Securing the Digital World

Identity-Centric Management for Modern IT

Mar 10, 2016 | by RSA |

In today's mobile- and cloud-driven IT infrastructure, perimeters have become much harder to define. For this reason, identity management is a key point of control. An integrated user- and identity-centric security configuration can help solve modern infrastructure challenges, including issues of access at the perimeter and the authentication and accreditation of users accessing complex resources and data. Organizations need multifaceted, next-generation analytical approaches to effectively manage identity in this modern IT environment.

User-Centric Identity Solutions to Modern IT Security Demands

Identity in modern information systems demands a multi-pronged identity management approach that recognizes both internal and external risks. User-centric identity is one of the most readily adaptable identity-based security methods, and it is ideal for the context of modern IT. In user-centric identity systems, individuals have a single set of credentials that revolve around the person's identity rather than the service itself. This approach is ideal for the demands of the latest IT infrastructures, since it provides flexibility and the ability to implement tools in internal and external aspects of the target system. Even current systems fail to pay sufficient attention to the user-they often require constant reauthentication for access to different applications at different levels. Clearly, this is not an ideal authentication strategy for users or for system security, since reauthentication impedes both productivity and security.

The National Strategy for Trusted Identities in Cyberspace presents an ideal visualization of a user-centric identity system. Its vision sets forth a strategy in which "individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation." Its user-centric approach thus addresses some of the key challenges in modern infrastructures, such as interoperable performance within, throughout, and at the perimeters of these complex, multidimensional systems.

Federated Systems Focused on Identity Are Symbiotic With Modern Infrastructures

With identity at the center, the modern IT infrastructure benefits as a whole. In the article, "Identity: The Keystone of Security," RSA describes identity-focused security as a "bit of a thought experiment." Nonetheless, this view of identity as being central is ideal for applications in modern infrastructures and appears to have matured from an experiment to production implementation, particularly in companies running software-as-a-service applications. As discussed in the article, identity-centric security is essential to security operations centers (SOCs). It is also highly effective in managing access to data based on accreditation level. As a whole, this approach looks at security as a federated system that primarily encompasses multisystemic applicability at the single sign-on, SOC, data security, and industrial levels.

An Integrated Approach to Identity Is the Solution to Modern Systems Security Challenges

User- and identity-centric models deliver a layered identity management system that maximizes usability and security. This layered approach also has a reciprocal benefit on the system's structure. Modern infrastructures are characterized by components that evolve in real time according to corporate and user demands such as location, desired performance, and accessibility by multiple users. User and identity-focused models are an ideal fit to preserve security in this highly fluid and rapidly changing environment.