Identity management and access control

The need to control access to a wide range of internal and external information and computer applications is a significant challenge. Access privileges for multiple applications must be managed for a growing number of users, both inside and outside the organisation, who have multiple versions of their user identities, without diminishing security or exposing sensitive information.

Identity management and access control are fields where substantial cost savings can be achieved, particularly for organisations that rely on a number of legacy systems with access to each system managed separately.

Identity management and access control solutions come in numerous forms:

• User provisioning systems focus on streamlining the management of user identities across systems, including creating user accounts, automating approval processes for granting access privileges and disabling accounts when no longer required.
• Password reset systems relieve some burdens and costs by enabling users to reset their own passwords and unlock their accounts without the aid of a help desk.
  
• Password synchronisation requires users to remember just a single password but the user still has to enter the password for each application.
• Single sign-on (SSO) solutions require a user to log in to a centralised user account just once per session. The SSO system then manages access to all controlled resources in the system for the user in the background.
• Access management software lets administrators centrally control user access, possibly enabling SSO through a policy server that grants authorisation rights to each application. They use one or more methods of authentication to verify a user, including passwords, digital certificates, or hardware or software tokens.

Castelain understands the different options that are available, the security issues at stake, their relevance to different organisations and have practical experience of implementing a variety of such systems. We know the products that are available and their strengths and weaknesses. And because we are independent, we can advise our clients on the most appropriate system to manage their user bases and protect their resources.

 

 

• Home
• About us
  • Who we are
  • Our people
  • Our leaders
  • What makes Castelain different?
  • What we do
    • Security systems architecture and design
    • Program and project management
    • Systems integration
    • Independent testing
    • Education and training
  • Our Partners
• Expertise
  • Application security
  • Transaction security
  • Public key cryptography and digital signatures
  • Public key infrastructure
  • Identity management and access control
  • Mergers and acquisitions
  • Security policy and compliance
  • Risk management
  • Security controls
• Clients
  • Commerce
    • KAZ
    • Altnet
  • Finance
    • Major Australian bank
    • Commonwealth Bank
  • Government
    • New Zealand Government Ministry of Justice
    • Australian Customs Service
    • Australian Tax Office
    • Department of Industry, Tourism and Resources
    • NSW Office of State Revenue
    • CrimTrac
    • Department of Health and Ageing
  • Utility
    • Integral Energy
• Technology
  • Secure Internet Portal
    • Overview
    • Security
    • Integration
• Publications
• Contact