[Kelly Crooks]

Identity management, authentication techniques, single sign-on, and access control monitoring are all ways to make sure the user is identified correctly to gain access to data. Identification is the act of stating or otherwise indicating a claim of purportedly attesting to a person or thing’s identity. Each person or process must have a unique identity when accessing data. The identification process must drive access control.

Authentication techniques include things such as pin numbers, biometric markers, passwords, passphrase RFID or some other form of authenticating the identity of the user or owner of the data.

Single-sigh-on is just that, the user only needs to authenticate their identity one time to have access to applications and tasks. This makes it easier to move between tasks and makes it easier to get your work done. The drawback is that you only need to sign in one time and others can have access to your work if you leave the computer or don’t sign out.

Access control monitoring helps to make sure that services and access are controlled and secure. It is an investment in time, talent, and resources but without constant and diligent monitoring, the risk of unsatisfactory business outcomes is higher. Making sure that a business’s data is secure and safe is a key part of what a security manager does. It is our job as security information officers to make sure the data is safe but also that only those people with the correct authorization have access to that data.