Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
The most critical elements of an identity and access management (IAM) strategy include a central user directory, strong authentication controls, privileged user management and monitoring, and single sign-on (SSO)/federation for cloud control and access
management. This piece explains each of the elements in greater detail and the use cases to consider when building an IAM framework architecture for a new program.
IAM is really the practice of defining who needs access to what, and then controlling the entire lifecycle of user and access management across resources. Any IAM program, for the cloud or otherwise, comprises the following specific areas:
Organizations must also ensure the following activities are included within those main areas:
There are several important things to evaluate and consider for an IAM strategy, which include, but are not limited to:
A common use case is movement to a cloud hybrid strategy. IAM is a complex, multifaceted area. To implement a modern IAM strategy and extend it to the cloud:
Another common use case is managing privileged users. Privileged access management (PAM) is a technology that is growing rapidly and increasing in importance to enterprises. Many attacks and malware make use of privileged identities, and insider scenarios
with unchecked privileges in play can be devastating as well. Auditors and regulatory bodies are paying much closer attention to privileged accounts in organizations because many IT teams are now being asked to provide comprehensive controls over
privileged account access, along with extensive audit trails of privileged user activity.
All this said, PAM tools are often cited as one of the thorniest technologies to plan for and implement within enterprise IT environments. One reason for this is the sheer breadth of privileged access in the enterprise today. The task of implementing PAM feels daunting, likely because there are so many systems, accounts and use cases to consider when looking at how admins get their jobs done. When choosing a PAM tool, it is important to consider:
IAM technology providers to consider in general include Bitium, Centrify, IBM, Microsoft, Okta, OneLogin, Ping Identity, SailPoint and Salesforce. IAM tools also tend to break down into specific spaces, such as:
Most organizations, both hybrid and primarily cloud-based, should likely choose cloud-first IAM solutions that incorporate directory synchronization, SSO, federation and access controls. Some vendors, like Ping, may offer both cloud-native and on-prem
tools. If choosing legacy on-prem platforms, check if cloud IAM enablement is also available.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
September 21, 2023
By IANS Faculty
Learn why CISOs Need D&O Liability Insurance Coverage now more than ever along with guidance to help minimize potential cyber liability risk.
September 19, 2023
Discover the diversity of IANS Faculty's real-world expertise. Learn how our faculty members can help you solve your most challenging security issues.
September 14, 2023
Learn how to use a three-step approach to defending and managing public and private APIs while avoiding common mistakes.