Identity Access Management (IAM) systems present an approach to address privacy in various systems. Essentially, IAM systems ensure that access to certain resources is granted only to the appropriate individuals. This article takes a look at the various components that make up IAM systems, as well as their advantages.
IAM is comprised of two functions: Identity Management (IdM) and Access Management. IdM is the business processes and supporting infrastructure for the creation, maintenance and use of digital identities. The key components of IdM can be summarized in four concise questions:
- Who are you? (identification)
- How do we know? (authentication)
- What services and/or transactions are available to you? (authorization)
- Is the information about you secure? (privacy)
Access Management refers to the process of control regarding to whom and when access is granted to internal/external parties, data repositories. It includes access for the retrieval of data and making changes to data.
The IAM Process
An IAM infrastructure must address the requirements of managing a users’ identity over its entire lifecycle, in alignment with business objectives, policies and relevant regulations. The IAM process is as follows:
- Registration and Creation – This is the first step of the identity lifecycle and involves the creation of the identity as well as the attributes that determine its privileges. A registration function should be integrated as part of the IAM process.
- Propagation – This involves registration of customers, vendors and business partners. This stage requires the development of processes for registering external users.
- Maintenance/Management – Application capabilities and entitlements need to change to reflect the evolution of identity attributes. Once an identity has been registered and propagated, there must be ongoing maintenance and management processes in place.
- Suspension /Deletion – Organizations may choose to implement a provisioning component to allow user provisioning to suspend, rather than delete, an identity and its associated privileges. This identity should be archived for later access, auditing, or other security requirements.
- Termination – There must be an established termination process to end the identity information lifecycle. Typically, such processes are driven by security policies that determine an acceptable limit for the amount of time that passes after users are deleted and when their access to applications systems are shut off.
IAM services refer to a new information infrastructure that exhibit several key characteristics, as outlined below:
- IAM services integrate all pertinent information about individuals from multiple authoritative source systems (e.g. email, voicemail, human resources systems, electronic portfolios, local area networks, etc.). This brings together accounts in disparate systems and joins the different identities together as a unique identity.
- IAM services process and transform information about individuals and allows the information to be stored in a way that is useful to applications.
- IAM services can function as a focus for implementation of policies regarding visibility and privacy of identity information and entitlement policies across various systems.
Why use IAM Services?
There are a number of advantages to using IAM services, as they make the existing services more convenient and development of new services may be simpler to achieve. Other advantages to implementing an IAM system include:
- Reduced overhead for service management – An IAM system would simplify the authentication model, since applications would use the same shared identity and access infrastructure. This consolidated system would reduce the staff and overhead required to manage each application.
- Increased security – Security and privacy issues are coming into public focus more and more. In response, regulatory requirements have become stricter. Consolidation of identity and access services can ensure that related policies can be supported in one location by the same staff.
- Simplified network and online service access – Consolidation of authentication processes can facilitate unified identity verification for a variety of online services. This means that users would need to provide a reduced set of credentials (i.e. user ID/password), simplifying service delivery and problem resolution.
- Legal pressures – Various institutions are required to restrict access to sensitive records under a number of legislations, including the HIPAA (Health Insurance Portability and Accountability Act); the GLBA (Gramm-Leach-Bliley Act); and the FERPA (Family Educational Rights and Privacy Act).
- Business and ethical stewardship – Organizations have the responsibility to safeguard confidential information, intellectual property and other strategic information. This means that they must ensure appropriate access to sensitive information and are obliged to protect information that can be misused.
IAM systems have evolved significantly over the last fifty years. Their range of functions have increased and IAM services now boast numerous advantages. This article defines IAM systems and takes a look at the functions and components of IAM services.
CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/Information Technology (CIPP/IT) exam, a privacy professional should be comfortable with topics related to this post, including:
- Identity and Access Management (VI.F.)
- Organizational Practices (II.A.b.)