An identity access management (IAM) system is a framework for business processes that facilitates the management of electronic identities.
The framework includes the technology needed to support identity management. IAM technology can be used to initiate, capture, record and manage user identities and their related access permissions in an automated fashion.
This ensures that access privileges are granted according to one interpretation of policy and all individuals and services are properly authenticated, authorized and audited.
Poorly controlled IAM processes may lead to regulatory non-compliance because if the organization is audited, management will not be a http://searchsecurity.techtarget.com/definition/identity-access-management-IAM-systemble to prove that company data is not at risk for being misused.
Why you need IAM?
A lack of effective identity and access management poses significant risks not only to compliance but also an organization’s overall security. These mismanagement issues increase the risk of greater damages from both external and inside threats.
Keeping the required flow of business data going while simultaneously managing its access has always required administrative attention. The business IT environment is ever evolving and the difficulties have only become greater with recent disruptive trends like bring-your-own-device (BYOD), cloud computing, mobile apps and an increasingly mobile workforce. There are more devices and services to be managed than ever before, with diverse requirements for associated access privileges.
With so much more to keep track of as employees migrate through different roles in an organization, it becomes more difficult to manage identity and access. A common problem is that privileges are granted as needed when employee duties change but the access level escalation is not revoked when it is no longer required.
This situation and request like having access like another employee rather than specific access needs leads to an accumulation of privileges known as privilege creep. Privilege creep creates security risk in two different ways. An employee with privileges beyond what is warranted may access applications and data in an unauthorized and potentially unsafe manner. Furthermore, if an intruder gains access to the account of a user with excessive privileges, he may automatically be able to do more harm. Data loss or theft can result from either scenario.
Typically, this accumulation of privilege is of little real use to the employee or the organization. At best, it might be a convenience in situations when the employee is asked to do unexpected tasks. On the other hand, it might make things much easier for an attacker who manages to compromise an over-privileged employee identity. Poor identity access management also often leads to individuals retaining privileges after they are no longer employees.