web analytics

What Is Identity and Access Management (IAM)? – Source: www.techrepublic.com

what-is-identity-and-access-management-(iam)?-–-source:-wwwtechrepublic.com
Rate this post

Source: www.techrepublic.com – Author: Drew Robb

Identity and Access Management (IAM) is all about establishing the identity of a user and verifying that the user has the right to access certain applications and types of information.

According to Statista, the global IAM market was worth $16 billion in 2022. The forecast is that it will rise to 43 billion by 2029. Clearly, IAM is a technology in high demand, and many organizations are beginning to realize the need to incorporate IAM into their data security efforts.

Let’s take a closer look at what IAM is, how it works, its pros and cons and some recommended solutions.

What is identity and access management?

According to Gartner’s definition, “Identity and Access Management (IAM) is a security and business discipline that includes multiple technologies and business processes to help the right people or machines to access the right assets at the right time for the right reasons, while keeping unauthorized access and fraud at bay.”

IAM, then, is a collection of policies, processes and various security tools that act as the gatekeeper to an organization’s online and digital resources. It was a relatively simple subject in the era before the cloud and the work-from-home movement.

Firewalls used to be enough of a safeguard. If you were inside the firewall, you just needed to log in on-site and access whatever you needed. These days, IAM must be able to deal with employees who could be at home, in the office or on the road. And, within these working environments, data and applications might be in-house, in a private cloud or in the public cloud. However, regardless of their location, authorized users must be able to gain rapid access.

Modern IAM, therefore, must be able to cope with the decentralized nature of apps and data while providing secure access to emails, databases and data to only those identities that can be verified as authentic. The best systems must also achieve the right balance of security and functionality. Users don’t want to wait long to get into their work tools. Too many security hurdles to overcome, and you begin to impact productivity. Therefore, IAM’s job is to keep out hackers and criminals while allowing access to employees, authorized partners and customers.

Why you need identity access management

With phishing becoming so commonplace and too many employees continuing to fall prey to it despite security awareness training, further safeguards must be in place. IAM simplifies the task of monitoring who has access to what, and revoking those rights when necessary.

Pros of IAM

  • Keeping data and identities secure: IAM provides a formidable barrier to both, courtesy of features like multi-factor authentication (MFA), single sign-on (SSO) and encryption.
  • Collaboration: IAM not only shuts out unwanted visitors, but it also provides a secure space in which those with the appropriate rights can share information securely.
  • Compliance: The presence of IAM makes it easier for those working on compliance to demonstrate adherence to various regulations.
  • Convenience: IAM typically incorporates features such as SSO, so that once you are in, you do not need to enter further credentials for other applications and systems.
  • Centralized control: Automated functions and the presence of standardized user profiles help to streamline duties and enhance security.

Cons of IAM

  • Poor definition of rights: IAM requires the establishment of a framework to manage identities, as well as a standardized profile for each user to define what they can and can’t do. Done poorly, and people can gain greater access privileges than their roles deserve.
  • Insider abuse: IAM may do a good job of keeping people out who don’t belong, but a rogue insider or a disgruntled employee can abuse the system by granting rights to unauthorized users or opening systems up broadly and often without detection.
  • Implementation challenges: IAM requires skilled IT and security personnel who can do a thorough job of implementing IAM and overcoming the many barriers that lie in their path.
  • Single point of failure: If administrative privileges are compromised, the entire organization and every user are at serious risk.

How IAM works

As the name suggests, identity and access management has two primary functions: the management of identities and the management of access. These can be further broken down into more functions as follows:

Identity lifecycle management

Login attempts must be checked against a centralized identity database. This record of all users needs to be continually updated as people enter or depart the organization. As roles change and organizations evolve, the identity database needs to be well maintained. As soon as someone is recruited, they need a profile entered accurately in the database. This profile is kept up to date throughout their tenure. When they move on, their profile and associated rights need to be removed so they can no longer access critical systems.

Access control

Following the verification of identity, the next function of IAM is to manage their access rights. This is all about what they are allowed to see, what they are not allowed to see, and which applications they can or cannot use. Some organizations are strict when it comes to access control and others are more lenient. The presence of IAM helps IT monitor this function and spot people who have been granted too many privileges.

Authentication and authorization

After an identity has been authenticated, access can be authorized to specific assets. IAM uses factors such as job title, tenure, security clearance and project membership to determine who should be authorized to view what.

Identity governance

IAM is very much tied into compliance. Identity governance covers the entire range of identity and access functions to ensure that all appropriate standards are adhered to, that the organization remains in compliance to applicable regulations and that an audit trail exists for any changes to identities and access rights.

Popular IAM solutions

JumpCloud, OneLogin, ManageEngine AD360 and Okta are among the most popular IAM solutions on the market. Each is widely deployed across many verticals. Those selecting IAM tools should pay attention to the strengths as well as the weaknesses of each candidate.

JumpCloud

JumpCloud logo.
Image: JumpCloud

JumpCloud is ideally suited to enterprises with a large cloud presence due to the array of features it offers. It is also a good choice for Microsoft shops as an alternative to Active Directory (AD). Key features include a large catalog of pre-built applications and an enterprise-class password manager. The platform costs $19 per user per month or $24 if zero trust and premium support are added.

Okta

Okta logo.
Image: Okta

Okta is ideally suited to large enterprise deployments though it serves the midmarket too. As such, it offers a wide range of customization, no code/low code/code and integration options. Pricing is based on individual features. These range from $3 to $15 per user per month for items like MFA, directory, SSO, lifecycle management, API management and privileged access management (PAM).

OneLogin

OneLogin logo.
Image: OneLogin

OneLogin is particularly suited to organizations not looking for an out-of-the-box approach to IAM. Besides loads of integrations, developers can apply a high degree of customization to the platform including custom branding. SMBs are often attracted to this offering due to attractive pricing. Similar to Okta, prices are split up per specific feature, such as SSO and MFA.

ManageEngine AD360

ManageEngine logo.
Image: ManageEngine

ManageEngine AD360 is suited to those organizations seeking to achieve a unified approach to zero trust, IAM and Security Information and Event Management (SIEM). It offers a wide range of security features that large organizations may need, as well as integration with SIEM, zero trust and other security tools and technologies. Pricing is tiered based on the number of users starting at $395 per year for 100 users.

Identity and access management has become a core security technology for the modern enterprise. You can find out more about IAM by reading our white paper, “The 10 Universal Truths of IAM.”

Original Post URL: https://www.techrepublic.com/article/what-is-iam/

Category & Tags: Cloud Security,Security,IAM – Cloud Security,Security,IAM

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Joas Antonio
ChatGPT for Cybersecurity by Joas Antonio dos Santos – malwareanalysis #reverseengineering
ChatGPT for Cybersecurity by Joas...
Ciso Council
CISO Security Officer Handbook
CISO Security Officer Handbook
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
SALT
State of the CISO – a global report on priorities , pain points, and security gaps 2023 by SALT
State of the CISO –...
Nathalie Cole
How Much 10 Companies Paid Their Virtual CISO Service in 2022 Benchmark by Nathaniel Cole
How Much 10 Companies Paid...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...
Forrester - Allie Mellen
Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester
Adapt Or Die: XDR Is...
CYBER LEADERSHIP INTITUTE
CISO PLAYBOOK: FIRST 100 DAYS Setting the CISO up for success
CISO PLAYBOOK: FIRST 100 DAYS...

LASTEST PUBLISHED POSTS

National Security Agency
CSI Cloud Top10 Key Management
CSI Cloud Top10 Key Management
CSA Cloud Security Alliance
Defining the Zero TrustProtect Surface
Defining the Zero TrustProtect Surface
HANIM EKEN
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CNIL
PRACTICE GUIDE GDPR – SECURITY OF PERSONAL DATA Version 2024
PRACTICE GUIDE GDPR – SECURITY...
PWNED LABS
Cloud Security Engineer Roadmap
Cloud Security Engineer Roadmap
tutorialspoint.com
Cloud Computing Tutorial Simply Easy Learning
Cloud Computing Tutorial Simply Easy...
SMITHA SRIHARSHA
CISSP Preparation Notes
CISSP Preparation Notes
CISSP Mind Map: All Domains
CISSP Mind Map: All Domains
Lansweeper
CIS 18 CRITICAL SECURITY CONTROLS CHECKLIST
CIS 18 CRITICAL SECURITY CONTROLS...
Semaphore
CI-CD with Docker and Kubernetes
CI-CD with Docker and Kubernetes
EC-MSP
BUSINESS CONTINUITY PLAN & DISASTER RECOVERY PLAN TEMPLATE
BUSINESS CONTINUITY PLAN & DISASTER...
PWC
Building a risk-resilient organisation
Building a risk-resilient organisation

More Latest Published Posts

40 under 40
40 under 40 in CyberSecurity 2024
40 under 40 in CyberSecurity 2024
HADESS
40 Days in DeepDark Web About Crypto Scam
40 Days in DeepDark Web About Crypto Scam
Everbridge
8 Principles of Supply Chain Risk Management
8 Principles of Supply Chain Risk Management
CHAOSSEARCH
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
ENDGAME
The Hunters Handbook Endgame’s Guide to Adversary Hunting
The Hunters Handbook Endgame’s Guide to Adversary Hunting
THE EU’S MOST THREATENING by EUROPOL
THE EU’S MOST THREATENING by EUROPOL
National Cyber Security Centre
Responding to a cyber incident – a guide for CEOs
Responding to a cyber incident – a guide for CEOs
IGNITE Technologies
CREDENTIAL DUMPING
CREDENTIAL DUMPING
HADESS
Pwning the Domain Lateral Movement
Pwning the Domain Lateral Movement
Jorgen Lanesskog
PING Basic IP Network Troubleshooting
PING Basic IP Network Troubleshooting
TELESOFT
Layer 7 Visibility What are the Benefits?
Layer 7 Visibility What are the Benefits?
TIGERA
Introduction to Kubernetes Networking and Security
Introduction to Kubernetes Networking and Security
Department of Defense's (DoD)
Defense Industrial Base Cybersecurity Strategy 2024
Defense Industrial Base Cybersecurity Strategy 2024
Dummies
Zero Trust Access for Dummies Fortinet
Zero Trust Access for Dummies Fortinet
Homeland Security
Zero Trust Implementation Strategy
Zero Trust Implementation Strategy
National Australia Bank Limited
Your Business and Cyber Security
Your Business and Cyber Security
CYFIRMA
Xeno RAT- A New Remote Access Trojan
Xeno RAT- A New Remote Access Trojan
IGNITE Technologies
Windows Persistence COM Hijacking MITRE T1546 015
Windows Persistence COM Hijacking MITRE T1546 015
IGNITE Technologies
Windows Exploitation Rundll32
Windows Exploitation Rundll32
IGNITE Technologies
Windows Exploitation Msbuild
Windows Exploitation Msbuild
HADESS
Web LLM Attacks
Web LLM Attacks
HADESS
Trended Protocols for Security Stuff
Trended Protocols for Security Stuff
Red Iberoamericana de Protección de Datos
Transferencia Internacional de Datos Personales – Guia de Implementación
Transferencia Internacional de Datos Personales – Guia de Implementación
CYFIRMA
TRACKING RANSOMWARE January 2024
TRACKING RANSOMWARE January 2024
https://www.linkedin.com/in/harunseker/
TOP Cyber Attacks Detected by SIEM Solutions
TOP Cyber Attacks Detected by SIEM Solutions
TRAVARSA
Top 100 Cyber Threats and Solutions 2024
Top 100 Cyber Threats and Solutions 2024
Top 50 Cybersecurity Threats
Top 50 Cybersecurity Threats
OWASP
Top 10 Considerations for Incident Response
Top 10 Considerations for Incident Response