Top security priorities: identity and access controls

Identity and access controls are key to keeping access to your company resources in the hands of authorized users. This next blog in the Top Security Priorities series will discuss a few access control practices for your organization to implement.

February 16 2023 by

Hannah Hamilton

If you wanted to break into Edna Mode’s house, you’d have to get through her security system: a handprint scanner, a passcode, a retinal scanner and voice recognition software. And her drop-down machine guns too I suppose. While maybe a bit extreme, Edna is actually following NIST recommendations for multi-factor authentication, which suggest having two or more of the following:

  • Something you know (like password or PINs)
  • Something you have (like a cryptographic identification device or token)
  • Something you are (biometric information)

Access control is a key concept in cybersecurity—it’s critical for securing your data and systems. Making sure only the appropriate people have access to your company data can be tricky, and involves a variety of tools and procedures. In this blog, we’ll go through some key access controls to consider implementing in your organization.

Device management

The very beginning of identity and access control is knowing what devices are associated with your organization. Mobile device management (MDM) and enterprise mobility management (EMM) solutions—together known as unified endpoint management (UEM)—allow you to:

  • Keep close records of who has what device
  • Know device information and compliance status
  • Determine what applications each user can access
  • Enforce password policies
  • Wipe or lock lost or stolen devices

UEM also simplifies device inventory when you implement a bring your own device (BYOD) program. User-initiated enrollment means people who need to access your resources can do so conveniently with their own device, while IT and Security teams can rest assured that company resources are being accessed by approved personnel.

UEM helps app deployment by pushing app installations onto user groups or by providing an approved app catalog for users to install as needed.

Zero-touch deployment

Access control with your endpoints begins at deployment. Ideally, the only person who needs to use their device is the user associated with the device’s primary account. Zero-touch deployment achieves this by including automatic configurations on the devices before it’s shipped directly to the user. This means that the employee, regardless of their proximity to the office, can be automatically enrolled with their company’s MDM right after the employee removes it from the shrink-wrapped box. Conveniently, their devices already include the configuration profiles, security and software necessary for them to get to work quickly. Because of this, and the minimal need for IT intervention, everyone can focus on higher priorities and stay productive.

Account management and authentication

A key requirement in access control is good account management. This can look like:

  • Requiring multi-factor authentication (MFA)
  • Centralizing account access through a directory service or single sign-on (SSO) provider
  • Creating access granting and revoking processes for onboarding and offboarding
  • Enforcing password policies with unique passwords

When creating user accounts, roles should be strictly assigned with the least privilege needed to get their job done. And using cloud identity providers can enforce your password policies for simple SSO that removes the need for users to remember and manage passwords for many accounts. These providers’ MFA ensures that account credentials are only authenticated when user identity is verified.

Zero Trust Network Access

Locking down access to company resources can no longer rely on your company’s network perimeter—employees are working from unsecured networks everywhere. Zero Trust Network Access (ZTNA) creates secure access microtunnels from employee devices to business apps on demand, as long as the user and device successfully prove their identity. Unlike VPN, ZTNA checks verifies identity each time the user requests access to an app instead of giving holistic access to the company network. ZTNA’s least privilege access makes it more secure than VPN, preventing lateral network movements and man-in-the-middle attacks.

Key takeaways

  • Mobile device management simplifies keeping track of device inventory and user accounts
  • Zero-touch deployment and user-initiated enrollment into your MDM streamlines employee access to company resources securely
  • Cloud identity providers, MFA and SSO make account authentication simpler and more secure
  • ZTNA’s strict identification process adds another layer of security

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.

Tags: