Identity & Access Management (IAM)

Identity and Access Management (IAM) programs are designed to protect data and privacy starting with user authentication and authorization, often by using a single sign-on solution that incorporates multi-factor authentication, and then assigns users access rights to resources with identity management (IDM) solutions to continuously monitor access, to proving enforcement of and governance over “least privilege necessary” access rights.

As governments and industry standards organizations place greater focus on data privacy and security, organizations need to meet increasingly stringent compliance requirements. As organizations move mission-critical business operations to the cloud, robust Identity and Access Management helps protect data from unauthorized access. With complex on-premises, hybrid, and cloud infrastructures, organizations struggle with IAM as more identities – human and non-human – interact with information. Identity and Access Management is about ensuring that the right users have the right access to the right resources at the right time for the right reason.

Before the cloud, identity consisted solely of human users, such as employees or on-premises contractors. Digital transformation has changed the way we define identity. Today, an identity can be any person, object, or code that interacts with your information.

An on-premises employee is one type of identity that presents a certain set of risks, while a remote employee is an identity that presents a different set of risks. Meanwhile, robotic process automation, code that manages administrative tasks, is a different type of identity from an Internet of Things (IoT) device.

The proliferation of identities wreaks havoc on IT administrators as each one needs its own ID and way to authenticate, as well as its own set of rights within the ecosystem.

Access

After creating an identity, you need to determine what resources that identity can access. For example, each user needs access to the resources that allow them to get their jobs done.

Access cannot exist without identity. However, identity is useless without providing access to resources. Therefore, addressing one without the other creates an incomplete picture.

Privacy Risk

Although privacy and security are often used interchangeably, they are two different types of risk. Privacy involves giving people control over their personally identifiable information (PII). Human Resources may need access to an employee’s medical history. However, that employee has the right to keep the information private from their manager. If your company is not managing access and identity effectively, you may be violating someone’s right to privacy.

Operational Risk

IAM also protects you from operational risks such as embezzlement and fraud. For example, a person accessing Accounts Receivable should not access Accounts Payable. If the person can access both, the individual can create a fake vendor account and pay it from the corporate bank account without oversight.

Managing Identity

Identity Management (IDM) is the way that organizations identify, authenticate, and authorize users. IDM focuses on user authentication. In short, authentication ensures that a user is who they say they are. Authentication can include:

• A Unique User Name
• Password
• Multi-Factor Authentication
• Single Sign-On

Most organizations manage their identity data by creating a warehouse, a large data repository that contains all ID information. After creating the warehouse, it is connected to their applications and environments. If you follow best practices, you would also want to incorporate multi-factor authentication (MFA). MFA requires your users to use more than one of the following authentication methods: something you know (password), something you own (smartphone, token), or something you are (biometrics).

Managing Access

Access is a bit different from identity, although still inherently interconnected. Access defines the resources an authenticated identity is authorized to use.

Your sales team may need access to collaborative shared drives and sales applications. Your marketing team will need access to collaborative shared drives and marketing applications. However, your sales team may not need to access the marketing applications, and the marketing team may not need to access the sales applications. The combinations of possible scenarios can be very wide indeed.

Okta is a tech business that specializes in Identity Management for the enterprise. Okta has several IAM solutions, one of which will meet your user access management requirements.

If you would like to know more about IAM solutions from Okta, please contact us.