Everand Logo

Welcome to Everand!

  • Discover millions of ebooks, audiobooks, and so much more with a free trial

    Only $11.99/month after trial. Cancel anytime.

    An Executive Guide to Identity Access Management - 2nd Edition
    An Executive Guide to Identity Access Management - 2nd Edition
    An Executive Guide to Identity Access Management - 2nd Edition
    Ebook155 pages1 hour

    An Executive Guide to Identity Access Management - 2nd Edition

    By alasdair gilchrist

    4/5

    ()

    Read preview

    About this ebook

    In this high-level executive guide to Identity and Access Management, we discuss the good the bad and the ugly aspects. We consider why you need IAM, how it helps with security, compliance, governance and importantly how it can save you a fortune in time, effort and money on compliance auditing. However, it's not all good news, so we will discuss the problems you will face, the reasons for the high failure rates in deployment and the best practices you can follow to mitigate the risks of failure. Nonetheless, in this second edition, we contemplate how deploying IAM will reap benefits in the enterprise and discuss strategy and best practices for deployment in the cloud, commerce, IoT, and hybrid enterprise scenarios. We will also contemplate IDaaS and other next-generation approaches to IAM such as Identity Relationship Management (IRM).

    LanguageEnglish
    Publisheralasdair gilchrist
    Release dateSep 18, 2018
    ISBN9781513068275
    An Executive Guide to Identity Access Management - 2nd Edition

    Read more from Alasdair Gilchrist

    Related to An Executive Guide to Identity Access Management - 2nd Edition

    Related ebooks

    Security For You

    View More
    View More

    Related podcast episodes

    Related articles

    • Article

      Web App Security

      Jun 29, 2021

      Web App Security
      8 min read

    • Article

      PhonePe: Life Beyond UPI

      Dec 10, 2020

      PhonePe: Life Beyond UPI
      5 min read

    • Article

      Types Of Databases

      Aug 27, 2019

      NoSQL databases provide the performance, scalability and stability that’s required by the modern data-driven apps we interact with these days. But that is where the similarity between NoSQL systems end. In fact, it wouldn’t be wrong to say that the o

      1 min read

    • Article

      Cloudy With No Chance Of Erp

      Nov 11, 2019

      ERP (enterprise resource planning) was born around the time the first ‘[Something] for Dummies’ book was published*. It’s typically inflexible, uncompromising software designed for large businesses, like banks, large corporations, manufacturing and s

      2 min read

    • Article

      Cyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL

      Sep 21, 2016

      Data breaches can have far-reaching repercussions; protecting against them is a companywide mandate

      2 min read

    • Article

      Bypassing The Pa55word

      Aug 5, 2021

      Bypassing The Pa55word
      6 min read

    • Article

      Business Endpoint Protection

      Nov 11, 2021

      Business Endpoint Protection
      3 min read

    • Article

      Cloud Under Fire

      Aug 4, 2023

      Cloud Under Fire
      7 min read

    • Article

      Privacy: The Price Of Trust

      Aug 17, 2021

      How will cybersecurity and data privacy evolve over the next decade? We’re hearing from our customers that cybersecurity and data privacy are increasingly becoming board-level conversations. Companies will start to think about privacy, security, vend

      1 min read

    • Article

      Leapfrogging Into The Future

      Mar 22, 2024

      A ARTIFICIAL INTELLIGENCE (AI) is all set to fast-forward India’s digital economy, enhancing governance, social inclusion and push for an exponential multi-sectoral growth that includes data-driven intelligence and insights. Within the realm of AI, G

      5 min read

    • Article

      Remote Support Software 2020

      Aug 13, 2020

      Remote Support Software 2020
      3 min read

    • Article

      Licence Management At Home

      Dec 10, 2020

      There are numerous software inventory tools that can reach out across the corporate network and detect rogue apps running on company computers – giving you the opportunity to either pay up or purge them sharpish. When the bulk of your staff is workin

      1 min read

    • Article

      Firewalls To Separate Personal From Professional

      Jan 23, 2020

      In this day of smartphones and remote-working policies, many companies are going ‘asset-light’ and allowing personal devices (cell phones, laptops, etc.) for official use. Use of self-owned cell phones to access work emails, WhatsApp for business and

      4 min read

    • Article

      Taking Guard

      Sep 2, 2021

      Taking Guard
      6 min read

    Related categories

    Reviews for An Executive Guide to Identity Access Management - 2nd Edition

    4/5

    3 ratings1 review

    What did you think?

    Tap to rate

    Review must be at least 10 words

    • 5/5
      I have really enjoyed reading details on the IAM. Excellent Summary to say the least.

    Book preview

    An Executive Guide to Identity Access Management - 2nd Edition - alasdair gilchrist

    Chapter 1 - An Executive IAM Overview

    Identity: the fact of being whom or what a person or thing is. The sameness in all that constitutes the objective reality of a thing: oneness.

    Identity management is a core concept in IT security as it is the way that we manage who can access what. Traditionally, IT has approached this through knowledge-based authentication, for example, something that the user knows, such as their password. This has served IT very well in the past, although for more security applications IT has often required identification to be supplemented with a form of two-part authentication, with the user having something in their possession – something they have – such as a keycard or token. High security applications have required stringent authentication techniques – something you are – I.E. a biometric indicator such as a fingerprint or an iris scan or through some form of speaker or facial recognition.

    These techniques have served IT well over the decades when it was only people from a fixed location on a predetermined workstation or computer that required to be identified and authorized. However, mobility has changed all that, now IT has to manage who can access what, when, how and from where. Indeed, IT is no longer just authenticating users but also devices, as BYOD (Bring Your Own Device) has become not only an acceptable but also the prevalent business model. IT therefore must be able to identify smartphones, tablets, laptops and other user owned devices that they will use to access the network.

    Additionally, it is not just people and devices that require identification and authorization it is also sensors and appliances – anything that connects and interacts with the network - because in the age of the IoT (Internet of Things), all these components will also have to be screened and authenticated before being allowed access to the network.

    Consequently, identity and access management has become a technology in its own right, as IT cannot manage the scope manually. Subsequently, vendors have rushed to fill the niche in the market with IdM (Identity Management), AM (Access Management) or IAM (Identity and Access Management) products. And, there lies our first problem, making sense of the identity and access management alphabet soup.

    Identity Management vs. Access Management

    To consider what the term Identity Management means, we have to look at what is its definition. In the purest sense, Identity Management is about authentication, and verification. Identity Management is all about authenticating and verifying that you are, or the device is, who you claim to be, and then assigning the user or device a category or role, which is solely the function of identity management. However, you will often hear the term used by many experts and vendors, to address their products in the broadest sense, which encompasses in addition to authentication another function that of authorization.

    Identity management (IdM) and access management (AM) work so closely together that sometimes their different responsibilities become blurred. At a high level, there shouldn't be any confusion as identity management focuses on authentication, whereas access management is aimed at authorization. 

    However, what is authorization and authentication?

    Authentication – is about determining the person or entity is genuine, they are who or what they claim to be.

    Authorization – is applying policy to permit or refuse access to an authenticated entity

    Therefore, we can say that:

    IdM is responsible for authentication it creates an identity record, an account, which has several attributes. These attributes are meaningful and specific to the organization maintaining the records. IdM then assigns the identity, the record, to a relevant category (group, role) for ease of administration. However IdM only provides authentication of the entity, it has no control over subsequent authorization that is the domain of access management.

    Access Management is different as it only applies access policy. Access management plays no role in authentication; it deals solely with authorization of already authenticated entities. Access management enforces policy on the groups and roles created by IdM.

    So where does the confusion arise?

    Identity Management

    An IdM system provisions an identity – creates an account with meaningful attributes - at the beginning of the process and de-provisions the account once it is no longer required – such as when a person leaves the company or a smartphone is lost or stolen.

    IdM assigns attributes to help it classify people or devices by setting them in a group or a role. For example, an accountant might be placed in the finance group with the role of accountant. IdM will also, when creating the identity (account) stipulate the method used for authentication, which could be a password, biometrics, or passkey.

    Access Management

    Proving an identity and matching it to an account is not much use on its own if there is no assigned authorization policy attached to that account. Access management consequently is responsible for creating and enforcing access policy. Access management provides granularity of policy, it applies rules based on roles, and enforces authorization policy (what the authenticated user can do) to the groups and user accounts created by IdM. This is termed Role Based Access Control (RBAC).

    Vendors, engineers and consultants will often use the term Identity Management almost as an acronym for the full suite of methods/technologies that provide a complete identification and authorization system. An example is Oracle's IAM 11g platform, which has many modules that address identity, authorization, compliance and auditing. Even though Identification Management is but a single component of that suite, it is still referred to as Oracle Identification Management (OIM).

    IAM

    Identity Management (IDM) has become more than just a method of authentication. Several vendors will portray their products as being IDM or identity and access management (IAM), when in essence they are a suite of products that determine a user/device authenticity and then apply authorization rules.  Some of these IDM products do not address governance, auditing or have a reporting facility. To be truly considered to be a modern IAM solution, such as Oracle's OIM a product must incorporate; authentication, policy/rule based authorization, governance, regulatory compliance, with robust reporting and auditing functions.

    Why is IDM so Important?

    Identification management is very important, as it is the basis of all security, especially when applying authorization to users, devices, things and roles. After all, you cannot apply policy unless you can identify a role or an entity. IDM is extremely important for applying granular security policy because it creates the roles and groups on which access management applies role based access control.

    The Role of IdM

    Businesses having growing numbers of web based and cloud hosted applications each with their own user communities. Furthermore, a user in one community might have a different role in another, which could lead to potential separation of duties (SoD) issues.

    Typically, business applications are deployed as separate autonomous projects without a common user identity repository. This results in many separate identity silos, provisioning mechanisms, management interfaces and security controls. Furthermore, the administration of the applications may fall under different internal or external groups.

    Companies that operate with disparate identity management sources tend to have inconsistent approaches to organizing identity attributes, security and access control, and other important aspects of identity management. This often leads to security and compliance decisions being made in an ad-hoc manner by developers and system administrators.

    Consequently, there will be no consistency of policy across the company with regards the management of the identity lifecycle. For example, there may be no enforceable or common process or procedure for creating or terminating a user identity record, let alone maintaining consistency of attributes per user account.

    This can result in inconsistent identity data being stored throughout the company, which leads to inefficiency and increased operating costs. At worst, there are serious security risks and compliance issues.

    Furthermore, from the user's perspective the migration to client/server applications within the business and the cloud has greatly increased the number of identities they must remember. Multiple identities leads to inefficiency and increased burden on helpdesk support as users frequently require password resets. However, IAM does a lot more than just manage passwords.

    What does Identification & Access Management do?

    An Identification management system such as Oracle (OIM) works on several levels that transcend the pure definition:

    In the purest definition of the identity function, we can consider identity management to be the automation of the creation, management and deletion of identities, (user/device accounts). Additionally, identity management is also responsible for applying categorization to users/devices within roles or groups. In broader terms, an IAM system will require additional control of the user/role based permissions that will enable it to apply authorization policy, (access management). By applying RBAC, authenticated entities will gain authorization to access the specific services and functions within their role – and no other.  

    Additionally, an IAM system will provide regulatory compliance and auditing. This is a very important component of an IAM as it provides automatic audits and reporting which is essential in IT governance and compliance management. Furthermore, an IAM should manage the device inventory in so much as it will provide detailed reports on assets and fixtures (inventory management). In short an IAM is much more than single-sign-on and user management.

    IdM can assist IT in mitigating some of the challenges facing a modern medium to enterprise companies by:

    Maintaining consistency of user identity across many applications

    Providing Single-sign-on password mechanisms

    Control access to network resources using RBAC

    Manage several identities or roles; the same person could be a super user on one system and have read only (guest) access on another.

    Provide batch and automated

    Enjoying the preview?
    Page 1 of 1