With advances in technology and the growth of the digital economy, enterprise computer networks have expanded beyond the in-house data center to include wireless and mobile applications and networks, and to embrace the internet at large.
Good business practice and the demands of regulatory compliance regimes now oblige commercial organizations to take proper measures to safeguard the security and integrity of corporate data, customer information (both personal and financial), and intellectual property.
Part of the task of meeting this challenge lies in preventing unauthorized parties from breaching the enterprise – and Identity Access Management or IAM plays a major role, in this.
What is Identity Access Management?
If you want the Wikipedia version, Identity Access Management or IAM (also known as Identity and Access Management) is all about enabling “the right individuals to access the right resources at the right times and for the right reasons”.
More specifically and technically, IAM provides a framework for managing electronic or digital identities, across the various business processes of an enterprise. An Identity Access Management system includes both the technology required to facilitate identity management and the policies put in place to determine how user authentication and validation are actually carried out.
Why is Identity Access Management Necessary?
Identity Access Management systems and their related technologies may be used to automate the processes of capturing, recording, and managing user identities (passwords, access codes, biometric “fingerprints”, etc.), and in assigning access rights and privileges to the authorized users of a system or network.
From a business perspective, this provides a boost to operational efficiency by reducing the time, effort, and money which would be spent trying to manage network access by manual means, or by using a set of individual access controls that aren’t somehow linked to a centralized management system. The common platform provided by an IAM system allows for the same security policies to be applied across the various device types and operating platforms used by the enterprise – in-house desktop, mobile devices, cloud, etc.
In terms of security, an Identity Access Management system can not only facilitate the enforcement of policies regarding user authentication, validation, and privileges – it can also address issues regarding what’s variously known as “privilege creep”, or the “shadow admin” problem.
Especially with large numbers of users, diverse methods of accessing a system, or an organization with projects and working practices that require a lot of shuffling around of jobs or the assignment of special duties, it can often be difficult for network administrators and security managers to keep track of which powers and privileges have been given to which user, at any given time.
Special powers or access rights may be temporarily assigned to lower level employees, to enable them to fulfill their duties on specific projects – and not revoked, after the work is completed. This can leave an unknown or undocumented number of users on the network, each with higher level access privileges than they should normally enjoy.
These “shadow administrators” may remain invisible to their officially designated network admins for long periods of time – enabling any malicious insiders among them free reign over enterprise data and resources, or providing a potential point of access for malicious outsiders who identify and target them through phishing and social engineering tactics, or other methods of cyber-attack.
With a well-configured Identity Access Management system in place, the monitoring of user accounts and current privileges assigned to them can be made into a policy-driven and automated process, set up to give oversight and notification to the enterprise network and security managers who govern it.
IAM also helps organizations to retain their regulatory compliance status, by enabling them to demonstrate that corporate information isn’t being misused, or at risk of being misused – and that the data required for auditing purposes can be made available whenever it’s called for.
What Does Identity Access Management Consist Of?
An Identity Access Management system (IAMS) should include all the tools and controls necessary for capturing and recording user login information, managing the corporate database of user identities, and regulating the assignment and removal of powers and access privileges. To accomplish this, an IAM solution should have a centralized directory service with oversight and visibility into all aspects of the corporate network’s user base.
The IAMS needs to achieve a balance between the speed and automation of its processes (allowing the set up of accounts and user provisioning to go smoothly), and the fine-grained control required by administrators in monitoring and adjusting access rights. The central directory should typically have an access rights or privilege assignment system which automatically matches job titles, locations and business unit IDs to their relevant privilege levels, on each access request. Multiple levels of review may be included as workflows, to allow individual requests to be properly vetted.
What Tools are Available?
There are several proprietary IAM solutions on the market. Notable brands include IBM’s Security Identity Manager, One Identity Manager from Dell, and Oracle Identity and Access Management.
A number of on-demand IAM systems hosted in the cloud are also available.
Share this Post