Why is this necessary and what does it mean?
In today’s world, modern organizations’ most valuable assets are their digital information, such as: confidential files, contract and plans, state secrets, health and other records which are often stored online. In this respect, IAM is a vital part of every institution’s security plan as it protects the information against the rising threats of hacking, phishing, ransomware, and other malware cyber attacks, while granting authorized people easy access to the very same data.
How does it work?
In order to understand how IAM works, it is important to understand identity and access management concepts, as well as the correlation between Identity and Access control.
Access control is a security technique that can be used to regulate who or what can view or use a resources environment, whereas Identity is a set of attributes related to an entity that computer systems use to represent a person, organization, application, or a device. In fact, there is a direct relationship between access control and identity management because the core function of an identity management solution is access control.
The same identity can be associated with multiple accounts (representations of a user within the system) and identifiers (how a user is labeled). For example, you may have multiple email accounts that belong to one identity (person, organization or device).
Authentication and Authorization
Authentication is the process used to determine whether the user is who they claim to be. Once the user is authenticated, authorization determines whether the user is allowed to access a particular resource or take a specific action.
Provisioning
The process of creating a user account when it’s needed.
De-provisioning
The reverse process of deleting, archiving or deactivating of an account that is no longer needed.
Identity Lifecycle
The lifecycle of digital identities that have a lifecycle, just like the real-world entities they represent.
To illustrate this, let’s take the example of an employee that leaves their job. The employee’s connection to the company has changed and the account and authorizations they had will also change accordingly.
However, the identity itself remains the same and the employee will continue to be able to authenticate in the future if they later decide to come back and work for the same company again. They will be able to access all of his previous databases and confidential files. This is why it is very important that systems are such that take into account the current status of a user and able to apply the appropriate account authorization schemes accordingly when that status changes.
Another illustration of this is that when an employee leaves the company, they won’t be able to use the wireless network as before, because the system will have noted the change in status and affiliation and update authorizations accordingly.
Identity verification by using only an account ID and password access may be enough depending on the data involved because it is most convenient and it requires the least know-how. However, this way of control is stronger when supported by other controls.
For more restricted data classifications, multiple controls are more effective. The most common such solution is the two-factor authentication which uses two factors: something the subject knows, has or is.
We already mentioned an example of something the user “knows” (a password or a PIN). This control can be strengthened with something the user has (a smart card, token etc) or by something the user “is” (biometric fingerprints, facial features, eye retina etc). Using more than one control significantly increases the probability of correct identity verification.
What are the benefits of it?
By implementing identity and access management, companies can gain considerable advantage over their competitors and boost their own productivity.
These days, in order to run their business successfully, many companies need to give access to their internal systems to users both inside and outside of their organization.
- Giving access to business partners, suppliers, contractors and customers can lower operating costs and increase efficiency.
- At the same time, it enables employees to be more productive in a variety of locations, regardless of whether they are at the office, working from home or traveling. It also increases employee satisfaction and nurtures collaboration throughout the organization. All of this is done without compromising security and by using various mobile apps and on-premises applications.
- The existence of Identity management systems can reduce expensive and time-consuming tasks such as password resets and calls to IT support teams by automating many aspects of providing secure user access to enterprise networks and data.
- Another major benefit of access control and identity management is that it helps companies stay in compliance with government regulations. In today’s environment, this is a vital benefit having in mind that every IT position is a security position and that there is an ever-increasing cyber-security personnel shortage in the world. Furthermore, companies can be fined with millions of dollars in penalties, if they are not compliant with relevant government rules and regulations.
Finally, a good identity management system means that there is better control of user access, which means there is a lower risk of external, but also of internal breaches and attacks, which are also on the rise and happen all too frequently. More than 50% of all security breaches are done by internal people, i.e. company’s own employees, of which three quarters were malicious in intent.
Sumber Access Control and Identity Management