Identity and access management
Identity and access management (IAM) is the discipline for managing access to enterprise resources.
IAM is a foundational element of any information security program and one of the security areas that users interact with the most.
In the past, IAM focused on establishing capabilities to support access management and access-related compliance needs. The solutions often focused on provisioning technology and were poorly adopted.
They also resulted in high costs and realized limited value – organizations often struggled to meet compliance demands during this period, and the solutions were deployed to manage very few applications and systems.
Centralized, standardized, automated identity management services designed to reduce risk, cost, improve operational efficiency continued to be elusive. Many organizations now understand, or meet, their compliance requirements.
While compliance is still a key driver in IAM initiatives, IAM is evolving into a risk-based program with capabilities focused on entitlement management and enforcement of logical access controls.
IAM life cycle phases
The management of identity and access permissions can be viewed as multiple stages.
The IAM life cycle diagram illustrates the stages that users proceed through when joining a business workforce and obtaining access to the tools and assets necessary to do their job. The IAM life cycle also includes stages to ensure that employees maintain appropriate access as they move within the organization with access being revoked or changed when they separate or change roles.
IAM and IT trends
Consumer demand is driving the corporate IT environment. Business demands for IT are changing rapidly — so too are the demands on IAM — resulting in the requirement to adopt emerging technologies:
- Mobile computing
- Cloud computing
- Data loss prevention
- Social media
Key IAM capabilities
During the development of an IAM transformation plan, you should confirm that the following recommended capabilities are included:
- Job role or application access matrices using rule mining tools.
- Automated workflow-based access request and approval processes, using job role or application access matrices and segregation of duties checking.
- Entitlement warehouse solution.
- Access proxy solutions, central authentication (application, host and database layers).
- Risk-based authentication solutions.
- Identity analytics and behavioral analysis services to integrate with DLP and security information and event management.
- Data and access management process governance program, which includes HR, application owners, information security and IAM stakeholders.
- Federation solutions.
- Emerging solutions that combine logical and physical security.
- Design solution with future scalability requirements in mind.
For more detailed information about:
- IAM life cycle phases
- Relevant IT trends
- Capability maturity model
- People, processes and technology of transforming IAM
- Key features of tools
- How to get started
- Guidelines for success