Towards Improving Identity and Access Management with the IdMSecMan Process Framework

What is it about?

In today’s networks, administrative access to Linux servers is commonly managed by Privileged Access Management (PAM). It is not only important to monitor these privileged accounts, but also to control segregation of duty and detect keys as well as accounts that potentially bypass PAM. Unprohibited access can become a business risk. In order to improve the security in a controlled manner, we establish IdMSecMan, a security management process tailored for identity and access management (IAM). Security management processes typically use the Deming Cycle or an adaption for continuous improvements of products, services, or processes within the network infrastructure. We adjust a security management process with visualization for IAM, which also shifts the focus from typical assets to the attacker. With the controlled cycles, the maturity of IAM is measured and can continually advance. This paper presents and applies the work in progress IdMSecMan to a motivating scenario in the field of Linux server. We evaluate our approach in a controlled test environment with first steps to roll it out in our data center. Last but not least, we discuss challenges and future work.

Featured Image

Why is it important?

The identity life cycle, ensuring adequate provisioning, regular auditing and timely de-provisioning of identities and access rights, can be applied to accessing servers. Maintaining the identity life cycle often challenges organizations, as the management of identities can get complex. This results in non-revoked access rights, redundancy, old identities and cryptographic keys. Unprohibited access from externals – ranging from former employees to attackers – can become a serious problem. In order to improve the security in a controlled way, we establish IdMSecMan, a security management process tailored for IAM. In this paper, IdMSecMan focuses on IAM for servers and will be extended for other areas in future work. The controlled process cycles help to measure and continuously improve the maturity of IAM for servers. Problems become visible with suited visualization. With our approach, security management shifts its focus from typical networks to IAM, which thereby to an attacker.