Search This Blog

Sunday, January 18, 2009

What is Identity Management ?

Identity Management is a discipline which encompasses all of the tasks required to create, manage, and delete user identities in a computing environment.

Let me put it in a simple way,

Imagine an enormous blueprint of an office building. It shows the rooms into which each person who works in the building can enter. The blueprint also shows what kind of key each person would need to open the door to get into that room, and what that person can do once they are there. A computer network is like the building, and each room represents a file, database or application on that network. The employees working in the building are the users. The keys are the privileges that the system administrator hands out to each person who works on the network, providing access to a file, database or application. The keys also determine what they can do while accessing a specific file or application.

Like building security, identity management is the most essential form of information protection that agencies use. Yet, it also is among the information security practices that are least used or properly implemented.

Identity management is more than simply permitting a user to log on; it controls what that user can do, similar to putting boundaries on where a person can go once in a building. A systems administrator assigns a credential of some sort, usually a number, to a worker. That number allows the employee or contractor access to the network and determines what resources can be accessed. It also can flag the administrator (through a monitoring tool) if the user somehow gains access to forbidden areas, or if the user is performing actions that may indicate an attempt to gain entry to prohibited areas.

Requiring a username and password - whether to pass through a firewall, to log on to a virtual private network or to open an application - is identity management in its minimal form. At a more sophisticated level, it incorporates biometrics (such as hand, fingerprint or iris scans) to identify a user, to approve or deny access (known as provisioning and Deprovisioning) to resources, and to deliver custom services (such as training materials and e-mails) based on users' roles in an organization. Identity management provides managers a custom view of the IT environment for each user, determined mostly by job function and security concerns.

No comments:

Post a Comment