications are becoming increasingly complex and are therefore often either stored insecurely or simply forgotten.

To alleviate this dilemma, advanced authentication mechanisms such as an Advanced Authentication Framework (AAF) or Multi-Factor Authentication (MFA) are increasingly being used, requiring multiple identity sources when granting access.

Ideally, this combines different aspects: something users know (a PIN), something physical they own (a key card or token), and something that proves their identity (a fingerprint, retina scan, or voice recognition).

Moreover, the central positioning of the platform often already achieves an implicit single sign-on, so that after the first secure authentication the user does not have to enter his password again when using further services.