This is one of the 52 terms in The Language of Cybersecurity published by XML Press in 2018 and the contributor for this term is Evelyn de Souza.

What is it?

The information security discipline that establishes and manages the roles and access privileges of individual users, including humans and machines, within a computer network. Identity management is also known as identity and access management.

Why is it important?

Identity management enables companies to control who, how, when, and which users access information or digital assets. Identity management systems can enhance productivity in addition to protecting assets.

Why does a business professional need to know this?

Business professionals need to understand identity management because it is at the center of controlling access to digital assets. Access control requires you to authenticate the identity of people and computers. Identity management systems also help ensure that each user has only the privileges required for the job at hand and no more.

In today’s digital world, identity management is evolving. One important trend is federated identity management, which enables users to leverage the same user name and password across multiple networks. Single sign-on (SSO) is a similar capability that, again, allows users to use the same credentials across different systems.

In addition to interoperability across platforms and networks, there are schemes that leverage attributes of an individual’s identity other than user names and passwords. One example of such a scheme is biometrics, which refers to the use of human characteristics such as fingerprints for access control.

Successful identity management programs are clearly planned and aligned with the organization’s goals, and they weigh risks against potential business gains. After decades of planning, organizations are finally getting closer to having effective online identities that improve security.