Identity and Access Management (IAM) – Thoughts
It’s high time for big enterprises to realize the importance of identity and access management (I&AM) technology as an integral part of their security footprint. Even though I&AM is in the limelight for quite long time, still I believe it’s a relative new term that means different things to different people.
What is Identity and Access Management (I&AM)?
As Wikipedia says, “Identity management or ID management is a broad administrative area that deals with identifying individuals in a system (such as a country, a network or an organization) and controlling the access to the resources in that system (services, applications and data) by placing restrictions on the established identities”. In simple words the ultimate aim of I&AM solution should be in providing “right people with the right access at the right time”. I&AM is a combination of processes, policies and technology (products) to manage access to enterprise resources.
In a nutshell, an I&AM solution should be able to provide some or all of the benefits listed below.
- SSO for user and application.
- Aggregate Identity from multiple applications/systems.
- Role & Rule based Access management for all types of users (internal users, external users, partners, vendors, contractors etc).
- Complete auditing and accounting capabilities.
Key Business Drivers
- Regulatory compliance with respect to accountability
- Increased user experience
- Management Control
- Operational efficiency
The biggest challenge most Chief Security Officer’s face these days are managing access to systems, devices, data and applications scattered across internal and external systems. Moreover, they must provide this access for a growing number of identities; (internal users, external users, partners, vendors, contractors etc) without compromising confidentiality, integrity and availability of data.
- Like SIEM deployments, you need to configure connectors to everything when setting up password management
- I&AM system does not remain static over time
- Single Sign-On Capabilities
- Federated identity management (SSO between companies)
- Identity Aggregation issues from legacy applications
- The trend of integrating IAM and DLP. This was demonstrated by CA, Inc., at the 2009 RSA Conference in Dave Hansen’s keynote.
- Bring Identity Management into SOA (service-oriented architecture)
- Sun Microsystems
- Hitachi ID Systems