What Is Identity and Access Management (IAM)?
Petros Efstathopoulos, vice president of research at RSAC, explains that IAM is an umbrella term that refers to the set of policies, technologies and processes that manage users’ identities and control their access to resources within an organization.
“IAM is crucial for ensuring secure interaction with web applications and cloud services, as it allows administrators to grant permissions to users and applications, thereby defining how these entities can interact with specific resources,” he says.
For example, in a higher education environment, IAM can be used to assign faculty, staff or student permissions to ongoing research, faculty calendars and a variety of other on-campus resources.
In other words, IAM is a broad term, and a fundamental concept in security, that refers to three major tasks: identifying users, authenticating them and managing their privileges.
Understanding Multifactor Authentication (MFA)
Brandon Traffanstedt, senior director for CyberArk’s global technology office, describes MFA as a capability of IAM.
“It makes sure that users are properly authenticated in this process by enforcing the use of several controls, or factors, of proof when the user is trying to access something,” he says.
Users might be asked for a password alongside a biometric authentication, for instance, or a password and a ‘push’ to an authentication app or code on a physical device.
What Is Privileged Access Management (PAM)?
PAM can be thought of as a subset of IAM that is focused on powerful or sensitive access and normally used in scenarios whereby an individual (or machine) needs access to systems or services requiring stronger permissions than a standard user.
PAM is used to ensure that this highly sought-after access is hardened with extensive security controls.
“Privileged access can be associated with human users as well as nonhuman users, such as applications and machine identities,” Traffanstedt says.
Likewise, the definitions of privileged access and standard access continue to expand as more users and machines are given additional high-level access.