Fortifying your business with a smart identity and access management system

Co-authored with Vijayan Srinivasan

 Adopting a smarter identity and access management system can help fortify the worldwide small business sector from an imminent loss of trillions of dollars due to cyberattacks.

Over fifty percent of malware attack victims are small businesses. Many end-up being the gateways for hackers as they attempt to launch larger-scale attacks on the bigger corporations. The infamous Target data breach, that exposed the personal information of millions of customers, was carried out after the hackers accessed an open channel of a smaller organization.

From the theft of intellectual property and financial data to the post-attack business disruption, by 2021 the worldwide small business sector may lose trillions of dollars due to such attacks.

It’s important to look at a multi-layer security architecture that’s hard to penetrate. The identity and access management (IAM) system is a smart option to consider as part of the security strategy. IAM ensures that only the right people have the appropriate access to an organization’s critical systems and resources. This process rests on three key verticals - identification, authentication, and authorization.

Identification starts at the very moment when a user attempts to enter a system or resource through a username or password. The system then goes on to authenticate the credentials. There are multiple ways of authenticating identity.

• Single-factor authentication that requires only a password to grant user access
• Two-factor authentication involving verification of the username, password and a piece of information only the user knows
• The more complex multi-factor authentication - used by financial organizations, banks, and law enforcement agencies- which deploys security categories that are independent of each other to eliminate any data exposure.

After authenticating the identity, the system checks for authorization of the users to determine the access rights they have to a particular data.

Organizations can apply different methods to control access to information:

• Role-based access control (RBAC) where a network can be accessed based on the roles of individual users. Here, users can access only the information they need for doing their jobs
• Attribute-based access control (ABAC), also known as policy-based access control, is a process where access rights are granted to users based on usage policies and users’ attributes
• Single sign-on (SSO) is a process where the user logs in with a single ID and password but gains access to multiple related systems.

Being a trusted financial management platform, Intuit’s credibility depends on how well we secure our customers’ identities. So, we rely on an open and multifactor authentication based SSO system. In this framework, our customers are the ultimate decision-makers of what, when and with whom they share their data.

A case in point is our partnership with JPMorgan Chase. The agreement lets the bank customers have complete control over their personal information as they authorize Chase to electronically share financial data with Intuit applications such as Mint, TurboTax Online, and QuickBooks Online. Once authorized, Chase provides a secure token to Intuit to use specific account information. Customers can give explicit consent for Intuit applications to use a set of account information, and can even turn on and off access for Intuit applications.

This amalgamation of the right technology with the right data ownership helps our customers - the small business owners - to secure their financial lives. Thus accelerating their prosperity by allowing them to focus on what matters most to them – their core business.