Passwords, indeed, digital identities, are critical in business today. No matter the size of the organisation, when transacting and conducting business online or accessing resources across complex networks and supply chains, they are vital to maintaining control and security.
And the options available to businesses are vast, from password management systems to identity management systems, and beyond to CIAM, IGA, SIEM, SSE, SASE, and many more. Let’s focus on the former two, which are distinct but interconnected offerings. Serving different purposes within an organization, here's a quick overview of each system and when businesses should consider using them:
Password Management Systems
Just as it says on the box, a password management system is designed to securely store and manage passwords. It provides a centralized platform where users can generate strong, unique passwords for different accounts and applications.
Password best practise is a double-edged sword. To be effective, we ask users not to use the same password across different services, and we want the passwords to be lengthier with a mix of alpha, numeric and special characters, and they should not include birth years, children’s or pet’s names, or anything else that could be easily guessed by bad actors, but all of those layers of extra requirements make it near impossible for a user to comply, not to mention regularly updating those passwords. Unless users were to physically record the information, which of course is a big ‘no-no'. Enter password management systems to save the day.
The systems typically generate, encrypt and store passwords, allowing users to access them with a master password or other authentication method. They often include features like password autofill, password strength analysis, and synchronization across devices, and can also be set to enforce multi-factor authentication for an added layer of password security.
Businesses should use a password management system when they want to enhance security, to:
- Promote the use of strong, unique passwords, and MFA, reducing the risk of password-related attacks, such as brute-force or credential stuffing.
- Improve productivity, automating password management, so employees save time by not having to remember or manually enter complex passwords.
- Satisfy compliance requirements. Many industry regulations and standards require the organizations enforce strong password policies and maintain secure password storage practices.
Identity & Access Management (IAM) Systems
By contrast, identity & access management (IAM) systems focus on managing and controlling user identities and their access to resources within an organization. They comprise processes like user provisioning, authentication, authorization, and identity lifecycle management. IAMs centralize user accounts and access rights, streamline user onboarding and offboarding, and assist in the enforcement of security policies.
According to OneLogin, ‘IAM confirms that the user, software, or hardware is who they say they are by authenticating their credentials against a database. IAM cloud identity tools are therefore more secure and flexible than traditional username and password solutions. Identity access management systems grant only the appropriate level of access, instead of a username and password allowing access to an entire software suite, IAM allows for narrow slices of access to be portioned out, i.e. editor, viewer, and commenter in a content management system.’
Businesses should use identity & access management (IAM) systems when:
- They have a large number of users and resources, and as the organization grows, managing user identities and access manually becomes untenable. An IAM makes the process easier and ensures that the process is consistent.
- They need to enforce access controls uniformly, allowing the business to define roles and permissions, and mandate policies regarding who can access certain resources and perform specific actions.
- They want to enhance security by centralizing identity management to reduce opportunities for unauthorized access, helping to detect and prevent identity-related threats, and allowing for better auditing and compliance.
In practice, many businesses often employ both password management and identity management (IAM) systems to strengthen their overall security posture. Password management systems focus on securing individual passwords, while identity management systems offer broader control over user identities, access rights, and authentication mechanisms. And, depending on the solutions that you implement, they will often share some key functionality and you will need to determine which solution is the best fit for the business’s needs.
Plus, there are a range of closely related services, or extensions of password management or IAMs, such as CIAMs (Customer Identity Access Management) which control external access to business applications, web portals and digital services.
There are IGAs (Identity Governance and Administration solutions), that provide admin control of digital identities and access rights across multiple systems for multiple user types from staff to partners and devices. They can aggregate, correlate, and orchestrate disparate identity and access rights data distributed throughout an organization, to manage the breadth of access rights, and to store identities within an organization, either on-premises or in the cloud.
Then you have SSE and SASE. The first being Security Service Edge (SSE), is the security component of SASE that unifies all security services, including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA), to secure access to web, cloud services, and private applications. And then SASE (Secure Access Service Edge), comprising Software-defined WAN (SD WAN), Cloud Access Security Broker (CASB), NGFW and Firewall-as-a-Service, Zero Trust Network Access and Secure Web Gateways (SWGs).
And SIEM, Security information and event management, where software products and services combine security information management and security event management for real-time analysis of security alerts generated by applications and network hardware.
They all have a role to play, depending on the nature, structure and risk-profile of the business.
What about Passwordless Authentication?
Passwordless authentication is signing into a service without using a password at all, and it’s often done with certificates, security tokens, one-time passwords (OTPs) or biometrics, and is generally considered more secure than using passwords. Many of the services on the market today incorporate passwordless authentication into their offerings.
Here is a selection of vendors in the space for you to consider as a partner, and/or when making recommendations to your customers:
- LastPass
With more than 33M+ users, and 100K+ business customers, LastPass aims to make it easy for users to securely access and share apps not protected by SSO and sensitive info, for businesses to scale adoption with automation and to proactively monitor company-wide password health, and to further reduce password use with passwordless login options.
- Keeper
An easy-to-use platform that unifies critical components of Identity and Access Management and enables zero-trust transformation. Protects every organisation, large and small. Protecting millions of people and thousands of companies globally as the trusted and proven cybersecurity leader.
https://www.keepersecurity.com/
- 1Password
Hassle-free security for everyone, the 1Password website claims to protect 100K+ businesses.
- Okta
17K+ customers, 7K+ integrations. Identity can create great user experiences, increase customer sign-ups, improve employee productivity, and get apps to market faster. We’ve got your back, no matter your stack. We're building a world where anyone can safely use any technology, powered by their Identity. Our platform is extensible, easy-to-use, neutral, and works with your existing solutions, so you're free to choose the best technology for now and the future.
- Auth0 (Acquired by Okta)
From improving customer experience through seamless sign-on to making MFA as easy as a click of a button – your login box must find the right balance between user convenience, privacy and security. That’s why Okta and Auth0 have joined forces. Because we know together, we can help you build a better solution for Customer Identity (CIAM) that will reduce security and compliance risks, improve your UX, and help your developers maximize their time.
- OneLogin
Market-Leading Identity and Access Management Solutions, the OneLogin Solution provides everything you need to secure your workforce, customer, and partner data at a price that works for your budget.
- One Identity
Unify, Verify and Adapt. Enhancing your cybersecurity posture starts with identity security. One Identity can help unify your approach to managing access rights for better visibility and control, verify everything before granting access to your most-important assets and help you adapt to an evolving threat landscape.
- ForgeRock
4B identities managed. 60K authentications per second. Identity is the front door to your enterprise. Connect with your customers and workforce. One Platform. All Identities. Easily manage, secure, and govern all identities with the enterprise-grade ForgeRock Platform.
- Ping Identity
3B+ identities managed. 50%+ of the Fortune 100. Exceptional experiences start with secure identity. Design brilliant journeys to any digital destination. We help you protect your users and every digital interaction they have while making experiences frictionless.
- NordPass
Business password manager simplified. Drive growth and productivity with the NordPass password manager for business.
https://nordpass.com/business-password-manager/
- Bitwarden
Move fast and securely with the password manager trusted by millions. Drive collaboration, boost productivity, and experience the power of open source with Bitwarden, the easiest way to secure all your passwords and sensitive information.
Keeping Businesses Safe and Secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.
MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your customers today to ensure they’re prepared, and get in touch with our team to discuss strengthening your customer’s Microsoft 365 security.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
