With a never-ending deluge of data security threats in cyberspace, businesses must constantly seek ways to better secure their digital assets. In 2020, modern authentication and identity management tools are heavily promoted as a simple way to fight back against data breaches in the field of enterprise IT, but the difference between these two technology concepts may not be obvious. At first glance, authentication and identity management sound as if they describe the same thing, but one is a subset of the other. Let's look at the meaning of each along with other related terminologies. We'll then move on to look at the differences between authentication and identity management -- and how they overlap.
The information and processes by which a person, device, organization or application can be differentiated from all others at a computing level is known as a digital identity. Proving digital identity is critical to properly assigning access levels for applications, service and data. This assignment of access based on a digital identity is known as identity management. Networks, applications and other computing resources are segmented, and each has details about when specific access is granted or denied for security reasons. Only allowing access to sensitive information to those that need it significantly reduces the risk of data loss or theft. Identity management typically consists of the following processes:
- network and application access control
- identity governance
- single sign-on (SSO)
- identity analytics
- password management
Much of what identity management provides is critically important to correctly verify true user identities and apply the appropriate security access to company data. This is known as authorization.
In order to authorize people and devices, the tools and processes used to authorize digital identities within an identity management platform must trust that the information presented is valid. Authentication is the process of proving the digital identity of a person, device or other entity in order to grant the appropriate level of authorization.
For a user or device to successfully authenticate, an IT department may employ one or more authentication tactics. The most common example of authentication is to use a username combined with a password known only by the user. Other examples of authentication methods include PIN; biometrics, such as a fingerprint, face or retina recognition; and hardware- or software-based tokens.
Authentication commonly revolves around one or more factors that validate that the user or device is who or what it claims to be. Thus, one or more of the following techniques is useful:
- authentication based off something you know, such as a secret password or PIN;
- authentication based off something you have, such as a hardware/software token or smartphone; and/or
- authentication based off something you are, such as a fingerprint or facial recognition scan.
Single-factor authentication (SFA) is the single use of authentication, while two-factor authentication (2FA) requires the user to authenticate with a username and password combined with a second authentication method. Any form of authentication that utilizes two or more distinct methods is referred to as multifactor authentication (MFA). These days, businesses are moving away from traditional SFA, only requiring the something you know MFA in their security programs, using two or more authentication mechanisms to validate digital identities.
Platforms that support identity management and authentication, which is an important part of identity management, are known as identity and access management (IAM) platforms. These platforms consist of tools, policies and a structured framework that help security admins assign the appropriate access level to digital resources based on a successful authentication. Using IAM platforms with MFA -- as opposed to SFA -- businesses can feel safe that only those that need access to sensitive data and applications will be able to obtain that access.
Dig Deeper on Identity and access management
Related Q&A from Andrew Froehlich
SASE and NaaS are network models with different goals. SASE combines SD-WAN with cloud-based security, while NaaS lets businesses outsource network ... Continue Reading
Prevention is the only line of defense against an extortionware attack. Learn how extortionware works and why it can be more damaging than ransomware. Continue Reading
SMS is being supplanted by RCS to let carriers compete against WhatsApp and Messenger and open new avenues to business messaging. Learn the ... Continue Reading