InfoSec-Specific Executive Development for CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive labs to build you and your team's InfoSec skills
The most critical elements of an identity and access management (IAM) strategy include a central user directory, strong authentication controls, privileged user management and monitoring, and single sign-on (SSO)/federation for cloud control and access
management. This piece explains each of the elements in greater detail and the use cases to consider when building an IAM framework architecture for a new program.
IAM is really the practice of defining who needs access to what, and then controlling the entire lifecycle of user and access management across resources. Any IAM program, for the cloud or otherwise, comprises the following specific areas:
Organizations must also ensure the following activities are included within those main areas:
There are several important things to evaluate and consider for an IAM strategy, which include, but are not limited to:
A common use case is movement to a cloud hybrid strategy. IAM is a complex, multifaceted area. To implement a modern IAM strategy and extend it to the cloud:
Another common use case is managing privileged users. Privileged access management (PAM) is a technology that is growing rapidly and increasing in importance to enterprises. Many attacks and malware make use of privileged identities, and insider scenarios
with unchecked privileges in play can be devastating as well. Auditors and regulatory bodies are paying much closer attention to privileged accounts in organizations because many IT teams are now being asked to provide comprehensive controls over
privileged account access, along with extensive audit trails of privileged user activity.
All this said, PAM tools are often cited as one of the thorniest technologies to plan for and implement within enterprise IT environments. One reason for this is the sheer breadth of privileged access in the enterprise today. The task of implementing PAM feels daunting, likely because there are so many systems, accounts and use cases to consider when looking at how admins get their jobs done. When choosing a PAM tool, it is important to consider:
IAM technology providers to consider in general include Bitium, Centrify, IBM, Microsoft, Okta, OneLogin, Ping Identity, SailPoint and Salesforce. IAM tools also tend to break down into specific spaces, such as:
Most organizations, both hybrid and primarily cloud-based, should likely choose cloud-first IAM solutions that incorporate directory synchronization, SSO, federation and access controls. Some vendors, like Ping, may offer both cloud-native and on-prem
tools. If choosing legacy on-prem platforms, check if cloud IAM enablement is also available.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
October 19, 2021
By IANS Faculty
Continuous compliance requires continuous monitoring and validation of controls in the environment, as well as integration with governance, risk management and compliance tools and platforms. Understand the processes, tools, stakeholders and focus required for a best practice continuous compliance program.
October 14, 2021
Learn how the DDoS threat is evolving and get a step-by-step playbook to ensure your organization is protected against DDoS attacks and has a response plan in place.
October 12, 2021
Uncertain how to secure your M365 environment? Our Faculty identify and explain the five primary areas of M365 that will provide the best security return-on-investment with the least user experience impacts.