Identity & Access Management (IAM) Overview
Posted October 5, 2022 by Chris Glanden
In honor of National Cybersecurity Awareness month, Sayers will be releasing a series of short videos focused on various cybersecurity topics. In this episode, I’d like to provide you with an overview of Enterprise Identity and Access Management (IAM).
Identity and Access Management, often referred to as IAM, are the structures and processes within an organization that administer and manage access to resources. It’s all about providing the right people with the right access at the right time. An IAM program is built on three core functionality pillars to achieve this.
The first pillar is Access Management, this provides the processes and workflows to authenticate, authorize, and audit access to applications, systems and data (AKA resources). It serves as the lock to allow access to the appropriate people, who have the correct key or combination of keys, at the appropriate time. These keys for access can consist of something a person knows, such as username and password, something they have, such as a smart card or token, or something they are, such as their fingerprint or voice.
Privileged Access Management, or PAM, makes up the second pillar of an identity program by discovering, securing, and monitoring accounts that have more significant (or elevated) permissions to resources. Administrators, auditors, and support team members are examples of people who would use accounts with elevated access. Given the importance of these accounts and their related access, it is paramount to grant, properly secure and monitor these specifically. Adversarial compromise of these accounts could provide for a more disruptive and/or impactful breach of corporate resources.
The third pillar of an identity program is Identity Governance and Administration, or IGA. IGA enables the effective management of identities and their access rights across the organization throughout their lifecycle based on business roles. This is accomplished through access request workflows, extensive auditing, and repeatable automation as people join the organization, move within the organization, or leave the organization – the joiners, movers, and leavers. Joiners have the access they need on day one, movers don’t retain rights to roles they no longer support, and leavers aren’t forgotten in the environment as a risk to the organization.
To summarize, Access Management, Privilege Access Management and Governance and Administration are the three pillars of an enterprise identity and management program.
That’s all for this episode. If you would like to learn more about Sayers and our service offerings, please visit www.sayers.com. Thank you.