Identity

A digital representation of a user, system, or device within your IT environment. An identity is what systems use to uniquely recognize and track an entity over time, and it forms the foundation of authentication and authorization.

‍

A person's identity typically includes their username, email address, employee ID, or other identifiers - and may also include contextual details like job title, department, or group memberships. For non-human identities (like service accounts, APIs, or IoT devices), it might include keys, certificates, or system-assigned names.

‍

Identity is central to modern security practices. Without a clear, managed identity, it's impossible to enforce meaningful access controls. In SMBs, common identity sources include Microsoft 365 or Google Workspace, which manage user accounts and may sync identities across multiple apps.

‍

Best practice is for every person and system to have their own unique identity and login credentials. This enables better auditing (so you can see who did what), finer-grained access control, and quicker revocation if someone leaves or a device is compromised.

‍

That said, shared accounts do exist in some small businesses - for example, a generic "frontdesk@" email or login used by multiple people. If shared credentials are unavoidable, mitigate the risk by using strong passwords, limiting access rights, and changing the password when employees leave. Where possible, phase out shared accounts over time and move toward assigning named accounts to each user.

‍

Ultimately, every action in your systems should be tied to a known identity, so you know who did what, when, and why - and can control or audit it accordingly.