The mainframe is a reliable solution for centralizing so many business computing processes. Therefore, it is only natural to use it to centralize the authentication and identity management processes for all the applications users need across the enterprise. A centralized access management is typically more secure since it provides for unified identity management and profiles, and it can unify and simplify an organization’s security systems making access controls easier to manage and maintain across the enterprise. With a centralized authentication system, users are able to access all their work programs and assets through a single set of login credentials. However, centralized access management also means a single point of failure. A hacker only has to breach one set of credentials to access everything that verified users can access.
An alternative to the centralized access management system is to have identities distributed across many different systems. This is the default arrangement for many organizations that add new applications to their organization and just use the default or built-in user management and access controls. What this usually results in though is employees having to juggle multiple usernames and passwords, which will often have different password complexity requirements, have different requirements for update frequency requirements, and various reset processes for each system. And those are just a few of the challenges a distributed system causes for users.
Administrators face a whole separate set of challenges when dealing with distributed access management systems. They must manage users for each individual system. They have to learn what the permissions for each application do for users. When an employee leaves the company or moves to a new position with different data access needs, they must disable or update the user’s individual profiles across all the different systems.
The one thing that can be said in favor of a distributed system is that the data is siloed, meaning that if a user’s password is stolen on one system, the thief will not necessarily be able to access the other systems. On the other hand, many users reuse passwords across their accounts. This is not a secure practice by any means, but it is unfortunately very common.
In a centralized system, rather than having multiple accounts to use various work resources, each employee, partner, or customer can reach all the applications, services, and resources they need through a single profile. A centralized access management for customer and partner-facing applications can also provide a big opportunity to set your company apart.
Data breaches are costly in terms of the damage that can be done to a company’s reputation. It is difficult to recover from a data breach, which is why access controls are so important. However, beyond avoiding disasters, access management systems that are user-friendly and work consistently help customers and partners have a positive perception of the company they are working with. An access management system that randomly locks out users, crashes under a heavy load, or behaves in unexpected and non-intuitive ways creates a negative user experience. Users are accustomed to logging into a variety of services every day. Any one that works unreliably will be sure to stand out as a negative experience.
A centralized system also lets users reset their passwords through a familiar process. A self-serve password reset system like ASPG’s ReACT lets users reset the password they use to access all their applications and systems in a single place. And to make the centralized system even more secure, implementing a multi-factor authentication component will help to overcome the weaknesses of passwords.