The importance of IAM within enterprises

08/10/2020
share

IAM stands for ‘Identity and Access Management’. It is a discipline that covers the processes and technologies by which organizations regulate access to company resources and assets ) through one or more IT tools using prevention, protection and governance.


Pillars of IAM

IAM is based on three fundamental pillars:

  1. Identity Management,
  2. Access Management,
  3. (Operational) governance management (within an IGA framework, Identity Governance and Administration), also known as GRC, Governance, Risk and Compliance.
IAM scheme regrouping IGA/GRC, Identity management tool and Access management tool
IAM scheme

Today, more and more companies want to improve the identity and access management of their employees. To do so, it is important to work on three axes:

  • Analysis of the current state of identities and access within the company’s technological assets (systems, software, online files, etc.) through operational GRC (Governance, Risk and Compliance) software,
  • the implementation of an IM (Identity Management) tool to manage employee identities (e.g. attributes, roles, provisioning, activation and deactivation of an account, etc.),
  • the implementation of one or more AM (Access Management) tools that will notably allow the management of authentication and authorizations to the company’s resources.

These many companies realise that today’s processes require a lot of time and human and technological resources. Moreover, the onboarding[1], the mutation (function, entity) and offboarding[2] processes are not always clearly defined. The processing steps for an employee joining or leaving the company need to be specified so that the employee in question has access to the right systems, software, buildings at the right time and for the right reasons.


IAM challenges for companies

In this way, we notice that there are many challenges regarding the Identity and Access Management of companies.

The first challenge concerns security: to guarantee the security of systems, data, buildings, computer equipment, etc.

The second challenge is that there must be identity and access control for each of the systems used by the company. For example, to ensure that employees have the strictly necessary access to a system, information to perform their daily work.

The third challenge is to ensure the standardization of roles and processes (the onboarding, offboarding and mutation processes). For example, when a person joins the company, a process will be triggered based on his or her profile and characteristics. This process consists of providing the employee with the necessary equipment and access so that he can carry out his work in the best possible conditions.

The last challenge regards the implementation of the IAM ecosystem. In order to correctly implement and configure it, it is important to use and exploit the premade analysis of the needs and the modelled processes. This allows us to offer an optimal response to the requirements of our employees. It is also necessary to have the involvement of all project stakeholders.

The challenges mentioned above are clearly intended to improve work efficiency and corporate governance.


Steps to meet the challenges

In order to meet these challenges, it is necessary to follow a series of steps.

First of all, it is necessary to know more about the company: its mission, its activities, the sectors in which it is present, etc.

Then it is important to identify and define the current situation of the company: the systems it has, the different profiles of the company (employees, workers, consultants, etc.) and the management of the current identities and accesses, the roles and responsibilities (via a RACI matrix), the objectives, the scope, the planning, the expected advantages and disadvantages, etc.

The third step is the identification and definition of the different IAM tools to match the expected needs and situation. Once this stage is completed, we can move on to the selection of the tool that will best suit the company’s needs and its implementation. Once the ecosystem comprising the different IAM tools (namely IM, AM and GRC) has been properly implemented, it is essential to first check with different departments in the company that the tool is correctly configured and then to provide them with training to ensure efficient and optimal use of the tools.


Conclusion

In conclusion, the IAM ecosystem offers many benefits by providing a better view and control of all of a company’s technology assets and by defining and standardising the processes for onboarding, offboarding and the mutation of employees, partners and customers. IAM therefore represents a major solution to ensure security, work efficiency and governance of companies.


[1] Onboarding: “the action or process of integrating a new employee into an organization or familiarizing a new customer with its products or services”. (Apple Dictionary Inc. on Mac)

[2] Offboarding: process followed when an employee leaves the company.

Subscribe to receive new publications