Why do companies need Identity and Access Management? (IAM)
Author: Jamie Turbill
Release Date: 20/01/22
What is identity and access management, and why would I even need it? I wanted to take a few moments in this blog today to point out some of the key reasons why I’m a big advocate for IAM and why I think every customer should use one.
As cloud-first strategies continue to grow, along with the switch to hybrid working accelerated by the COVID-19 pandemic, for many of us the way we access and use our apps and services has changed, and needs to be more flexible than ever before, all the while being accessible and secure.
Identity and access management is simply a framework of tools, policies and procedures to ensure that the right people and the correct access to your business applications. Many people, when thinking about IAM may assume it’s mostly just SSO – but in reality SSO should only be part of the picture.
So, why identity and access management then?
Okta 101: Intro to Okta Hands on Workshop
Most Recent Post:
Security
Of course! If you are going to implement an IAM solution, then you need it to be secure. It’s potentially going to hold your employee and customer personal information!
Secure SSO using industry standard protocols such as SAML 2.0 is an immediate good step. By implementing SSO, you eliminate almost all app passwords – including the ability to use bad and weak passwords. Gone are the days of writing passwords in the notebook (thankfully!), and the possibility for brute force attacks are significantly mitigated or eliminated.
As more and more SaaS services are used, it’s becoming increasingly difficult to manage users in each varying application consistently. Onboarding a user and offboarding a user is becoming an ever greater task on the IT admin and service desk team, and mistakes do happen. How do you ensure that somebody leaving the company doesn’t have lingering access to that one application you missed off the list or forgot about, and how do you do it every time consistently?
A good identity and access management solution should also provide tools for user and group lifecycle management. By integrating with your cloud first applications, your IAM platform, as the source of truth for user identities and access management, can manage the provisioning and deprovisioning of users. By leveraging reliable automation, you can offboard your users in a single click, and let the IAM platform do all the work for you, whilst you rest easy knowing the person who’s left the company doesn’t still have access to sensitive intellectual property!
MFA is also a factor when it comes to security. Many applications are increasingly coming up with their own novel MFA features for their apps – but quite often that means your average user is carrying around multiple different MFA factors, maybe Google Authenticator there, SMS here, and Duo elsewhere. But what’s worse is that some applications don’t support MFA at all! By using IAM, you can
a) provide a consistent and single MFA solution for your applications managed by your own company policy, but probably more importantly
b) provide support for MFA for some applications that don’t provide a solution for it already.
There are of course other features I’m missing here, not forgetting:
- Device Trust
- Allowing only known trusted devices to access sensitive applications and data
- Logging capabilities
Providing visibility into when/where/why and how applications are being accessed.
- and more…
User Experience
In a sentence, it’s much easier to be able to access all of your applications from one place, and in one click. As a user, I don’t need to remember many passwords and I certainly don’t need to have 5 different MFA apps on my phone.
At 9am, I can open my browser, go to my single app portal, and login to the app/s I want in one click. It saves me time, and it saves me having to bother the service desk.
If I ever want to change or I forget my Active Directory password, I can reset it or change it directly through my portal myself.
Time Saving
And certainly not least, there is a huge time saving aspect too with an IAM solution in place. Particularly with a service desk team – who might, without an IAM in place, be handling issues such as:
- Forgot passwords (in many different apps)
- Access and authorization problems, where a user should have access to something they don’t or even something as simple as a user can’t seem to find the login page.
- MFA issues, forgotten tokens, not receiving the SMS etc
- Account lockouts
- Etc
A good IAM solution will significantly reduce the quantity of tickets a service desk team is handling, meaning they can decrease time to resolution and spend more time on the other major incidents.
And as was previously mentioned, as a user saving time improves the user experience. People can get into their apps quickly, easily, and importantly, reliably.
In summary….
As we adopt cloud applications and solutions, the way we access our apps is becoming ever more fragmented and somewhat convoluted. An IAM solution helps to solve this problem by centralizing and providing a single corporate application portal. Users can customize their portal to suit, and the apps they see are those that are relevant to them and their role.
Accessing apps can be simplified with a secure SSO solution that eliminates passwords, reducing service deck tickets and reducing the threat of brute force attacks. Identities can be consistent and accurate across your apps and lifecycle management enables a good security practice ensuring people only have access to exactly what they require.
