Best Practices for Identity and Access Management

Best Practices for Identity and Access Management
Page content

Ways to Secure Identity and Authentication

The best practices for identity include integrating two-factor authentication with network access control. This will help manage access to

network resources (applications and information) that require protection.

Passwords are often the preferred means to identify a person. Their popularity derives from their ease of use. The future of network security and access control will depend on a more secure identity than passwords alone. There are too many problems with password-only authentication as users tend to forget them, are cracked by hackers, captured through key-loggers, or given away by the users themselves. Therefore, to overcome many of the password concerns, biometric devices, smartcards and tokens have been utilized for user authentication.

Biometric devices are able to scan what something is. They use a hardware/software configuration that can secure a person’s identity and authentication. These devices are fairly effective, reliable and accurate for many users; and for some organizations, it has been their choice in securing environments. If a biometric system is applied to either a computer or a secured space, it alone can provide sufficient identity and authentication; but, used in addition to passwords it provides the “something you know” component as well. Together, using passwords and biometric control access devices (applying two-factor authentication) can increase security.

If biometric devices are too costly, the two-factor authentication can also be implemented by using a small token card. Now, this compact electronic device provides the “something you have” component. In attempting to authenticate (login), the system verifies someone’s identity to prove that he is the person he claims to be. Again, if used together with passwords–applying two-factor authentication–they, too, just like with biometric devices, can also secure identity and authentication.

* For more authentication alternatives, see Clemmer’s article: Authentication: Password Alternatives

Access Management

Access management consists of managing authorized personnel who have a “need to know” or “need to use” basis for entering or accessing secured systems or spaces. An access control policy can safeguard data by forbidding or granting a right of access, and access logs and control systems are ideal for controlling access.

Access management requires user authentication and secrecy. Authentication determines who a person is, while secrecy plays a role in controlling access and keeping unauthorized users from entering a secured computer, network, or environment. Together, these two factors are seen as “Best Practices for Identity and Access Management.”

Software/Hardware Access Management: Server software-based security helps manage access to networks; and locks, security alarms, surveillance videos, and biometric devices are primarily used hardware systems for controlling physical access. Note: Physical security is an important component of access management.

Access Management Tip: Within the operating system, establish new rules for access. Remember, software-level security is an important component of access management, too, as it protects the files based on the security settings computer users establish.

Access and Identity Tools

Here are a few security tools to control access:

  • Logon Sentry is a program for Mac computers that can guard data and secure it from illegal break-ins.

  • Symantec Network Access Control 11.0 controls access to networks and enforces endpoint security policy. It’s ideal for Windows platform users.

References Section

Krause M, Tipton H. The Handbook of Information Security, publisher CRC Press LLC, isbn 0849399475. Implementation of Access Controls: Two Factor Authentication: Custom Security Policies:

Image credit: