After the first part of this blog article focused on the core tasks of Business Impact Analysis (BIA) and the foundations for resilience via Identity and Access Management (IAM), the second part now follows. Here the core tasks are to be brought up for discussion up to advantages of the Identity and Access management.
Main functions of Identity and Access Management
The most important function of Identity and Access Management is to manage user accounts and access permissions. Before they can be granted access rights, users must be authenticated and authorized by the system. “Authentication” is when a user proves to the system that they are the person they claim to be. This can involve a simple prompt to enter a user name and password or alternatively a multi-factor method requiring a security token or biometric features. The next step once the user’s identity has been established beyond all doubt is authorization. “Authorization” determines which systems or resources the user is allowed to access. Authorization is based on more or less complex rules and role concepts, which are normally stored in a database. These rules and roles may be freely definable or instead dependent on the company’s organizational structure and the user’s work domain.
Yet authentication and authorization are not the only tasks performed by Identity and Access Management systems. They also provide self-service user interfaces and run automated processes for granting and provoking user rights with extensive options for information or intervention.
The most important functions of an IAM system can be summarized as follows:
- Centralized management of identities and access permissions
- User authentication and authorization
- Centralized access control
- Mapping complex rules for access permissions and alignment with organizational structures where necessary
- Role based access rights
- Multi-factor authentication
- Self-services for users such as password reset
- Single sign-on services for access to multiple systems and resources using a single identity
Advantages of Identity and Access Management
Particularly in large companies, there may be many different identities and access permissions that need to be managed. IAM systems can provide and ensure the functionality to do this efficiently – and such that all access permissions are in conformity with internal and external policies. They prevent administrators from losing track of identities and access rights because the number of individual, decentralized approval and authorization processes is so enormous. Users and their rights are governed by a clearly defined structure and can be centrally managed. This reduces the risks of unauthorized access to a minimum, both by internal users and by external users such as customers or partners.
IAM systems make user registration more straightforward, and the authentication and authorization processes are automated. All access rights which are granted are thus guaranteed to correspond to the user’s actual role within the organization. And thanks to the self-service interfaces for users and the high degree of automation, the time and effort for administrators is minimized.
The concept of Identity Management is not only simple. It’s basic and it’s fundamental to security.
You haven’t read the first part of this blog article yet? Then you are welcome to do so here!
By the way: If you firmly anchor Plant Security in your company and thus make it fit for the future and are looking for concentrated expertise in this area, you should definitely take a look here and register for our first Plant Security Convention on September 11 of this year in Basel.