Definition
Identity and Access Management (IAM) is a framework of policies, technologies, and processes that manages digital identities and people’s access to an organization’s applications, systems, and data.
Its main aim is safeguarding the company’s resources from unauthorized access and potential cyber-attacks.
Building Your IAM Framework
While IAM frameworks are tailored to meet each organization’s unique needs, here are some common policies:
- The authentication policy indicates the authentication method the organization will use, such as tokens, passwords, biometrics, or multi-factor authentication.
- Authorization policy stipulates the access control mechanism used to determine resources an individual can access, based on their roles, permissions and other criteria.
- Password policy defines the requirements for generating and managing user passwords, like their complexity, length and expiration time.
- User provisioning policy specifies how user accounts are created, managed, and removed from the organization’s systems and applications.
- Data classification policy manages the classification of an organization’s data based on its sensitivity.
- Incident response policy dictates the processes for responding to IAM-related incidents like data breaches or unauthorized access attempts.