Identity Access Management or IAM although not new is becoming increasingly a critical component of an enterprise cybersecurity program. It refers to the principles and practices of granting appropriate access to systems, network, applications and data. Put simply by the US National Institute of Standards and Technology (NIST), IAM ensures that the “right people and things have the right access to the right resources at the right time”, providing a layer of security that protects against unauthorized access.
Key concepts of IAM:
Authentication of an entity to check identity
Authorization of an entity to access specifics applications or data
Entities include an individual, a corporation, software or Internet of Things (IoT) devices.
IAM is one the tools used by organizations to mitigate cybersecurity risks and limit the risks of cyberattacks.