Identity and Access Management: Policy Creation with Analytics
What is an Identity and Access Management Policy?An Identity and Access Management Policy defines access controls within your IT infrastructure. Unlike other written documentation such as cybersecurity policy, an IAM policy requires you to align specific business needs to technical identity and access definitions. Creating an effective IAM policy ensures that the right users have the right access to the right resources at the right time and for the right reason.
Why is it difficult to create an IAM Policy?Problematically, complex, integrated architectures often create a poor end-user experience. As your organization scales and incorporates new technologies, you may find yourself struggling to create a holistic, unified identity and access program. Many organizations complain that their current IAM strategies lead to:
- Lost Productivity: Users need to request access to resources and wait for IT administrators to review the approvals.
- Poor User Experience: Users need individual accounts for each resource which becomes cumbersome.
- Siloed Applications: Lack of interconnection between applications leads to lack of common data across users.
- Increased Administrative Cost: Help Desk and IT staff spend too much time responding to basic issues like password management arising from the poor user experience of multiple accounts for resources
- Increased Information Security and Compliance Risk: More applications and access points increases the threat surface which increases the risk of unauthorized access as well as audit and compliance violations.
Why organizations struggle to create cohesive identity data for usersThe digital era evolves the definition of user from human to human and non-human. Although we traditionally consider users workforce members or human contractors, defining users today needs to include robotic process automation (RPA), Internet of Things (IoT) devices, programmatic functions, and service accounts. The identities are the digital representations of user, either human or virtual entities, that interact with information systems, software, and data. Each of these identities needs to be granted a credential that authenticates its access to the appropriate resource. Then that authenticated identity needs to be granted permission within the system or application to access the resources necessary to fulfill its job function or automated role. When creating an IAM policy, you want to create a baseline definition for all users. A primary struggle in a modernized IT infrastructure is the lack of unified definitions across the ecosystem. For example, many organizations who have on-premises, hybrid, and multi-cloud infrastructures struggle to create a unified definition of “user” because:
- AWS considers the title a human identity
- Azure defines it as a person in the Azure Active Directory (AD)
- Google Cloud Platform does not use “user” but refers to “Google account” as any user with an email associated with a Google account
- Alibaba uses the term “RAM-User” which can be human or service account