IAM

IAM definition

Identity and access management (IAM) in enterprise IT is

 about defining and managing the roles and access privileges

 of individual network users and the circumstances in which 

users are granted (or denied) those privileges. Those users

 might be customers (customer identity management) or employees

 (employee identity management. The core objective of IAM

 systems is one digital identity per individual. Once that 

digital identity has been established, it must be maintained,

 modified and monitored throughout each user’s “access 

lifecycle.” 

IAM tools

Identity and management technologies 

include (but aren’t limited to) password-management 

tools, provisioning software, security-policy enforcement 

applications, reporting and monitoring apps and identity 

repositories. Identity management systems are available for 

on-premises systems, such as Microsoft SharePoint, as well 

as for cloud-based systems, such as Microsoft Office 365. 

API security enables IAM for use with B2B commerce,

 integration with the cloud, and microservices-based IAM 

architectures. Forrester sees API security solutions being

 used for single sign-on (SSO) between mobile applications or

 user-managed access. This would allow security teams to manage

 IoT device authorization and personally identifiable data.

Identity analytics (IA) will allow security teams to detect 

and stop risky identity behaviors using rules, machine learning,

 and other statistical algorithms.

IAM systems must be flexible and robust enough to accommodate

 the complexities of today’s computing environment. One reason:

 An enterprise’s computing environment used to be largely 

on-premises, and identity management systems authenticated and

 tracked users as they worked on-premises, says Jackson Shaw,

 vice president of product management for identity and access

 management provider One Identity.

Why do I need IAM? 

Identity and access management is a critical part of any 

enterprise security plan, as it is inextricably linked to 

the security and productivity of organizations in today’s 

digitally enabled economy. 

Compromised user credentials often serve as an entry 

point into an organization’s network and its information

 assets. Enterprises use identity management to safeguard 

their information assets against the rising threats of 

ransomware, criminal hacking, phishing and other malware 

attacks. Global ransomware damage costs alone are expected 

to exceed $5 billion this year, up 15 percent from 2016, 

Cybersecurity Ventures predicted.

Identity and access management systems can enhance business 

productivity. The systems’ central management capabilities 

can reduce the complexity and cost of safeguarding user 

credentials and access. At the same time, identity

 management systems enable workers to be more productive 

(while staying secure) in a variety of environments, whether

 they’re working from home, the office, or on the road. 

What are the benefits of IAM systems  

Implementing identity and access management and associated

 best practices can give you a significant competitive 

advantage in several ways. Nowadays, most businesses need

 to give users outside the organization access to internal 

systems

Identity management systems can allow a company to extend

 access to its information systems across a variety of 

on-premises applications, mobile apps, and SaaS tools without 

compromising security.

Identity management can decrease the number of help-desk 

calls to IT support teams regarding password resets. 

Identity management systems allow administrators to automate 

these and other time-consuming, costly tasks. 

An identity management system can be a cornerstone of a 

secure network, because managing user identity is an essential

 piece of the access-control picture.

Consequently, well-managed identities mean greater control 

of user access, which translates into a reduced risk of 

internal and external breaches. This is important because, 

along with the rising threats of external threats, internal

 attacks are all too frequent

How IAM works

In years past, a typical identity management system comprised 

four basic elements: a directory of the personal data the 

system uses to define individual users (think of it as an 

identity repository); a set of tools for adding, modifying 

and deleting that data (related to access lifecycle management);

a system that regulates user access (enforcement of security policies and access privileges); and an auditing and reporting system (to verify what’s happening on your system). 

In today’s complex compute environments, along with heightened

 security threats, a strong user name and password doesn’t cut 

it anymore. Today, identity management systems often 

incorporate elements of biometrics, machine learning and 

artificial intelligence, and risk-based authentication. 

At the user level, recent user authentication methods are 

helping to better protect identities. For example, the

 popularity of Touch ID-enabled iPhones has familiarized 

many people with using their fingerprints as an authentication

 method. Newer Windows 10 computers offer fingerprint sensors 

or iris scanning for biometric user authentication.