InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
The most critical elements of an identity and access management (IAM) strategy include a central user directory, strong authentication controls, privileged user management and monitoring, and single sign-on (SSO)/federation for cloud control and access
management. This piece explains each of the elements in greater detail and the use cases to consider when building an IAM framework architecture for a new program.
IAM is really the practice of defining who needs access to what, and then controlling the entire lifecycle of user and access management across resources. Any IAM program, for the cloud or otherwise, comprises the following specific areas:
Organizations must also ensure the following activities are included within those main areas:
There are several important things to evaluate and consider for an IAM strategy, which include, but are not limited to:
A common use case is movement to a cloud hybrid strategy. IAM is a complex, multifaceted area. To implement a modern IAM strategy and extend it to the cloud:
Another common use case is managing privileged users. Privileged access management (PAM) is a technology that is growing rapidly and increasing in importance to enterprises. Many attacks and malware make use of privileged identities, and insider scenarios
with unchecked privileges in play can be devastating as well. Auditors and regulatory bodies are paying much closer attention to privileged accounts in organizations because many IT teams are now being asked to provide comprehensive controls over
privileged account access, along with extensive audit trails of privileged user activity.
All this said, PAM tools are often cited as one of the thorniest technologies to plan for and implement within enterprise IT environments. One reason for this is the sheer breadth of privileged access in the enterprise today. The task of implementing PAM feels daunting, likely because there are so many systems, accounts and use cases to consider when looking at how admins get their jobs done. When choosing a PAM tool, it is important to consider:
IAM technology providers to consider in general include Bitium, Centrify, IBM, Microsoft, Okta, OneLogin, Ping Identity, SailPoint and Salesforce. IAM tools also tend to break down into specific spaces, such as:
Most organizations, both hybrid and primarily cloud-based, should likely choose cloud-first IAM solutions that incorporate directory synchronization, SSO, federation and access controls. Some vendors, like Ping, may offer both cloud-native and on-prem
tools. If choosing legacy on-prem platforms, check if cloud IAM enablement is also available.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
September 29, 2022
By IANS Faculty
Understand the integration points between information security and enterprise architecture. Find guidance for functional organizational constructs to maintain a solid EA practice.
September 27, 2022
By IANS Research
Learn how to ensure full cyber insurance policy coverage and find 5 tips to help maximize your potential cyber insurance claims.
September 22, 2022
Find information on cyber insurance coverage types along with best practices to choose a cyber insurance carrier and policy for optimal security coverage.