Cybersecurity Architecture Series: Identity and Access Management (IAM)

Overview

• Focus on the seven domains of cybersecurity architecture.
• Today's topic: Identity and Access Management (IAM).
• Identity is considered the new perimeter.

The Four As of IAM

1. Administration

   • Determine access rights and create accounts.
   • Identity Management and Identity Governance are key terms.

2. Authentication

   • Determine user identity.
   • Methods of authentication:
     • Something you know (e.g., password, PIN).
     • Something you have (e.g., mobile phone).
     • Something you are (e.g., biometric).
   • Multi-Factor Authentication (MFA): Combines different methods to enhance security.
   • Trend towards passwordless authentication.

3. Authorization

   • Determines what users are allowed to do.
   • Uses risk-based and adaptive authorization.
   • Considers request types, amounts, and frequency.

4. Audit

   • Review actions taken by users to ensure proper access management.
   • User Behavior Analytics (UBA) to detect anomalies and potential malicious actions.

IAM Architecture Components

Foundation Layer

• Directory: Where user information is stored (e.g., names, access rights).
  • Needs a database, schema, and communication protocol (e.g., LDAP).
  • Active Directory is a common implementation.
• Ideal: One enterprise directory for all user information.
• Real-world scenario: Multiple directories; need for synchronization.
  • Virtual Directory and Meta Directory approaches.

Administration Processes

• Account creation, modification, and deletion are handled in this layer.
• Role management maps user groups to IT roles based on business roles.
• Approval processes are required for granting access rights:
  • Straightforward for general access (e.g., email).
  • Complex for sensitive information (multi-step approvals).

Access Management

• Handles the authentication and authorization aspects of IAM.
• Privileged Access Management (PAM):
  • Focus on users with high-level access (e.g., system administrators).
  • Best practices to avoid shared passwords and improve monitoring.

Summary of Use Cases

1. New Employee Access:

   • Account created in HR, mapped to roles, undergoes approval.

2. Existing Employee Needs More Access:

   • User requests additional access, must go through approval process.

3. De-Provisioning an Exiting Employee:

   • Remove access rights based on HR system updates.

Future Considerations

• Federation capabilities for accessing external systems using IAM.
• Distinction between workforce identity management (for employees) and consumer identity and access management (CIAM, for customers).
  • CIAM focuses on user experience and privacy.

Conclusion

• IAM is essential for managing user identities and access rights effectively.
• Next video will cover endpoint security.
• Reminder to subscribe for updates.