As more and more new threats to security risk, people also gradually pay attention to ensure that enterprise data security and integrity, identity management software for the to help enterprises ensure data security, can access different data users to manage.
Authentication management ensures the consistency of user identities across multiple systems. This technology automates strategic it tasks, allowing employees to access only data within their own permissions, in combination with user rights and user identity restrictions. The goal is to maintain the security of the enterprise by ensuring the stability of the resources. In addition, cloud-based systems also face growing difficulties as cloud computing becomes more and more deeply focused on data center management.
to ensure consistency with the action, the Government's rules and regulations require the enterprise to audit the identity of the user. But recently, for other reasons body management becomes more important. In the past few years, the use of mobile devices has exploded, and employees using cloud resources to work on different devices have become commonplace. The identity management system allows employees to use the same identity on multiple devices.
A comprehensive identity management system can also handle scalability issues. In a small business, tracking the accounts of each employee is not a challenging task. But with the increase in the number of devices and employees, tracking account usage becomes very difficult.
More complex identity management in the cloud
The technical trend is cyclical, identity management is a perfect example, all the old and become new.
Many years ago, I worked for a big insurance company. We had a server that stored everything. But as our end users grew, the server quickly became scarce and we had to move resources to new servers.
At that time, each server has its own permissions mechanism, each user needs multiple user accounts-each server must have one. If the user needs to reset the password, the password is reset on each server. This detached user account is a huge administrative burden.
Finally, Microsoft's Active Directory and Novell Directory services, and other technologies to help us solve these problems. Even now, the Active Directory allows users to have a separate set of certificates that can be used throughout the organization.
The problem is that organizations often combine existing resources and cloud resources, which creates multiple account problems. Although there are exceptions, such as Microsoft Office 365, most cloud applications and the local Active Directory in your organization are not synchronized. For example, my cloud backup and my local Active Directory are out of sync. Cloud billing applications are no exception. Often, end users access local resources through Active Directory accounts, as well as separate cloud application accounts.
This creates some problems. First, as organizations use more and more cloud applications, the number of usernames and passwords that need to be remembered has soared. Although some people think that separate accounts can improve overall security, the real experience shows that each user accumulated a set of authentication information has to be recorded to save, resulting in a security risk.
Another problem with separating the accounts is the increased management burden. Setting up a new user account can become a time-consuming process, as each user's cloud application must be separately established. Similarly, password settings are complicated, for example, because users cannot say exactly which password needs to be reset.
To address these issues, authentication management provides users with a single, universally available, authentication. Although reducing the number of user authentication can get rid of annoying authentication management status, it is important to remember that more is the authentication management, not just provide to end user single sign-on function.
Restrictions on active catalogs
Many organizations use active directories as the primary mechanism for authenticating users, so it makes sense to consider what active directories can be used for identity management systems.
In general, the Active Directory can provide user authentication and access control of resources (for example, resources within the Active Directory and those that apply Group Policy security). Active Directory accounts allow access to network share files or local applications.
Active Directory authentication also provides access control for external resources. Windows server allows you to create federated trusts that allow one Active Directory forest to trust another. If there is no trust between the Active Directory and other resources such as cloud applications, then it does not have permission to authenticate the resource. This trust relationship is helpful when end users in an organization need access to resources in another acquired organization network. These types of features can authenticate users without having to change multiple systems. This centralized authentication is a benefit to the administrator because it eliminates the multiplication of manual tasks.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.