When members of staff share a common name with a colleague, this can potentially be an issue where corporate email addresses are based on a combination of first and last names. Some businesses avoid this by adding a middle initial or a number as a suffix; however multiple entries in a global address list can make finding the right individual difficult.

Instead, consider adopting an account nomenclature based on full names, including middle initials. This approach will help stop emails being mistakenly sent to the wrong people, which could result in the inappropriate disclosure of sensitive information and cause data privacy issues.

Identity classification problems can happen with staff that ‘float’ regularly between departments or office locations. In identity management terms, a floating staff member may also be called a collector or mover. Floating employees generally have broad entitlements and, at any given time, it can be hard to report what their proper access rights should be.

IT teams need to find a way to register these identities in the organization’s identity governance solution and central directory stores and ensure that their privileges are checked and updated on a regular basis.

Administrator account rights allow a digital identity to have widespread access across an IT infrastructure. However, when these rights are over-provisioned, significant security problems may arise.

A challenge for most environments is the certification of who has administrator rights and whether these are actually required. Alternatively, implementing the principle of least privilege, including just-in-time access, can significantly mitigate risks around access rights.

When plans are implemented to consolidate the two organizations’ IT domains, identities, applications and policies, best practices can often be inadvertent casualties.

This, in turn, can lead to identity problems ranging from over-provisioning to multiple accounts and domain names that do not follow an established pattern. As a result, a cascade of additional identity-related problems can surface, including applications that only work in some domains. If a business fails to merge standard operating procedures and establish technology baselines first, any subsequent identity management initiatives will suffer.

For this reason, it is essential to establish security, including identity, policies and provisioning baselines during the outset of any merger or acquisition. This will then provide support for future activity.

Traditionally, digital identities have been primarily associated with human users. However, modern computing environments now incorporate many types of non-human identities. Things such as robots, Internet of Things (IoT) infrastructures, and control systems all have identities that can be compromised by cybercriminals.

To avert this problem, make sure all machine-based identities have ownership assigned in the same way as human users.

Trusted vendors and partners are likely to require access to the corporate IT infrastructure.

Special controls must be implemented to manage these third-party identities, validate that all their activity is appropriate, and provide an audit trail of activities.

IT teams should consider creating controls to manage these identities outside of typical directory services and avoid assigning generic accounts like ‘Consultant1’ or “VendorABC’. Such users should have actual account names for the duration of their services, to allow for a management paradigm that reflects the simplicity and often transient nature of their access.

Access rights should also be assigned following a model of least privilege, have strong monitoring capabilities, and be simple enough to administer that the burden of management is nowhere near as complex as that of managing employees.