Establishing Identity Federation: Combining Identity With Data Security

Identity Federation – Internal and External Services, Internal and External Users

Establishing an identity and trust solution among computing systems in a network ecosystem is not new to information technology, what is new is the multiple factors enterprises must consider when implementing and finding a seamless solution to leverage access to not only existing identity repositories, legacy systems and more and more services moving to the cloud.

With mobile and cloud computing transforming the computing landscape, and the emergence of cybersecurity as a primary risk, enterprises are led down a path of requirements that often diverge between identity and security.

The ability to connect to the cloud and unify your users with internal services, external services, internal users, and external users poses a challenge not only based on identity but also based on the data and information being transmitted.

Securely Handling, Processing, And Validating The Identities

Modern Identity Federation must ensure that identity processing is secure and able to withstand cyber-attacks, otherwise, the entire ecosystem is at risk. What this means is that the enforcement points of identity must be security-hardened to protect identity data while processing, protect PKI operations, and protect the underlying identity repositories containing the sensitive user information.

Most Identity Federation solutions in the market are not security-hardened products. They are deployed as agents, adapters, reverse-proxies, or plugins. Thus, the approach leaves the enforcement points of the identity processing susceptible to attack and compromise.

Combine Cybersecurity with Identity

Identity has resided much deeper to the enterprise architecture layer of the network, while cyber technology has moved closer to the edge. Many industry capabilities such as IDS, IDP, virus detection, and message confirmation have consolidated around security technology at the information edge. However, identity remains in many cases separate end-mile implementation or separate product technologies not bound to security technologies. The issue with this approach is that the computing environment cannot combine identity with the data security to make more informed decisions of access control and enablement.

At Forum Systems, we converge the 2 tiers of cyber security and identity to uniformly validate users, data, and behavior. This is achieved through integrated product capabilities that enable multi-context authentication that includes identity token information (PKI, passwords, biometrics, etc) along with the bi-directional information that identity carries with it. With multi-context authentication, a trusted user is not based merely on multi-factor authentication, but also on the behavioral aspects of the information flow of that user.

Combining identity and data allow for dynamic security decisions of information assurance that contextually enforce expected behavior, thus achieving the proper patterns of information exchange and thwarting cyber threats and data breaches.