3: What Is IAM? Identity and Access Management Explained for Security Professionals
Audio Cast:
Takeaway Points:
IAM refers to the capabilities associated with Identity and Access Management - that is a framework and set of services to allow individuals access to particular services or pieces of data
The “identity” aspect typically refers to the creation and management of persistent data associated with a digital identity - aka a profile
This identity profile will contain a set of key/value pairs such as firstname=simon, email=simon@domain.com etc
The identity profile can be considered as part of a life cycle - with phases such as creation, modification, use, disabling and deletion
Changes to the identity data are managed via workflows and governance processes - which typically answer the question of “who the identity?” and “who can can have access to what?”
The “access” aspect typically refers to the use of the identity - or the runtime. This will contain authentication and authorization phases.
Access is focused upon “login” use cases as well the issuance of things like sessions, cookies and access tokens
IAM capabilities can be delivered as a joined up platform or by individual services
ChatGPT Answer:
Identity and Access Management (IAM) refers to a framework of policies, technologies, and processes that organizations use to manage and control access to their information systems and resources. It involves ensuring that the right individuals have the appropriate access to the right resources, while preventing unauthorized access…
Interesting Links:
NB - access links at own risk; not affiliated to IAM Bitesize or The Cyber Hut

