In this final part of the blog series for Identity and Access Management (IAM), we explore steps to remediate the complexity of IAM solutions for any organization.
Identity and Access Management Series Part 4
Several years of customer engagements taught us many lessons for ensuring success in the Identity and Access Management (IAM) area. We often hear about security breaches in companies. When combined, these breaches insist on leveraging proven processes for assessing a company’s existing environment and goals, then combine those into an IAM blueprint report. Today, cloud-first, mobile-first digital initiatives are normal. These initiatives challenge security practices and put IAM squarely in the spotlight.
How to handle IAM in any organization?
Identity and Security professionals no longer focus only on perimeter defense. As we already laid out in our previous blogs, due to digital transformation initiatives, most modern organizations support access to data and services evenly from both inside and outside the corporate walls. Outside here means our users, applications, and machines all living outside the perimeter wall in a Cloud.
While there are several leading cloud service providers, like Amazon Web Services (AWS), Microsoft’s Azure, and many others, we’ll focus on the Microsoft Azure Identity platform to drive the concepts of Identity and Access Management in this blog. However, an underlying framework of Identity protocols like WS-Federation, SAML, OAuth 2.0 and OpenID Connect stay the same, whether you write an application in .NET or PHP and the cloud platform is AWS, Google or Microsoft.
Using an IAM Assessment
Earlier in the series, we discussed how IAM is one of the more complicated issues every organization faces. Now, it’s time to move forward, putting it into practice. Here are a few steps to help you get started:
1. Start your IAM assessment
For your organization to build a holistic “IAM blueprint,” take into consideration the full scope of identity and access management complexity. Once you understand what you have and what you need, an assessment can help put it all together into a cohesive architecture that scales and expands over time. If you have an IAM vision and a blueprint, it helps make future decisions around this complex identity management with ease and confidence.
2. Understand your IAM category for assessment
Before you begin an assessment, be sure you understand the type of program you are building. Each identity type has a very different focus, stakeholders, solution sets and assessment criteria. A comprehensive assessment is an essential first step in a multi-stage approach that helps you tackle your identity program in consumable portions based on priority. Check to see which Identity category you fall into– Enterprise, Customer or Consumer.
3. How do IAM Assessments help?
IAMs assessments make sure the right people get access to the right resources at the right time for the right reasons with appropriate regulations in place. Another reason to run these assessments includes detecting and preventing security risks before the system receives threats. Finally, these make the customer experience better, increase security and reduce risk.
4. What to include in an assessment
Your assessment must consist of the entire IAM landscape, including authentication and authorization scenarios in the organization. Authentication seems simple until you peel back the layers to reveal the complexity inside. Human identification isn’t the only form of authentication anymore. IoT devices, for example, requires authentication. Authentication to most of the services a Cloud platform offers requires an identity.
5. Assessment End-Goals
Among all these challenges, for Identity and Access Management, the end goal should include:
- Allowing data consumers to build their applications and processes. For example, accessing information, composing, and recomposing information as required like IoT data, machine intelligence, and analysis and visualization of the data.
- Simplifying access to data and facilitate the reuse of the data.
- Providing consistent access to data across all channels, specifically, whether the user is using the browser, webchats, web bots, desktop, or mobile devices.
A strong Identity and Access Management foundation requires a thoughtful approach to the solutions that you will integrate over the years to come. Making an effort to assess your current state and your desired future state will save you significant amounts of time and money in the future. Here is a diagram from earlier in our series showing an organization diagram with Microsoft Identity components, but it can be any identity provider in the mix.
The goal is to define an enterprise-accepted future state architecture that we tie back to the issues, wants, and associated requirements an assessment identifies. Once we define these, we can develop a roadmap to implement solutions in a cost-effective, time-effective, and security-focused IAM infrastructure.
While this can be an intricate process, with variants across the enterprise and consumer identity, our series provides methodologies that can guide you along the way.