The Essentials Series: Enterprise Identity and Access Management

by Richard Siddaway


Identity and Access Management is an essential activity for the modern enterprise. Unauthorized access to corporate data can have huge financial implications. However, most organizations maintain multiple directories and multiple access systems, which complicate administration and may compromise security.

The Essentials Series: Enterprise Identity and Access Management starts by looking at identity and how you prove who you are. Once authenticated, you can be authorized to access the corporate data. There are a number of administration challenges in this field especially when multiple identity and access management systems are in use. The series premise is that consolidation on to a single system - namely Active Directory - can resolve these issues and provide a simplified system that is less expensive and more secure. The series closes with a look at the compliance issues surrounding Identity and Access Management and how these issues can be addressed by standardizing and consolidating on to Active Directory.


Article 1: Authentication

In most organizations, authentication has to be performed numerous times across multiple systems. Most authentication takes place by using passwords. Multiple passwords of differing length and complexity will create more work for the administration staff and potentially lead to password disclosure when users write down their passwords. Consolidating your authentication mechanisms to use Active Directory will make administration simpler and the environment more secure.

Article 2: Authorization

Authorization covers granting permissions to access data and other resources. Multiple authentication systems mean multiple authorization systems. Consolidating authorization into Active Directory allows all of your administration to occur on a single platform.

Article 3: Administration Challenges

Heterogeneous environments pose a significant challenge for administrators especially when considering account and password management. Who will be delegated control of accounts and passwords? How will you monitor their activity? What is the lifecycle of an identity? Solving these challenges enables the adoption of an improved identity and access management process.

Article 4: Compliance

With multiple systems for identity and access management it is very difficult to know who has access to what or who is using, or possibly abusing their privileges. By consolidating to Active Directory there is only a single directory to consider which makes reporting for compliance easier and more efficient.