It's back-to-school time, and we're here to help you learn IAM lingo!
A general definition of Identity and Access Management (IAM) is an IT security framework by which an organization manages roles and access privileges to company systems, and the policies that define which users are granted or denied permissions. IAM should allow for one identity per person that is monitored and modified as needed through the user’s lifecycle.
In the past, if you were a new employee starting to work at a financial institution, you would receive your login credentials, and that very well may have given you access to all of the systems that the bank used. Today, that type of carte blanche access raises numerous red flags due to the explosion of cybersecurity threats and data breaches, compliance requirements with regulatory agencies, and having no way to track who is accessing your systems and why. Simple manual management of login credentials is inadequate and dangerous in today’s complex security landscape.
An automated IAM system, such as Provision, provides benefits like enhanced security, reporting, business agility, and scalability. If you are new to the world of Identity and Access Management, you may be intimidated by some of the jargon that you hear. That’s why we are providing you with this list of a dozen key terms and acronyms that you should understand as you are beginning your IAM research journey. Ready to go?
- Active Directory (AD): A user-identity LDAP directory service developed by Microsoft included in the Windows Server operating system. Active Directory stores user information and is used to manage permissions and access to network resources. An IAM can integrate with AD to automate managing the contents of that directory.
- Application Programming Interface (API): Computing interfaces used to programmatically access data and functionality without direct or manual usage of the software’s user interface. Provision uses API-based connectors to integrate with HR systems, core banking systems, etc.
- Identity as a Service (IDaaS): Cloud-based identity and access management functionality to an organization’s systems that reside on-premises and/or in the cloud.
- Identity Lifecycle Management: A set of processes and technologies that maintain and update digital identities. Identity lifecycle management includes provisioning, deprovisioning, and the ongoing management of user attributes, credentials, and entitlements.
- Lightweight Directory Access Protocol (LDAP): LDAP is an open, cross-platform protocol for managing and accessing a distributed directory service, such as Microsoft’s Active Directory.
- Multi-factor authentication (MFA): Basic authentication methods include a username and password verification. MFA introduces one or more additional factors of authentication required to grant access to network or system resources. MFA may include verification methods such as mobile push notifications, one-time-passwords (OTP), biometric verification, etc.
- Role-Based Access Control (RBAC): With RBAC, users are assigned “roles” that grant them a certain level of access to resources and systems. Assigning a role to a user grants that user a specific set of privileges and entitlements.
- Single Sign-On (SSO): A type of access control that uses singular user authentication to grant user access to multiple separate, but related systems. SSO can reduce the incidences of forgotten or weak passwords.
- System of Record (SoR): A system of record (SoR) is software that serves as an authoritative information storage and retrieval system for domain-specific data. An IAM can be considered an IT SoR because it authoritatively stores and manages identity information as well as system access management records and information.
- Segregation of Duties (SoD): This important security control feature ensures that critical responsibilities should be split between multiple identities to prevent error and potential fraud. Example: One employee should not be responsible for initiating and approving high-risk requests.
- Principle of Least Privilege (PoLP): This is another security best practice that allows a system user only enough access to do their job.
- Zero Trust: Zero Trust is an overarching concept that draws on some of the technologies in our list, such as MFA, SSO, IAM, and PoLP. True to its name, Zero Trust assumes that users and systems within the security perimeter should not automatically be trusted. Instead, system access requests should be verified, authenticated, and properly authorized prior to granting access.
Of course, this list is in no way meant to be all-inclusive. There are many concepts and terms that are specific to Identity and Access Management. At Exclamation Labs, we excel at helping you define your IAM goals and implementing your solution. Let’s talk!