Identity & Access Management (IAM)

Identity & Access Management (IAM) is an approach and framework centered around ensuring that only authorized individuals, pre-defined groups, and roles can access the desired resources at the correct time. This policy helps to protect organizations and agencies from insider threats, unauthorized access to material, data breaches, and overall helps to reduce the risk faced by an entity by protecting the integrity of their systems and data. IAM does not stand alone, as it is influenced by and works alongside various government regulated compliances such as HIPPA or GDPR to ensure compliance with access to data and how it is stored. Some features of Identity & Access Management include multi-factor authentication to protect against unauthorized access even in cases where a malicious attacker have obtained a password, Role-Based Access Control (RBAC) to limit those with a certain role to only be able to access the bare-minimum of necessary information in order to complete their job, as well as enforcing strong password policies to help prevent successful password based attacks.