What is Identity and Access Management (IAM)
Identity and access management (IAM) is the (security) discipline that enables the right individuals to access to the right resources at the right times, in the right way for the right reasons and being able to report and centrally manage that access. It comprises solutions involving people, process as well as technology.
The need to ensure appropriate access to resources across increasingly complex technology environments is paramount to ensuring a secure environment, in addition to meeting increasingly rigorous compliance requirements.
The need to empower end-users with control over their data in an intuitive and secure way, while protecting their privacy is one of the core challenges that most if not all Enterprises face over the coming years
There are four main pillars in Identify and Access management
Workforce Identity Access Management (WIAM)
Workforce Identity and Access Management is the use of set of identity and access management controls and processes to provide an organisations internal employee’s, and other internal users such as partners, secure access to organisational resources. WIAM will cover a smaller user base but often covers a high volume of applications and IT Assets.
Consumer identity Access Management (CIAM)
Where WIAM controls an employee’s access to internal services, CIAM controls the access for a company’s customer base. In comparison to WIAM, CIAM often covers a very large user base but a small volume of applications. CIAM requires more flexibility in authentication depending on the use case, from B2C customer federation to social authentication, to native authentication and even passwordless authentication.
A good example of WIAM vs CIAM is to take an organisation such as a bank
- WIAM will control the banks employees and their access to the internal banking applications and customer databases
- CIAM will control the Banks customers access to Mobile Banking applications and other self-service portals that the bank may offer
Privileged Access Management (PAM)
In an enterprise environment, “privileged access” is a term used to designate special access or abilities above and beyond that of a standard user. Privileged access allows organizations to secure their infrastructure and applications, run business efficiently and maintain the confidentiality of sensitive data and critical infrastructure.
Privileged Access Management is the set of process and controls put in place by an organisation to ensure that Privileged Access is monitored and controlled. These controls will typically consist of a Privileged Account vaulting tool and automatic password rotation.
Identity Governance is the IAM function that is responsible for ensuring that the controls and process put in place for WIAM, CIAM and PAM are adhered to.
The Governance team will focus on the following main areas
- Visibility of users access to data and reporting on toxic combinations
- Enforcement of segregation of duty policies
- Role Based Access Control (RBAC) and Policy Based Access Control (PBAC)
- Certification Campaigns
Identity and Access Management is a key enabler for cybersecurity in any organisation and can be a way to protect you key assets in a constructive manner.
Author: Neil Redmond, Director of Cyber Security, PWC (BEng 1997, MBA 2004)