Identity and Access Management (IAM) Technologies and Tools
No discussion of what is identity and access management (IAM) is complete without looking at the technologies and tools that make IAM possible. These various systems make it possible for IT administrators to set up and remove accounts, create and manage custom groups, enforce access rights – and, in the case of Clear Skye IGA, provide an enterprise-wide, cloud-based identity management experience native to the ServiceNow Now Platform.
Let’s take a look at some of the most common IAM technologies, tools, and processes that today’s enterprises use. Broadly speaking, these systems can be broken into three categories: Access management, authentication, and administration.
These tools control how users can (and cannot) access enterprise systems.
• Password management policies ensure that end users maintain unique and/or complex passwords for enterprise applications, and also provide a secure system for verifying user identity in order to reset passwords.
• Single sign-on provides users one set of log-in credentials for multiple, often related enterprise systems. SSO can reduce password fatigue among end users and decrease calls to the Help Desk for password resets.
• Pre-shared keys are passwords shared among users with the authority to access the same resources, such as an office’s Wi-Fi network. PSKs should be used sparingly, as they are less secure than individual passwords.
• Context-aware network access controls grant or block access to resources based on the circumstances of the user seeking access. Most commonly, enterprise deny access from devices or IP addresses that haven’t been whitelisted.
Authentication tools provide additional layers of security to determine whether a user should (or should not) access certain systems.
• Multi-factor authentication goes beyond the username/password combination to allow access to a system, network, or location, whether through entering a code sent via SMS, scanning or inserting a smart cart, or completing a biometric authentication.
• Biometric authentication collects a range of unique biometric characteristics, ranging from fingerprints and palms to faces and voices, adding a layer of security to access control.
• Risk-based authentication, like context-aware controls, assesses a user’s given circumstances when access is requested – but they can take the extra step of automatically adjusting authentication requirements given the associated risk.
• Behavioral authentication is often applied to highly sensitive enterprise assets and uses artificial intelligence to analyze user behavior like keystrokes or mouse movement. Systems can be locked if unusual behavior is detected.
These processes help enterprises create a culture of governance around identity and access management. This is a principle we firmly believe at Clear Skye and are committed to helping out clients achieve.
• Automated provisioning and deprovisioning allows enterprises to automatically create, modify, and retire identities for end users and devices to improve employee efficiency and close access gaps.
• Privileged account management audits data and system access based on a user’s job function, removing or restricting access that no longer aligns with a particular user’s role.
• Segregation of duties ensures that users cannot perform job functions potentially subject to fraud or abuse – a critical requirement for regulatory compliance.
• Access request and review – especially when aligned with existing business processes – streamlines the often-cumbersome process in place to grant users access to enterprise assets.
• Identity lifecycle management updates entitlements as the needs of an end user changes during various stages as an employee, contractor, of third-party partner.
• Workflow management makes it possible for IAM to be automated like any other business process. And when IAM leverages ServiceNow workflows – as Clear Skye does – employees benefit from a consistent, familiar user experience.