IAM is a Massive Data Problem

On the surface, most people wouldn’t view identity and access management as a data problem. “Give me access to [some application] right now” is usually top of mind, followed by spite about access reviews, and possibly fear of audit issues, among other things. All of those are reasonable thoughts, but under the surface lies a big, nasty data problem.

Suppose you are fortunate (or unfortunate) enough to have a centralized identity management system that helps you manage access reviews. What data needs to come together to give you the information you need to perform an access review?

Continue Reading…

Why are Entitlements so Dangerous?

One of the most difficult concepts to understand in identity and access management is entitlements–in other words, the different types of access that people can have within applications, databases, servers, and basically anything else someone could gain access to.  As a result, one of the most difficult concepts to execute is managing those entitlements.

Not having detailed (“fine-grained”) data about the entitlements your organization’s people have is a serious knowledge gap in cybersecurity because it means you don’t truly understand what they can access and do within your systems.  By understanding how entitlements can work and how they can be managed within your IAM systems, you’re on the right path to solving this problem.

Continue Reading…

Principles for Better Identity and Access Management

Identity and access management needs to be better. For many people, accessing systems is their only direct interaction with information security. So why is this interaction often so painful? A few basic principles can help us to better identity and access management.

Continue Reading…

What is Identity Governance and Administration (IGA)?

You may have started observing a new acronym within our industry called Identity Governance and Administration, or IGA.  There are enough acronyms already, so many of us have found this new development confusing and in need of further explanation.  While some may assume you know everything about the industry and magically understand every last detail about what this term means, we’re all about the basics and will make no such assumptions.  We’re here to help explain this to you in a fair amount of detail, which should hopefully help eliminate some of the confusion and perhaps even clarify several of the underlying fundamentals in identity and access management.
Continue Reading…

Understanding Access: Data, Information, and Informed People

Identity and access management generates a lot of security data – access requests, approvals, audit logs, access reviews, and termination requests.  This management is done to control access to information systems, which also have lots of security data – entitlements, LDAP groups, roles, profiles, rules, and more.

All of this data has the potential to cure a lot of security and compliance problems, and yet it rarely does.  The reason is that data alone doesn’t give understanding, so it doesn’t reach its full potential.  The difference lies in the three components of understanding access: data, information, and informed people.

Continue Reading…