Skip to main content

The Fundamentals of Identity and Access Management

January 16, 2018

Identity and access management (IAM) is an exciting world filled with dreams of business enablement while reducing risks and implementing security policies and processes. However, it can be daunting to educate, prioritize, pick and implement solutions, and then maintain all of it with thoughtful governance. 

IAM-fundamentals

IAM encompasses the people, processes and technology used to create, manage, authenticate, control and remove a user’s permissions, and the way data is accessed throughout an organization by its employees, contractors, affiliates, partners and customers. By starting with a foundational understanding of the current state of IAM, your organization can appropriately assess its maturity against the pillars of IAM:

  1. The IAM Program – How the organization, its executive stakeholders and its subject matter experts approach IAM pain points, drivers, and the supporting people, process and technology changes.
  2. Identity Data Management – The control and management of identity-related data, the systems that house the data and how the data is processed across the organization.
  3. Access Management – Supporting authentication mechanisms, including single sign-on, multifactor authentication, federation and password management.
  4. Access Governance – Policy-based activities enabling the definition, enforcement, review and auditing of IAM functions and policy compliance.
  5. Identity Management – Core user lifecycle and self-service management of end user accounts, administration and entitlements.
  6. Privileged Access Management – Supporting the processes and technology controls related to elevated permission accounts.
  7. Data Security and Analytics – The ability to manage unstructured data, provide data classification, identification and user analytics to support data security programs.

When defining the maturity of IAM at your organization, you can speak to varying maturity levels across each of the pillars, including being aware, reactive, adaptive, purposeful or strategic in the way you approach each IAM component. By establishing this baseline, you can directly show growth and improvement to your executive stakeholders, and build your framework foundation for success with the direct improvement in maturity. From there, you can establish cross referenced, prioritized business requirements against stakeholder and business program drivers, while identifying measurable and appropriate key performance indicators (KPIs), metrics and key risk indicators (KRIs). 

All this leads to the establishment of the next phase of your IAM program, which is full of process and technology choices, training and awareness, tactical and strategic decisions, and developing centralized offerings that your business and customers will want to opt into. As a result, you can reduce any decentralized, one-off solutions and approaches in use. By having a mature IAM program in place, your organization can balance accessibility with security, by appropriately focusing on business enablement and risk reduction, empowering your internal people and customers to access the services they need while mitigating risks where possible.

Understanding where you stand with your IAM program compared to industry best practices is a great first step. Check out Optiv’s free IAM self-assessment and read our IAM program primer to get you going in the right direction. 


    Janel Schalk

By: Janel Schalk

Senior Director, Strategic Consulting and Access Management

See More

Related Blogs

January 16, 2018

The Fundamentals of Identity and Access Management

Identity and access management (IAM) is an exciting world filled with dreams of business enablement while reducing risks and implementing security pol...

See Details

February 06, 2012

Access Governance 101 | Optiv

We will be posting excerpts from select Identity Strategy and Advisory Group (ISAG) briefings. Part 2 below is transcribed from a recent briefing that...

See Details

May 25, 2017

Having an Identity Crisis? CISO’s Need to Own IAM

Within any company, we can find owners for every key function throughout the enterprise. If we ask, “who is in charge of human resources?” we know the...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

July 25, 2017

Identity and Access Management Program Primer

Learn how to create an identity and access management maturity roadmap tailored for your organization.

See Details

May 23, 2016

Next Generation Identity and Access Management (Next Gen IAM)

Having spent the last 17 years in the identity and access management (IAM) space, I know two things are certain: Evolution is inevitable, and change i...

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.