SERVICES
Identity and Access Management?
Controlling access to information and resources is the foundation of security.
Novacoast has specialized in Identity and Access Management as a service for more than 20 years. Our measured approach allows us to apply our expertise to an organization of any size.
What We Do
The process of setting up access and integrating multiple products, services, applications, and protocols can be a complex and lengthy project. Novacoast has hundreds of successful large-scale identity projects in our portfolio and has refined our methodology and approach into a science. Here’s how we do it:
We adhere to the approach of dividing access management into three major actions:
- Setting up access
- Enforcing access
- Providing visibility to access
Setting Up Access
Configuring disparate systems to all use a single authentication provider is the most efficient and elegant method to accomplish Single Sign-on (SSO). This can be fairly mundane or a challenge depending on the applications and services being integrated as well as the vendor products used. We have experience with 9 contemporary identity products.
Once authentication is successfully configured for all applications and services, we setup the process of provisioning access for existing or newly created users. This propagates access rules and sometimes new mirrored accounts on the disparate systems that are being integrated. The process of creating a user or assigning access triggers many other processes to change access.
One method for easily changing granular-level access is through the use of attributes assigned in the identity data store. This is called attribute-based access control (ABAC). For example, you could write access for all designated financial transaction related data just by setting one or a few attributes in the identity store.
Enforcing Access
Once we’ve configured systems to provide accurate authentication and authorization functionality, the enforcement of access can be setup. This can be thought of as the mechanism that control and routes access, applying rules and policy to allow or deny users based on their authorization level or attributes.
One example is web access management (WAM). WAM is a way to control access and usage of web resources from within the access managed network. An authenticated identity may be granted access to certain resources and have all authentication and allowed access automatically set after a single login action. It combines elements of SSO and web proxy.
Access enforcement also dovetails into the next pillar of IAM, which is visibility. Auditing is a critical action that records attempts to authenticate, whether policy was applied, and which controls were triggered. It can be delicate to tune auditing since it can create a large volume of log data that can be noisy and obscure key security events.
Providing Visibility of Access
Closing the loop of setup and enforcement of access is having the means to verify and measure effectiveness of the implemented design.
In many cases, an organization is beholden to regulatory compliance requirements or has established standards of security for its own internal governance. To measure and meet these metrics, visibility into the effectiveness of access management is necessary.
By analyzing auditing data or putting into place other means of testing the implemented access management, we can generate reports, conduct reviews, and prove criteria is met for any required certifications.
Areas of Focus
There are many scenarios that require some measure of identity and access management. Some of these include:
Staff Enablement and Augmentation
We can bridge the gap whether it’s a lack of skills, experience, or capacity.
Federation and Improved Identity User Experience
We can build and/or improve an SSO environment to make users’ lives better through simplification of authentication and streamlining the use of technology without added drag on the help desk.
Automated Provisioning
We can set up automated provisioning of access so that it happens quicker and requires less human work. This often reduces overall effort and opportunity for introducing configuration errors.
Visibility of Access
We can help gain and improve visibility into the Identity system for the purpose of regulatory compliance, better security, or improving other services. Visibility is a critical element to access management. Without visibility there is no standard way to detect and respond to error, abuse, and possibly breach.
Multi-factor
We can add multi-factor authentication to an environment to strengthen defenses. Regardless of password complexity, password-based authentication remains a weak point as users recycle passwords in less secure systems and can also be deceived by phishing campaigns to volunteer their credentials to attackers. Multi-factor authentication can save the day in these scenarios.
Advisory and Roadmap
Implementing strategy and best practices can be the most challenging aspect to designing an appropriate IAM plan for any organization. Our advisory services can guide our customers through the Identity path with roadmaps, architectures, strategies, or product selection.