Corporate data is a rich source of income for data thieves and a target for anarchists and extortionists. The increased sophistication of data theft attacks in recent years means that system managers need to beef up identity management.
You don’t want to make your access procedures so complicated that genuine users can’t get into the system. However, security controls need to be tight enough to stop all but the most sophisticated attacks. Cybersecurity has moved from placing all efforts into blocking unauthorized access to a diversified approach that includes intrusion detection, data loss prevention, and rapid mitigation strategies. Identity management (IdM) is just part of a multi-layered defense strategy.
Here is our list of the seven best identity management software:
- Passportal (GET DEMO) A cloud-based service that combines password management with a document manager.
- SolarWinds Access Rights Manager (FREE TRIAL) An interface to Active Directory that runs on Windows Server.
- ManageEngine Password Manager Pro An access rights manager that runs on Windows Server or Linux and covers a range of applications.
- LastPass A cloud-based password manager for teams that includes an online password vault.
- CyberArk Privileged Access Security Consolidates and manages access rights and monitors access events.
- Passbolt An open-source password management system that is free for installation or available as a paid cloud service.
- Zoho Vault A cloud-based password manager that provides centralized control for existing local access rights managers.
Data breaches now don’t just damage a company’s reputation and cause it to lose its customers, but it lays the business open to crippling fines and expensive litigation. Fortunately, a number of IT infrastructure management tool providers have developed some very comprehensive identity management solutions and this guide lists the best of them.
The best identity management tools
You can read more about each of these solutions in the following sections.
Passportal is a cloud-based subscription service aimed at managed service providers (MSPs). The base package includes a password manager and a document management system.
The password manager in Passportal provides a centralized console for all of your access rights managers on-site or in the cloud. However, it is only able to interact with Microsoft-produced access rights systems. It will act as a controller for Active Directory implementations, covering networks, endpoint and server access, file systems, email and web server implementations. It will also manage Azure and Office 365 access rights managers.
The tool searches a client’s system to discover all AD-controlled systems. It then extracts records from the local Active Directory instances and runs password management from that point on. Any changes made in Passportal get updated in the relevant AD instance automatically.
Passportal will enforce safe password policies such as password rotation and password complexity requirements. It includes a password vault that is segmented per user and it will autofill password fields for the users.
The Passportal service is charged for on a subscription basis. There is no contract requirement and fees are invoiced month-to-month. You can access a demo system of Passportal for assessment.
SolarWinds Access Rights Manager is an on-premises identity management solution that installs on Windows Server. It covers all Active Directory implementations, helping you to manage access rights and passwords for networks, devices, Microsoft Exchange, Windows File Share, and SharePoint.
This tool contains automation processes through workflows. These will batch together the tasks you normally perform when onboarding a new user. It will also track group profiles and memberships and display relationships and inheritance in its dashboard.
A useful feature in the package is a self-service portal that enables existing users to manage their own passwords and solve access problems. All of the features are aimed at eliminating a lot of the routine work that fills the days of time-pressed systems administrators.
This permissions management system also includes analysis functions. The Manager includes auditing features and report formats that support the proof of data security standards compliance. The analysis and reporting utilities will also help you to improve your access rights policies and support the implementations of system refinements.
SolarWinds Access Rights Manager is available for a 30-day free trial.
Password Manager Pro is an on-site password manager that installs on Windows Server and Linux. The tool isn’t restricted to monitoring the server on which it is resident. It is able to reach across the network and identify access rights systems on other hosts. As well as managing access rights on Windows and Linux systems, it can interact with permissions systems on Mac OS and Unix devices.
The tool is not limited to managing access to networks, servers, and endpoints. It can also control permissions for databases run by Oracle, Sybase, MySQL, and SQL Server DBMSs. It can manage access to network devices produced by Cisco Systems and Juniper Networks.
The manager starts its service with an autodiscovery tool procedure. That generates a central, encrypted password vault, which the tool administers from then on. All changes to passwords are sent out to the original controllers, so Password Manager Pro acts as a unifying front-end for existing access rights managers rather than replacing them.
Password Manager Pro enforces password policies including password rotation and multi-factor authentication. The system includes access monitoring and session logging.
There is a free version of Password Manager Pro, which is limited to monitoring ten resources. The three paid editions are Standard, Premium, and Enterprise. ManageEngine offers a 30-day free trial of the Enterprise edition with a limit of two administrators.
LastPass for businesses is available in four editions: Teams, Enterprise, MFA, and Identity. Of these, Enterprise is probably the best option for most businesses seeking an identity management solution. The only difference between the Enterprise and Identity plans lies in the multi-factor authentication methods available. The Enterprise system uses SMS and/or biometric methods, which are sufficiently comprehensive for most businesses.
The Enterprise service takes the role of a central controller that first scrapes access rights records from existing permissions systems then becomes the main point of access for the systems administrator. Changes made in the LastPass console get rolled out automatically to those local controllers.
LastPass will enforce password policies, including password rotation and complexity expectations. It is able to manage passwords and access rights at both the individual level and as groups. Onboarding can be automated and it enables a single-sign-on system to be implemented. Each user gets access to a personal password vault and can set the system to autofill password fields.
This is a cloud-based service and charges are made by subscription, levied per user per month. You can learn more about the LastPass Enterprise by accessing it on a 14-day free trial.
The software house CyberArk specializes in a range of system security measures and its Core Privileged Access Security system (PAS) is a package of its top sellers. The modules in this bundle are Enterprise Password Vault, Privileged Session Manager, and Privileged Threat Analytics. The system is available as on-premises or as a cloud service.
The PAS system starts off with an autodiscovery scan, locating all resources that require access management and identifying current users with access. This information is drawn into a standardized central database, which is protected by encryption. From that point on, the PAS dashboard becomes the management console for all access and password issues in the monitored enterprise.
The administrator sets up the system by entering the company password policies, activating utilities such as enforced password rotation and password strength requirements. Once these policies are in place, PAS will apply those standards automatically to the password creation screens for users. The audit features of the suite are perfect for data security standards compliance and a risk assessment module enables system managers to improve security procedures.
CyberArk Core Privileged Access Security is available in Standard and Advanced editions. The higher plan includes extra security procedures to protect servers and additional attack vector scanning. The system is available as on-premises software, as a self-hosted cloud system, or delivered as Software-as-a-Service from the CyberArk servers. The on-premises version installs on Windows Server. You can request a demo of the CyberArk suite.
Passbolt is an open-source software package that can be used for free on-premises. The software installs on Debian and CentOS Linux. It can be run on Windows on a virtualization platform. This password management system allows the organization, creation, alteration, and deletion of access rights at both individual and group levels. The creation of shared passwords is also possible.
The free version of the Passbolt is called Community. This is a standalone password manager and there is no professional support for it, though you can consult the extensive user community through a forum. There are two paid versions that are professionally supported. These versions are Business and Enterprise.
The Business edition is able to communicate with other access rights systems based on OpenLDAP and Active Directory. This edition includes a system auditing module, which is necessary for data security standards compliance. This version is also capable of implementing multi-factor authentication. The main feature of the Enterprise edition is that it can be customized by the development team behind Passbolt. It also includes the extra feature of disaster recovery procedures.
Passbolt Business edition is charged for on a subscription basis. The base price includes the management of five users and each extra user after that increases the price. As it is a bespoke package, the Enterprise version does not have a fixed price list.
Passbolt Cloud is the Software-as-a-Service version of the password manager. It is available for a 14-day free trial.
Zoho Vault is a cloud-based service that manages passwords for teams. The central element of the service is a secure encrypted password vault that is hosted on Zoho servers and protected by a 256-bit AES cipher. The console for the service acts as a central controller for on-premises or cloud-based access rights managers that already guard your systems. These include such as Active Directory, Office 365, Azure AD, and Google Cloud Platform.
Once you have Zoho Vault active, you won’t need to visit all of your other access rights managers because changes made in the Zoho Vault system get replicated out to all of your other access control systems. Access rights can be managed by groups as well as per individual user. The password manager extends out to utilities for the users, including password field auto-filling and the ability for shared passwords to be created automatically on demand.
Zoho Vault is free for personal use and there are three paid versions for business: Standard, Professional, and Enterprise. All of these business plans are charged for by subscription with a fee levied per user per month. All paid versions are available for a 15-day free trial, with the site declaring that the Professional edition is the most popular.
Implement identity management
Identity management has become a much bigger field than just setting up user accounts. The multi-vendor environments that are common in modern business environments make access and password management even harder to coordinate.
One of the key features in all of the seven IdM packages in our list is that they enable all of the environment to be managed in a centralized console. That should unify the incompatible operating procedures and record formats implemented by the Windows and Linux standards for access rights controllers and password managers.
Centralizing and coordinating the existing systems will improve activity visibility and simplify working procedures. The unified base of your identity management solution then gives you a platform through which to automate user and resource management and improve security supervision.