Having a solid foundational knowledge of their environment (both themselves and their likely adversaries), most Security Operations efforts turn their attention to what should be their primary role – Access Control. More specifically, to the management of the organization’s cybersecurity controls – the full range of Authentication (AuthN) and Authorization (AuthZ) methodologies and enabling technologies employed across the organization.
Access Control encompasses all aspects of identity management, authentication approaches, credential provisioning, account provisioning, role management, permissions/authorization management, even privacy/confidentiality management using encryption of data both at rest and in transit. But all Access Control is rooted on the ability to establish unique identities for all the subjects (and objects) within one’s networked environment – both person and non-person entities.
This SOC capability area focuses strictly on Identity Management and its growing set of challenges. The related topics of Authentication, Authorization, and Privacy/Confidentiality will be addressed in their own articles.
Contemporary Identity Management capabilities need to address more than simply the employees of an organization. Vendors, partners, customers, and even non-person entities (IT systems, services, software, OT/ICS systems, IoT devices, etc.) are all potential subjects in the environment that need unique identities as an enabler to effective cybersecurity. This expanding scope presents its own set of challenges, starting with the basics of simply registering each new Identity as new subjects (and objects) enter in to the environment.
How many new entities are created in your environment on a typical day? Users, accounts, applications, services, devices, files, etc. The volume of unique entities continues to grow daily along with the evolution of the business, presenting a significant administrative burden on Security Operations.
Complicating, or perhaps simplifying this, is the evolving trend toward identity federation for managing User (person) identities in cloud-based or internet-facing systems and applications. Some argue that leveraging identity federation eliminates redundancy and simplifies the task. At least for remote users such as customers. While others point out the inherent trust that such federation implies among cooperating organizations, and how that expands the organization’s “attack surface”.
While not very exciting and virtually invisible to management, capabilities for provisioning and managing all of these identities are critical to managing Access Control, and are growing increasingly more important, more complex, and more demanding for Security Operations teams of any size.