What is Identity and Access Management (IAM)?

Back
August 14, 2017

Identity and access management (IAM) is a system for securely initiating, storing and managing user identities and access permissions. IAM ensures that users are who they say they are (authentication) and that they can access the applications and resources they have permission to use (authorization).

IAM solutions include single sign-on (SSO), multi-factor authentication (MFA) and access management, as well as directory for securely storing identity and profile data and data governance to ensure that only needed and relevant data is shared. These solutions can be deployed on premises, provided by a third party through a cloud-based subscription model often referred to as Identity as a Service (IDaaS), or a hybrid IT model consisting of a combination of both.

There are also API-first IDaaS platforms. That means 100 percent of their capabilities are available via REST APIs. These solutions are geared toward development teams who want to embed identity and access management services into their applications.


Why is identity and access management important?

It's a brave new world out there for digital businesses.

 

Cloud, mobile and IoT technologies are allowing businesses to be more agile, efficient and scalable. Employees have moved beyond the protections of firewalls and physical barriers to do business from wherever they are, and customers are interacting through multiple channels and engaging with businesses in innovative new ways.

 

These amazing opportunities have stretched traditional perimeter-based security--guarding the entry and exit points of a designated network--past the breaking point. To keep up with modern threats, enterprises need to embrace a different paradigm, one that puts identity at the center of their security model. With identity and access management, the focus is ensuring that employees, customers and partners are who they say they are, and that they get simple and secure access to applications they need, no matter where they are or what device they're using. The business benefits of identity and access management are considerable:


Reduce risk of data breaches

IAM solutions like single sign-on and multi-factor authentication reduce the number of passwords users must rely on and require more evidence to prove user identity. Modern IAM also uses encryption to protect sensitive identity data from end to end. This dramatically reduces the risk of compromised user credentials, which is the number one cause of security breaches.


Centralize access control

With IAM, the roles, groups and attributes associated with each user determine which applications they are allowed to access, as well as what operations they can perform. A developer doesn't need access to the accounting system, but the CFO does.

 

If users don't have access to the right systems, it can be frustrating and, in the case of customers, a deal breaker. On the other hand, too much access to systems users don't need is risky because they might use the data incorrectly, exploit the data irresponsibly, or provide a hacker opportunity to do more damage than would otherwise be possible. IAM allows organizations to set centralized policies for just the right access privileges to keep things running smoothly.


Ensure regulatory compliance

Data access governance and privacy management is an increasingly important aspect of identity and access management. It provides control over who can access user data and how it can be used and shared, including the enforcement of user consent. This means that enterprises can be sure to meet the requirements of evolving global and industry data privacy regulations like PSD2 and the General Data Protection Regulation (GDPR).


Improve user experience

Security is critical, but so is convenience. A poor experience impacts employee productivity and customer attraction and retention. Especially because customer interactions now span multiple channels, the organizations that can use identity and access management to offer a superior brand experience through single sign-on, unified customer profiles and self-service capabilities will have the competitive edge.


Reduce IT costs

There is significant labor involved in keeping an entire business environment secure, with all the applications, all the users, all the devices and more on the way. Identity and access management standardizes and even automates critical aspects of managing identities, authentication and authorization, saving IT time and money and reducing risk to the business.


Identity and Access Management Use Cases


Employee

IAM solutions for employees ensure that every worker can be productive and secure at any time, using any device, from anywhere. It helps support remote working, bring-your-own-device policies and round-the-clock performance. Single sign-on provides one-click access to all applications, and contextual multi-factor authentication secures that access without getting in the way.


Customer

Customer identity and access management (CIAM) solutions enable consistent omni-channel experiences with the scale and performance to support millions of customers accessing cloud, mobile and third-party applications around the world. An organization with a distinct CIAM solution can balance seamless customer experiences with the highest levels of security. API-first IDaaS platforms for cutomer identity can help development teams get these CIAM services into their applications quickly and easily, without having to worry about security.


Partner

In today's complex ecosystems, businesses work closely with a variety of partner organizations to get things done. These entities often need access to specific business applications or resources, and IAM can enable a quick, secure connection. Businesses can also allow partners to manage their own identities, which significantly reduces IT costs and risk for both parties.


Balancing Security and Convenience with IAM

Whether on premises or in the cloud, and for employees, customers or partners (or all three), identity and access management provides secure ways to authenticate, authorize and manage users without sacrificing convenience and usability. It also provides the flexibility organizations need to accommodate the latest trends and technologies that extend their businesses beyond the traditional perimeter.

 

To learn more about identity and access management, read how Ping Identity was named a Leader in the Gartner Magic Quadrant for Access Management.