With the increase in ‘online everything’, traditional IT environments and legacy identity and access management (IAM) systems are being pushed to their limits. The result is latency, frustration, friction, and increased risk, causing organizations to ask how to support business at scale without compromising security and user experience.
Here are five modern IAM capabilities to help you get started.
1) Availability and Scale
To keep your business going and make user experiences fantastic, it is important to ensure that a user’s access and session remains undisrupted should something happen, such as a server going down. Modern IAM platforms should include both service availability and session availability. Service availability ensures that users can access a site when a server goes down. Session availability preserves and keeps a session running if a server goes down.
Modern IAM should also support a variety of scale scenarios. This includes an ever-changing number (often millions) of users, devices, and things, as well as changing frequencies and lengths of simultaneous and concurrent sessions. Additionally, to help maintain healthy services and protect against breaches and distributed-denial-of-service (DDoS) attacks, you should leverage an Identity Gateway to monitor API traffic, throttle traffic volume, and detect anomalies.
2) Custom Authentication Journeys
As employees, students, or binge watchers, we all want fast, frictionless access to apps and services. At the same time, organizations need to protect their assets and customer data from fraud and cyberthreats. By customizing authentication journeys with factors such as user type, device, and geolocation, as well as using self-service features such as self-registration or password reset, you can reduce friction during the authentication process in order to provide a great user experience. On the flip side, you can also add friction, such as multi-factor authentication, when there’s suspicious activity.
3) Support for Bring Your Own Device (BYOD)
Remote workers and remote students often need to use their own devices to do their work. Supporting BYOD models requires modern access management. Just as with custom authentication discussed above, with modern access management capabilities, organizations can easily define different user journeys for access by device. This is done by capturing device-specific context such as IP address, localization, browser agent, and device characteristics. You can also store, with the user's consent, a cookie in their browser to help identify them when they return. By capturing this rich data set and then using it to make runtime access decisions, organizations can configure flexible yet secure journeys that prompts the user to authenticate, re-authenticate with a second factor, or completely deny access when appropriate.
4) Support for Zero Trust/CARTA Security Models
It’s a sad reality that fraud and cybercrime have persisted and even risen in the wake of current events. Zero Trust/Continuous Adaptive Risk and Trust Assessment (CARTA) security models are based on the idea that no network, individual, thing, or device can be trusted. Modern identity platforms should be able determine whether an entity requesting an action is authorized to do so and if they have proven they are the entity they claim to be with a sufficient level of assurance based on the risk of the specific action. Within these models, every action taken must be properly authenticated and continuously authorized. To do this, authentication and authorization decisions take into consideration a rich set of information by leveraging contextual information and become risk-based rather than binary.
5) Privacy, Consent, and Regulatory Support
To support a remote workforce requires that you comply with the various regional regulations (such as the California Consumer Privacy Act [CCPA] and General Data Protection Regulation [GDPR]) that apply to your employee, student, and customer locations. For global and regional compliance, it’s critical that modern IAM platforms enable you to meet regulation and compliance standards. This includes Privacy by Design and consent mechanisms based on the UMA 2.0 standard, as well as integration with other software that help meet regulatory requirements.
And equally important, to provide a great experience for your users, you also need to make it easy for them to register, consume, and manage their personal preferences or run the risk that they will leave for a better experience offered by competitors. Modern IAM platforms should include intuitive and user-friendly privacy and control mechanisms that make it easy to register and manage profile and privacy settings.
We’re Here to Help
With modern IAM capabilities, you can easily address the demands for remote work, study, and play at scale. ForgeRock is here, prepared, and able to help you quickly meet the challenge. Getting started is simple. Contact us to start a conversation or learn more about how to connect everyone, anywhere.
Interested in more IAM capabilities that enable remote work and online business at scale? Check back next week for five more tips or sign up for our RSS feed to get the latest ForgeRock news sent to you directly.