Programming4us
         
 
 
Programming

Identity and Access Management : Why IAM?

11/28/2010 3:13:39 PM
Traditionally, organizations invest in IAM practices to improve operational efficiency and to comply with regulatory, privacy, and data protection requirements:

Improve operational efficiency

Properly architected IAM technology and processes can improve efficiency by automating user on-boarding and other repetitive tasks (e.g., self-service for users requesting password resets that otherwise will require the intervention of system administrators using a help desk ticketing system).


Regulatory compliance management

To protect systems, applications, and information from internal and external threats (e.g., disgruntled employees deleting sensitive files) and to comply with various regulatory, privacy, and data protection requirements (e.g., HIPAA, SOX), organizations implement an “IT general and application-level controls” framework derived from industry standard frameworks such as ISO 27002 and Information Technology Infrastructure Library (ITIL). IAM processes and practices can help organizations meet objectives in the area of access control and operational security (e.g., enforcement of compliance requirements such as “segregation of duties” and assignment of limited privileges for staff members to perform their duties). Auditors routinely map internal controls to IT controls as they support management of regulatory compliance processes including Payment Card Industry (PCI) Data Security Standards (DSSs) and the Sarbanes-Oxley Act of 2003 (SOX).

In addition to improving operational efficiencies and effective compliance management, IAM can enable new IT delivery and deployment models (i.e., cloud services). For example, federated identity, a key IAM component, enables the linking and portability of identity information across trust boundaries. As such, it enables enterprises and cloud service providers to bridge security domains through web single sign-on and federated user provisioning.

Some of the cloud use cases that require IAM support from the CSP include:

  • Employees and on-site contractors of an organization accessing a SaaS service using identity federation (e.g., sales and support staff members accessing Salesforce.com with corporate identities and credentials)

  • IT administrators accessing the CSP management console to provision resources and access for users using a corporate identity (e.g., IT administrators of Newco.com provisioning virtual machines or VMs in Amazon’s EC2 service, configured with identities, entitlements, and credentials for operating the VMs [i.e., start, stop, suspend, and delete VMs])

  • Developers creating accounts for partner users in a PaaS platform (e.g., developers from Newco.com provisioning accounts in Force.com for Partnerco.com employees contracted to perform business process tasks for Newco.com)

  • End users accessing storage service in the cloud (e.g., Amazon S3) and sharing files and objects with users, within and outside a domain using access policy management features

  • An application residing in a cloud service provider (e.g., Amazon EC2) accessing storage from another cloud service (e.g., Mosso)

Since IAM features such as SSO allow applications to externalize authentication features, businesses can rapidly adopt *aaS services (an example is Salesforce.com) by reducing the time required to integrate with service providers. IAM capabilities can also help a business outsource a process or service to partners with a reduced impact to the business’s privacy and security; for example, employees of an order fulfillment partner of a merchant can use their federated identities to access real-time information stored in a merchant application to manage the product fulfillment process. In short, extending your IAM strategy, practice, and architecture allows your organization to extend your user access management practices and processes to the cloud. Hence, organizations with established IAM practices can rapidly adopt cloud services while maintaining the efficiency and efficacy of their security controls.

Other -----------------
- Identity and Access Management : Trust Boundaries and IAM
- Parallel Programming with Microsoft .Net : Parallel Tasks - The Default Task Scheduler
- Parallel Programming with Microsoft .Net : Parallel Tasks - Design Notes
- Parallel Programming with Microsoft .Net : Parallel Tasks - Anti-Patterns
- Parallel Programming with Microsoft .Net : Parallel Tasks - Variations (part 2)
- Parallel Programming with Microsoft .Net : Parallel Tasks - Variations (part 1)
- Parallel Programming with Microsoft .Net : Parallel Tasks - An Example
- Parallel Programming with Microsoft .Net : Parallel Tasks - The Basics
- jQuery 1.3 : The jQuery UI plugin library
- jQuery 1.3 : The Form plugin
- jQuery 1.3 : How to use a plugin
- jQuery 1.3 : Sharing a plugin with the world
- Auditing an Existing Site to Identify SEO Problems (part 3) - Fixing an Internal Linking Problem
- Auditing an Existing Site to Identify SEO Problems (part 2) - The Importance of Keyword Reviews
- Auditing an Existing Site to Identify SEO Problems (part 1 - Elements of an Audit
- First Stages of SEO : Defining Your Site’s Information Architecture
- First Stages of SEO : The Major Elements of Planning
- Understanding Your Audience and Finding Your Niche
- Developing an SEO Plan Prior to Site Development
- Setting SEO Goals and Objectives
 
 
Most View
- Windows Server 2008 R2 : Installing Windows SharePoint Services (part 2)
- Windows Phone 7 Game Development : The World of 3D Graphics - Rendering 3D Objects
- Cloud Security and Privacy : Internal Policy Compliance
- Programming Windows Phone 7: Orientation Events
- Exchange 2007: Choose the Right Hardware for the Role
- Windows Server 2008: Using the Task Manager for Logging and Debugging (part 1)
- SharePoint 2010 : Writing Workflows with Visual Studio
- Managing and Accessing Windows Server Backup Media
- SQL Azure : Creating Your Azure Account
- Windows 7 : Getting to the Command Line (part 1)
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS