How identity and access management can protect your charity and save resources

What is Identity and Access Management? And how can it help your charity to safeguard sensitive data and vital operational systems?

Aidan Paterson | 30th Jan 20
Identity and access management - OKTA

This article is sponsored by Okta for Good, the social impact arm of Okta, offering industry-leading Identity and Access Management solutions.


What is Identity and Access Management?

As the number of technologies that we use increases, so do the number of “identities” that we have to manage and secure. Identity and access management (IAM) refers to tools and frameworks that help us manage this growing complexity.

The goal of implementing an identity solution is to ensure that the right people (and only the right people) always have access to the right technology and data at the right time. Those people might include your employees, volunteers, donors, beneficiaries, and more. Perhaps they’re accessing cloud-based applications to perform parts of their job. Perhaps they’re logging in to a website or app that you have built and maintain. It can be daunting to keep track of all these identities while providing a secure and seamless experience to each one – yet that is what stakeholders demand and deserve in order to earn their trust.

Further, many charities hold large reserves of sensitive data, yet 44% of all charities don’t protect themselves with the right cyber security tools. This is one of the reasons why charities have found themselves on the receiving end of cyber attacks. Charities need a way to improve their security without breaking the bank.

Identity and access management can allow charities to provide another step in verifying the identity of anyone attempting to access vital operational systems or data. This helps to protect against the tools used by hackers to steal passwords – and ensures a level of due diligence on behalf of the charity protecting the sensitive data. 

 

> Read More: 3 security strategies for charities that are more secure than passwords

 

Identity is the new security perimeter

Many of us remember a time when we had to physically be in the office and at our desks in order to access our work systems. Those were the days of on-premise servers, closed networks, and firewalls. In those days, IT security was about building a perimeter around the internal network where everything inside was trusted, and everything outside was not. Those days are gone.

The rise of cloud computing and the proliferation of personal computing devices being used for work has essentially dissolved that old notion of a perimeter. The new “perimeter” must wrap around each individual person and device. This is why identity is at the heart of modern security.

 

How does it work?

It starts by unifying disparate identities into a single source of truth. Those identities might pertain to external users (supporters or beneficiaries – ‘Customer Identity Management’ or CIM) or internal users (employees – Employee Identity Management or EIM). The core principle adhered to by IAM systems is that each individual will be bound to one digital identity. Once that unified identity has been established, it must be maintained throughout that user’s ‘access lifecycle.’ It can be modified, or issued with a different level of clearance, but it should be maintained so as to ensure the integrity of the verification.

This is achieved through a combination of two separate but related concepts: authentication and authorization. Authentication describes the process of verifying that a user is indeed who they say they are. After authentication has occurred, authorization is the process of verifying the level of permissions granted to the identified user.

IAM solutions enable you to centrally control the methods and standards you want to use for authenticating and authorizing all users across any technology. You can grant levels of access appropriate for their credentials, by establishing a user identity and binding it to their profile with another method of authentification. The process of authentification safeguards any sensitive organisational system or data by verifying user identity.

You can also apply the principle of least privilege to limit the access or functionality that different users have – ensuring that access is granted on a ‘need-to-know’ basis; keeping any sensitive data, or vital systems as secure as possible. 

 

> Read More: Opinion: password management in the charity sector

 

More secure and more efficient at the same time

It’s easy to imagine a trade-off between security and efficiency, but it needn’t be the case. Take single sign-on (SSO) as an example. SSO is perhaps the most basic and well-known use of identity and access management. By implementing SSO, your organization can adopt and deploy any number of technologies to your employees without increasing the number of usernames and passwords that your employees need to manage. That means your organization gets more secure and more efficient at the same time.

Another example is automated provisioning and deprovisioning of user accounts. Without a unified identity provider, new employees must be manually added to each of the systems and platforms they need to do their work. This process is time-consuming and error-prone. A good IAM solution can automate much of this work by provisioning user accounts in “downstream” applications once the user has been created in the identity system. Similarly, if an employee leaves, administrators can simply deactivate or delete the user from the identity system and watch as those “downstream” user accounts are automatically deprovisioned. This automation saves time, reduces the risks of lingering access and human error, and helps you conserve product licenses for the downstream applications.

 

How do I get started?

CSO outline a number of further IAM tools that are available to charities, including password-management tools, provisioning software, security-policy enforcement applications, reporting and monitoring apps and identity repositories. This resource also goes into further detail around how the technology works, how it can be implemented, and what the benefits are. 

Charities can also benefit from some free online resources outlining processes, products and vendors in more detail. Gartner’s ‘Magic Quadrant for Access Management’ identified Okta as the vendor with the highest ability to execute and completeness of vision. 

The National Cyber Security Centre also offer guidance on implementing IAM solutions. This resource is useful for charities who need a bit more information getting to grips with the technology and relevant processes. 

Solutions Review offers a directory profiling 29 top Identity and access management software vendors. This outlines the solutions offered and provides information on next steps, which can help charities to find the solution that suits their needs. 

 

> Read More: What cyber security tools do small charities need?