Identity and access management (IAM) refers to the policies and tools used by IT departments to ensure that people and entities have the appropriate level of access to the organization’s technical resources. IAM systems are technology solutions to securely manage digital identities and their access to various applications and systems.
IAM systems provide administrators with the tools and technologies to change a user’s role, track user activities, create reports on those activities, and enforce policies on an ongoing basis. These systems are designed to provide a means of administering user access across an entire enterprise and to ensure compliance with corporate policies and government regulations.
Identity and management technologies include (but aren’t limited to) password-management tools, provisioning software, security-policy enforcement applications, reporting and monitoring apps and identity repositories. Identity management systems are available for on-premises systems, such as Microsoft SharePoint, as well as for cloud-based systems, such as Microsoft Office 365.
IAM systems can be cloud-based (often called IDaaS) or on-prem. The first IAM systems were on-prem, i.e. physically located within the organization’s firewall and managed by the organization. Today, more and more organizations are moving to cloud IAM systems, with McKinsey reporting that only 38 percent of the enterprises they interviewed expect to be on-prem in three years. In three years, 60 percent will rely on a third-party IAM service that supports multiple public-cloud environments and unifies access across on-prem and public-cloud resources.
The move to cloud IAM is being driven by cost savings and reliability. Using a third-party cloud IAM means savings in infrastructure and maintenance. It also reduces the risk of downtime as cloud vendors provide distributed and redundant systems with high up-time and short SLAs.
In today’s complex compute environments, along with heightened security threats, a strong user name and password doesn’t cut it anymore. Today, identity management systems often incorporate elements of biometrics, machine learning and artificial intelligence, and risk-based authentication.
At the user level, recent user authentication methods are helping to better protect identities. For example, the popularity of Touch ID-enabled iPhones has familiarized many people with using their fingerprints as an authentication method. Newer Windows 10 computers offer fingerprint sensors or iris scanning for biometric user authentication. The next iPhone, due out later this year, is rumored to include iris scanning or facial recognition to authenticate users instead of fingerprint scanning.
IAM is a central practice to protecting sensitive business data and systems. Implemented well, IAM provides confidence that only authorized, authenticated users are able to interact with the systems and data they need to effectively perform their job roles.
While any IAM implementation will start with an audit of an organization’s needs (defining roles, access requirements, etc.) and creation of a policy, there are many different IAM tools and solutions that can help you execute on an IAM program. Any tools you select should meet the use cases for your environment.
Also consider prioritizing those tools that can provide highly automated workflows to simplify IAM administration, and identity management tools that integrate well with other systems and security technologies (such as PAM). The more seamless the tool fits within your own environment and with other security tools, the more likely you are to close security gaps and improve business operations.
For more information on Identity and Access Management please contact us today:
Contributed by Erick Preza