10 Essential Identity and Access Management (IAM) Terms
Published 03/30/2024
Identity and access management is kind of a big deal. People are working from anywhere and everywhere on all kinds of devices, so it's essential to know who's who in the digital world and to confirm that our digital communications are secure. If you’re just starting out on your IAM journey, don’t worry - we’ve got you covered. Below, review the definitions of 10 essential IAM terms that you need to know.
1. Identity and Access Management (IAM)
The policies, technologies, and processes that enable organizations to manage and control user identities, access, and privileges to systems and applications. IAM solutions typically include user provisioning, authentication, authorization, and auditing capabilities.
IAM helps organizations ensure that only authorized users can access sensitive data and applications. IAM also enables organizations to streamline user management processes and reduce the risk of insider threats.
Learn more about what IAM is and why it’s critical to good security hygiene.
2. Authentication
The verification of the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system. Policies governing authentication may require single or multiple factors.
Understand the challenges and considerations involved in managing IAM in the cloud.
3. Authorization
The right or a permission that is granted to a system entity to access a system resource (network, data, application, service, etc.).
Properly manage machine identity authorization.
4. Privileged Access Management (PAM)
The strategies used to monitor and control the permissions given to users and systems in an IT environment. These strategies should include strong authentication requirements, implementation of account and session recoding to drive up accountability, and in some cases, requiring privileged users to sign in through a separate, tightly controlled system.
Get the rundown on PAM and several other components of IAM.
5. Least Privilege
The principle of giving users across an organization the lowest level of access that they need in order to perform their required tasks across a cloud environment.
Here’s why you need to be using the principle of least privilege.
6. Role Based Access Control (RBAC)
Access control based on user roles (i.e., a collection of access authorizations a user receives based on an explicit or implicit assumption of a given role). Role permissions may be inherited through a role hierarchy and typically reflect the permissions needed to perform defined functions within an organization. A given role may apply to one or more individuals.
Explore two authorization management models: Attribute Based Access Control (ABAC) and RBAC.
7. Just-In-Time (JIT) Access
The capability to provide access only when needed. The user requests access and is timeboxed. At the end of the user’s time, their access is removed.
Learn how JIT access is pioneering the future of Cloud Infrastructure Entitlement Management (CIEM).
8. Password Management
The process to specify multiple password policies, define password composition constraints, maintain password history, restrict passwords, configure password validity period, create password rules, etc.
Reframe common password management practices based on insights from the LastPass breaches.
9. Multi-Factor Authentication (MFA)
A security technology requiring a user to provide multiple methods of authentication before being granted access to a website or application. These factors usually include “something you know,” “something you have,” and “something you are.” This is a very important technique in containing identity based attacks. It is commonly used to authenticate identities before access is granted to critical systems such as finance and health.
Learn why MFA is essential in the healthcare industry.
10. One Time Password (OTP)
A password that is valid for a short time and for a single use. OTPs are aimed at preventing various attacks associated with traditional static passwords. They are often used as a part of MFA solutions, using a device to store the secret key generating new OTPs, covering the "something you have" factor in addition to the traditional "something you know."
Review more essential IAM terms in CSA’s Identity and Access Management Glossary.
Related Articles:
Why Application-Specific Passwords are a Security Risk in Google Workspace
Published: 11/19/2024
Group-Based Permissions and IGA Shortcomings in the Cloud
Published: 11/18/2024
9 Tips to Simplify and Improve Unstructured Data Security
Published: 11/18/2024