IFRAME: //www.googletagmanager.com/ns.html?id=GTM-PWWZSH
(BUTTON) SearchSecurity TechTarget TechTarget (BUTTON) Search the
TechTarget Network ____________________ (BUTTON)
Sign-up now. Start my free, unlimited access.
Login Register
* Techtarget Network
* News
* Features
* Tips
* More Content
+ Answers
+ Buyer's Guides
+ Definitions
+ Essential Guides
+ Opinions
+ Photo Stories
+ Podcasts
+ Quizzes
+ Tutorials
+ Sponsored Communities
* Schools
* SearchSecurity
* Topic Identity and access management
+ Data security
+ Network security
+ Security training and jobs
+ Infosec programs
+ Risk management strategies
+ Information security threats
+ Network threat detection
+ Platform security
+ Security compliance
+ Software security
+ Web security tools
+ Wireless and mobile security
+ All Topics
* SubTopic All Subtopics
+ Active Directory
+ Biometrics
+ Password management
+ Digital certificates
+ Access management
+ SSO and federated identity
+ Multifactor authentication
+ Web access control
+ All Subtopics
* Follow:
*
*
*
Essential Guide
Browse Sections
* What to consider when building a cloud security plan
+ Change the minds of cloud security doubters
+ Read between the lines of providers' cloud security
assessments
+ Rethink your shadow IT strategy
+ Enterprises and providers need to share cloud security
responsibilities
+ Evolve your zero trust security model for cloud
+ Set up network security groups for public cloud
+ Double check your cloud API security
+ Build an OpenStack security strategy
* Build a wall around your cloud with security tools
+ Build a safe bridge between IT environments with CASBs
+ Weigh the pros and cons of implementing a CASB
+ Choose and deploy CASBs wisely
+ Single sign-on drives cloud IAM market growth
+ Explore options for cloud encryption technologies
* Climb into a hacker's mind with cloud security testing
+ Prevent attacks with a cloud penetration testing plan
+ Take control of public cloud with security testing
+ Find out if your cloud security model is robust enough
+ Put your cloud security knowledge to the test
* Stay up to date on cloud security
+ Safe Harbor agreement dissolves, but questions remain
+ Privacy Shield does not quell all data privacy worries
+ Google steps up its game with cloud security
+ Linode's quick security response may not be enough
+ Not all IT pros should have their own encryption key
* Learn important cloud security terms
+ cloud computing security
+ cloud access security broker (CASB)
+ cloud encryption (cloud storage encryption)
+ cloud service governance
+ compliance
+ identity and access management (IAM)
+ pen test (penetration testing)
+ shadow IT
[essentialguide_defaultBG.jpg]
BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
This content is part of the Essential Guide: Combat the latest cloud
security challenges and risks
Definition
identity and access management (IAM)
[rouse_margaret.jpg]
Posted by: Margaret Rouse
WhatIs.com
Contributor(s): Linda Rosencrance
* Share this item with your network:
*
*
*
*
*
*
*
*
*
+
+
+
+
+
Identity and access management (IAM) is a framework of business
processes, policies and technologies that facilitates the management of
electronic or digital identities. With an IAM framework in place,
information technology (IT) managers can control user access to
critical information within their organizations. Identity and access
management products offer role-based access control, which lets system
administrators regulate access to systems or networks based on the
roles of individual users within the enterprise.
In this context, access is the ability of an individual user to perform
a specific task, such as view, create or modify a file. Roles are
defined according to job competency, authority and responsibility
within the enterprise.
Systems used for identity and access management include single
sign-on systems, multi-factor authentication and privileged access
management (PAM). These technologies also provide the ability to
securely store identity and profile data as well as data
governance functions to ensure that only data that is necessary and
relevant is shared. IAM systems can be deployed on premises, provided
by a third-party vendor through a cloud-based subscription model or
deployed in a hybrid cloud.
Basic components of IAM
On a fundamental level, IAM encompasses the following components:
* How individuals are identified in a system.
* How roles are identified in a system and how they are assigned to
individuals.
* Adding, removing and updating individuals and their roles in a
system.
* Assigning levels of access to individuals or groups of individuals.
* Protecting the sensitive data within the system and securing the
system itself.
What IAM systems should include
Identity access management systems should consist of all the necessary
controls and tools to capture and record user login information, manage
the enterprise database of user identities and orchestrate the
assignment and removal of access privileges. That means that systems
used for IAM should provide a centralized directory service with
oversight as well as visibility into all aspects of the company user
base.
Technologies for identity access and management should simplify
the user provisioning and account setup process. These systems should
reduce the time it takes to complete these processes with a controlled
workflow that decreases errors as well as the potential for abuse while
allowing automated account fulfillment. An identity and access
management system should also allow administrators to instantly view
and change access rights.
These systems also need to balance the speed and automation of their
processes with the control that administrators need to monitor and
modify access rights. Consequently, to manage access requests, the
central directory needs an access rights system that automatically
matches employee job titles, business unit identifiers and locations to
their relevant privilege levels.
Multiple review levels can be included as workflows to enable the
proper checking of individual requests. This simplifies setting up
appropriate review processes for higher-level access as well as easing
reviews of existing rights to prevent privilege creep, the gradual
accumulation of access rights beyond what users need to do their jobs.
IAM systems should be used to provide flexibility to establish groups
with specific privileges for specific roles so that access rights based
on employee job functions can be uniformly assigned. The system should
also provide request and approval processes for modifying privileges
because employees with the same title and job location may need
customized, or slightly different, access.
Benefits of identity and access management
IAM technologies can be used to initiate, capture, record and manage
user identities and their related access permissions in an automated
manner. This brings an organization the following benefits:
* Access privileges are granted according to one interpretation of
policy and all individuals and services are properly authenticated,
authorized and audited.
* Companies that properly manage identities have greater control of
user access, reducing the risk of internal and external data
breaches.
* Automating IAM systems allows businesses to operate more
efficiently by decreasing the effort, time and money that would be
required to manage access to their networks manually.
* In terms of security, the use of an IAM framework can make it
easier to enforce policies around user authentication, validation
and privileges and address issues regarding privilege creep.
* IAM systems help companies better comply with government
regulations by allowing them to show that corporate information is
not being misused. Companies can also demonstrate that any data
needed for auditing can be made available on-demand.
Additionally, by implementing identity access management tools and
following related best practices, a company can gain a competitive
edge. For example, IAM technologies allow the business to give users
outside the organization, like customers, partners, contractors and
suppliers, access to its network across mobile applications,
on-premises apps and software-as-a-service apps without compromising
security. This enables better collaboration, enhanced productivity,
increased efficiency and reduced operating costs.
IAM in the enterprise
It can be challenging to get funding for IAM projects because they do
not directly increase an organization’s profitability or functionality.
However, a lack of effective identity and access management poses
significant risks not only to compliance, but also overall security.
These mismanagement issues increase the risk of greater damages from
both external and internal threats.
Keeping the required flow of business data going while simultaneously
managing its access has always required administrative attention. The
business IT environment is ever evolving and the difficulties have only
become greater with recent disruptive trends like bring your own
device, cloud computing, mobile apps and an increasingly mobile
workforce. There are more devices and services to be managed than ever
before, with diverse requirements for associated access privileges.
Risks associated with IAM
Implementing proper identity and access management tools or platforms
means storing all authorizations and credentials in one, unified place.
When not secured correctly, this can be a huge risk because if an
attacker gains access to the system, all digital identities can be
compromised. Similarly, if a specific employee that is authorized to
the system does not follow security or password best practices, all of
the information could be easily leaked.
Another concern for adopting IAM are challenges in
implementation. Legacy systems will typically already have an identity
management functionality in place, therefore, converting resources to a
new system could be challenging, expensive and time-consuming. However,
solutions for minimizing the need of technical support, such as cloud
services, are becoming more viable.
IAM vendors and tools
Rather than developing internal tools, most companies decide to
purchase or subscribe to third-party IAM tools. These products can take
on multiple forms, such as an identity as a service (IDaaS) cloud
model, a hybrid cloud model, a traditional on-premise model or a
microservices model. IAM microservices may cover only one aspect of IAM
like privileged account management, account compliance management or
user authorization management.
Vendors with products in the IAM space include:
* Microsoft Azure Active Directory.
* IBM Security Identity and Access Assurance.
* Oracle Identity Cloud Service.
* Okta.
* Centrify.
* RSA SecurID Access.
This was last updated in May 2019
Continue Reading About identity and access management (IAM)
* Start redrawing your identity and access management roadmap
* The business challenges and benefits of identity and access
management
* Why enterprise cloud IAM policies need to be stronger
* How to choose the best identity access management software
* Your complete guide to IAM
Related Terms
challenge-response authentication
In information security, challenge-response authentication is a
type of authentication protocol where one entity presents a ...
See complete definition
continuous authentication
Continuous authentication is a method of verification aimed at
providing identity confirmation and cybersecurity protection on
an... See complete definition
zero-trust model (zero trust network)
The zero trust model is a security model used by IT
professionals that requires strict identity and device
verification ... See complete definition
Dig Deeper on Enterprise identity and access management
* [businessanalytics_article_007.jpg]
How to address cloud IAM challenges
[shackleford_dave.jpg]
By: Dave Shackleford
* [windevelopment_article_011.jpg]
Words to go: Identity and access management security
[donegan_katie.jpg]
By: Katie Donegan
* [3.jpg]
Why user identity management is a security essential
[bacon_madelyn.jpg]
By: Madelyn Bacon
* [unifiedcommunications_article_008.jpg]
What identity governance tools can do for your organization
[johnson-till_johna.jpg]
By: Johna Johnson
* [rouse_margaret.jpg]
Margaret Rouse asks:
How does your organization prove it is compliant with access regulations?
Join the Discussion
* [rouse_margaret.jpg]
Margaret Rouse asks:
What is the best IAM solution?
Join the Discussion
* [rouse_margaret.jpg]
Margaret Rouse asks:
What are the most important tools or methods you use to do identity and
access management functions?
Join the Discussion
Join the conversation
8 comments
____________________________________________________________
____________________________________________________________
____________________________________________________________
____________________________________________________________
[X] Send me notifications when other members comment.
(BUTTON) Add My Comment
Register
____________________ ____________________ ____________________
*
+ [ ] I agree to TechTarget’s Terms of Use, Privacy Policy, and
the transfer of my information to the United States for
processing to provide me with relevant information as
described in our Privacy Policy.
Please check the box if you want to proceed.
*
+ [ ] I agree to my information being processed by TechTarget
and its Partners to contact me via phone, email, or other
means regarding information relevant to my professional
interests. I may unsubscribe at any time.
Please check the box if you want to proceed.
Add My Comment
Login
____________________ ____________________ Forgot your password?
Add My Comment
Forgot your password?
No problem! Submit your e-mail address below. We'll send you an email
containing your password.
____________________ (BUTTON) Submit
Your password has been sent to:
Please create a username to comment.
____________________ Create Username and Add My Comment
Oldest Newest
[-]
[21703.gif]
Margaret Rouse - 2 Mar 2015 3:00 AM
How does your organization prove it is compliant with access
regulations?
Reply
____________________________________________________________
____________________________________________________________
____________________________________________________________
____________________________________________________________
(BUTTON) Add My Comment Cancel
*
[-]
[424498-1163350639.gif]
Michael Larsen - 4 Mar 2015 5:33 PM
At the current point in time, our product uses a number of different
access management approaches ranging from simple generic
authentication, LDAP and iPaaS, in order of complexity and level of
security desired. All have varying levels of automation capabilities,
and I'd say the iPaaS solution comes the closest to the IAM approach
described. generally, though, we offer the features, and let our
customers choose what they want to implement and at what level.
Reply
____________________________________________________________
____________________________________________________________
____________________________________________________________
____________________________________________________________
(BUTTON) Add My Comment Cancel
*
[-]
[default_avatar.gif]
Russel47 - 6 Mar 2015 10:14 AM
We invest resources and personnel into developing IT regulations that
govern privacy and separation of duties and storing these data in a
central platform to enable easier use as well as oversight of any risks
associated with the same. This makes it easier for us to comply with
complex access mandates. As part of monitoring these activities, we are
able to come up with in-house applications that enforce the policies to
all users.
Reply
____________________________________________________________
____________________________________________________________
____________________________________________________________
____________________________________________________________
(BUTTON) Add My Comment Cancel
*
[-]
[default_avatar.gif]
daniellefelder - 16 Mar 2016 8:32 AM
Great article! Your readers may also find real user reviews for all the
major IAM solutions on IT Central Station to be helpful:
https://goo.gl/PgSfYK
One solution I did not see included in the list of IAM systems is
Oracle Identity Manager. This user writes that the OIM features he
finds valuable include, "Rich authorization engine for delegated admin,
robust workflow capability with BPML engine, and extensive connector
support." You can read the rest of his review, as well as explore what
others have to say about Oracle Identity Manager, here:
https://goo.gl/NCEyWt
Reply
____________________________________________________________
____________________________________________________________
____________________________________________________________
____________________________________________________________
(BUTTON) Add My Comment Cancel
*
[-]
[default_avatar.gif]
bputley - 16 Apr 2018 9:10 AM
Is there a way if you go under, track requests, hit the show tab to
see other peoples requests. It has the option to requests made by me
and requests made for me just not requests made by others.
Reply
____________________________________________________________
____________________________________________________________
____________________________________________________________
____________________________________________________________
(BUTTON) Add My Comment Cancel
*
[-]
[default_avatar.gif]
chamila1981 - 1 Jul 2018 5:35 AM
I have lot of experience with WSO2 Identity Server which is provided
all the key features in IAM domain.
Reply
____________________________________________________________
____________________________________________________________
____________________________________________________________
____________________________________________________________
(BUTTON) Add My Comment Cancel
*
[-]
[default_avatar.gif]
Johnlenn - 20 Jun 2019 2:41 AM
Hi Margaret, Thanks for sharing your views I will add up a few things
from my end I believe Identity and access management are essential
conditions for any modern organization.
Understanding who has access to your sensitive data and how and when
they access it is critical to prevent internal threats and improve your
organization's security against cyberattacks.
Choosing the right iam solution can be problematic, last night I read
an article on best iam solution which was pretty
good. https://hackernoon.com/5-steps-to-choose-the-best-iam-solution-fo
r-your-organisation-be29244a888e hope you will find it useful as I did.
Reply
____________________________________________________________
____________________________________________________________
____________________________________________________________
____________________________________________________________
(BUTTON) Add My Comment Cancel
*
[-]
[default_avatar.gif]
Johnlenn - 23 Jul 2019 2:41 AM
Adding up I believe iam is one thing for customers to access digital
attributes, but it's another to let them identify and interact with
brands. Whether through traditional registration (user name and
password) or social sign-in, visitors range from anonymous to
known. https://www.loginradius.com/blog/2019/06/customer-identity-and-a
ccess-management/ I believe ciam is the future when it comes to
protecting your digital identity online.
Reply
____________________________________________________________
____________________________________________________________
____________________________________________________________
____________________________________________________________
(BUTTON) Add My Comment Cancel
*
-ADS BY GOOGLE
[INS: :INS]
File Extensions and File Formats
* A
* B
* C
* D
* E
* F
* G
* H
* I
* J
* K
* L
* M
* N
* O
* P
* Q
* R
* S
* T
* U
* V
* W
* X
* Y
* Z
* #
Powered by: [whatis_logo.png]
Latest TechTarget resources
* Cloud Security
* Networking
* CIO
* Enterprise Desktop
* Cloud Computing
* Computer Weekly
SearchCloudSecurity
* 5 steps to a secure cloud control plane
A locked-down cloud control plane is integral to maintaining cloud
security, especially in multi-cloud environments. Here are ...
* 3 steps to prepare IT operations for multi-cloud
Organizations must ready their IT operations for multi-cloud and
the unique security challenges ahead. Equip your IT ops team ...
* Shared responsibility model transparency boosts cloud security
The shared responsibility model delineates where company and CSP
security responsibilities start and end. This is critical not ...
SearchNetworking
* 7 key developments to expect from SD-branch in 2020
New year, new developments. See what's new with SD-branch in 2020,
including security advancements and how technologies such as ...
* How to start building an SD-WAN RFP
An SD-WAN request for proposal should include comprehensive
questions that dive into vendor features and capabilities, ...
* Food manufacturer finds success with SD-WAN vendor CloudGenix
Disappointed in a managed service from Verizon, food manufacturer
Diamond Crystal Brands went looking for an SD-WAN vendor that ...
SearchCIO
* Quantum computing in business applications is coming
Quantum computers are closer than you think. While tech companies
make progress toward building functioning machines, there are ...
* CIO vs. CTO: Making the distinction between the two roles
In this Q&A, Gartner analyst Samantha Searle provides insight into
the roles of the CIO and CTO when both exist within an ...
* Top trends in AI, RPA, 5G to watch in 2020
5G, RPA and AI all made substantial gains in the previous year, but
2020 will be the time when CIOs really need to understand ...
SearchEnterpriseDesktop
* Will Microsoft's Edge start a new browser war?
Analysts say the new browser fight between Google and Microsoft
could be about the future of work, as enterprises increasingly ...
* 6 tweaks to increase Windows 10 performance
With a few minor tweaks, such as maximizing RAM, disabling visual
effects and getting rid of unnecessary services, you can ...
* Manage Windows 10 default file type associations with SetUserFTA
Windows 10 default file type associations dictate which
applications open for different file types. Find out how IT can
manage ...
SearchCloudComputing
* Review these 3 key cloud computing trends from 2019
What cloud trends played a large role in the IT industry in 2019?
They might not be the first ones that come to mind.
* 5 steps to kick-start your cloud incident response strategy
At this point, a cloud incident management strategy should not be
optional for enterprises working in the cloud. Review these ...
* Get the lowdown on these 4 Google Cloud management services
Google Cloud Platform offers numerous tools to manage and deploy
resources -- each with its own specific focus. Learn about these...
ComputerWeekly.com
* Life on the edge: A new world for data
Edge computing is regarded as the next frontier for data, with
rapid growth expected in the market. We assess the prospects
* Security Think Tank: Let’s call time on inciting fear among users
The traditional picture of a hacker is of a script kiddie in a
hoodie hunched over a computer keyboard, but this stereotype is ...
* Government injects £40m into single sign-on NHS programme
The government has put aside funding to speed up login times.
Additional funding has been announced to support adult digital ...
* About Us
* Meet The Editors
* Contact Us
* Privacy Policy
* Videos
* Photo Stories
* Definitions
* Guides
* Advertisers
* Business Partners
* Media Kit
* Corporate Site
* Contributors
* CPE and CISSP Training
* Reprints
* Archive
* Site Map
* Events
* E-Products
All Rights Reserved, Copyright 2000 - 2020, TechTarget
Do Not Sell My Personal Info
Close