Identity management is a general term that refers to security at work. An identity management system, for example, ensures that individuals access only those parts of a building or computer system that apply to their jobs. Identity management also deals with the control of data. Since data is often personal, identity management helps safeguard privacy. These issues – work security, data control and privacy – affect everyone. And yet people don’t always realise the importance of identity management in their lives.
Office Building
To give an idea of identity management at its most basic, picture the floor of an office building. The plan of the floor shows rooms, corridors, a reception area, toilets, doors, stairwells and lift access.
Some of the rooms, as with any office, contain confidential files and other important data. The organisation that occupies the floor clearly doesn’t want the public to have unrestricted access to this. Furthermore, it wants its staff to go about their jobs without members of the public unexpectedly approaching them.
Staff must therefore have some form of code or card to access the floor. This type of access management allows staff to enter the areas where they work. It ensures the safety and security of staff and prevents unauthorised access to office equipment and confidential files. The organisation may also want to limit staff access to certain rooms. Once again, this may be for reasons of confidentiality. A code or card system can control this.
The point is, that access management is part of identity management. An organisation may only wish to allow a junior employee, for instance, to access the communal areas and the room in which he or she works. The organisation can control this with an access management system connected to each member of staff.
Harassment and Theft
The above may seem fairly obvious. Even so, some business premises do not have access management systems. Unauthorised visitors can harass staff. Thieves may enter a building intent on stealing. Such theft is serious. Thieves may want physical items such as printers. They may also be interested in business accounts, customer details and the payroll information of employees.
Computers
Most information in an organisation is on computers, of course. This is another critical area for identity management. Organisations should control and monitor who accesses what on their computer systems. This helps ensure the security of data. It also protects staff. Without identity management, staff are open to accusations of seeing personal and confidential data that has nothing to do with their jobs.
Identity management on computers usually involves passwords and access levels. But running a system’s security on passwords alone may be inadequate. Some staff use obvious passwords; some don’t change the password from its default setting; others walk away from their screens and keyboards before logging out. A password system can leave computers less vulnerable to unauthorised access.
More effective identity management systems for computer access use biometrics. These include fingerprints, palm prints, face recognition, iris recognition and DNA. The problem, however, is that few organisations adopt these options.
In America, for example, the Government Accountability Office (GAO) reviewed federal computers. The GAO found that the FBI had a weak identity management system. According to the GAO report, the FBI did not identify and check computer users properly. It also failed to have sufficient safeguards that prevented unauthorised people gaining access.
Recommendations
Workplace security experts recommend an organisation has an identity management strategy. The purpose of the strategy is to introduce an identity management system that applies to all aspects of the organisation’s work.
To achieve this, the temptation is to use a software application. Experts advise caution, however. Software apps can lead to an uncoordinated strategy across a large organisation. The result is that people who wish to abuse the system can do so with relative ease.
Instead, experts suggest a centralised approach to identity management. Organisations should use a single place where an authorised officer can create, adjust and monitor individual and group identity accounts as necessary. The officer can also approve or deny access for staff who wish to use specific areas of an organisation’s computer system.
Closing an individual’s access when he or she leaves is also important. The failure to close an individual’s account is common. It can lead to gaps in the system that are open to exploitation.
Finally, users must understand an identity management system and its relevance to their work. Employers should arrange appropriate training. Some experts even recommend that employers re-issue identity management access to all staff once a year, and tie this in with refresher training.
Cost
Identity management clearly comes at a price. Employers must also put time and effort into the process. But the overriding benefit is secure working. Data remains confidential; thieves and hackers struggle to gain access to financial data; and staff feel more confident about their working environment.
