At #5 on our list of “Top 20” SOC Capability Areas is Identity Management. This is the first of 4 separate “Access Control” capability areas that are often addressed together – Identity, Authentication, Authorization, and Privacy/Confidentiality Management. (We discuss the complexities of Auditing separately.) While clearly inter-related and interdependent, we dedicate a separate Capability Area to each of these Access Control topics due to their respective complexities and the possibility for independent solutions.
Having a solid foundational knowledge of their environment (both themselves and their likely adversaries), most Security Operations efforts turn their attention to what should be their primary role – Access Control. More specifically, to the management of the organization’s cybersecurity controls – the full range of Authentication (AuthN) and Authorization (AuthZ) methodologies and enabling technologies employed across the organization.
Access Control encompasses all aspects of identity management, authentication approaches, credential provisioning, account provisioning, role management, permissions/authorization management, even privacy/confidentiality management using encryption of data both at rest and in transit. But all Access Control is rooted on the ability to establish unique identities for all the subjects (and objects) within one’s networked environment – both person and non-person entities.
This SOC capability area focuses strictly on Identity Management and its growing set of challenges. The related topics of Authentication, Authorization, and Privacy/Confidentiality will be addressed in their own articles.
Contemporary Identity Management capabilities need to address more than simply the employees of an organization. Vendors, partners, customers, and even non-person entities (IT systems, services, software, OT/ICS systems, IoT devices, etc.) are all potential subjects in the environment that need unique identities as an enabler to effective cybersecurity. This expanding scope presents its own set of challenges, starting with the basics of simply registering each new Identity as new subjects (and objects) enter in to the environment.
How many new entities are created in your environment on a typical day? Users, accounts, applications, services, devices, files, etc. The volume of unique entities continues to grow daily along with the evolution of the business, presenting a significant administrative burden on Security Operations.
Complicating, or perhaps simplifying this, is the evolving trend toward identity federation for managing User (person) identities in cloud-based or internet-facing systems and applications. Some argue that leveraging identity federation eliminates redundancy and simplifies the task. At least for remote users such as customers. While others point out the inherent trust that such federation implies among cooperating organizations, and how that expands the organization’s “attack surface”.
While not very exciting and virtually invisible to management, capabilities for provisioning and managing all of these identities are critical to managing Access Control, and are growing increasingly more important, more complex, and more demanding for Security Operations teams of any size.
This article barely scratches the surface of the need for Identity Management capabilities in contemporary Security Operations. But taken together with the other capability areas in this “Top 20” list, we hope to shine a light on the breadth, depth, and complexity of what is involved in building effective Security Operations today.
Contact us if you'd like help identifying and selecting Identity Management capabilities to support your own Security Operations efforts.