Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to company data.
At a high level, access control is a selective restriction of access to data. It consists of two main components: authentication and authorization, says Daniel Crowley, head of research for IBM’s X-Force Red, which focuses on data security.
The explosive growth of the cloud and, in particular, Software-as-a-Service (SaaS) applications, like those becoming popular in the collaboration or project management space, has changed the way companies do business. Deploying software as a managed service delivered via the cloud means lower maintenance costs, increased uptime, faster feature rollout, and the reduced need for on-site hardware. Those are just some of the reasons why cloud-based SaaS solutions are making deep and fast inroads to tasks that were formerly dominated solely by in-house IT staff.
According to Okta’s Business at Work 2019 report, nearly 40% of employees use the same two to four passwords to access over 100 apps on average. In the workplace, this means corporate IT administrators have their hands full managing user credentials for multiple systems. As organizations embrace cloud-based tools for a mix of on-prem and online services, IT admins have become responsible for securing access to many platforms with varying identity management and access control solutions. This can be challenging for IT teams, and can also lead to a frustrated user base that needs to stay on top of multiple logins.
Identity and Access Management (IAM), also called identity management, refers to the IT security discipline, framework, and solutions for managing digital identities. Identity management encompasses the provisioning and de-provisioning of identities, securing and authentication of identities, and the authorization to access resources and/or perform certain actions. While a person (user) has only one singular digital identity, they may have many different accounts representing them. Each account can have different access controls, both per resource and per context.
There are many technologies to simplify password management and other aspects of IAM. A few common types of solutions that are used as part of an IAM program include:
Single Sign On (SSO): An access and login system that allows users to authenticate themselves once and then grants them access to all the software, systems, and data they need without having to log into each of those areas individually.
Multi-Factor Authentication: This system uses a combination of something the user knows (e.g. a password), something the user has (e.g. a security token), and something the user is (e.g. a fingerprint) to authenticate individuals and grant them access.
IAM technology can be provided on-premises, through a cloud-based model (i.e. identity-as-a-service, or IDaaS), or via a hybrid cloud setup. Practical applications of IAM, and how it is implemented, differ from organization to organization, and will also be shaped by applicable regulatory and compliance initiatives.
Privileged access management
In an enterprise environment, “privileged access” is a term used to designate special access or abilities above and beyond that of a standard user. Privileged access allows organizations to secure their infrastructure and applications, run business efficiently and maintain the confidentiality of sensitive data and critical infrastructure.
Privileged access can be associated with human users as well as non-human users such as applications and machine identities.
Over the past decade, there have been numerous security breaches linked to privileged access abuse. From Terry Childs and Edward Snowden to Yahoo! and the massive breach at the U.S. Office of Personnel Management to the Bangladesh Bank breach and the attack on the Ukraine power grid and even the highly publicized Uber breach – the common denominator in each attack was that privileged credentials were exploited and used to plan, coordinate and execute cyber attack
Organizations implement privileged access management (PAM) to protect against the threats posed by credential theft and privilege misuse. PAM refers to a comprehensive cybersecurity strategy – comprising people, processes and technology – to control, monitor, secure and audit all human and non-human privileged identities and activities across an enterprise IT environment.
The Best Identity Management Solutions for 2020 – PCMag – Reference
Identity and Access Management (IAM): Who Are You? – Reference
A guide to keeping the identity of your business in check – OKta- Reference