Identity and Access Management

At WinMagic data protection is our strong suit and we often talk about it on this blog. At the same time it’s good to remember that ensuring security of data at rest using encryption and strong key management are just two important aspects of the larger picture of data security. In my next few posts I’d like to expand on other challenges an enterprise faces as part of the larger picture, the solutions and technologies that address those challenges and their potential links to encryption and key management.

One area which has been experiencing particular growth is Federated Identity Management. The most basic scenario where Federated Identity is applied is in organizations, which over time either due to organic growth or through mergers and acquisitions, have developed silos of identity. Yet the users across these silos need access to centralized IT resources. Two recently popular scenarios are consequences of phenomenal adoption of cloud and mobile in enterprises. Firstly, mobile users need to authenticate and access enterprise resources from a wide variety of platforms and applications. They also often reside outside of corporate IT network, which results in additional complexity of authenticating to the network and then gaining authorization to access particular resources within. The second scenario involves cloud-based services. As more and more enterprises move to the cloud, a larger portion of users will be logging in to externally hosted services. Some examples include Microsoft Office 365, Salesforce, Google Apps for Enterprise, Dropbox, WebEx, etc. Partnerships are another example where Federated Identity can resolve the challenge of disparate identity systems for enterprise IT.

Gartner defines Federated Identity Management as follows:

Federated Identity Management enables identity information to be developed and shared among several entities and across trust domains. Tools and standards permit identity attributes to be transferred from one trusted identifying and authenticating entity to another for authentication, authorization and other purposes, thus providing “single sign-on” convenience and efficiencies to identified individuals, identity providers and relying parties.

In this definition, Single Sign-On or SSO is listed as one benefit (or service) provided as part of the larger Federated Identity solution. It’s good to make that distinction since SSO is often mistaken for Federated Identity even though the latter encompasses a much broader set of services, tools, policies and processes. This white paper by Layer 7 goes more in depth if you are interested.

One of the more popular features of our product is our Pre-boot networking feature called PBConnex. It provides a means of authenticating user credentials against SecureDoc Enterprise Server (SES) and Active Directory (AD) before the operating system loads, hence pre-boot. Access to devices is originally defined by the SES Administrator, but can be maintained by the Active Directory Administrator. We even inherit SES administrator roles from Active Directory. Therefore, instead of SES acting as an independent silo of identity it joins the larger enterprise identity system. If your Active Directory is part of a Federated Identity system, SES will consequently become an identity client of that system. It’s a big IT cost saver, which at the same time provides a great and secure user experience.

Previous Post
Interop 2014 – Viva Las Vegas
Next Post
Keeping up with Healthcare Security