Tight controls needed over users and access
These days, organisations have to secure an increasing number of users, all of whom are accessing more and more applications from a variety of places and devices.
This is putting pressure on identity and access management systems, compounded by the fact that security, while more crucial than ever, is difficult to maintain, considering legacy identity systems, BYOD, and the fact that users expect instant authentication and fast access to their applications and accounts.
This is hard in corporate IT, when each application is isolated and disparate, says Andrew Whittaker, practice lead at Ubusha, who will be presenting on 'Identity 2.0', at the ITWeb Security Summit 2018, to be held from 21 to 25 May, at Vodacom World, in Midrand.
"Without a transparent layer of identity, it requires large identity governance programmes to centralise all these user accounts and access and apply policy to them. Lots of integration, lots of additional management."
He says cyber security needs us to put tighter and tighter controls over users and access, but in a world where everything is disparate, this only makes the lives of users more complicated and customer experiences far worse.
Managed in isolation
He says corporate IT systems have in the past been built, managed and secured in isolation. "If you consider modern Internet applications such as Facebook, Google and Microsoft, the identity experience makes the entire platform feel like one application."
You login once and you can access any and all of the various services, Whittaker explains. "This transparent layer of identity allows for security controls to be implemented seamlessly across all applications. Consider how, when logging into a SaaS application, you might be required every now and again to provide an OTP [that is] sent to your phone."
Identity is the glue that, when used to tie applications together in an open standards way, can make access far more secure and also far easier for the users to experience, he says.
Delegates attending Whittaker's talk will hear how modern Internet application design can tie their security and user experience together through a spine of identity. "Using identity advancements, we can create the same experience within corporate IT, which will greatly secure systems, while simplifying user experiences."
He will discuss these enhancements, and how they can be brought into the corporate environment. Additional topics will include: single sign-on and sign-off through federation, context-aware step-up authentication, attribute-based access controls, and extending these to the API and messaging layers.