returnreturn
Follina a silent Client-Side



SHARE

Twitter Facebook linkedin
GENERAL Note 3  •  6' READ

Identity and Access Management: Why do organizations need it?

In recent years much has been written about securing the identity, accesses and allowed activities for each user on every enterprise asset, be it application, mobile device, network, on-premise or cloud infrastructure, databases, routers, etc.

The concept of Identity Management has become confusing with the emergence of a large number of solutions from different vendors that come to remedy numerous aspects of identity and/or access.

The dissemination and use of acronyms such as IAM, IDaaS, SaaS, PIM, PAM, MFA, 2FA, SSO, ZT, AI and many others, which are used to define concepts related, but not equivalent, to different Identity Management domains, add to the difficulties in understanding the subject.

In this note we will try to put some order on the different concepts related to Identity and Access Management, and in future notes we will deepen in each of these concepts, tools and processes, procedures, and how they are integrated to the main objective which is the protection of the IT assets of each organization.

I.A.M. is the acronym for Identity and Access Management and in a simple way we can say that it is referred to manage and connect in a secure way the users with the different assets of the organization.

Why do organizations need an I.A.M. system?

Cybercriminals seek to find and take advantage of weak authentication, authorization and access mechanisms to the organization's assets.

These vulnerabilities are the main reason for implementing an I.A.M. system.

It can be said that for each of the mechanisms listed above, there are a large number of integrated or non-integrated solutions within the same platform to address each vulnerability.

Types of I.A.M. Systems

When analyzing the types of I.A.M. systems suitable for each organization, two main categories should be considered depending on the installed infrastructure:

  • On Premises: These types of IAM, as their name indicates, are implemented in organizations that have their infrastructure installed in their own Data Centers, and directly control the entire infrastructure of servers, firewalls, applications, networks, etc.
  • Cloud: When third party vendors provide Cloud or Identification as a Service IAM. In this case, they will use their proprietary solutions to manage authentication and access authorization.
Main functions of an I.A.M. System.

The main functions of an I.A.M. system framework are:

  • How to identify users.
  • How to authenticate your identification.
  • How to add, delete, update and assign roles and functions to each user for each application and/or asset in the organization.

These functions, when implemented in an integrated and correct way, will allow users to access only the data and infrastructure they need to fulfill their roles, but it is not always easy to implement them correctly.

How to implement these functions.

For each of these functions there are different technologies and platforms to implement them:

  • Single Sign On (SSO): These tools allow users to access a service, application or other asset using a single set of credentials, either passwords or biometric tools.
  • Multi-factor authentication (MFA): These tools allow through different elements to confirm the identity of a user through one or more authentication mechanisms. Basically these elements are related to "something I know", "something I have" or "something I am" that can be used in the form of a password, biometric identification, verification through the response to a text message, email or phone call.
  • Role Based Access Control (RBAC): These are tools that allow centralized management and segregation of the roles and permissions of each user or group of users to the different assets of the organization.
Abstract:

Small, medium and large organizations are targets for external threats that may attempt to take control, steal or extort them by taking control of the identity of different users.

The main purpose of implementing an I.A.M. system is to enable identity and access management to prevent and protect against security breaches.

Selecting, acquiring, implementing and maintaining an IAM system can be costly in time, people and money depending on the size of the organization.

To minimize disruptive activities for employees and the business, organizations are looking to hire companies with expertise in implementing IT security solutions.

At BASE4 Security we have certified experts in the main tools and platforms, ready to help organizations define the best solutions for their needs, and prevent potential and costly security breaches.