Identity and management technologies include (but aren’t limited to) password-management tools, provisioning software, security-policy enforcement applications, reporting and monitoring apps and identity repositories. Identity management systems are available for on-premise systems, such as Microsoft SharePoint, as well as for cloud-based systems, such as Microsoft Office 365.
Forrester Research identified six IAM technologies with low maturity, but high current business value:
API security enables IAM for use with B2B commerce, integration with the cloud, and microservices-based IAM architectures. Forrester sees API security solutions being used for single sign-on (SSO) between mobile applications or user-managed access. This would allow security teams to manage IoT device authorization and personally identifiable data.
Customer identity and access management (CIAM) allow “comprehensive management and authentication of users; self-service and profile management; and integration with CRM, ERP, and other customer management systems and databases,” according to the report.
Identity analytics (IA) will allow security teams to detect and stop risky identity behaviors using rules, machine learning, and other statistical algorithms.
Identity as a service (IDaaS) includes “software-as-a-service (SaaS) solutions that
offer SSO from a portal to web applications and native mobile applications as well as some level of user account provisioning and access request management,” according to the report
Identity management and governance (IMG) provides automated and repeatable ways to govern the identity life cycle. This is important when it comes to compliance with identity and privacy regulations.
Risk-based authentication (RBA) solutions “take in the context of a user session and authentication and form a risk score. The firm can then prompt high-risk users for 2FA and allow low-risk users to authenticate with single factor (e.g., username plus password) credentials,” according to the report.
IAM systems must be flexible and robust enough to accommodate the complexities of today’s computing environment. One reason: An enterprise’s computing environment used to be largely on-premises, and identity management systems authenticated and tracked users as they worked on-premises, says Jackson Shaw, senior director of product management for identity and access management provider One Identity. “There used to be a security fence around the premises,” Shaw noted. “Today, that fence isn’t there anymore.”
As a consequence, identity management systems today should enable administrators to easily manage access privileges for a variety of users, including domestic on-site employees and international off-site contractors; hybrid compute environments that encompass on-premise computing, software as a service (SaaS) applications and shadow IT and BYOD users; and computing architectures that include UNIX, Windows, Macintosh, iOS, Android and even internet of things (IoT) devices.
Ultimately, the identity and access management system should enable centralized management of users “in a consistent and scalable way across the enterprise,” says Abousselham.
In recent years, identity-as-a-service (IDaaS) has evolved as a third-party managed service offered over the cloud on a subscription basis, providing identity management to a customers’ on-premises and cloud-based systems.
Why do I need IAM?
Identity and access management is a critical part of any enterprise security plan, as it is inextricably linked to the security and productivity of organizations in today’s digitally enabled economy.
Compromised user credentials often serve as an entry point into an organization’s network and its information assets. Enterprises use identity management to safeguard their information assets against the rising threats of ransomware, criminal hacking, phishing and other malware attacks. Global ransomware damage costs alone are expected to exceed $5 billion this year, up 15 percent from 2016, Cybersecurity Ventures predicted.
In many organizations, users sometimes have more access privileges than necessary. A robust IAM system can add an important layer of protection by ensuring a consistent application of user access rules and policies across an organization.
Identity and access management systems can enhance business productivity. The systems’ central management capabilities can reduce the complexity and cost of safeguarding user credentials and access. At the same time, identity management systems enable workers to be more productive (while staying secure) in a variety of environments, whether they’re working from home, the office, or on the road.
Feel free to contact E-SPIN for identity and access management infrastructure and application security, infrastructure availability and performance monitoring solution.