Identity and Access Management Overview
In this article
WWT's goal is to streamline authentication and access for a better employee experience, stronger compliance and greater control of organizational data and systems.
The WWT IAM practice group provides consulting services across all areas of IAM, including lifecycle and governance, Single Sign-On (SSO), Multi-Factor Authentication (MFA), Network Access Control (NAC), privileged account management and encryption. Our advisory services provide solution planning and design through operational assessments, industry research and roadmap development. We partner with the leading IAM solution providers to deploy and maintain long-term security solutions for your unique business needs.
Lifecycle & governance
This component is the main element for correlating the "who" and the "what" for Identity & Access Management. It is primarily responsible for ingesting identity information (the "who") from the initial source, such as an HR platform, and then ingesting entitlement information (the "what"). The lifecycle begins to perform relationship matching and role mining to build a "profile." This system is the central source of truth for identity, provisioning and de-provisioning, access governance, role based access and the source which updates the primary network authentication identity source.
Network Access Control (NAC)
The purpose behind NAC technology is have network authentication and authorization before allowing access on to a network. By doing this, security controls are enhanced and to provide visibility into connecting users and devices, this solves "who is on my network." Organizations can leverage the visibility to perform posturing of an endpoint, validate certain criteria is met before allowing that device to connect to the corporate network. Taking NAC a step forward, it is a key element to building and applying software defined segmentation, leveraging network tags.
Single Sign On (SSO)
With the proliferation of applications and services, both on premise and cloud, the number of identities a single entity (user) may have has increased dramatically. So not only are end users having to remember numerous passwords they are also having to remember numerous login ids (identities). Federation allows for the consolidation of identities and their attributes from multiple identity providers or identity domains through an established trust. This federation is facilitated by protocols such as SAML and OpenID (mentioned earlier). There are number of vendors offering directory services such Okta, Ping Identity and Microsoft facilitating federation services and SSO. SSO allows for a single authentication to be used across multiple systems. As the SSO industry continues to mature, there is a consolidation of multi-factor authentication (MFA) within SSO technologies
Privileged Account Management (PAM)
This technology provides functionality and technical controls for managing and monitoring privileged accounts. A privileged account is traditionally secondary account assigned to a user to perform elevated functionality. The way organization are following regulations and managing internal risk is by segregation of duties. In order to accomplish this segregation of duties, that privileged account is created. When this happens, a PAM technology helps to manage who has elevated access, who can have access to non-named account (i.e. service accounts), who can see the password, audit tracking and approval workflows.
As users continue to access resources and data from anywhere at any time, protecting that data at rest or in motion is a vital element in protecting a corporation's assets and intellectual property. In order to protect this data, encryption is key component. In most regulatory and security frameworks, encryption is a standard in protecting the sensitivity of the data from unwarranted users from being able to see that data.