Table of Contents
Identity and Access Management (IAM)
Identity and Access Management is a framework of polices, business processes and technologies that ensures that only authorized people have access to resources. It is all about defining and managing roles and access privileges of users.
The goal of identity management is to “grant access to the right enterprise assets to the right users in the right context, from a user’s system onboarding to permission authorizations to the offboarding of that user as needed in a timely fashion,”
Given the shortage of IT people today, identity and access management systems must enable an organization to manage a variety of users in different situations and computing environments—automatically and in real-time. Manually adjusting access privileges and controls for hundreds or thousands of users isn’t feasible.
Identity and access management also knows as access control is the basis of security. If properly implemented, IAM can drastically increase visibility and security
Basic Components of Identity and Access Management
Authorization ensures that a user is permitted to access a particular resource. Authorizations determine a role’s resources and level of access in the network. It consists of complex sets of rules, rights, groups, and permissions explicitly configured per user account.
Authentication ensuring that the person logging on to the network is who he/she says they are. Strong authentication mechanism with proper access rights must be implemented. Once a user is authenticated, a session is created and referred during the interaction between the user and the application system until the user logs off or the session is terminated by other means (e.g. timeout).
User management is the internal I.T process that governs how you handle the on-boarding and the off-boarding of users and also looks at how permissions access requests, file structure permissions and group memberships are handled and all other fundamentals around basic user management. This is one of those vital business processes that must be taken seriously to ensure consistency and compliance.
Systems Used for Identity and Access Management
There are many technologies to simplify password management and other aspects of IAM. A few common types of solutions that are used as part of an IAM program include:
Single Sign On (SSO): An access and login system that allows users to authenticate themselves once and then grants them access to all the software, systems, and data they need without having to log into each of those areas individually.
Multi-Factor Authentication: This system uses a combination of something the user knows (e.g. a password), something the user has (e.g. a security token), and something the user is (e.g. a fingerprint) to authenticate individuals and grant them access.
Privileged Access Management: This system typically integrates with the employee database and pre-defined job roles to establish and provide the access employees need to perform their roles.
Benefits of identity and access management
The benefits of identity and access management includes;
- Access privileges are granted according to one interpretation of policy and all individuals and services are properly authenticated, authorized and audited.
- Companies that properly manage identities have greater control of user access, reducing the risk of internal and external data breaches. Companies that properly manage identities have greater control of user access, reducing the risk of internal and external data breaches.
- Automating IAM systems allows businesses to operate more efficiently by decreasing the effort, time and money that would be required to manage access to their networks manually.
- In terms of security, the use of an IAM framework can make it easier to enforce policies around user authentication, validation and privileges and address issues regarding privilege creep.
- IAM systems help companies better comply with government regulations by allowing them to show that corporate information is not being misused. Companies can also demonstrate that any data needed for auditing can be made available on-demand.