For many organizations, even those with advanced cybersecurity maturity, the concept ofidentity managementhas always been a bit of an afterthought. Logging into a network is normally handled by Active Directory, while each individual application like Salesforce or internal company apps carry their own login information.
The problem with letting every program or application handle its own login information is that it creates what is essentially a series of siloed systems. On a large enterprise network, it can add hundreds or thousands of separate, unmanaged silos for granting access to various resources. This gives clever or persistent attackers a huge footprint to try and quietly breach security.
One solution that has been offered in the realm of identity management is to create a data vault to store credentials, and then have every program check with the vault to verify users. That kind of solution works, but is very difficult to scale because of the amount of data pushing and updates that need to occur. It also poses a large vulnerability in itself, the literal keys to every lock in the kingdom should it ever be compromised.
Ping Identity is different. The heart of the solution, though it is by no means required to run any of the other components, is PingFederate. Unlike data vaults that store credentials, PingFederate acts as a manager and a bridge, allowing administrators to tightly control what credentials are required to access various resources, and linking those data storehouses with the programs and apps that users require.
John Breeden II/IDG
PingFederate can easily bridge the gap between applications and the authentication methods used to identify users without storing any credential information itself.
The idea is that all applications, both common commercial ones and unique programs being developed in-house, will use PingFederate to verify users. Blocking any other forms of access, such as a user trying to skip around Ping to login directly, can be accomplished in one of two ways. First, firewall and other traffic rules can be created to prevent non-Ping access requests. Or, Ping can deploy agents that sit on top of applications and force the interaction with Federate for all access requests. The Ping software works with either configuration, so companies can choose the one that offers an easier configuration and less management.