Identity and access management (IAM) in enterprise IT is about defining and managing the roles and access privileges of individual network entities (users and devices) to a variety of cloud and on-premises applications. The overarching goal of identity management is to grant access to the enterprise assets that users and devices have rights to in a given context. That includes onboarding users and systems, permission authorizations, and the offboarding of users and devices in a timely manner.
However, part of the problem are the users and their love/hate affair with their passwords. We all have too many passwords, making the temptation to share them across logins – and the resulting security implications – an issue.
You can read my post for CSOonline here.
Hi, David. We haven’t met, but I enjoyed your IAM Explained article. You did a nice job on it! I have a question that I’d like your opinion on. Would you consider Application Access Governance a separate category from IAM or a subset? By AAG, I mean a layer of abstraction that sits above identity elements of SaaS applications like Workday, EPIC, Salesforce, etc and provides a single portal for Separation of Duties, compliance, etc. rather than having to the identity work in each platform. Any thoughts would be appreciated. Thanks.
I consider this part and parcel to IAM. I know that Saviynt is trying to make AAG into a separate “thing” but I don’t see it that way.
You still need to have user rights assigned, whether it is for the cloud apps or for more mundane things.
Thanks for the kind words on my CSO piece. David