Tip

The new role of identity and authentication in the enterprise

It's increasingly important to use identity and access management systems in the enterprise. Luckily, an emerging market fills the need -- but you'll need to navigate it first.

As it becomes increasingly more important to control customer and user privacy preferences across locations, ways to manage identity and authentication have emerged in the enterprise.

Identity and access management, preference management, and the role of secure internal and external API stores are becoming essential in the workplace. Financial institutions can use these technologies to confirm identity regarding payments and loans. Other companies can use them to provide access to social assistance, healthcare and education; to prove customer identification for transactions like buying ; and for open API platforms, such as the Payment Services Directive II effort in Europe.

There are a number of different providers of identity and authentication products. There are providers that focus on authentication, attribute exchange, and identity and access management (IAM), such as Ping Identity and ForgeRock.

Companies such as Trulioo and Signicat focus on gathering identity data, such as gender and job title, to enable their users to securely identify online customers. Attribute exchange services, such as Open ID, share identity information between endpoints. For example, a company that uses a third-party payroll service could use an attribute exchange service to accurately pay their employees without sharing unnecessary identification data. Global technology companies, such as Microsoft, Google and Facebook, enable people to use their usernames and passwords to authenticate with a variety of service providers.

Best practices to manage identity and authentication platforms

No one wants to remember a username and password for different portals, let alone manage separate access to those portals. An open standard called OAuth ensures users can seamlessly log in to all the portals within an enterprise.

Terms to know

  • Digital identity is the process of presenting identity for a system. Although identity and authentication are sometimes used interchangeably, there is a difference. Authentication validates the identity to the system. Identity is the username and authentication is the password.
  • Identity as a service enables the capability of identity and access management.
  • IAM coordinates the technologies and resources to provide access to the right network resources.
  • Preference management is the ability of a third party, such as a bank or tech company, to manage user profiles to protect their identities.

Also, security teams normally have to track login history, usage info and security changes. For example, security teams must keep an audit trail of changes, such as granting different roles access to a particular document. An IAM tool can track all of these metrics across multiple applications.

Look for platforms that integrate easily with Lightweight Directory Access Protocol and Active Directory. As employees need to access objects or data from partners, sub-companies and many different domains, it can become hard to scale with separate processes for identity and access management and access control.

Instead, externalize access management using a blockchain application. This enables instant proof of identity and access to data and objects throughout the ecosystem. Blockchain transactions occur on a distributed ledger to which the company doesn't have access.

For example, Capital One has a website -- essentially a link to a blockchain ledger system -- that enables apartment managers to check the identity of potential tenants. Capital One doesn't have to internally verify the authentication of the person about whom the apartment manager is inquiring; it is instantly verified on the external blockchain ledger.

Dig Deeper on Mobile management