• Identity and Access Management (IAM)

     

    Identity and Access Management (IAM) is a sub-discipline of data security that comprises two sets of functionalities: Identity Management (IM) and Access Management (AM). As organizations make the shift to digital business by investing more resources toward cloud, mobile and APIs technologies, their security architecture must evolve to serve an increasingly sophisticated IT environment. Identity and access management is a critical layer of a modern security architecture for allowing employees, partner organizations and customers secure access to any app, using any device, anytime. Organizations must be able to identify who the users are, their role in the organization and what data they are authorized to access.

     

    Identity and access management (IAM) ensures that individuals can only access data to which they are entitled.

    What is Access Management ?

    Access Management (AM) is a IAM functionality that enables determining whether a user has permission to access a certain resource, and enables the enforcement of the access policy that has been set up for that resource, using contextual information.

    Access management is implemented based on access policies that are defined and include such information as which groups of users are allowed access to which (Cloud) applications, as well as the set of user attributes required to access each application (e.g. trusted device, password, OTP, fingerprint). The access policy can require more or less user attributes to be assessed depending on the sensitivity of a Cloud application. These attributes are assessed using risk-based or context-based authentication, which is central to enforcing the different access policies defined for each (Cloud) application.

    What is Single Sign On ?

    Single sign-on (SSO) provides the capability to authenticate once, and be subsequently and automatically authenticated when accessing various resources. It eliminates the need to separately log in and authenticate to individual applications and systems, essentially serving as an intermediary between the user and target applications. SSO, whether in a standalone solution or a broader access management solution, can be achieved through a range of identity federation protocols. These include open-source protocols such as SAML 2.0 and Open ID Connect, proprietary protocols such as Microsoft’s WS-Federation, and other technologies such as password vaulting and reverse proxies.

    The role of Identity Management (IM)

    Identity Management (IM) is a set of functionalities that helps answer the questions, “Who should receive access, or who is ‘entitled access,’ to which application?” and “Who in practice was granted access to which application, by whom and when.” For example, an IM solution may help establish that Sales staff are entitled access to certain applications, such as SalesForce (Cloud) or SAP (on-premise). An IM solution can automatically provision access to these applications, based on their Sales group membership. The Sales user may also request to be provisioned access to other applications, a request which would then go through a management approval process.

    Context-based

    Context-based authentication is an authentication method based on a range of supplemental information assessed at the time a person logs in to an application. The most common type of contextual information include a user’s location, time of day, IP address, type of device, URL and application reputation. Context-based authentication, also called risk-based or adaptive authentication, is central to the world of SSO and access management where the objective is to make the authentication journey as transparent and painless as possible. By assessing a user’s login attributes, be they contextual (device, role, location) or behavior based (e.g. typing speed, page view sequence), single sign on and access management solutions can continuously match the level of authentication required from the user with the access policy defined for each application. In this way, authentication is applied granularly—in the most frictionless manner possible—per an application’s access policy, rather than as a blanket, uniform rule for all organizational resources.

    Functional components

    An IAM solution is built to satisfy 4 basic functions:

    Authentication - Most would say this is pretty self-explanatory, but there’s often a lot more to this than what many think. For example, do you want to provide a seamless authentication model with Single Sign-On (SSO) or do you want to keep the authentication separate from your local security domains to provide a higher level of security. Do you want to provide more of a Same Sign-On solution where they use their local username and password but are forced to login every time which can be a less inviting end user experience.

    Authorization - Authorization within IAM simply put provides authorization workflows to requests for access to resources or the creation of new resources managed by the IAM solutions. Authorizations ensure that access compliance and government processes are followed with all managed resources.

    User Management - User management is simply that, it manages the user objects of which it knows about, this includes any add moves or changes that occur to these objects throughout their lifecycle, and when a user leaves the organization for whatever reason they are terminated through the standard business processes that are established as part of the requirements that have been defined.


    Central User Repository - This is effectively where everything is stored, often referred to as the "Identity Repository". It’s simply a central repository of all user objects, as well as the configuration items such as workflows, policy rules as well as various other configuration items.

    How can we help you ?

    Route443 has extensive consulting and implementation skills in identity and access management technologies and solutions, supported by sound infrastructure and security expertise.
     
    Our identity solutions range from:

    • Strategic initiatives
    • Requirements analysis
    • Building business cases all the way to a program of works.
    • Implementation of tactical solutions to solve specific business problems.

    To maintain that competitive edge, information has to be available any time, any place; one of the many reasons why companies adopt Cloud technologies. Route443 can assist with your implementation of Identity and Access Management, to help ensure your information stays safe.