Identity and Access Management

Identity and
Access
Management
12-09-2021
© Created By PRASHANTH B S

What is identity and access
management?
 Identity and access management (IAM) is a framework of business
processes, policies and technologies that facilitates the management of
electronic or digital identities.
 With an IAM framework in place, information technology (IT) managers can
control user access to critical information within their organizations.
 Systems used for IAM include single sign-on systems, two-factor
authentication, multifactor authentication and privileged access
management.
12-09-2021

management?
 These technologies also provide the ability to securely store identity and
profile data as well as data governance functions to ensure that only data
that is necessary and relevant is shared.
 IAM systems can be deployed on premises, provided by a third-party vendor
through a cloud-based subscription model or deployed in a hybrid model.
12-09-2021

management?
On a fundamental level, IAM encompasses the following components:
 How individuals are identified in a system (understand the difference
between identity management and authentication);
 How roles are identified in a system and how they are assigned to
individuals;
 Adding, removing and updating individuals and their roles in a system;
 Assigning levels of access to individuals or groups of individuals; and
 Protecting the sensitive data within the system and securing the system
itself.
12-09-2021

Why is IAM important?
 Businesses leaders and IT departments are under increased regulatory and
organizational pressure to protect access to corporate resources.
 As a result, they can no longer rely on manual and error-prone processes to
assign and track user privileges.
 IAM automates these tasks and enables granular access control and
auditing of all corporate assets on premises and in the cloud.
 IAM, which has an ever-increasing list of features -- including biometrics,
behavior analytics and AI -- is well suited to the rigors of the new security
landscape.
12-09-2021

Why is IAM important?
 For example, IAM's tight control of resource access in highly distributed and
dynamic environments aligns with the industry's transition from firewalls to
zero-trust models and with the security requirements of IoT.
 While IT professionals might think IAM is for larger organizations with bigger
budgets, in reality, the technology is accessible for companies of all sizes.
12-09-2021

Basic components of IAM
 An IAM framework enables IT to control user access to critical information
within their organizations.
 IAM products offer role-based access control, which lets system
administrators regulate access to systems or networks based on the roles of
individual users within the enterprise.
 In this context, access is the ability of an individual user to perform a specific
task, such as view, create or modify a file.
 Roles are defined according to job, authority and responsibility within the
enterprise.
12-09-2021

Basic components of IAM
 IAM systems should do the following: capture and record user login
information, manage the enterprise database of user identities, and
orchestrate the assignment and removal of access privileges.
 That means systems used for IAM should provide a centralized directory
service with oversight and visibility into all aspects of the company user
base.
 Digital identities are not just for humans; IAM can manage the digital
identities of devices and applications to help establish trust.
 In the cloud, IAM can be handled by authentication as a service or identity
as a service (IDaaS). In both cases, a third-party service provider takes on
the burden of authenticating and registering users, as well as managing their
information.
12-09-2021

Benefits of IAM
 IAM technologies can be used to initiate, capture, record and manage user
identities and their related access permissions in an automated manner.
An organization gains the following IAM benefits:
 Access privileges are granted according to policy, and all individuals and
services are properly authenticated, authorized and audited.
 Companies that properly manage identities have greater control of user
access, which reduces the risk of internal and external data breaches.
 Automating IAM systems allows businesses to operate more efficiently by
decreasing the effort, time and money that would be required to manually
manage access to their networks.
12-09-2021

Benefits of IAM
 In terms of security, the use of an IAM framework can make it easier to
enforce policies around user authentication, validation and privileges, and
address issues regarding privilege creep.
 IAM systems help companies better comply with government regulations by
allowing them to show corporate information is not being misused.
Companies can also demonstrate that any data needed for auditing can be
made available on demand.
 Companies can gain competitive advantages by implementing IAM tools and
following related best practices.
12-09-2021

Benefits of IAM
 For example, IAM technologies allow the business to give users outside the
organization -- like customers, partners, contractors and suppliers -- access
to its network across mobile applications, on-premises applications and
SaaS without compromising security.
 This enables better collaboration, enhanced productivity, increased
efficiency and reduced operating costs.
12-09-2021

IAM technologies and tools
 IAM technologies are designed to simplify the user provisioning and account
setup process.
 These systems should reduce the time it takes to complete these processes
with a controlled workflow that decreases errors and the potential for abuse
while allowing automated account fulfillment.
 An IAM system should also allow administrators to instantly view and
change evolving access roles and rights.
 These systems should balance the speed and automation of their processes
with the control that administrators need to monitor and modify access
rights.
12-09-2021

 Consequently, to manage access requests, the central directory needs an
access rights system that automatically matches employee job titles,
business unit identifiers and locations to their relevant privilege levels.
 Multiple review levels can be included as workflows to enable the proper
checking of individual requests.
 This simplifies setting up appropriate review processes for higher-level
access as well as easing reviews of existing rights to prevent privilege
creep, which is the gradual accumulation of access rights beyond what
users need to do their jobs.
12-09-2021

 IAM systems should be used to provide flexibility to establish groups with
specific privileges for specific roles so that access rights based on employee
job functions can be uniformly assigned.
 The system should also provide request and approval processes for
modifying privileges because employees with the same title and job location
may need customized, or slightly different, access.
12-09-2021

Types of digital authentication
With IAM, enterprises can implement a range of digital authentication methods
to prove digital identity and authorize access to corporate resources.
 Unique passwords.
 Pre-shared key (PSK).
 Behavioral authentication.
 Biometrics.
12-09-2021

Unique passwords.
 The most common type of digital authentication is the unique password.
 To make passwords more secure, some organizations require longer or
complex passwords that require a combination of letters, symbols and
numbers.
 Unless users can automatically gather their collection of passwords behind a
single sign-on entry point, they typically find remembering unique passwords
onerous.
12-09-2021

Pre-shared key (PSK).
 PSK is another type of digital authentication where the password is shared
among users authorized to access the same resources -- think of a branch
office Wi-Fi password.
 This type of authentication is less secure than individual passwords.
 A concern with shared passwords like PSK is that frequently changing them
can be cumbersome.
12-09-2021

Behavioral authentication.
 When dealing with highly sensitive information and systems, organizations
can use behavioral authentication to get far more granular and analyze
keystroke dynamics or mouse-use characteristics.
 By applying artificial intelligence, a trend in IAM systems, organizations can
quickly recognize if user or machine behavior falls outside of the norm and
can automatically lock down systems.
12-09-2021

Biometrics.
 Modern IAM systems use biometrics for more precise authentication.
 For instance, they collect a range of biometric characteristics, including
fingerprints, irises, faces, palms, gaits, voices and, in some cases, DNA.
 Biometrics and behavior-based analytics have been found to be more
effective than passwords.
12-09-2021

When collecting and using biometric characteristics, companies must consider
the ethics in the following areas:
 Data security (accessing, using and storing biometric data);
 Transparency (implementing easy-to-understand disclosures);
 Optionality (providing customers a choice to opt in or out); and
 Biometric data privacy (understanding what constitutes private data and
having rules around sharing with partners.
12-09-2021

 One danger in relying heavily on biometrics is if a company's biometric data
is hacked, then recovery is difficult, as users can't swap out facial
recognition or fingerprints like they can passwords or other non-biometric
information.
 Another critical technical challenge of biometrics is that it can be expensive
to implement at scale, with software, hardware and training costs to
consider.
 Before getting attached to passwordless IAM, make sure you understand the
pros and cons of biometric authentication.
12-09-2021

Types of biometric
authentication
Iris recognition Privacy protection
Retina recognition Voice recognition
Face recognition Hand geometry recognition
Fingerprint recognition Authentication
DNA matching Biometric data security
Signature recognition Biometric recognition
Finger geometry recognition Vein patterns recognition
Getting access Ear shape recognition
12-09-2021

12-09-2021

Implementing IAM in the
enterprise
 Before any IAM system is rolled out into the enterprise, businesses need to
identify who within the organization will play a lead role in developing,
enacting and enforcing identity and access policies.
 IAM impacts every department and every type of user (employee, contractor,
partner, supplier, customer, etc.), so it's essential the IAM team comprises a
mix of corporate functions.
 IT professionals implementing an IAM system largely on-premises and
largely for employees should become familiar with the OSA IAM design
pattern for identity management, SP-010.
12-09-2021

enterprise
 The pattern lays out the architecture of how various roles interact with IAM
components as well as the systems that rely on IAM.
 Policy enforcement and policy decisions are separated from one another, as
they are dealt with by different elements within the IAM framework.
12-09-2021

enterprise
Organizations that want to integrate non-employee users and make use of IAM
in the cloud in their architecture should follow these steps for building an
effective IAM architecture, as explained by expert Ed Moyle:
 Make a list of usage, including applications, services, components and other
elements users will interact with.
 This list will help validate that usage assumptions are correct and will be
instrumental in selecting the features needed from an IAM product or service.
12-09-2021

enterprise
 Understand how the organization's environments, such as cloud-based
applications and on-premises applications, link together.
 These systems might need a specific type of federation (Security Assertion
Markup Language OpenID Connect, for instance).
12-09-2021

enterprise
 Know the specific areas of IAM most important to the business.
Answering the following questions will help:
 Is multifactor authentication needed?
 Do customers and employees need to be supported in the same system?
 Are automated provisioning and deprovisioning required?
 What standards need to be supported?
12-09-2021

enterprise
 Implementations should be carried out with IAM best practices in mind,
including documenting expectations and responsibilities for IAM success.
 Businesses also should make sure to centralize security and critical systems
around identity.
 Perhaps most important, organizations should create a process they can use
to evaluate the efficacy of current IAM controls.
12-09-2021

IAM risks
 IAM is not without risks, which can include IAM configuration oversights.
 Expert Stephen Bigelow outlined five oversights that should be avoided,
including incomplete provisioning, poor process automation and insufficient
reviews.
 He also explained that paying attention to the principle of least privilege is
essential to ensuring proper security.
 Biometrics, as mentioned above, also poses security challenges, including
data theft.
12-09-2021

IAM risks
 Collecting and keeping only data that is necessary lessens that risk.
 Organizations should know what biometric data they have, what they need,
how to get rid of what they don't require, and how and where data is stored.
 Cloud-based IAM can be of concern when the provisioning and
deprovisioning of user accounts aren't handled correctly, if there are too
many vulnerable inactive assigned user accounts, and if there is a sprawl in
admin accounts.
 Organizations need to ensure lifecycle control over all aspects of cloud-
based IAM to prevent malicious actors from gaining access to user identities
and passwords.
12-09-2021

IAM risks
 At the same time, features like multifactor authentication might be more
easily deployed in a cloud-based service like IDaaS than they would be on
premises because of their complexity.
 Audit capabilities act as a check to ensure that when users switch roles or
leave the organization, their access changes accordingly.
 IT professionals can pursue IAM-specific and broader security certifications
to be able to assess their organization's security posture and ward off
threats.
12-09-2021

IAM vendors and products
 IAM vendors range from large companies -- such as IBM, Microsoft, Oracle
and RSA -- to pure-play providers -- such as Okta, Ping and SailPoint.
 Selecting the best IAM product or service for your organization requires
legwork to determine the features that address your needs, such as
centralized management, single sign-on, governance, compliance and risk
analytics.
 Also read how Okta is going up against giants Microsoft and Google with its
passwordless IAM offerings.
 Okta's strategy is to implement non-password factors in conjunction with
contextual access, with the goal of an improved user experience.
12-09-2021

IAM processes required to
secure access to digital
assets
The two most basic IAM processes required to secure access to digital assets
are the following:
 Identify who it is that is trying to access resources by using authentication.
 Verify that identified users indeed should be authorized to reach the
resource they are attempting to access.
12-09-2021

IAM processes required to
secure access to digital
assets
 At its core, this is the purpose of identity and access management.
 These platforms create a secure way to identify people or devices and then
provide them with the appropriate access to digital resources.
 The features and benefits of IAM don't end at identification and access
control.
12-09-2021

Top ten IAM vendors and
products
 CyberArk
 ForgeRock
 IBM
 Microsoft
 Okta
 OneLogin
 Oracle
 Ping Identity
 RSA
 SailPoint 12-09-2021

CyberArk
 In early 2019, Centrify spun its IAM business out to form Idaptive, which was
purchased by CyberArk one year later and rebranded as CyberArk
Workforce Identity.
 This product offers a SaaS-based IAM platform, utilizes a zero-trust
framework as a foundation and is available for cloud, on-premises or mobile
applications and services.
 CyberArk Workforce Identity integrates well with existing identity repositories
that many small to large-sized organizations may already have, including
Microsoft Active Directory (AD), Lightweight Directory Access Protocol
(LDAP) and Google Workspace. Additionally, the platform uses an AI-backed
form of MFA known as Adaptive MFA.
12-09-2021

CyberArk
 This enables customers to use several secondary authentication methods,
as well as AI, to monitor and potentially block access to mission-critical
applications using behavior-based techniques.
 This option is also notable for its cleanly designed dashboard, where admins
can quickly identify things such as failing integrations, potential threats and
other issues that IT admins should quickly address.
12-09-2021

ForgeRock
 In 2016, ForgeRock commercialized the popular open source OpenAM
identity and access management platform and significantly expanded
usability and management functions for enterprise environments.
 For IT professionals familiar with OpenAM or similar open source forks,
ForgeRock's Identity Platform is a great option.
 From a workforce IAM perspective, ForgeRock offers features like Intelligent
Access, which personalizes authentication and access preferences at a
granular level using a simplified drag-and-drop management interface.
 Intelligent Access also provides the option for self-service registration and
credential resets that are directly integrated into the unified login experience.
12-09-2021

ForgeRock
 Prospective buyers should note machine learning and AI capabilities set the
product apart from many competitors.
 The AI function can help measure risk visibility and increase operational
efficiencies by eliminating many management, incident and reporting
processes that security admins previously had to perform manually.
12-09-2021

IBM
 IBM has transitioned from a PC, laptop and server hardware provider to a
trailblazer in cloud/edge computing, AI and advanced analytics.
 Its Cloud IAM platform is a SaaS-based product that works for on-premises,
cloud/edge and hybrid cloud architectures.
Cloud IAM is a well-rounded offering that includes features such as the
following:
 MFA
 SSO
 Privileged access management
 Identity governance
12-09-2021

IBM
 The product works well for both workforce- and customer-facing
applications.
 Since IBM is well versed in AI, big data and deep analytics, Cloud IAM
incorporates these advanced features into the product, which helps
automate the modification of user access controls/limits and identify
anomalous or risky levels of access.
12-09-2021

Microsoft
 Microsoft's AD is popular within enterprises to assist with authentication and
access control within Windows domains.
Azure IAM boasts thousands of pre-made, third-party application integrations
that cover a range of business services, including the following:
 Cloud storage
 Management tools
 Collaboration
 CRM
 e-Commerce
 ERP
12-09-2021

Microsoft
 The product is also known for its open standard API, which enables creation
of custom application and service integrations.
 Azure IAM is part of the larger Azure Security Center suite of tools.
 Thus, for organizations that use Microsoft Azure AD -- and, primarily, for off-
the-shelf businesses that have pre-integrated hooks into the Azure platform -
- it's a solid choice.
12-09-2021

Okta
 A pure-play vendor, Okta is considered a pioneer in the SaaS-based IAM
market.
 As a vendor-neutral platform, it can function well, regardless of the types of
underlying infrastructure technologies in use.
 While Okta is most known for customer IAM, it is building a solid workforce
IAM market base as well for both enterprise cloud and hybrid cloud
environments.
 The Okta universal user/group/device directory can pull data from several
directory sources.
12-09-2021

Okta
 The platform also includes Okta Access Gateway, an application to securely
authenticate users and allow access to on-premises applications without the
need for remote access VPN connectivity.
 Lastly, the Okta ThreatInsight feature blocklists known malicious IP
addresses that attempt to steal credentials, while rate limiting other sources
to prevent distributed denial-of-service attacks.
12-09-2021

OneLogin
 The OneLogin Workforce Identity platform is a solid option for enterprise
organizations that need to synchronize users and groups located in multiple
directories, including AD, LDAP, Workday and Google Workspace.
 Admins can reference and push user attributes to downstream applications
for access purposes through the use of Security Assertion Markup Language
or via an API.
 OneLogin includes an AI-backed adaptive authentication mechanism called
SmartFactor Authentication, which gives the IAM platform more intelligence
when authenticating users and devices compared to traditional static rules.
12-09-2021

OneLogin
 One of the ways that intelligence integrates into SmartFactor is the use of
Vigilance AI Threat Engine.
 The engine continuously scans both first- and third-party sources with the
purpose of identifying potential authentication-focused threats.
12-09-2021

Oracle
 Existing Oracle customers will likely gravitate to Oracle's Identity Cloud
Service platform for their IAM needs.
 Identity Cloud Service is ideal for hybrid cloud architectures and especially
useful for managing identity and access in multi-tenant scenarios.
 The platform's customizable user portal is great for businesses that want to
offload simple tasks to end users through an easy-to-use, self-service
website.
12-09-2021

Oracle
 Oracle Identity Cloud Service also touts a highly extensive API to integrate
custom applications that don't already have pre-built integrations.
 Lastly, Oracle continues to work on the overall performance of the platform,
making it one of the most reliable and fastest platforms on the market.
12-09-2021

Ping Identity
 As another pure-play vendor, Ping is well known in the IAM space and is a
trailblazer in SSO and MFA.
 In fact, it's widely known that Ping is the only vendor Microsoft tapped to
offer the use of identity services within the Microsoft Azure AD Premium
offering.
 Ping Identity is available in several different package offerings, depending on
whether businesses require IAM services for internal employees, external
customers or a combination of the two.
12-09-2021

Ping Identity
 Ping also offers several useful turnkey cointegrated systems for companies
that have specific IAM needs.
 Some turnkey platform examples include IAM for Microsoft AD Federation
Services, AWS, Google Cloud, Zscaler Internet Access and Zoom.
12-09-2021

RSA
 Whether an environment is on premises, hybrid cloud or fully SaaS, RSA
SecurID Suite is a good all-around choice as the platform offers flexible
deployment options.
 This is especially true if MFA flexibility is necessary for an enterprise.
This product also checks all the necessary feature boxes for larger
organizations, such as the following:
 SSO
 Identity and lifecycle management
 Identity governance
12-09-2021

RSA
 The RSA Ready program is a technology partner portal that enables third-
party software vendors to offer integrations of their products into SecurID
Suite.
 Currently, the program consists of over 500 software partners with more than
1,000 RSA-certified integrations.
 Also, keep in mind that RSA is a subsidiary of Dell EMC.
 Thus, for businesses that are already heavily invested in other Dell EMC or
RSA technologies, choosing RSA SecurID Suite makes sense from an
integration and support standpoint.
12-09-2021

SailPoint
 SailPoint is another pure-play IAM provider.
 It's also one of the smaller companies on this list.
 Yet, what it lacks in size, it makes up for in IAM functionality and overall
flexibility to operate within any enterprise architecture.
 The company claims that its IdentityIQ platform enables businesses to
connect, on average, up to 99% of all current applications and data using
simplified integration wizards and pre-configured workflows.
12-09-2021

SailPoint
 Another notable detail is that customers can separate the core IAM features
from their more advanced, AI-driven analytics components.
 The AI portion of the product is known as Predictive Identity.
 Customers can choose to purchase Predictive Identity and integrate it with
the other parts of IdentityIQ immediately or opt to add this capability later or
not at all.
 This is a great model for those companies that may not currently have the in-
house staff to properly manage the analytics side of the product but wish to
enable it sometime in the future.
12-09-2021

Common features found
within IAM platforms
User provisioning.
 These tools streamline the onboarding process of user account creation and
the assignment of authorization roles that define what resources the user
can access.
Centralized access management.
 No matter where applications and data reside, IAM centralizes the
management of those resources so admins can uniformly manage access
and authorization controls across the entire infrastructure.
12-09-2021

Single sign-on (SSO).
 SSO is a series of processes that enables users to authenticate one time
through a centralized portal and then have full access to the resources
they're authorized to have without needing to undergo additional
authentication steps.
 It accomplishes this by passing the singular granted authentication from
system to system on an as-needed basis.
Multifactor authentication (MFA).
 This is the use of more than one method to authenticate a user or device.
MFA provides better assurance that authenticators are who they claim to be.
12-09-2021

User activity compliance/compliance control.
 This enables an organization to take advantage of the capabilities of IAM to
help protect and identify activity risks regarding the privacy and protection of
data that is under strict regulatory compliance rules.
Identity governance.
 This is a policy-driven approach mandated by many regulatory compliance
rules that requires the platform to demonstrate that it is handling identity and
access management appropriately according to specific compliance
requirements.
12-09-2021

Managed security.
 As companies grow, one of the biggest issues revolves around maintaining a
scalable authentication and access control framework.
 IAM platforms achieve this in a centralized platform that is far easier to
manage compared to siloed authentication and access control on a per-
application or per-device basis.
Access portal service.
 For large organizations, a self-service portal can save a tremendous number
of man-hours.
 Employees and customers can use portals for self-registration, password
resets, profile management, access requests and other similar tasks. ars
further investigations. 12-09-2021

API (Application Programming Interface).
 While most IAM platforms provide pre-built integrations with hundreds or
thousands of third-party applications to authenticate and grant access
against, some businesses use legacy or custom-built applications that
require a bit more work.
 In these cases, an API can create a custom front end to enable the
application to authenticate and control access using IAM.
 The API gateway then funnels all API calls to the back-end IAM system so it
can properly identify users and grant/deny access.
12-09-2021

Risk analytics.
 Some IAM platforms collect user authentication and access identity behavior
over time.
 Additionally, relevant data, including end-user access location, time of day
and the type of desired access, is also collected.
 Using AI, IAM can use this baseline information to spot anomalies in user
behavior that can point to misuse or attacks.
 Triggers can be set up to either alert security admins or to outright block
access until IT staff completes and clears further investigations.
12-09-2021

IAM and compliance
 It is easy to think that improved security is simply the act of piling on more
security processes, but as staff writer Sharon Shea and expert Randall
Gamby wrote, security "is about demonstrating that these processes and
technologies are indeed providing a more secure environment."
 IAM meets this standard by adhering to the principle of least privilege, where
a user is granted only the access rights necessary to fulfill his work duties,
and separation of duties, where one person is never responsible for every
task.
12-09-2021

IAM and compliance
 With a combination of pre-determined and real-time access control, IAM
enables organizations to meet their regulatory, risk management and
compliance mandates.
 Modern IAM technologies have the ability to confirm an organization's
compliance with critical requirements, including HIPAA, the Sarbanes-Oxley
Act, Family Educational Rights and Privacy Act, and NIST guidelines, among
others.
12-09-2021

IAM controls for compliance
IAM CONTROL DESCRIPTION
General requirements
Address access to systems and data, access priileges
based on role and assignment of access privileges
Unique access IDs Assign a unique ID to each user
Assignment of accounts
Mechanism to identify users and the resources they have
access to
Access approvals
Define the process for authorizing access and the level(s) of
access granted
Management of accounts
Address creation, modification and deletion of accounts and
associated credentials
12-09-2021

Access review and
recertification
Processes for reviewing and updating user accounts based
on role changes and other criteria
Inactive accounts
Criteria for deleting inactive accounts after a specific period
of inactivity
Access revocation and
disablement
Address changes in access privileges due to change in
access needs, employee terminations or identification of
compromised accounts
Previleged account
management Defines criteria for assigning privileged accounts and IDs
Remote access by
administrators
Defines criteria for remote admistrative access to systems
and resources
12-09-2021

Segregation of duties
Sets rules to ensure segregration of duties when assigning
access privileges
Vendor access to resources
Defines crteria for assigning access to authorized vendors
accessing system resources
Access authentication
Assigns criteria for granting permission to system resources
through a series of authentication factors
User validation
Process to ensure user authentication is established before
any transactions are performed
Password management Addresses criteria for creating passwords
12-09-2021

Authentication of mobile
devices Establishes access criteria for mobile devices
Access to voice mail Defines criteria for access to voice mail accounts
User session management
Establishes criteria for termination of a session after a
defined period of inactivity and criteria for multiple
concurrent sessions by a user
Notification of system use
Criteria for displaying a visual message delineating access
data prior to granting session access
Rmote access
Establishes criteria for granting remote access to system
resources
12-09-2021

Data protection access
Governs access to data and resources that are considered
mission-critical to the organization
Identification and validation of
devices
Criteria for identifying all devices before connecting to
system resources
Policies and procedures
Approved documents that specify how the organization
ensures the confidentiality, integrity and availability of
information
Data protection access
Governs access to data and resources that are considered
mission-critical to the organization
Identification and validation of
devices
Criteria for identifying all devices before connecting to
system resources
12-09-2021

The IAM roadmap
 Innovation is plentiful around IAM, and enterprises are the beneficiaries of
new strategies that are backed up by products and features.
 Many emerging IAM technologies are designed to reduce risk by keeping
personally identifiable information with the owner of the information -- not
distributed across databases vulnerable to breaches and theft.
 For instance, a decentralized identity framework enables individuals to
maintain control of and manage their own identities.
 Individuals can dictate how and where their personal data is shared, likely
reducing corporate risk and liability.
12-09-2021

The IAM roadmap
 At the heart of this framework and others aimed at giving users more
authority over their data is blockchain technology, which facilitates the safe
exchange of data between individuals and third parties.
 Healthcare is an ideal use case for blockchain, as the lack of interoperability
among systems and entities is incredibly limiting.
 Blockchain improves record sharing and supports greater patient controls.
12-09-2021

The IAM roadmap
 Some organizations are headed toward a "bring your own identity," or BYOI,
approach to IAM.
 Like single sign-on, BYOI reduces the number of usernames and passwords
users need to remember, potentially shrinking the vulnerability landscape.
 What BYOI can do for the enterprise is enable employees to access
applications outside the organization by using corporate identities.
 For instance, employees may log into a benefits administration program to
check insurance coverage or review their 401(k) portfolio.
12-09-2021

Identity and Access Management

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Identity and Access Management

Semelhante a Identity and Access Management (20)

Último

Último (20)

Identity and Access Management