Identity and access management (IAM) is the (security) discipline that enables the right individuals to access to the right resources at the right times, in the right way for the right reasons and being able to report and centrally manage that access. It comprises solutions involving people, process as well as technology.
The need to ensure appropriate access to resources across increasingly complex technology environments is paramount to ensuring a secure environment, in addition to meeting increasingly rigorous compliance requirements.
The need to empower end-users with control over their data in an intuitive and secure way, while protecting their privacy is one of the core challenges that most if not all Enterprises face over the coming years
There are four main pillars in Identify and Access management
Workforce Identity Access Management (WIAM)
Workforce Identity and Access Management is the use of set of identity and access management controls and processes to provide an organisations internal employee’s, and other internal users such as partners, secure access to organisational resources. WIAM will cover a smaller user base but often covers a high volume of applications and IT Assets.
Consumer identity Access Management (CIAM)
Where WIAM controls an employee’s access to internal services, CIAM controls the access for a company’s customer base. In comparison to WIAM, CIAM often covers a very large user base but a small volume of applications. CIAM requires more flexibility in authentication depending on the use case, from B2C customer federation to social authentication, to native authentication and even passwordless authentication.
A good example of WIAM vs CIAM is to take an organisation such as a bank
WIAM will control the banks employees and their access to the internal banking applications and customer databases
CIAM will control the Banks customers access to Mobile Banking applications and other self-service portals that the bank may offer
Privileged Access Management (PAM)
In an enterprise environment, “privileged access” is a term used to designate special access or abilities above and beyond that of a standard user. Privileged access allows organizations to secure their infrastructure and applications, run business efficiently and maintain the confidentiality of sensitive data and critical infrastructure.
Privileged Access Management is the set of process and controls put in place by an organisation to ensure that Privileged Access is monitored and controlled. These controls will typically consist of a Privileged Account vaulting tool and automatic password rotation.
Identity Governance is the IAM function that is responsible for ensuring that the controls and process put in place for WIAM, CIAM and PAM are adhered to.
The Governance team will focus on the following main areas
Visibility of users access to data and reporting on toxic combinations
Enforcement of segregation of duty policies
Role Based Access Control (RBAC) and Policy Based Access Control (PBAC)
Identity and Access Management is a key enabler for cybersecurity in any organisation and can be a way to protect you key assets in a constructive manner.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.