Identity management is a security issue which is becoming increasingly challenging as the perimeter of the network crumbles. This is well illustrated by the DTI Information Security Breaches Survey of 2006, which shows that one in five larger businesses had a security breach associated with weaknesses in their identity management, with the number of incidents being less for smaller companies. The survey found that incidents were from staff gaining unauthorised access to data, staff obtaining and misusing confidential information, financial theft or fraud, and impersonation or phishing attacks. Couple this with the rapid rise of wireless and the growth in access to applications, then you have significantly increased the opportunities for unauthorised access into your network.<\/p>\n","protected":false},"excerpt":{"rendered":"
The DTI 2006 survey found that some 96% of large companies and 93% of all companies are still using single factor authentication to authenticate users.<\/p>\n
There is one thing, however, which is certain – single factor authentication (passwords) is not enough. There are a number of authentication options: single sign-on is a step forward, but requires superior identity management, two-factor authentication is much better and involves the user of authentication tokens, biometric devices, etc. three factor authentication is far superior and involves something you know (e.g. password), something you have (e.g. authentication token) and something you use (e.g. device authentication) You need to be sure the device is free of any unauthorised applications such as IM, peer-to-peer or Skype, and that it is secured against current threats.<\/p>\n
With growing numbers of remote and mobile users, EPS systems can secure those accessing the network and ensure, for example, that security policies are actually implemented on individual devices.<\/p>\n
These are all steps on the longer road to identity trust management, where the overall level of access that you provide is based on trust in the authentication and the current level of security, of both the user and the device, coupled with location-based rules.<\/p>\n
http:\/\/www.it-observer.com\/articles\/1148\/identity_management_growing_challenge\/<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-2134","post","type-post","status-publish","format-standard","hentry","category-trends"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2134","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2134"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2134\/revisions"}],"predecessor-version":[{"id":4621,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2134\/revisions\/4621"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}