Identity and Access Management(IAM) is much more than a commonly used IT subject, it has become a prerequisite for harvesting the benefits of an integrated multi-cloud IT landscape.
In order to have a nice overview of the essence of IAM, we asked three of our consultants, to give us a little insight on their jobs.
Emoke Laszlo: What is the first thing that comes to your mind when you think of Identity and Access Management?
Short answer: A centralized and safe user experience.
Laszlo Miklosik: A seamless and secure login experience comes to my mind, but it refers to a lot more. Access Management is about the authentication and authorization of identities in different applications. An identity can be a person (a consumer or an employee) or a thing (a device or an application running on a device).
Cristian Groza: A centralized vault with identity data of user including roles and privileges in different circumstances. In the context of a company, people come and go (employees, contractors and partners) and as a company you need to grant privileges to different systems and applications as part of the onboarding process and also have all these actions traceable for later validation. This also applies to the offboarding process, where the identity data will be disabled/deleted.
Emoke: What is the biggest benefit of implementing an IAM system?
Short answer: Transparency, being in control & security.
Mihai Rus: From a B2E point of view, IAM solutions create a centralized overview of roles, authorizations, and access rights of employees. In a B2C context, you can see the applications customers use and what kind of consents did they give.
Laszlo: As an end user, you are in control of your credentials and data. As an administrator you can manage who can access your applications (be those customers or employees).
Cristian: From a security point of view, IAM solutions are implemented according to the IETF standards (i.e. a set of agreed specifications ensuring compatibility, security, reliability; e.g. OAuth2.0, SAML). Dedicated teams spend a lot of time to improve and maintain solutions like these, so they are more robust from a security point of view, than an embedded authorization server, created to satisfy the needs of a specific application. IAM solutions are also subject to security audits (e.g. penetration tests) so your application development teams will focus on security findings from the application itself, not the authorization server.
Emoke: Whom would you recommend implementing an IAM system?
Short answer: Everyone.
Cristian: I would recommend it to every business with a distributed application landscape, including applications in the Cloud either SaaS or PaaS.
Mihai: Companies with a lot of applications and diverse customers could benefit from IAM. For example, insurance agencies with a variety of applications for products like life-, and health insurances. Creating separate accounts in every application can be quite inconvenient for customers. An IAM solution can centralize all the applications and offer Single Sign-On (SSO), enabling users to log in once then access everything easily and securely.
Emoke: What are the signs that someone needs an Identity and Access Management solution?
We recommend implementing an IAM solution if you recognize the following signs:
1. Multiple applications with their own user base
2. Need for standardized and convenient user-flows for registration, single sign-in, credential changes
3. High security requirements for the authorization server and authentication flows
4. Requirement to use OAuth flows
5. Need to be compliant with GDPR and similar regulations
How can your company benefit from an IAM implementation?
Write us a message and let’s talk!
