Cut costs. Save money. Maintain the status quo. With that mantra in mind, many network managers figure they've got authentication covered. As long as there's a password policy in place, who needs to spend money on authentication tools. . .
Cut costs. Save money. Maintain the status quo. With that mantra in mind, many network managers figure they've got authentication covered. As long as there's a password policy in place, who needs to spend money on authentication tools?

Before you succumb to this line of thinking, remember that an authenticated user is only the beginning of an authentication system; access control and accounting are what makes such a system effective.

Without all three processes, you're simply Band-Aiding. Effective authentication requires effort; whether you call it internal identity management or a unified authentication management (UAM) system, the principle is the same: Combine authentication, access control, and user accounting to build a policy that governs and tracks who can access what, where, when, and how. This should be the beating heart of any corporate IT security policy, and relegating it to a password list is simply begging for trouble.

The link for this article located at ZDNet is no longer available.