Identity Threat Management Architecture
Typical Identity Management systems manage information about employees and customers, and makes this data available to services within the organization, supporting white pages lookup, web site authentication, single signon, and control of access to resources. The Identity Management infrastructure provides the foundation for trust decisions made by these services. A properly maintained infrastructure can increase assurance in the accuracy and reliability of these decisions.
As part of its risk management procedures, organizations evaluate the threats to their critical infrastructure and develop a plan to address the threats which:
- are plausible for their situation,
- could exploit vulnerabilities in the infrastructure, and
- could result in consequences, such as service outages, data loss, or loss of customer confidence.
Threats can be due to the infrastructure's environment, such as natural disasters, or can be due to humans and organizations actively seeking to disrupt or steal from the organization, such as hackers, terrorists, or disgruntled employees.
Along with other IT infrastructure, such as networking services, email and intranet web sites, Identity Management software is vulnerable to environmental threats. Threats such as a power failure, flood or hard disk crash, may result in failure of one or more components of the Identity Management deployment, typically by affecting the servers or networking appliances on which the Identity Management software has been installed.
However, due to the importance of this data it contains and the capabilities it provides, Identity Management deployments are subject to additional threats. Threats to data may involve individuals who wish to steal customer data, such as names, addresses and credit card numbers, and later sell that data to be used to commit identity fraud crimes. Other threats may be individuals who wish to modify the data in order to grant themselves or others unauthorized access to systems which rely on the Identity Management infrastructure to make access control decisions, or sabotage the system in order to cripple the organization's ability to carry out its business.
Each software component in an Identity Management deployment typically will contain a set of features in order to reduce the vulnerabilities of that component to a subset of possible threats. For example, a directory server may require a user to authenticate to it before making changes. However, each component's vendor will have used their own set of assumptions about which threats are to be addressed in the product. These assumptions may be different from that of other vendors, as well as from the assumptions identified during risk management in a particular enterprise's deployment. Where there is a mismatch of assumptions, threats may be possible in that deployment, to which the Identity Management software is vulnerable, that are not identified during the risk assessment for that deployment.
Informed Control Inc. is developing the Identity Threat Management Architecture, consisting of a set of organizing principles, methodology and recommendations for developing Identity Management reference architectures and deployments. The goal of this specification is to provide guidance during the implementation and deployment of Identity Management, that the threats and resulting risks inherent in Identity Management are identified and can addressed prior to the deployments being subjected to the threats. The process described in this specification will allow an organization deploying Identity Management to establish a baseline for confidence in the reliability in that deployment, and reduce the organization's overall cost of control for that deployment.
The purpose of the Identity Threat Management Architecture is to define how to develop and review reference or deployment identity service architectures that:
- incorporate best practices for addressing threats, vulnerabilities and security requirements,
- are adaptable to incorporate new threats, vulnerabilities and requirements as they appear,
- increase deployability and survivability, and
- decrease cost of control.
For more information
More information on the Identity Threat Management Architecture will appear shortly.