This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
1. - Securing corporate data: Read more in this section
- Best practices for mobile device security
- Take a bite out of cybercrime
- Train mobile workers to protect their devices and your data
Explore other sections in this guide:
A modern identity management system can help IT departments maintain control as end users access corporate systems from more devices and locations than ever before.
Security is one area in IT where your work is never done, and it probably never will be. You can install new access points, upgrade management appliances, virtualize servers and move applications into the cloud, but new security challenges crop up all the time. And the security basics -- policy, encryption and authentication -- aren't enough to cover your fundamental security needs anymore. Unfortunately, mobility and the bring your own device (BYOD) movement add to potential security headaches, with new devices accessing your network and raising security concerns once again.
But fear not (or at least, fear less). Work in the areas of network access control and authentication, authorization and accounting over the past few years has created a new class of security products called "identity (or access) management systems." At the most basic level, identity management involves defining what users can do on the network with specific devices and under what circumstances. And, many of these new products have an essential emphasis on managing mobile access to corporate systems. Vendors that have begun to focus on managing mobile access and have made recent advancements in identity management include Aruba Networks, Cisco, Enterasys Networks, Meru Networks and Xirrus.
For security reasons, an identity management tool should run as an application on a dedicated appliance or server, either on-premises or in the cloud. At the core of an identity management system are policies defining which devices and users are allowed on the network and what a user can accomplish, depending on his device type, location and other factors. All of this also depends on appropriate management console functionality, including policy definition, reporting, alerts, alarms and other common management and operations requirements. An alarm might be triggered, for example, when a specific user tries to access a resource for which they do not have permission. Reporting produces a management log -- either on demand or as a formatted document -- of what specific activities were initiated. All these features are very common, and the point is that identity management needs to be integrated the same way other management functions would.
More on identity management systems
Readers' Choice: Best of Identity and Access Management 2012
Identity access management boldly goes where Active Directory has not
Security systems have historically been complex and have required IT pros to be their own systems integrators in many cases. A lot of effort is involved in constructing an implementation and then verifying the results of all that work. Identity management products, however, are designed for one-stop shopping, unifying many components of security into a single element. That makes them much easier to implement and makes it more difficult for something to go wrong.
Many identity management systems offer directory integration, support for both wired and wireless users and the flexibility to meet almost any security and operational policy requirement. Because BYOD is so strategic today, time-saving features such as automated device onboarding and provisioning (which don't involve IT personnel), support for a variety of mobile operating systems (supporting multiple OSes means that access by a greater variety of devices is possible), and automated device status verification (sometimes called a client "health check") are becoming common. Any automation saves time by definition, and BYOD without automation could get quite expensive in terms of labor costs. I recommend products with broad support for 802.1X and guest access as well, because both of these are popular capabilities, and it would be hard to build a comprehensive solution without them.
Even with an identity management system, your work on security is never done. It's best to have a detailed conversation about your organizational, IT and mobility requirements. Spend time checking your needs against what vendors offer today and what's next in their development queues. Advances in identity management will help to define mobile security going forward. At the very least, they will allow IT and security professionals to enjoy a good night's sleep.