Intricacies of Identity and Access Management The ultimate purpose of (electronic) identity management is effective and efficient strengthening the IT security, especially in respect of critical or sensitive data and also operational efficiency along with cost reduction, lesser down time and avoidance of repeated tasks. In fact, it integrates both Identity and Access Management (IAM). It helps in keeping the business data safe and secure besides taking care of privacy and regulatory concerns.
Primarily, Identity Access Management involves pinpointing the permitted levels of access rights/ privileges which an individual in a network can enjoy within the system and across it and the possible circumstances. Here, the term “individual� may refer to literally a person himself or a network or an enterprise or a country or partners, internal/ external users, contractors, vendors, customers, all outside firewalls from anywhere, virtually. Further, it refers to the technology required for backing it. Again from the security perspective, the identity management should be through an application on a particular server/ network device, which may either be in the cloud or on-premises.
A policy in this regard should be framed which should basically define the device types, the hierarchy in the organization of the user, rights of access, accomplishments which will be useful to the organization through such rights/ restrictions, as well. The policy should also address how the users get the identity, its protection and the technologies used to support that protection like passwords, digital certificate, network protocols, change/ block/ cancellation/ expiry/ retrieval of such identities. To ensure accountability, any unscrupulous attempt by the user to overstep the privilege levels should be highlighted through an alert to the administrator, along with audit trails of such unauthorized attempts.
There are 4 levels of identity management viz. basic, standardized, rationalized and dynamic. We may therefore sum up that IAM consists of the four main activities viz. Credentialing, Authenticating, Authorizing and Accountability.
Authentication involves single secure sign-on for mobile/ cloud/ web, session management and password management.
Authorization may be based on role or rule or attribute.
Accountability ensures prevention of unauthorized usages.
Responsibility is fixed and security is ensured by conferring the correct right of access to the concerned people at the apt time.
There will be a Central User Repository consisting of directory, Meta directory and virtual directory and data synchronization. User management will include user and role management and delegated administration, User Self-management Services will reduce the load on the administrator. It consists of two factor authentication for mobile, web, cloud, VPN/ provisioning, maintenances of up to date data about the profile of the user, self revocation or device revocation of own authentication and self resetting of the password, without recourse to the help desk.
Identity Access Management acts as the nerve center of technical know-how of your organization.