What is Identity and Access Management (IAM)?
IAM addresses the security needs of organisation across several domains in the digital world. It ensures appropriate access to resources in heterogeneous technical environments by the right people. It encompasses a security discipline which is business aligned and by its use, businesses can become significantly agile in supporting new business initiatives.
Why do Companies need identity and Access Management to be implemented?
Individual principles and job descriptions are different and varied in an organization. Each persons need to have their own authorization and authentication and privileges within the enterprise boundaries with the ultimate goal of IT security and long term benefits of decreasing cost, downtime and repetition.
What does Identity Management Addresses?
The basic impulse of implementing Identity Management is addressing security issues across the organization so that there is no data theft or even identity theft. The foremost use of IAM would be Authentication by giving right persons the right authority. The users need to be administered on the basis of their joining, moving within the organization and retirement. Last but not the least, adhering to the audit requirements and policies is a must for any organization. All these are covered by IAM.
What are the key components of Identity and Access Management?
- Role Management
- Identity Profile Management
- Unique ID Generation
- Delegated Administration
- Centralized Directory Services
- Provisioning and Workflow
- Privilege Access Management
- Credential Management
- Fine Grained policy Administration
- Access and Review Certification
- Policy Compliance monitoring
- Role and Definition Certification
- Shared Authentication Services
- Simplified/Single Sign on
- Identity Federation
- Fine-grained policy enforcement
- Multi factor & Risk based Authentication
- Logging and Monitoring
- Security Information and Event Management
- Log Consolidation and Analysis
- Centralized Reporting
- Privileged Access Monitoring
List of Personnel involved in Identity Management implementation
- Support Analyst
- System Admins
- Security Admins
- Application Owners
- Data Owner
- Management Chain
- Delegated Authorizer.
List of the business Processes which drive the identity Management
- User creation/deletion
- Access Activation /Deactivation
- Application Migration
What is User Provisioning?
Provisioning is the management and allocation of identity information and system resources within and between organizations. It gives users the access to data and grants authorizations to systems or network applications and databases based on their unique job profiles and also gives authority for appropriate use of computers, hardware, mobile phones and pagers.
What is Role based Access Control?
Users are granted access to repositories on the basis of their roles. This can be further segregated into Mandatory Access Control or Discretionary Access Control. The primary rules are Role Assignment, role authorization and permission authorization. This whole structure is called Role Hierarchy in an organization.
What is Segregation of Duties?
Segregation of duties has the primary goal of preventing fraud and error. This objective is achieved by disseminating the tasks and activities for a particular process among several users. In this way, a task is completed by more than one person by sharing their responsibilities towards a common objective.
What is Single-Sign –on?
It relates to access controls within independently related systems. A user needs to login once using logon credentials once, and then can access all systems within an organization. They are automatically authenticated when accessing various target systems. Single Sign On translates the credentials internally based on the network requirements and further store them to grant access from initial authentication.
What is Federated Single-Sign –on?
A user’s credentials, both electronic and attributes, are stored in the internal system using an initial verification. The credentials are stored across multifarious and distinct identity management systems. A user’s single authentication ticket or token is verified once and then used across multiple IT systems within or outside organisations.
What is Attributes?
Attributes are more of a digital identity record for a particular object, element or a file. It is often referred to as metadata which gives the property of a file. It depends on the technology being discussed and usually consists of a name and a value for an element, type or class name, or a file extension.
What is Certification?
It is providing authentication of accesses within the organizations to its users by the administration or IT Team. This is an external review based on policies and audit requirements done to control security within an organization. This is dependent on organization requirements and may differ from system to system.