Most IAM tools utilize browser extensions or applications installed on the end-user’s machine, or on an Active Directory, for access to identity. But why?! A user can be identified even without an agent – so having an so-called ‘lightweight agent’ sitting in your Active Directory itself is not the most secure way to manage user identity.
Whenever you create a dependency to achieve a particular solution, it is important to ensure the solution is 100% secure and that applies for the dependencies (Agents) too. This could make the architecture slightly complicated, depending on how it works.
Another important factor against the use of an Agent-based architecture is that you have to trust the Agent not to exceed its scope. This is very important because even many of the applications and services that we trust these days are not actually secure, and many act beyond their scope. For example, as per Digital Content Next, even the big boy of the tech industry, Google, still collects user location information even after turning off location settings.
So the big question is, when the things can be done without an agent, then why use an agent at all? People say it is for efficiency, and may be they are right. But is this worth the compromise on transparency and security?
Your SCIM provisioning connector ran its last sync six hours ago. It failed. Nobody received an alert. Nobody knows. The…
Your MDM platform reports device location. What it does not tell you is how much of the shift that location…
What is the most sensitive system in your organisation? Not the most technically complex. The one with the highest concentration…
Here is a question worth asking your compliance team: how long would it take to produce the evidence package for…
Your BYOD policy permits employees to access corporate applications from personal devices. The security team agreed to this because blocking…
When did your MDM platform last produce a complete list of every application installed on every enrolled device? Not the…