Identity Management and Access Control
Identity management is an important concept for information security professionals. It involves creating accounts for users across all of the systems they interact with and coordinating those accounts so that changes are reflected across all systems. Identity management programs often implement a single sign-on (SSO) system that facilitates the management of user accounts.
One of the main benefits of a well-coordinated identity management program is clean integration with an organization’s access control system. Consider an organization that adopts a role-based access control (RBAC) system. With this approach, individuals are assigned to roles based on their job responsibilities. If a user changes jobs, the identity management staff only needs to change the user’s role in the centralized access control system, and that change will then be reflected in permission settings across all of the organization’s information systems. Similarly, if a user leaves the organization, his or her account needs to be disabled in only one place—the SSO system. This change will then ripple through all of the information systems that rely on SSO for authentication.
User Behavior, Application, and Network Analysis
Identifying how users, applications, and networks behave helps create a baseline for the infrastructure. By understanding normal behavior, you are able to detect activities that are unusual. For example, suppose an accounting employee named Scott ordinarily accesses financial servers; this is considered normal behavior. If Scott begins accessing engineering servers, you know that the access control is not working correctly and you may need to question Scott’s actions. Is there a virus on his system, or is he trying to obtain intellectual property? Tracking the behavior of all systems on a network will help you understand normal activities and identify breaches as well.
Examining user behavior reveals the times a user may log on to a system, the applications he or she uses and how often, the websites a user frequents, and servers that are accessed. In general, user behavior is any type of activity that defines a user’s actions.
Application analysis has similar characteristics. By analyzing applications, you may learn:
- How often applications are accessed
- Who accesses them
- What actions are performed once an application is accessed
You must understand these aspects of an application for security and management purposes. If an administrator is aware that an application is not accessed from 2:00 a.m. to 5:00 a.m., he or she may decide to schedule system upgrades during that time. This ensures that resources are available when needed and that adjustments won’t affect the majority of employees. Availability is an essential part of network security, and user behavior analysis and application analysis provide the data needed to ensure systems are available.
Network analysis provides details on both users and applications as well as network traffic. Understanding the behavior of the network verifies the access and security controls that are in place. It provides guidelines for normal and abnormal activity. For example, if Scott’s system is sending out abnormal traffic, there could be a virus on the network. Analyzing all inbound and outbound traffic may pinpoint attackers coming in as well as internal employees creating havoc within the network. Network analysis ensures that security controls are in place and indicates whether they are effective.
Monitoring Library Access
Digital libraries have a large array of data covering all types of topics. If an administrator keeps track of who is downloading what, he or she can build a profile on each user. Reviewing composite data of all users over time reveals trends in users’ interests. For example, if a user downloads a large number of files unrelated to his or her work duties, it could signal the user has dangerous motives.
Monitoring your system is a way to track employees and possibly determine ulterior motives. For example, you may find that a particular user is downloading a large number of documents. Is this normal behavior for her? If not, you should question why she needs the documents.
Understanding the behavior of users, applications, and network activities assists in identity and access management. It identifies access controls that are not functioning correctly and lets an administrator know if changes are needed. Behavior analysis can prove that access is set up correctly because network patterns and access are working as planned. Combining behavior analysis and identity and access management provides a blueprint for the network regarding normal behaviors and the expectations of the systems.