What is IAM: Identity in the Digital and Cloud Era
Published 07/17/2022
This is Part 1 of our ‘What is IAM’ blog series.
Written by Paul Mezzera, Ravi Erukulla, and Ramesh Gupta of the CSA IAM Working Group.
Identity and access management (IAM) is not a new concept, yet it is becoming much more essential in today's digital-first world. The modern workforce demands a work-from-anywhere access model on any device and for any services. This requires digital identities to be securely established and verified, enabling secure digital communications to support e-commerce and other critical digital services. Not only are services located anywhere in the world, but there are also varying levels of trust and security required to assure that transactions are legitimate and sensitive data is safeguarded.
Unlike the pre-internet days where all assets were controlled within private data centers and access was restricted to company-controlled devices and networks, this new era exposes users and organizations to new risks due to the expansion of digital services, increasing the threat and attack surface. Coupled with this increased risk is the acceleration of regulations meant to hold organizations accountable for protecting customer data and giving consumers the ability to better control what data can be shared. Furthermore, the original technologies that provided identity and access management are built on legacy platforms and are unable to support these new requirements, forcing organizations to consider modern platforms and services that support these new use cases.
In this five-part blog series, we aim to define:
- What identity and access management is
- The criticality of IAM to good security hygiene
- The components of IAM
- The evolution of IAM
- What IAM looks like in the cloud
- The stakeholders involved with IAM
- The challenges of adopting IAM
This blog series is authored by CSA’s IAM Working Group, which aims to educate, promote best practices, and advance Identity standards by fostering a culture of collaboration between various organizations to achieve consistent and effective IAM practices in and for the cloud. The working group will author guidelines and best practices and promote standards that enhance the lives of technology professionals tasked with adopting and optimizing IAM systems for use with cloud services.
We welcome professionals of all kinds - vendors, service providers, practitioners, and others - that are involved with IAM or looking forward to gaining IAM expertise to participate in the CSA IAM Working Group. Learn more about the group and sign up here.
Learn about the definition of IAM and its criticality to good security hygiene in Part 2.
Related Articles:
Why Application-Specific Passwords are a Security Risk in Google Workspace
Published: 11/19/2024
Group-Based Permissions and IGA Shortcomings in the Cloud
Published: 11/18/2024
9 Tips to Simplify and Improve Unstructured Data Security
Published: 11/18/2024
Zero Standing Privileges (ZSP): Vendor Myths vs. Reality
Published: 11/15/2024