What Is IAM

What Is IAM, and Why Is It Important?

Identity and access management is the information security discipline that allows users access to appropriate technology resources, at the right time. It incorporates three major concepts: identification, authentication and authorization. Together, these three processes combine to ensure that specified users have the access they need to do their jobs, while unauthorized users are kept away from sensitive resources and information.

When a user attempts to access a system or data, he or she first makes a claim of identity, typically by entering a username into the system. The system must then verify this claim of identity through an authentication process. Authentication may use basic knowledge-based techniques, such as passwords, or rely upon advanced technologies, such as biometric and tokenbased authentication. Once a user successfully completes the authentication process, the IAM system must then verify the user’s authorization to perform the requested activity. The fact that a user proves his or her identity is not sufficient to gain access — the system must also ensure that users perform actions only within their scope of authority.

Without a centralized approach to IAM, IT professionals must manage authentication and authorization across a large number of increasingly heterogeneous technology environments. These environments support many different business functions, some customer-facing and some meeting internal requirements. To work effectively in such an environment, the security professionals managing IAM solutions must understand not only business operations but also the ways that access to IT systems enables those operations.

Effective IAM solutions help enterprises facilitate secure, efficient access to technology resources across these diverse systems, while delivering a number of important benefits:

Improved data security: Consolidating authentication and authorization functionality on a single platform provides IT professionals with a consistent method for managing user access. When a user leaves an organization, IT administrators may revoke their access in the centralized IAM solution with the confidence that this revocation will immediately take effect across all of the technology platforms integrated with that IAM platform.

Reduced security costs: Using a single IAM platform to manage all user access allows administrators to perform their work more efficiently. A security team may have some additional upfront work integrating new systems into an IAM platform but may then dedicate time to the management of that platform, saving time and money.

More effective access to resources: When users receive access through a centralized platform, they benefit from the use of single sign-on (SSO) technology that limits the number of interactions they have with security systems and increases the likelihood that their legitimate attempts to access resources will succeed.

These three benefits combine to demonstrate the importance of centralized identity and access management to the modern enterprise.