1 Introduction / Executive Summary
Managing the identities of who can access which applications, data and systems is fundamental to executing business processes and ensuring cyber security. This report provides a tool to evaluate the maturity of your IAM.
Identity and Access Management (IAM) encompasses a range of processes and technologies that are intended to ensure that only authorized people and devices can access the physical and logical infrastructure to which they are entitled. The processes include the vetting of individuals, issuing of credentials, authentication, authorization and monitoring as part of a complete lifecycle management process.
Identity Governance and Administration (IGA) has the objectives of ensuring legitimate access to resources and data while managing the risks of illegitimate access. These risks include the theft of information, fraud through alteration of systems or data, and the subversion of IT systems (through ransomware for example).
Consumer / Customer Identity and Access Management (CIAM) has emerged in the last few years to meet the requirements to provide a better digital experience for and to gather more information about the consumers who are using their services. In addition, Know Your Customer (KYC) initiatives, particularly in the financial sector, are another business driver motivating the adoption of CIAM.
Another emerging area is Cloud Infrastructure Entitlement Management (CIEM). This addresses the challenges of multi-cloud security, where dynamic cloud resources as well as people have access privileges. Dynamic Resource and Entitlement Management crosses the disciplines of Identity Management & Governance, Access, Privilege Management and Authentication. It addresses the complexity of multi-cloud adoption where privilege and access management work differently for each provider.
In this report IAM is used to refer to the four areas described above.
Most large organizations as well as a significant number of medium-sized organizations have invested heavily in IAM. Some projects went well - however, others did not deliver as expected. But even organizations that have successfully accomplished their IAM projects are facing the challenges from the evolving IT landscape. The challenges include achieving Digital Transformation, the "Computing Troika" of Cloud Computing, Mobile Computing, and Social Computing, as well as the increasing number of regulations and laws affecting how data is processed.