Policing the network: who accesses what?

Access controls and identity management experts look at what kinds of authentication and access controls enterprises can and should implement, how they work and how they protect the network against unauthorised intrusions.

Tags: Aruba NetworksDell CorporationGemalto NV (www.gemalto.com/index.html)HID global (www.hidglobal.com/)help AG (www.helpag.com/)
  • E-Mail
Policing the network: who accesses what? Who accesses what in a corporate network is an essential tool in the battle to maintain network security.
By  Georgina Enzer Published  April 22, 2013

Access controls and identity management experts look at what kinds of authentication and access controls enterprises can and should implement, how they work and how they protect the network against unauthorised intrusions.

If you are a network manager who has not implemented identity management (IDM) and network access controls (NAC), then you will be a network manager who is looking for a new job, according to digital security experts Gemalto.

“If you do not implement identity management and network access controls, you are really setting yourself up for a problem because even though a username and password has been considered good enough security, that is changing. We are getting to a place where the demand, especially for sensitive areas of a corporate network, is for stronger authentication credentials,” explains Ray Wizbowski, vice president of strategic marketing, Security Business Unit, at Gemalto.

IDM and NAC is the management of individual identifiers, their authentication, authorisation, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks. Who accesses what in a corporate network is an essential tool in the battle to maintain network security.

IDM can be extended to physical access, to buildings and access control systems in general. A good example of this is the Emirates ID card, which potentially could be used for identity management or to identify the individual.

“In the future you might have public services which will use the certificate store that we have on the Emirates ID to identify the individual against those services. There is nothing that stops the Emirates ID project from also having commercial access for enterprises to identify employees, visitors etc,” says Nicolai Solling, director of technology services at help AG Middle East.

Controls
When enterprises looking at IDM and NAC for the typical uses that exist within the organisation and the access that they need, they need to keep in mind how privileged users are controlled within the organisation.

“As part of an overall access governance programme, people should look to put the right controls in place that actually improve the ability for people to do their jobs, but also take away the risk from the business. So being able to control the sharing and use of privileged passwords, being able to record sessions if an external consultant is accessing systems and being in a position where you haven’t got large number of administrators who are using and sharing system or administrator passwords,” says Phil Allen, director, Identity and Access Management, EMEA at access control and identity management experts Dell Quest One Identity Solutions.

The average American enterprise environment any user will have up to 25 different identities they have to remember within the environment and at any point in time they will have username and password that is expiring or about to expire and the user has to remember all of these, says Wizbowski.

“From a management perspective that is a huge overhead. Every time that you lose a password as a user, some of the research shows that it costs the company $25 is in loss of productivity because the person cant log it, it is the fact that you have to call support etc,” he explains.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code

Competitions