What is Identity and Access Management? And how can it help your charity to safeguard sensitive data and vital operational systems?
This article is sponsored by Okta for Good - a not-for-profit initiative offering industry-leading technology, and specialising in Identity and Access Management solutions.
Identity and Access Management (IAM) refers to any technology, or set of policies, processes and systems which bind an individual to a set of permissions within your system; defining and managing the roles and access privileges of individual network users and the circumstances in which these users will be granted these privileges.
Those users might be external (supporters or beneficiaries - ‘Customer Identity Management’ or CIM) or internal (employees - Employee Identity Managemen or EIM). The core principle adhered to by IAM systems is that each individual will be bound to one digital identity. Once that digital identity has been established, it must be maintained throughout that user’s ‘access lifecycle.’ It can be modified, or issued with a different level of clearance, but it should be maintained so as to ensure the integrity of the verification.
Identity and access management allows you to choose the level of access that you grant to users. You can select which users can access certain systems or datasets, and under which circumstances. These systems also allow you to modify or change a user’s role, track user activities, and implement system use policies.
These permissions may allow the individual to:
This technology ensures that a new user is who they say they are. You can grant levels of access appropriate for their credentials, by establishing a user identity and binding it to their profile with another method of authentification.
The benefit of using this authentification method is that it assures you that the request for access is being made by a member of staff whose identity has previously been validated.
You can apply the principle of least privilege to limit the access or functionality that different users have - ensuring that access is granted on a ‘need-to-know’ basis - and keeping any sensitive data, or vital systems as secure as possible.
These systems may be comprised of a number of technical components: including directory services, and authentification components.
The National Cyber Security Centre break identity and access management down into the following areas:
Multi-factor authentification is a crucial part of Identity and Access Management. Simply providing a password is not a high enough level of security for sensitive information. By including additional steps to verify a user’s identity, you can create a more secure process.
Two-step authentification is a common example that your charity may already be using. This process allows users to enter a password on one device (usually an office computer or laptop) and then verify their identity by entering a code on a secondary, linked device (usually a mobile phone).
Why this additional level of security? To meet a higher level of threat.
Hackers are now using a wider and more sophisticated set of tools to steal passwords. These may include phishing, social engineering, and other techniques that can be guarded against with the inclusion of a secondary or tertiary method of authentification.
More information on Multi-factor authentification is available from an Okta Adaptive MFA Whitepaper, which is available free online.
Many charities may hold large reserves of data - whether it be financial, operational or related to supporters and beneficiaries, Charities, and particularly charities dealing with vulnerable beneficiaries, have a responsibility to safeguard that data.
44% of all charities don’t protect themselves with the right cyber security tools, as they don’t believe they are at risk. This means that this valuable data isn’t being properly protected - which is one of the reasons why charities have found themselves on the receiving end of cyber attacks.
Identity and access management and multi-factor authentification can allow charities to provide another step in verifying the identity of anyone attempting to access vital operational systems or data. This helps to protect against the tools used by hackers to steal passwords, and ensures a level of due diligence on behalf of the charity protecting the sensitive data.
CSO outline a number of further IAM tools that are available to charities, including password-management tools, provisioning software, security-policy enforcement applications, reporting and monitoring apps and identity repositories.
Charities with dedicated IT specialists (or employees/volunteers with a high level of technical knowledge) can also benefit from some free online resources outlining processes, products and vendors in more detail.