Identity 和 Access Management (IAM)

为什么IAM很重要?

很明显, preventing unauthorized access to a company’s technical infrastructure, including 应用程序 和数据, 仍然是至关重要的. This is especially the case in a modern technology world, where 网络攻击 和数据 privacy breaches are in the news on a regular basis.

The growth of e-commerce has served to exacerbate the problem of cybercrime, 和 ransomware continues to impact private 和 public organizations worldwide.

基本而言, any company that undergoes a customer data breach suffers a significant hit to their reputation. In a competitive business world, this means that consumers will simply take their business somewhere else.

然而, organizations in some business sectors, 像银行, 金融, 和保险, must also deal with regulatory 和 compliance issues when their technical infrastructure gets hacked. In this environment, robust 云安全  是至关重要的. 那么，什么是IAM?

我是如何工作的? 

简单地说, IAM is designed to let the right people in (your employees) 和 keep the wrong people out (threat actors). Every service 和 asset 在云端 has its own identity that comes with multiple layers of permission, 和 IAM protects identity boundaries with automated monitoring 和 remediation built around:  

• 访问管理 
• 角色管理
• 身份认证 
• 合规审计

Least privileged access (LPA) is a key component of the IAM cloud lifecycle approach. It sets the minimum amount of access that a person or machine will need in order to do the job. Solutions leveraging LPA will typically employ automation to tighten or loosen permissions based on the user's role. 

IAM的组成

Any robust IAM platform provides a suite of technologies 和 tools aimed at governing access to a company's technical assets. This basic functionality includes: 

• 密码管理
• Security policy enforcement
• Access monitoring, reporting, 和 alerting
• Identity management 和 repositories 
• 配置服务

These functionalities may seem like “the basics,” but governing how they are implemented 和 maintained can very quickly become complicated. A solution that includes the above ensures proper access through identity-based policies, 资源政策, 允许的界限, service-control policies, 以及会话策略.

随着时间的推移, governance of these functionalities will change, as IAM boundaries evolve 和 security becomes ever tighter. In the end, IAM is an essential piece in any organization’s strategic SecOps approach. 

Major Capabilities of an IAM Solution

Depending on the needs of the company, some 供应商 provide separate IAM solutions for on-premises 和 cloud-based environments. 另外, other IAM technologies exist to meet certain identity management scenarios.

例如, API的安全 provides single sign-on capabilities for mobile 和 IoT 设备s accessing a technical infrastructure. This approach makes sense for B2B use cases, as well as cloud 和 microservices integration.

如前所述, CIAM supports identity management for customers accessing a company’s ERP, CRM, 和 other similar systems. Companies already embracing a cloud-based infrastructure need to consider Identity as a Service (IDaaS) for their IAM needs.

最后, Identity Management 和 Governance (IMG) supports companies with significant regulatory 和 compliance needs. This technology leverages an automated approach to identify lifecycle governance. 另外, risk-based authentication (RBA) analyzes a user’s identity 和 context to determine a risk score. The system then requires higher-risk requests to use two-factor authentication to gain access.

IAM的好处

成功ful businesses don’t thrive in a vacuum. 而不是, they rely on fostering relationships with customers, 客户, 供应商, 以及他们自己的员工. Doing so requires providing access to internal technical systems, 不是本地, 在云端, 或者两者兼而有之. IAM makes this access possible in a secure fashion.

As organizations continue to embrace mobile 和 IoT, driven by the growth in 5G networking, a robust IAM solution is necessary to support this extended access. Identity access management ensures security 和 compliance no matter the user’s location, or whether that user is a person, 设备, 或microservice.

Ultimately, implementing an IAM platform helps the company’s technical team work more efficiently. 

IAM的挑战

自然, implementing an identity management platform remains a challenging process for many businesses, as its presence affects a company’s entire security stack. 正因为如此, network administrators need to be aware of various risks when adopting a new IAM solution.

One challenge is the onboarding of a new employee, contractor, application, or service. It’s critical that the responsible manager or HR person has the rights to provide this initial access. A similar concept applies when access needs to be modified for any reason. Properly delegating this authority 是至关重要的.

Note that newer IAM products leverage automation for this purpose, which also helps immeasurably when reducing or removing access rights. It’s an important regulatory compliance issue as well. 休眠帐户 网络访问 are critical security holes that must be patched as soon as possible.

Monitoring trust relationships after granting access is another important challenge when implementing an IAM platform. Analyzing baseline user behavior helps in this regard; it makes it easier to detect when usage anomalies happen.

Any IAM solution must also closely integrate with the single sign-on (SSO) approach used by the organization. The SSO platform must easily provide secure access to a company’s entire suite of 应用程序, including those hosted on-premises or with a cloud provider.  

最后, the chosen identity management process must seamlessly orchestrate with multiple cloud providers. A multi-cloud infrastructure provides the most challenges to identity 和 access management, as each cloud provider likely brings their own security approach. 成功fully integrating an IAM solution that supports multiple cloud environments helps prevent any critical security risks.

Read More About Identity 和 Access Management (IAM)

2022 Cloud Misconfigurations Report: Latest 云安全 Breaches 和 Attack Trends

Learn about Rapid7's InsightCloudSec product

Identity 和 Access Management (IAM): Latest 新闻 from the 博客