By Natalie Bluhm Posted June 28, 2017
Identity and Access Management (IAM) is essentially making sure the right access is being granted to the right users. When IAM is done well, it means the mailroom clerk doesn’t have access to the company’s financial records, but the accountant does. When IAM is done poorly, it can be catastrophic for a company, depending on what kind of access that identity was given.
So, let’s take a look at why identity and access management is such an important component to IT infrastructures.
Why IAM is Needed
One of the reasons IAM is gaining traction is the crucial function that is tied to one’s identity within an organization. An identity makes it possible for a user to do their job by giving them access to WiFi, the company’s network, file servers, applications, and other digital assets. In the past, IAM was easier to manage because users needed two or three resources to do their job and the workplace was dominated by Windows systems.
Today, an IT environment has to maintain visibility and control on Windows, Mac, and Linux endpoints; be able to connect users to a large number of on-prem and web resources; integrate with the cloud; and maintain security. SaaS-based IAM solutions such as Identity-as-a-Service (IDaaS) have emerged in response to these changes in the IT landscape.
Identities are the gateway to an organization’s most critical digital assets. With today’s cybercriminals and hackers attacking organizations to compromise identities, it is critical for IT admins to deeply control and secure their digital assets and IAM is the vehicle to do that.
Subcomponents of Identity Management
A modern IAM service will leverage the following subcomponents of the IAM landscape:
- Directory services: Let’s go back to the mail room clerk and the accountant. Each has their own identity in an IT infrastructure. They both need access to certain resources in order to do their jobs, and for security measures, there are certain resources they do not need access to. A directory service takes care of this by storing a user’s credentials. Each time the mail room clerk accesses an application, the directory service authenticates them to that application and makes sure the clerk has the right to use that application, and is who they say they are. Since the directory of identities and resources underlies your entire infrastructure, we consider it the foundation of identity and access management.
- Privileged Access Management: IT infrastructure consists of a myriad of servers, networks and other IT assets. The accountant might have access to the server that contains the financial records, but privileged access management makes sure the accountant does not have access to the network infrastructure that runs the organization’s data center. However, IT infrastructure has found its way to the cloud, so this subcomponent is becoming irrelevant.
- Directory Extensions: Directory extensions were created out of limitations of conventional directory services. Directory extensions add-on to the functionality of an existing directory, allowing it to connect to platforms, devices, and applications it otherwise couldn’t. However, modern, inclusive directory services like Directory-as-a-Service have revolutionized the directory industry, making directory extensions a thing of the past.
- Single Sign-On (SSO): Web based applications like G Suite, Office 365, and Dropbox among millions of others have flooded the workplace. Typically, you would need a different username and password for each application, but SSO solutions are growing alongside the increase in web based applications. They connect one identity to the various web based applications they need access to instead of having a user create multiple identities.
- Password Vaults: This allows users to store their password credentials, making it easier to access the large number of applications they might need. By providing a safe place to store passwords and by encouraging complex passwords, password vaults are a helpful tool in keeping identities secure.
- Multi-factor Authentication (MFA): MFA fortifies identity security by requiring additional login information in order to authenticate access. Generally, MFA requires the user input information they know (such as a username and password) in addition to something they have (a smartphone or a YubiKey) in order to login. This category is one of the most critical components to securing IAM.
Identity-as-a-Service – An Optimized IAM Solution
Identity-as-a-Service offers a modern, efficient approach to IAM in the cloud by converging directory services, privileged account management, directory extension, web app SSO, and multi-factor authentication into one optimized SaaS-based solution. The benefit will be one centralized identity instantly mapped to IT resources like devices, applications, and networks regardless of platform, provider, location, or protocol.
If you’re interested in learning more about how to implement an identity and access management (IAM) solution, drop us a note. We’d love to chat about how you can leverage JumpCloud’s Identity-as-a-Service, or try it yourself by signing up for a free account. Your first 10 users are free forever.