What are the four components of an identity and access management system?
IAM addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments and compliance requirements. IAM is increasingly business-aligned and requires business skills, not just technical expertise. Enterprises that develop mature IAM capabilities can reduce their identity management costs and, more importantly, become significantly more agile in supporting new business initiatives.
Show The IAM flow can be displayed like this: Gartner defines IAM as “the discipline that enables the right individuals to access the right resources at the right times for the right reasons.” They highlight top priorities for IAM, including:
We identify the essential Identity and Access Management Components as:
Let’s break these down to understand how they fit into Identity and Access Management: What is CIAM?While IAM traditionally focuses on securing what your company’s workforce has access to, it is also used to manage your customer digital experience. This is also called Customer Identity and Access Management (CIAM). CIAM manages the authentication of customer identities; therefore, it is necessary for public-facing applications that require account registrations. Key CIAM features include…
What is MFA?Multi-factor Authentication (MFA) is an authentication method that requires users to provide two or more verification factors to gain access to a desired resource. MFA can be used for applications, online accounts, or a VPN. MFA is also often linked to a Zero Trust implementation. MFA is a core component of a strong IAM policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful attack. Each piece of evidence must come from a different category: something they know, something they have or something they are. What is PAM?Privileged Access Management (PAM) protects identities with exclusive access or capabilities beyond a normal user, such as an administrator. Privileged accounts must be protected due to accounts having additional capabilities and/or confidential information. The first step in implementing PAM is to determine which accounts have privileged access. Then, you can set up your policies based on that hierarchy. As a component of IAM, PAM protects access privileged identities; however, IAM offers its other components (MFA, IDaaS, SSO, Passwordless Authentication) for all accounts, not just ones with privileged access. What is IDaaS?Identity as a Service (IDaaS) can help you reduce risk and avoid unneeded IT infrastructure costs by providing cloud-based authentication built by a third-party provider. IDaaS providers supply cloud-based authentication or identity management for their customers. According to Gartner, the core aspects of IDaaS are:
What is SSO?Single sign-on (SSO) provides the capability to authenticate once, and then be automatically authenticated when accessing various target systems. It eliminates the need to separately authenticate individual applications and systems. Through SSO, target applications and systems still maintain their own credential stores and present sign-on prompts to client devices. Behind the scenes, SSO responds to those prompts and maps the credentials to a single login/password pair. What is Passwordless Authentication?Passwordless Authentication verifies users without a password. Using password verification has been around for decades and is a common security standard; however, passwords can also be very unreliable because they can be easily guessed, lost/forgotten, or stolen. Passwords are the top target of hackers. Passwordless authentication replaces passwords with other authentication factors that are safer, such as face or fingerprint ID. One-time codes – sent via SMS or email – is another way of replacing traditional passwords. Many times, these methods are often a part of MFA as verification in addition to the user’s password. Why Implement IAM? Identity and Access Management reduces the likelihood of an attack by verifying users are legitimate and only accessing information they are authorized to. It protects areas including data, software, development platforms, organization devices, data centers, and integrations.
|