IAM for Small Businesses: Why they, like their counterparts in the enterprise space, need to focus on identity and access management issues
While often overlooked, small businesses — like large organizations — frequently have numerous identity and access management issues. These include ensuring security of systems and applications, as well as handling copious password issues. Unlike large organizations, though, small businesses often do not have the staff and resources readily available to easily handle these tasks so they either go unaddressed or require more time and money than is necessary.
There are several solutions for small businesses, though, that easily mitigates these problems and save time and money in the long run. The following are common password management issues that small businesses have and how IAM solutions can easily solve them:
Easily Managing Passwords
Employees, no matter what the size of the organization, often have many sets of credentials they need to use when logging into their applications to perform their jobs. To remember multiple sets of credentials, they often write down their user names and passwords and store them somewhere near their desks. Doing so puts the organizations applications at risk and reduces the security.
An easy way for small business to reduce the headache of multiple passwords for their employees to manage, as well as to ensure the security of their systems, is with a single sign-on (SSO) application. With an SSO solution, employees only have to remember one set of credentials. These allow them to enter their single user name and password one time and, thereafter, are automatically signed into all applications and systems once they are opened.
It also ensures that employees will not use non-secure methods to remember their passwords.
Dealing with Sensitive Data
Like larger organizations, small businesses often deal with sensitive data and information that needs to be kept secure. They often need to ensure that this information cannot easily be accessed by just anyone in the organization.
Many small businesses have solved this issue by implementing a single sign-on solution in combination with two-factor authentication. This allows small businesses to add another layer of security to systems and applications. Two-factor authentication is used by requiring users to present a smart card, as well as a PIN code, to access certain systems. Two-factor authentication also can be customized to the needs of the organization such as having the computer remember the PIN for a defined period of time after it is entered or automatically closing all sessions on the computer after the smart card is removed. Each of these customizations adds additional security to the systems, as well as improving efficiency for the user.
Quickly Resetting Passwords
When an employee forgets his password, or is locked out of an application, he usually needs to go through the time-consuming process of resetting his passwords. In a small business, there may not be a 24×7 helpdesk to call to resolve this issue. If there is a helpdesk or IT department, focusing on password resets can take away from the department's time of focusing on other issues.
The IAM solution that can easily help with this issue is a self-service reset password solution. This allows end users to easily and securely reset passwords themselves. Users simply register by providing answers to a few personal questions — much like a banking website — then when they need to reset their password they simply click the “forgot my password” button, provide the correct answers and are able to reset their password without having to contact anyone else at the company. This reduces the annoyance of password resets for both the IT department and the end user, and allows employees to both be productive and work on more important tasks.
Overall, small businesses have many of the same issues that larger organizations deal with but often do not have the budget to deal with them. By implementing one or all of the solutions they are able to reduce the amount of time the IT staff spends dealing with these issues, and not need to have an employee working full time to handle them, thus drastically reducing their own administrative costs.
Dean Wiech is managing director of Tools4ever, a provider of identity and access management solutions for small businesses.