The ABCs of identity management

What is identity management? Broadly speaking, identity management systems (also known as identity and access management, or IAM, systems) enable the administration of individual identities within a system, such as a company, a network or even a country. More specifically, ID management in enterprise IT is about defining and managing the roles and access privileges of individual network users and the circumstances in which users are granted (or denied) those privileges.

An ID management system’s core objective is one identity per individual. Once that digital ID has been established, it must be maintained, modified and monitored throughout each user’s “access lifecycle.”

Thus, the overarching goal of ID management is to “grant access to the right enterprise assets to the right users in the right context, from a user’s system onboarding to permission authorizations to the offboarding of that user as needed in a timely fashion,” according to Yassir Abousselham, senior vice president and chief security officer for Okta, an enterprise identity management provider.

ID management systems provide administrators with the tools and technologies to change a user’s role, track user activities, create reports on those activities, and enforce policies on an ongoing basis. These systems are designed to provide a means of administering user access across an entire enterprise and to ensure compliance with corporate policies and government regulations.

ID management technologies include (but aren’t limited to) password-management tools, provisioning software, security-policy enforcement applications, reporting and monitoring apps and identity repositories. ID management systems are available for on-premise systems, such as Microsoft SharePoint, as well as for cloud-based systems, such as Microsoft Office 365.

ID management systems must be flexible and robust enough to accommodate the complexities of today’s computing environment. One reason: An enterprise’s computing environment used to be largely on-premises, and ID management systems authenticated and tracked users as they worked on-premises, says Jackson Shaw, senior director of product management for ID and access management provider One Identity. “There used to be a security fence around the premises,” Shaw noted. “Today, that fence isn’t there anymore.”

As a consequence, ID management systems today should enable administrators to easily manage access privileges for a variety of users, including domestic on-site employees and international off-site contractors; hybrid compute environments that encompass on-premise computing, software as a service (SaaS) applications and shadow IT and BYOD users; and computing architectures that include UNIX, Windows, Macintosh, iOS, Android and even Internet of Things (IoT) devices.

Ultimately, the ID management system should enable centralized management of users “in a consistent and scalable way across the enterprise,” says Abousselham.

In recent years, identity-as-a-service (IDaaS) has evolved as a third-party managed service offered over the cloud on a subscription basis, providing ID management to a customers’ on-premise and cloud-based systems.