An identity access management (IAM) system is a framework
for business processes that facilitates the management of electronic
identities. The framework includes the technology needed to support identity
management.
IAM technology can be used to initiate, capture, record and
manage user identities and their related access permissions in an automated
fashion. This ensures that access privileges are granted according to one
interpretation of policy and all individuals and services are properly
authenticated, authorized and audited.
Poorly controlled IAM processes may lead to regulatory
non-compliance because if the organization is audited, management will not be
able to prove that company data is not at risk for being misused.
Why you need
IAM
It can be difficult to get funding for IAM projects
because they don’t directly increase either profitability or functionality.
However, a lack of effective identity and access management poses significant
risks not only to compliance but also an organization’s overall security. These
mismanagement issues increase the risk of greater damages from both external
and inside threats.
Keeping the required flow of business data going while
simultaneously managing its access has always required administrative
attention. The business IT environment is ever evolving and the difficulties
have only become greater with recent disruptive
trends like bring-your-own-device (BYOD),
cloud
computing, mobile apps and an increasingly mobile workforce. There
are more devices and services to be managed than ever before, with diverse
requirements for associated access privileges.
With so much more to keep track of as employees migrate
through different roles in an organization, it becomes more difficult to manage
identity and access. A common problem is that privileges are granted as needed
when employee duties change but the access level escalation is not revoked when
it is no longer required.
This situation and request like having access like
another employee rather than specific access needs leads to an accumulation of privileges
known as privilege
creep. Privilege creep creates security risk in two different ways.
An employee with privileges beyond what is warranted may access applications and
data in an unauthorized and potentially unsafe manner. Furthermore, if an
intruder gains access to
the account of a user with excessive privileges, he may automatically be able
to do more harm. Data loss or theft can result from either scenario.
Typically, this accumulation of privilege is of little
real use to the employee or the organization. At best, it might be a
convenience in situations when the employee is asked to do unexpected tasks. On
the other hand, it might make things much easier for an attacker who manages to
compromise an over-privileged employee identity. Poor identity access
management also often leads to individuals retaining privileges after they are
no longer employees.
What should an
IAM system include?
IAM solutions should automate the
initiation, capturing, recording and management of user identities and their
related access permissions. The products should include a centralized directory
service that scales as a company grows. This central directory prevents
credentials from ending up recorded haphazardly in files and sticky notes as
employees try to deal with the burden of multiple passwords for different
systems.
IAM systems should facilitate the process of user
provisioning and account setup. The product should decrease the time required
with a controlled workflow that reduces errors and the potential for abuse,
while enabling automated account fulfillment. An identity and access
management system should also provide administrators with the ability to
instantly view and change access rights.
An access right / privilege system within the central
directory should automatically match employee job title, location and business
unit ID to manage access requests automatically. These bits of information help
classify access requests relevant to employees’ existing positions. Depending
on the employee, some rights might be inherent in their position and
automatically provisioned, while others may be allowed upon request. In some
cases, reviews may be required. Other requests may be denied except in the case
of exemption or may be outright prohibited. All variations should be handled
automatically and appropriately by the IAM system.
An IAMS should set workflows for managing access
requests, with the option of multiple stages of reviews with approval
requirements for each request. This mechanism can facilitate setting different
risk level-appropriate review processes for higher-level access as well as
reviews of existing rights to prevent privilege creep.
|
| ================================= **Important note** - contact our sister company, www.tabularosa.net, for very powerful solutions for IP management (IPv4 and IPv6), security, firewall and network/systems management solutions: www.tabularosa.net In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at: www.amazon.com/author/paulbabicki If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I
am the founder and president of Tabula
Rosa Systems, a company that provides “best of breed” products for network,
security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT
product information for virtually anyone.
==============================================
   |
No comments:
Post a Comment