Password solutions a core element of IAM strategies today

Attendees at the recent Gartner Identity & Access Management Summit were treated to a first-hand look into a rapidly emerging industry segment widely considered a bulwark against the surging threat of global cybercrime. And as Summit visitors saw, the threat environment is a hyper-dynamic one that necessitates a multi-layered approach to securing digital assets against the constant threat of attacks.

As was explained at the Summit, Gartner defines identity and access management solutions as tools that manage digital identity and access rights across multiple systems. The tools accomplish this business-critical function in today’s highly distributed computing environments by aggregating and correlating identity and access rights data to enhance control over user access. Such aggregated data serves as the basis for what Gartner sees as the core identity and access management functions, which include:

  •   Identity lifecycle and entitlements management
  •   Access requests
  •   Workflow orchestration
  •   Fulfillment via audited provisioning and service tickets
  •   Reporting and analytics
  •   Role and policy management
  •   Auditing

Multi-layered IAM

The important work of regulating user access historically has involved not one but several layers and methods of authentication, including the use of passwords. Passwords properly used and managed are highly effective at limiting attacks and their resulting damage. In fact one major study found that a stunning 81% of hacking-related breaches leveraged either stolen and/or weak passwords. Seen this way, password protection remain a vital part of any comprehensive identity and access management solution.

Passwords are also a routine, widely accepted element of two-and even three-factor authentication strategies favored by an increasing number of organizations, as passwords combine something that is known (or easily managed by a comprehensive password management solution) along with things like a smartphone, facial recognition, iris scanning or fingerprint sensors. It is this multi-factor authentication, grounded in judicious password hygiene and best practices, that gives assurances that the correct users are accessing the correct systems and data.

Safety in numbers

A lot of the buzz at the Keeper Security booth at the Summit revolved around the growing imperative of multifactor authentication. In fact, in most mid-to-large sized organizations, multifactor authentication is already the norm, and is increasingly being mandated and adopted in SMBs as well.

Keeper is a member of The FIDO Alliance, and several other members of the organization were present and active at the Summit. FIDO is an industry consortium launched to address the lack of interoperability among strong authentication devices and the problems users face creating and remembering multiple usernames and passwords.

With its comprehensive password management solution, Keeper makes remembering complex, bulletproof passwords a thing of the past. Not only that, but Keeper integrates with any other authentication solution, ensuring that the documented protection capabilities of strong passwords are part of any multifactor strategy. The multi-factor authentication solutions of Duo Security and Yubico are just two of the many solutions with which Keeper seamlessly integrates.

For Keeper customers seeking a one-vendor multi-factor solution, Keeper offers Keeper DNA. This solution uses connected devices you already own to create a unique profile serving as a second factor–along with strong passwords–to verify your identity and allow successful logins.

IoT at center stage

The Internet of Things also took center stage at the Summit and around the coffee klatches. Reliable estimates hold that there will be some 8.4 billion IoT devices in use by the end of 2017, up a full 31% over last year. And most all of these devices arrive fresh from the manufacturers with pre-set passwords, often no more complicated than 123456.

At various Summit sessions and gatherings, we learned the following:

  •   In business already IoT devices are generating tidal volumes of data, often including sensitive personal data. Protecting that personal data is of paramount importance.
  •   Identity management best practices, which certainly include passwords front and center, apply to IoT devices as well as to their users.
  •   Question: Can your current identity and access management solution properly manage IoT devices?
  •   Attacks against IoT devices are mounting. And why not? With so many equipped with factory pre-set passwords, they are soft targets.

According to Gartner, identity and access management solutions will become an integral part of every comprehensive IoT strategy. In other words, IoT platforms need to support IAM solutions. And as we have noted, these solutions today come with a heavy dose of comprehensive password management.

IAM is red hot

One indisputable fact emerging from the Summit is that identity and access management is a rapidly ascending market segment and an essential element of any organization’s cyber security strategy. Analytics leader Research and Markets values the global IAM market at nearly $25 billion within five years. IDC notes that “the IAM market will continue to be a leader in the security products space, with a strong growth rate.”

Just remember: Passwords today are a central element of a successful IAM strategy.