Identity and Access Management

February 22, 2021

What is IAM, why care about it and what makes a great IAM?

Digital assets are an integral part of our everyday lives. Pictures, videos, documents, and IoT devices grow by the millions every day while physical assets are being digitized. Wikipedia has over 6 million articles and over 41 million users. Whereas encyclopedias feel like a thing of the past, placed carefully onto bookshelves performing as a requisite of sophistication in Instagram shots. Physical assets are getting a digital representation interacting with apps and systems worldwide. A fridge may have a digital representation as well as your light, your car, your TV, your grill thermometer, and your vibrator.

Like physical assets, digital assets became a target for intruders that want to leverage an asset that is not of their own. So you not only have to defend your fridge against your ice cream loving partner; you also have to protect its digital representation from intruders ordering bad wine ;-) 

Identity and Access Management (IAM) is the part of IT security that concentrates on the identities that access an asset and the nature of that access.

Definition: “Identity and access management (IAM) is the discipline that enables the right individuals to access the right resources at the right times for the right reasons.” (Gartner)

IAM is the art of balancing the ease of access with securing the asset itself. There are different requirements and priorities depending on the asset. This not only applies to digital assets. Fort Knox, a military installation in the US that is the home of a large portion of the United States' official gold reserves, was built to keep the gold in and thieves out. Ease of access is not really a priority whereas security is of utmost importance in this case. Let’s take another example from the digital realm. A Twitter account! If you create a Twitter account the standard way of access configured is a simple password. Twitter’s main business is centered around people writing more or less interesting coherent words and others reading and interacting with it. Their primary goal and driver of business growth is to make it easy for you to interact. It is on you to configure a second factor such as a text message to protect your account.

The examples show that the security applied to protect an asset is pretty much depending on the worth of the asset itself. A great Identity and Access Management reflects on changing requirements and finds the suitable balance of ease and security of access for the asset in question. Furthermore, a great IAM is a moving objective and should evolve constantly with the risk caused by security threats and opportunities provided by technology.

Stay tuned for more blog posts regarding IAM. Let me know on Twitter or via mail what you would be interested in and want to learn more about.