Identity Management? Zero Trust? PIM? Succeed by getting the basics right.

In today’s rapidly evolving online landscape, terms like zero trust, PIM (or Privileged Identity Management), and a series of other acronyms can leave the average person scratching their head. Amidst this jargon and the complex frameworks, it’s too easy to lose sight of the fundamental question at the core of identity management: “Who are you?”  

By focusing on the basics, everyone can work together on bolstering identity management throughout our digital reality.

Translating identity management

Since almost every business and other organization has some digital footprint, knowing who is accessing what is critical for security. At its core, identity management is the task of controlling information about people on computers. Yet, the explosion of terms like zero trust, PIM, OAuth architecture, and back-channel authentication creates the illusion that securing our online presence requires a PhD.

Cut through jargon

We think that there’s a way to explain identity management basics to the public, including the billions of people who log onto the internet every day. It’s a matter of defining your jargon as you use it and only using jargon when necessary.  

Zero trust, for example, is an intimidating term and might appear contradictory. But with some explanation, the concept becomes clearer: zero trust means a system where no entity is trusted by default, even those inside the network. Zero trust is why most leading password manager software options are as secure as they are. With a sentence or two of clarification, you can explain why zero trust is a good thing. Approaching identity management like this requires taking a moment to understand how you are coming off to the average person.  

As another example, PIM (privileged identity management) involves how an organization monitors and controls access to its online system, especially regarding admin access. With a bit of explanation and thinking beyond the abbreviation, the meaning of PIM makes sense. Even better, the lesson of quality PIM becomes more apparent: be mindful of access privileges – don’t overshare and don’t overgrant.

The basics of identity management

Fortunately, by following good cybersecurity habits, the average internet denizen will also be following solid identity management best practices. Here are some of our identity management tips for individuals, and we want this advice to be shared far and wide. 

1. Shield yourself with strong authentication

Safeguarding your identity management starts with the basics: your passwords. Each password should be unique, complex, and at least 16 characters long. Use a password manager to seamlessly store your password collection. Always enable multi-factor authentication (MFA) for all your accounts (including your password manager) because it adds an extra layer of protection beyond your password. 

2. Audit your digital life

Every few months, take stock of your digital presence. Do you have apps on your smartphone that you don’t use anymore? What permissions have you granted? Don’t hesitate to delete apps you no longer use or trust. If you want to use an account or app in the future, you can always start a new account or download it again. 

3. Think before you click

Identifying and reporting phishing attempts remains one of the top ways to bolster your identity management skills. Always be very skeptical of unsolicited emails, messages, or links. Verify the sender’s legitimacy before clicking anything. Remember, legitimate organizations won’t ask for sensitive information via email.

4. Check your privacy settings

Whether with social media or other online platforms, familiarize yourself with privacy settings. Adjust them to your comfort level and consider who can see your posts. Remember, the less you share publicly, the harder it is for someone to misuse your information for social engineering.

5. Security is a lifetime goal 

Cybersecurity evolves and so should your knowledge. Stay informed about the latest threats and best practices. There are many free online resources for beginners that will provide valuable insights into protecting your digital identity. Also, you can help others protect their identity management!

Simplify, strengthen, and secure

Identity management is not reserved for tech experts or corporations with giant IT departments. It impacts everyone online. By simplifying the jargon, focusing on the basics, and implementing practical steps like strong authentication and regular audits, individuals can take more control of their online identity. Even in our complex world, doing the basics right is a powerful defense.

About the Author: Cliff Steinhauer is the Director of Information Security and Engagement at the National Cybersecurity Alliance. Cliff is a passionate information security and privacy professional. Currently based in Seattle, he has over a decade of experience in sales, marketing, and project management. With the National Cybersecurity Alliance, Cliff works to direct community engagement through live events, educates through thought leadership, and runs the Cybersecurity program for NCA. Cliff enjoys sharing the message of securing your digital life, protecting information systems and the people that run them, and mentoring young folks to promote interest in the field.



Let's work together to help everyone become more secure.