TechTalkTuesday – IAM

Welcome to #TechTalkTuesday – where tech terms are defined, explained, and no longer a mystery. 

Today we’re exploring the term IAM. 

A framework implemented by businesses, identity, and access management (IAM) includes policies, processes, and technologies that are used together to facilitate the management of digital or electronic identities. 

An IAM framework allows IT managers to control and manage user access to essential data within the organization.  

Some of the systems that are incorporated into IAM include the following. 

  • Single sign-on systems (SSO) 
  • Two-factor authentication (2FA) 
  • Multifactor authentication (MFA) 
  • Privileged access management (PAM) 

These technologies can also be used to ensure that only the relevant and necessary data is shared with users.  

There are several fundamental components of IAM. 

  • How user roles are identified within the system 
  • How user roles are assigned to individuals 
  • How the system identifies individuals
  • Adding, deleting, and maintaining users and their roles within a system
  • Assigning the correct level of access to individual users or teams of users 
  • Securing and protecting both the system and the sensitive data it contains 

 The IAM framework empowers IT to manage and control which users access critical information within the system. Simply put, the IAM framework will enable system admins to determine role-based access control based upon the assigned individual roles of users within the organization. 

Here is a scenario that may apply in a business setting. 

The HR manager within your organization should not have access to company financials but should have access to employee salary information. The accountant or controller should have access to company financials and employee salary information. On the other hand, the sales manager should not have access to any of this information.  

The IAM framework allows access for the individual user so that they can perform specific role-dependent tasks, such as view, edit, or delete files. Roles are defined based upon the job, level of authority, and degree of responsibility within the organization.  

IAM systems should capture and record the login info for each user, effectively manage and maintain the organization’s database of user identities, and coordinate both the assignment and change of access privileges. 

It is important to note that digital identities are not limited to the human user. IAM frameworks are designed to manage the digital identities of both applications and devices with the goal of establishing trust.  

There is much more that can be said about IAM, but we prefer to keep things brief on TechTalkTuesday! Join us next week on TechTalkTuesday when we will discuss CIAM. After that, we will dive deeper on a Friday blog post – exploring IAM and CIAM. We can’t wait to share more with you.