What is Identity and Access Management?
Identity and Access Management, commonly referred to as IAM, is the set of business processes and the supporting infrastructure service components that create, maintain, and use digital identities within legal and policy contexts. IAM practitioners often simplify this definition to the three core components of IAM: People, Process, and Technology. While often overlooked, “Identity” and “Access Management” are actually two separate but related disciplines.
What is Access?
Access Management is control of access to applications and systems within a business. In an organization or business, accounts are granted authorizations (i.e. privileges) to perform specific functions or actions on applications or systems. These authorizations should align with the job responsibilities of the identity and promote the principle of least privilege throughout the IT environment.
Why is least Privilege Important?
Failing to control access, allows identities to perform unnecessary and potentially unauthorized transactions that may violate separation of duties controls such as the ability to create and cash a check for a fictitious vendor.
What is Identity?
An identity is who we are as a person. In an organizational or business context, you will have many accounts (e.g. user IDs, logins) across applications and systems; however, you only have one identity. A process and/or system is necessary to tie business related identity sources (e.g. HR Information System, Contractor Database) to their corresponding accounts across the IT environment.
Why is Identity important?
Without correlation, active accounts may remain for a multitude of reasons (e.g. user termination, temporary vendor, contract expiration); the owner of these accounts may still continue to use these accounts as an active entrance to your business.
What tools are available?
At Modern Identity, we use four primary tool types to assist clients in solving their IAM challenges:
Identity Governance And Administration
Provide comprehensive IAM functionality with business modules built on a core identity platform often known as the “Identity and Entitlement Warehouse.” Standard modules include Access Review, Access Request, Self-Service Password Management, Role Mining & Management, Policy Monitoring, Identity Life Cycle Management and Last Mile Provisioning.
Privileged Account Management
Manage non-standard user accounts (e.g. service, shared, batch, privileged, firecall.) These tools provide enhanced logging and monitoring capabilities to address the unique nature of these accounts.
Web Access Management
Provide single sign-on capabilities to websites within your intranet.
Federation
Provide single sign-on capabilities to websites in the cloud.