Few IAM (Identity Access Management) terms that you should know which comes under Cyber Security:
Access Management: Process and technologies required to control, monitor the network access. Priorities or the features of Access of management is AATS.
Authorization-->Authentication-->Trust and Security are the top notch priorities of any Identity and Access Management Company or IAM.
Active Directory (AD): It's like a phone directory where the information regarding the user/enterprise name phone number are kept stored. Similarly all organisations have their Active directory where information about employees, assets given by the organisation to the user and others, such as Ms office, Cloud services etc.
An organization's utmost priority is to secure the Active directory of their own organisation.This is where IAM plays a vital role.
Biometric authentication: Its an authentication process to let the computer know that you are the actual user of the property. It includes Retina scanning, thumb impression, facial recognition.
Context aware Network Access Control:
Context aware Network Access control uses situational data for eg: Your geo location, Your IP address, how the user is connected, When the user is connected. All these parameters make the system aware that the user trying to access is authorized or not.
Suppose you are trying to access your Office database from your home. Definitely it will say unauthorized login. Because here the location, Your IP address both are checked, even the network through which who want to access the office database are checked.
The requirements of this have increased from past few years because of cloud computing and consumerization of IT.
Credential: It's like the same as you need to login into your bank account. The credential includes password, username. Similarly you have Thumb impression, retina scan, public key Infrastructure (PKI) certificate password to login or to get access to your organisation in which you are employed.
De - Provisioning: The provision of removing the ID or the credentials from the ID repository to terminate the access privileges from a particular organisation. This is done when you leave a particular company.
Digital Identity: The I'd itself acts as a digital identity. For an example you can create your own QR code for yourself where your credentials can be stored digitally which can be known using a bar-code scanner.
IDaaS (Identity as a Service): It refers to a Cloud based Identity and Management service such as SSO (Single sign on), 2 factor authentication, Multi factor Authentication . To authorize entry of any individual both on and off premises.
Identity Synchronization: Suppose you change your login credentials and that gets updated to the server is the identity sync.
Common example is: While resetting the password while login using chrome browser, a popup comes where chrome asks to sync/ update your new password which get saved into the Chrome directory.
Lightweight Directory Access Protocol: Its an access protocol for accessing and maintaining the directory services over an Internet Protocol or Internet Control Protocol.
Multi Factor Authentication: Enterprises are moving towards multifactor authentication from 2 factor authentication because of the widespread hacking of Social Network accounts.
What we generally used is single factor authentication. We need only a password to login. For 2 factor authentication we need our phone number registered on the account. This is for OTP. By default all banks include 2 factor authentication.
Three factor authentication is the most secure way to get access to your account. In addition to others, it includes bio-metric authentication (viz. Retina scanning, facial recognition, thin impression).
Password Reset: It helps the user to give access to his own account when the user forgot his password by reestablishing the password from the browser itself without any technical support from the back-end. Sometimes few secret questions are asked by the system to reset your password for security. Generally this is found when you are trying to reset your pass of your enterprise account or bank account.
Privileged account Management: Alternately it is also called as Privileged Identity Management comes under cyber security which ensures or controls the access, permissions of user accounts, processes and technologies across IT environments.
And this process is managed by the Privileged user. Who gives permissions to user account, application system, devices such as (IOT) and computing process. The level of access needed for a particular user is granted by them.
The process of creating identities, defining their access privileges and adding to a ID repository all done by Privileged user and the process is known as Provisioning.
Risk-Based Authentication (RBA): It dynamically adjusts the authorization guidelines based on the user's position or the users State. What it means is, whether you want to access your account from public Wifi you might need an additional security option to login.
If you are trying to login from another IP address, you might need additional security questions or OTP based login to get access to your account.
All this scenario you will see when you try to access your Gmail account from another device from which you don't actually login.
Also remember when you try to login in Fb account, Gmail account it says remember me on this device. Opting this will give the server to remember your IP, Geo location. And thus gives additional security.
Security principal: These are multiple digital credentials which are required to authenticate and authorize before allowing anyone to access.
Before that let me clear what Authentication is..?
It represents the process by which the identity of a subject is verified., and must be in secure fashion. Otherwise the perpetrator on getting access to it may impersonate to gain access to the system.
Once authenticated , a subject is populated with associated identities or principals.
A subject may have many principles. Eg: Name principal: Rodrigue, and an SSN principal 123_456_987.
Single sign-on (SSO): This is generally used by the enterprises or the small Organisation where one set of credentials is required to get access to multiple applications.
User behavior analytics (UBA): This is related to user behavioral study in the web platform based on statistics and applied algorithm which can be detected by analyzing anomalies in the pattern.
UBA doesn't track user devices but tracks their activity.
Big data platform uses Apache Hadoop to analyze petabytes of data to figure out the anomalies in the pattern to detect insider threat, targeted threat, financial fraud.
It is also called UEBA( User and entity behaviour analytics).
9 Comments
Great job for publishing such a nice article. Your article isn’t only useful but it is additionally really informative. trusted cyber security consulting firmThank you because you have been willing to share information with us.
ReplyDeleteExcellent post. I really enjoy reading and also appreciate your work.Professional Internet Security Consulting Service This concept is a good way to enhance knowledge. Keep sharing this kind of articles, Thank you.
ReplyDeleteExcellent job, this is great information which is shared by you. This info is meaningful and factual for us to increase our knowledge about it. about soc private security USA So please always keep sharing this type of information.
ReplyDeleteThere is no requirement of any proof or statistics to prove the threat: Cyberattacks is our reality. Why has this transformation from a threat to reality happened? Cybersecurity Plan For Small Business
ReplyDeleteI found decent information in your article. I am impressed with how nicely you described this subject, It is a gainful article for us. Thanks for share it.Hire a hacker
ReplyDeleteYou have done good work by publishing this article here. I found this article too much informative, and also it is beneficial to enhance our knowledge. Grateful to you for sharing an article like this.Computer Hacker For Hire in Usa
ReplyDeleteI admire this article for the well-researched content and excellent wording. I got so involved in this material that I couldn’t stop reading. I am impressed with your work and skill. Thank you so much.GPS tracker for drivers
ReplyDeleteI just need to say this is a well-informed article which you have shared here about .WB Sales and Service It is an engaging and gainful article for us. Continue imparting this sort of info, Thanks to you.
ReplyDeleteYou composed this post cautiously. How much data is staggering and furthermore a beneficial article for us. Continue to share this sort of articles, Thank you.Computer Hacker For Hire in Usa
ReplyDelete