Your business almost certainly has a number of digital identities present across resources. Identity is quickly becoming one of the most sacred assets in an organization’s digital infrastructure. Many in the cybersecurity industry have accepted that “identity is the new perimeter”. This essentially means that your average enterprise network is no longer confined to a single local area network protected by a perimeter firewall. Enterprise’s now use a vast array of websites and services spanning across many different networks, each with differing levels of security. Because of this, much of cybersecurity must focus on hardening the identities that employees use to traverse these environments.
A major difficulty I have observed in securing small business networks is the decentralization of user accounts. Even if your business has two or three employees, you are likely to find at least a dozen websites, apps, and online services being used by each employee. For example, as the business owner or manager, you may have accounts on QuickBooks, Capitol One, Facebook, Instagram, Venmo, Walmart, Amazon, Turbo Tax, and your local credit union website. You also have the account you use to sign into your work devices, whether it be a local account, domain account, Microsoft account, Apple ID, etc.
Problems can arise since every single one of these accounts is a separate identity instance. Your business Facebook account exists strictly within the Facebook service and is separated from your Capitol One account, which exists strictly within Capitol One’s services. Every single one of these services has differing levels of user security. It can quickly become overwhelming trying to keep track of all the different accounts your digital identity is being used for. You may easily forget the different credentials used for signing into each account, or which websites have personal or financial information attached to them.
Large enterprises clearly cannot afford to have so many different accounts attached to hundreds or thousands of employees. Therefore, larger enterprises implement technologies like centralized Identity & Access Management platforms to provision and manage user accounts, and Identity Federation to allow those accounts to be used on multiple different websites. These technologies help shrink the attack surface and ease the burden on management that is created when trying to use dozens of different services with a unique identity for each one.
These technologies can be utilized by any organization regardless of size, and this framework will help guide you through applying them to your business in later documents. Before this can be done, it is imperative that you locate and inventory all of the different accounts being utilized in your organization at the present time. Users typically create accounts utilizing their email address. To organize your organization’s digital identities, start by defining every email address currently being utilized. Once they have all been accounted for, you can go in and list every service, website, and app that each email address has been used for. A template for completing this task is provided below. This inventory of users and the services they are attached to will help you create the blueprint for a more secure and convenient identity management program in your business.