Infrastructure security measures are important, but they can be for nothing if users have access when they shouldn’t. Whether it’s users that have left the organization and still have systems access or current users have more access than they should, both can be equally damaging.
A typical organization has dozens if not hundreds of places where users have accounts with various permissions. Edward Snowden is a prime example of someone who had more access to data than he should, and the results speak for themselves. Identity and Access Management (IAM) solutions are a set of technologies and processes which can help solve the problem of how to link, review, evaluate, and manage user accounts and their permissions. IAM can encompass an organization's entire ecosystem from mainframes to Active Directory, on-premise applications to cloud solutions, HR systems and critical business applications. The enforcement of security strategies such as Least Necessary Privilege and Periodic Access Review/Certification are enabled through IAM.
Don’t Be Fooled, Active Directory Isn’t IAM
Do you already have Active Directory (AD) and are using it for linkage to many applications? While very typical, this can be restrictive, get out of hand quickly, and leave big gaps in an overall security model. AD was built specifically for file, print, and workstation management. It rarely meets all the needs of an enterprise directory without creating security and usability issues.
Did you know the mere presence of an account in AD gives a user access to every single Windows server? Over-reliance on AD causes the problem of creating and managing user accounts that have no real reason to be there. IAM technologies can help you get the most out of your AD without creating a need to over-relying on it.