The Definition of IAM and Its Criticality to Good Security Hygiene
Blog Article Published: 07/17/2022
This is Part 2 of our ‘What is IAM’ blog series. Read Part 1 here.
Written by Paul Mezzera, Ravi Erukulla, and Ramesh Gupta of the CSA IAM Working Group.
What exactly is identity and access management (IAM)? It is the overall discipline that encompasses not only tools and technologies, but processes through which a digital identity is defined and managed to provide access to digital resources. Traditionally, it had to do with identities that represent humans, but more recently it is also representing non-human or what is also known as 'machine' identities.
IAM is essential for defining a digital identity profile and managing its entire lifecycle (the "IM" in IAM). It also ensures that an entity is who they say they are (authentication) and has the proper access to the resources they are attempting to access (authorization), which is also referred to as access management (the 'A' in IAM). The industry has coalesced these concepts, in addition to the 'governance' of identities, which enables organizations to demonstrate compliance and also support a continuous process of reviewing access to ensure that digital identities do not unnecessarily accumulate access. The merging of these is known as identity governance and administration (IGA).
IAM is essential in securing digital assets by enabling the appropriate access to a resource for the right amount of time it is needed to accomplish a specific task. IAM defines the rules and policies that define which digital identities have access to which digital resources. Given the critical nature of IAM, it is also an essential component of cybersecurity. Good security hygiene includes a sound IAM strategy where all identities are managed with consistent policies and tools that provide security leaders with an understanding of who has access to its resources (especially the critical ones).
Learn about the different components of IAM in Part 3.
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Related Articles:
Upselling Cybersecurity: Why Baseline Security Features Shouldn’t Be a Commodity
Published: 04/24/2024
Secure Your Kubernetes Environment by Enforcing Least Privilege
Published: 04/24/2024
Breach Debrief: The Fake Slackbot
Published: 04/22/2024
Are You Ready for Microsoft Copilot?
Published: 04/19/2024