Companies should protect their assets and IT infrastructure not only against cybercriminals but also against breaches caused by employees. For the user management system implemented by the organisation to streamline the work of the IT department and counteract unauthorised access, it should be designed as a shield against any and all security breaches.
What is the role of the user and application management system?
During the entire period of their activity on the market, enterprises and institutions collect a variety of relevant data, some of which are trade secrets and others, for example, contain sensitive employee and customer data. In order to ensure that only authorised employees have access to sensitive resources, a user management system should be implemented in the company. Similar situation applies to applications: an access management system may allow or prohibit specific applications to access particular data or IT infrastructure.
Identity and Access Management (IAM) systems allow the company to define to which resources an employee will have access and which will be out of their reach. Such systems also make it possible to effectively track any user activity in a system.
If a company implemented a user management system and cooperates with external contractors or specialists, it can also control to what extent and at what times its resources can be accessed by people from outside of the organisation.
The security of a user access management system cannot only be considered in terms of protecting data against cybercriminals who look for vulnerabilities and make use of them. Internal attacks are just as dangerous. It is quite common for disloyal employees to take confidential information outside of the company. For this reason, a modern user management system must strictly supervise the access to company data. Such an access should be based on the principle of minimum access, according to which only those persons who need it in order to effectively carry out their duties may have access to specific resources. As a result, the IT department can respond when a user attempts to access data that they are not authorized to access.
User management system and security issues
The implemented by the organization user management system should not only facilitate the work of IT department specialists, but also strengthen the security of the whole organisation by securing access to its resources. The Comarch Identity & Access Management solution is designed in such a way to:
- Eliminate weak passwords. More than 81% of all identified breaches involve the use of a stolen or guessed password. In other words: weak passwords are a powerful threat to data security. Yet, the Comarch IAM system emphasises strong authentication methods. The solutions offered by Comarch are adapted to the requirements of the European PSD2 directive, enabling, among others, two-factor authentication. Comarch software enables also the selection of authentication methods – starting from static and masked passwords, through mobile tokens (e.g. Comarch tPro Mobile) and cryptographic certificates to authentication based on biometrics.
- Use multi-level acceptance schemes. In this case, the principle of limited trust applies, which means that the granting or modification of user or application authorizations is based on the approval of several persons (the so-called Workflow).
- Meet the internal and external control requirements. The audit process is designed to verify whether a given system meets both the functional requirements as well as fully addresses any security issues. Comarch IAM meets these requirements by, among others, role separation, non-erasability of audit logs and strict control of access to administrative data.
- Support the protection of sensitive and personal data. The companies operating on the territory of the European Union must also pay attention to GDPR requirements. Solutions offered by Comarch are compliant with the currently binding legal regulations in this area.
In companies where a user management system was successfully implemented, IT department employees can systematically verify employee or partner accounts and delete those that are no longer used due to the termination of the cooperation agreement. This allows to prevent situations in which an ex-employee still has access to resources and can use them without any restrictions.
Convenience and security of the user access management system
A user or application management system increases the organisation security, but sometimes it happens at the expense of the employees’ comfort. Nowadays, many organisations have a distributed structure, while others are meeting the expectations of their employees by offering them remote working possibilities. This, in turn, makes it difficult to grant employees access to a selected area of resources. This is why the Comarch Identity & Access Management solution allows its users to automate processes wherever possible. It has its advantages:
The number of errors caused by employees’ mistakes is reduced. This translates directly into the level of resources security. Indeed, the effectiveness of cybercriminals is often due to them detecting and using the mistakes made by the employees.
- The time for data processing is reduced. Some employees may be granted access to resources automatically, e.g. by assigning a temporary role to a user that – at the same time – will be the basis for granting them access for a specific period (for example remote work). Then, the manual handling by administrators can only apply to the most complex cases influencing the key company resources.
- IT department personnel can focus on security issues. In the case of Comarch IAM solution, an additional security level for privileged users is offered by the PAM module – Privileged Access Management system). It is designed to manage the access of persons who have administrative access to key data (for example administrators and operators). A successful attack on such an account could cause a significant damage.
- A modern application or user access management system, such as Comarch IAM, is also distinguished by the fact that thanks to its built-in strong security features, it offers its users easier access to company domain applications in the form of the single sign-on principle, meaning SSO. Thanks to this functionality, it is possible to use subsequent applications in the company without additionally having to log into them. This is because the login process is carried out each time based on the authentication performed the first time (for example based on login, password and token).
Today, an access management system can be used by any company. Yet, these are the companies processing large amounts of data, for example insurance companies, financial and educational institutions, medical institutions or government institutions, who should attach particular importance to this solution. That is because these entities often have multiple systems processing different data, which makes managing them even more difficult. Basing access to systems on an IAM-class solution can significantly order and streamline data management in a company and thus minimise the risk of data leakage or unauthorised access.