Identity and Access Management : Why IAM?

11/28/2010 3:13:39 PM
Traditionally, organizations invest in IAM practices to improve operational efficiency and to comply with regulatory, privacy, and data protection requirements:

Improve operational efficiency

Properly architected IAM technology and processes can improve efficiency by automating user on-boarding and other repetitive tasks (e.g., self-service for users requesting password resets that otherwise will require the intervention of system administrators using a help desk ticketing system).

Regulatory compliance management

To protect systems, applications, and information from internal and external threats (e.g., disgruntled employees deleting sensitive files) and to comply with various regulatory, privacy, and data protection requirements (e.g., HIPAA, SOX), organizations implement an “IT general and application-level controls” framework derived from industry standard frameworks such as ISO 27002 and Information Technology Infrastructure Library (ITIL). IAM processes and practices can help organizations meet objectives in the area of access control and operational security (e.g., enforcement of compliance requirements such as “segregation of duties” and assignment of limited privileges for staff members to perform their duties). Auditors routinely map internal controls to IT controls as they support management of regulatory compliance processes including Payment Card Industry (PCI) Data Security Standards (DSSs) and the Sarbanes-Oxley Act of 2003 (SOX).

In addition to improving operational efficiencies and effective compliance management, IAM can enable new IT delivery and deployment models (i.e., cloud services). For example, federated identity, a key IAM component, enables the linking and portability of identity information across trust boundaries. As such, it enables enterprises and cloud service providers to bridge security domains through web single sign-on and federated user provisioning.

Some of the cloud use cases that require IAM support from the CSP include:

  • Employees and on-site contractors of an organization accessing a SaaS service using identity federation (e.g., sales and support staff members accessing with corporate identities and credentials)

  • IT administrators accessing the CSP management console to provision resources and access for users using a corporate identity (e.g., IT administrators of provisioning virtual machines or VMs in Amazon’s EC2 service, configured with identities, entitlements, and credentials for operating the VMs [i.e., start, stop, suspend, and delete VMs])

  • Developers creating accounts for partner users in a PaaS platform (e.g., developers from provisioning accounts in for employees contracted to perform business process tasks for

  • End users accessing storage service in the cloud (e.g., Amazon S3) and sharing files and objects with users, within and outside a domain using access policy management features

  • An application residing in a cloud service provider (e.g., Amazon EC2) accessing storage from another cloud service (e.g., Mosso)

Since IAM features such as SSO allow applications to externalize authentication features, businesses can rapidly adopt *aaS services (an example is by reducing the time required to integrate with service providers. IAM capabilities can also help a business outsource a process or service to partners with a reduced impact to the business’s privacy and security; for example, employees of an order fulfillment partner of a merchant can use their federated identities to access real-time information stored in a merchant application to manage the product fulfillment process. In short, extending your IAM strategy, practice, and architecture allows your organization to extend your user access management practices and processes to the cloud. Hence, organizations with established IAM practices can rapidly adopt cloud services while maintaining the efficiency and efficacy of their security controls.

Other -----------------
- Identity and Access Management : Trust Boundaries and IAM
- Parallel Programming with Microsoft .Net : Parallel Tasks - The Default Task Scheduler
- Parallel Programming with Microsoft .Net : Parallel Tasks - Design Notes
- Parallel Programming with Microsoft .Net : Parallel Tasks - Anti-Patterns
- Parallel Programming with Microsoft .Net : Parallel Tasks - Variations (part 2)
- Parallel Programming with Microsoft .Net : Parallel Tasks - Variations (part 1)
- Parallel Programming with Microsoft .Net : Parallel Tasks - An Example
- Parallel Programming with Microsoft .Net : Parallel Tasks - The Basics
- jQuery 1.3 : The jQuery UI plugin library
- jQuery 1.3 : The Form plugin
- jQuery 1.3 : How to use a plugin
- jQuery 1.3 : Sharing a plugin with the world
- Auditing an Existing Site to Identify SEO Problems (part 3) - Fixing an Internal Linking Problem
- Auditing an Existing Site to Identify SEO Problems (part 2) - The Importance of Keyword Reviews
- Auditing an Existing Site to Identify SEO Problems (part 1 - Elements of an Audit
- First Stages of SEO : Defining Your Site’s Information Architecture
- First Stages of SEO : The Major Elements of Planning
- Understanding Your Audience and Finding Your Niche
- Developing an SEO Plan Prior to Site Development
- Setting SEO Goals and Objectives
- First look: Apple Watch

- 10 Amazing Tools You Should Be Using with Dropbox

- Sigma 24mm f/1.4 DG HSM Art

- Canon EF11-24mm f/4L USM

- Creative Sound Blaster Roar 2

- Alienware 17 - Dell's Alienware laptops

- Smartwatch : Wellograph

- Xiaomi Redmi 2
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8