Identity and Access Management (IAM)

Identity and Access Management (IAM) – Thoughts

It’s high time for big enterprises to realize the importance of identity and access management (I&AM) technology as an integral part of their security footprint. Even though I&AM is in the limelight for quite long time, still I believe it’s a relative new term that means different things to different people.

What is Identity and Access Management (I&AM)?

As Wikipedia says, “Identity management or ID management is a broad administrative area that deals with identifying individuals in a system (such as a country, a network or an organization) and controlling the access to the resources in that system (services, applications and data) by placing restrictions on the established identities”. In simple words the ultimate aim of I&AM solution should be in providing “right people with the right access at the right time”. I&AM is a combination of processes, policies and technology (products) to manage access to enterprise resources.

In a nutshell, an I&AM solution should be able to provide some or all of the benefits listed below.

  • SSO for user and application.
  • Aggregate Identity from multiple applications/systems.
  • Role & Rule based Access management for all types of users (internal users, external users, partners, vendors, contractors etc).
  • Complete auditing and accounting capabilities.

Key Business Drivers

  • Regulatory compliance with respect to accountability
  • Increased user experience
  • Management Control
  • Operational efficiency

The biggest challenge most Chief Security Officer’s face these days are managing access to systems, devices, data and applications scattered across internal and external systems. Moreover, they must provide this access for a growing number of identities; (internal users, external users, partners, vendors, contractors etc) without compromising confidentiality, integrity and availability of data.

Challenges

  • Like SIEM deployments, you need to configure connectors to everything when setting up password management
  • I&AM system does not remain static over time
  • Single Sign-On Capabilities
  • Federated identity management (SSO between companies)
  • Identity Aggregation issues from legacy applications

Trends

  • The trend of integrating IAM and DLP. This was demonstrated by CA, Inc., at the 2009 RSA Conference in Dave Hansen’s keynote.
  • Bring Identity Management into SOA (service-oriented architecture)

Vendors

  • Oracle
  • CA
  • IBM
  • Novell
  • Courion
  • Sun Microsystems
  • Microsoft
  • SAP
  • Hitachi ID Systems
Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead