Identity and Access Management (IdM / IAM)

Identity Management (IdM) is the collective name of processes and technologies used for managing electronic identities. The processes and technologies used for granting or denying access rights is called Access Management. The combination is called Identity and Access Management (IAM) and defines not only the digital identity of a user, but also where he or she can have access to. Usually, the principle of 'least privileges' or 'kneed-to-know' is applied, granting only the minimum amount of access rights needed.

The term role-based access control (RBAC) is a form of access management where roles (or job profiles) within an organization are defined. These roles have specific access rights linked. Users can have one or more roles assigned, obtaining the proper set of privileges relevant to all their role(s) or function(s).

The management of internal, and sometimes also external employees is a well-organized process within the Human Resources department, providing all required information to the proper authorities in a timely fashion. After all, no company wants to pay salaries to people who do not qualify. Furthermore, legal requirements regarding personnel files are strictly enforced by the government; failing to comply will result in stiff (tax) fines.

 

In practice, this process is within the IT department generally less well regulated. Information regarding new employees is usually communicated, but information on temporary staff, required access rights, job changes, promotions and resignations is often missing. Results are frustration within the business about inadequate service (cost increase), failure to remove or disable accounts providing access to internal and external systems (data leakage) and unregulated privileges (failing compliance and governance).

The implementation of an Identity and Access Management (IAM) solution, based on, for example, Microsoft Forefront Identity Manager 2010 is the answer to this problem. Extending the well regulated, existing HR processes to automated procedures for the (role based) management of electronic identities and access rights provides huge benefits in terms of security, efficiency, cost, governance & compliance, and ease of use (e.g. single sign on).

 

By optimizing Identity & Access Management, many manual, error prone and time-critical processes can be described in policies and fully automated. Responsibilities can be placed at the proper level. For example, Human Resources takes care of registration and deregistration of all staff, application managers take care of assigning proper access rights and users can reset their passwords using a self-service portal. The IT department remains responsible for the underlying technology, but follows predefined and automated policies regarding user and access management.

See the column at the right side for some more in-depth articles around the subject of IdM/IAM.

 

IAM projects require in-depth knowledge regarding your (critical) business processes and rules, as well as in-depth knowledge of the underlying technologies. X'nD has all the right cards: years of technical experience, knowledge of IdM/IAM, vendors and products and we operate on the cutting edge between business processes and IT for many years now.

 

If you would like to know what Identity and Access Management could do for your organization, call or email us for an informal chat (010-204 59 33 or info@XenD.nl).