A study conducted by Intermedia last year found that the average employee relies on 13 different web applications at work, each requiring a different password. It also found that 89 percent of working adults retained access (i.e., a valid login and password) to at least one application from a former employer. More concerning, 45 percent retained access to “confidential” or “highly confidential” data, and 49 percent logged into an account after leaving the company.
With these realities in mind, identity and access management (IAM) software is increasingly necessary for businesses of every size to combat potential data breaches to data and IT systems. IAM is not only about single sign-on (SSO): A range of new and advanced capabilities greatly increase security while improving employees’ productivity. In this slideshow, Intermedia highlights the top five features business should look for in an IAM solution.
Five Essential Enterprise IAM Features
Click through for the top features organizations should look for in an identity and access management solution, as identified by Intermedia.
Double Down on Security: Two-Factor Authentication (2FA)
By now, it should go without saying that two-factor authentication is essential. Having one strong password to log into all of your accounts is convenient, but it’s not enough, especially if that one password gets compromised. Two-factor authentication randomly generates and sends a unique verification code or a push notification to the user’s phone, making the login process much more secure than one that uses passwords alone.
Set It and Forget It: Dynamic Password Management
People are notoriously bad at creating and then remembering multiple strong passwords, and as Intermedia’s research shows, employees often take passwords with them – putting their previous employer at real risk. In light of that, IT teams should take the responsibility of creating passwords out of the employees’ hands and in fact not even let employees know their corporate web application passwords, beyond their one master password.
Dynamic password management technology creates a unique, strong password for each of a user’s corporate web applications and changes it on a pre-defined scheduled basis. Employees never know what those passwords are — they simply log into their SSO solution and the system logs them into all their web applications. This ensures that employees cannot log into those systems outside of work and take confidential information without the company’s knowledge. And, most importantly, it means they can’t take their passwords to corporate web applications with them when they leave the organization.
The Best of Both Worlds: App Shaping
Most IAM solutions give IT complete control over which corporate applications employees can access. However, it’s growing increasingly important to have even more granular control than that.
Application shaping is new technology that gives IT complete control over what each employee or groups of employees can see and do within web applications. For example, you could redact certain data fields within these web applications for certain types of employees, disable certain features or even make web applications entirely read-only.
By removing high-risk features (e.g., exporting files, ability to mass delete, etc.), a company can increase its security, without limiting its workforce’s flexibility.
See the Whole Picture: Capture Visuals for the Audit Trail
With compliance an ongoing concern for most businesses, any IAM solution should maintain an audit trail. However, just knowing who logged in and out and when they did it is no longer adequate. Advanced IAM solutions allow for IT teams to monitor the use of specific features within web applications, send alerts for unusual activity and even provide the option to capture screen shots when certain online behaviors occur. This provides visual evidence of exactly what the user was doing.
Get Smarter Restrictions: User-Empowered Identity
Digital identities need to be protected and who better than individual users to identify suspicious account activity? Premium IAM solutions now offer users with real-time notifications when suspicious events occur and empower users to perform immediate and appropriate responses.
For instance, if an attacker were to attempt to log in with a user’s identity from a different country, the user would be presented with a security notification in the browser or via an SMS text message instead of an operations team being alerted, as they may not be aware of the individual’s location. The user can then issue a response to disable the account or immediately change a password. This gives companies a higher level of assurance that their data and user accounts are protected.