Was ist Identitäts- und Zugriffsmanagement (IAM)?
Das Identitäts- und Zugriffsmanagement (IAM) ist zur Grundlage der Cybersicherheit für Unternehmen geworden. In der Vergangenheit wurden alle Anwendungen im Rechenzentrum eines Unternehmens gehostet und alle Benutzer, die auf diese Anwendungen zugriffen, befanden sich im Netzwerk. Um die Sicherheit seiner Daten zu gewährleisten, musste ein Unternehmen lediglich jeden Datenverkehr überprüfen, der in das Netzwerk eindringen wollte, und jeden Datenverkehr, der es verlassen wollte.Firewalls haben in dieser Umgebung hervorragende Arbeit geleistet.
Today, that world, which relied on creating a secure perimeter around the network, is long gone. While most organizations retain some applications in the data center, the majority are now hosted in public and private clouds, and access over the internet. And employees that were once tethered to the network are now working from anywhere using a variety of managed and unmanaged devices.
Anstatt das Netzwerk und das Rechenzentrum zu schützen, muss die Aufgabe der Cybersicherheit nun darin bestehen, alle Verbindungen zwischen Benutzern und Geräten zu Anwendungen und anderen Ressourcen zu schützen.Die Technologie, die für diesen Schutz sorgt, prüft die Identität eines Benutzers oder Geräts bei einer Zugriffsanfrage und kontrolliert dann, um sicherzustellen, dass der Zugriff autorisiert ist. Identitäts- und Zugriffsmanagement-Technologien (IAM) identifizieren, authentifizieren und autorisieren Benutzer und blockieren nicht autorisierte Benutzer. Dadurch wird das Sicherheitskonzept in die moderne Welt verlagert, in der der Nutzer von überall aus eine Verbindung herstellen kann. Wir nennen diesen Rahmen den Identitätsperimeter.
Identität ist wichtiger geworden, seit COVID physische Grenzen irrelevant gemacht hat.
– Andras Cser, VP und IAM Analyst, Forrester Research
Workforce Identity vs. Customer Identity
The scenario described above largely describes workforce identity, whereby companies provide their employees and partners with secure access to applications. But there is a much larger demand for identity solutions that protect customers who are increasingly living their lives online. The rise in online activity has created the need for customer identity and access management (CIAM) solutions to protect consumers as they access online banking, e-commerce sites, government services, tele-health services, and much more.
Why Digital Identity is so Important
Everyone and everything that connects to the internet has an identity. In IAM terms, these may include employees, partners, contractors, customers, suppliers, computers, servers, smartphones, IoT devices, applications/workloads, and APIs. Each of these entities has an identity that must be confirmed and its permissions must be assessed before access to any resources can be granted. It's not unusual for an enterprise to have many millions of identities connecting to its resources.
Die Aufgabe, all diese Identitäten zu überprüfen und ihre Zugriffsberechtigungen zu verwalten, wird am besten von einer umfassenden IAM-Plattform erledigt, die schnell und skalierbar ist und intelligente Zugriffsentscheidungen treffen kann, ohne die Leistung zu beeinträchtigen, selbst bei hohem Datenverkehr.
What should an IAM solution offer?
Single Sign-On (SSO) – SSO allows users to login once to gain access to all their applications and services whether they're in the cloud or data center. It prevents the frustration of repeated logins, which harm productivity in the enterprise and cause customer drop-off for e-commerce sites.
Multifactor Authentication (MFA)– MFA improves security by requiring an added credential, such as a fingerprint (biometric), acceptance of a push notification via authenticator app, or a one-time password (OTS) delivered via text message or email. With MFA, even with login credentials, an attack will not succeed in gaining access to targeted resources.
Authorization – Authorization is used to determine the [authenticated] user's approved level of access. In the enterprise, entities are granted certain privileges related to what may be accessed, based on their roles, and such access may be extremely granular. For example, an accountant may have extensive privileges within most financial applications, but not those related to compensation.
Wie IAM Bedrohungen verhindert
According to the U.S. Census Bureau, retail e-commerce alone grew 18.3% in 20211, even after the massive, pandemic-fueled growth of 31.8% in 20202. The increase in online activity has proven to be lucrative for attackers, who are using previously stolen credentials to execute new, more wide-ranging, attacks. In fact, the latest ForgeRock Identity Breach Report, showed that unauthorized access was the leading cause of breaches for the fifth consecutive year, accounting for half of all breaches.
Questionable yet common practices, like simple passwords and password reuse, enable bad actors to gain access to valuable data, such as birth dates and Social Security numbers. Attackers can steal this data and sell it on the black market, or they can use the data to carry out fraudulent activities, such as account takeover (ATO), which increased 307 percent from 2019 to 2020. In a successful ATO, an attacker can move money, open other accounts, and create financial havoc for the customer and the institution. Read more about ATO in this blog.
Organizations can reduce the likelihood and cost of breaches by using an IAM solution infused with artificial intelligence (AI) and machine learning (ML) to quickly identify and contain attempts at unauthorized access. Such solutions also ensure that the right access roles, entitlements, and policies are in place within your organization to protect against overprovisioned access.
AI specializing in risk decisioning can…prevent attempts to gain unauthorized access by incorporating multiple contextual signals into the decision process, such as login location, IP network reputation, and the distance between login attempts and registered MFA devices.
How IAM Enhances the User Experience
Whether you're talking about IAM in the enterprise or CIAM for providers of consumer services, user experience is a top priority.
In the enterprise, it's important to connect users, especially employees, to their resources as quickly as possible to keep workflows moving and productivity high. In the consumer marketplace, the stakes are even higher. A company's registration or login page is the "front door" to its business. If a consumer has a bad experience upon entering the "store," the company has a very high chance of losing that customer. In the financial services sector, for example, 40% of consumers abandon their registrations when opening a new bank account for reasons that include an overly lengthy process, time-consuming authentication, and difficulty filling out forms.1
An intelligent IAM system also reduces helpdesk calls. A 2022 Total Economic Impact study by Forrester Consulting on behalf of ForgeRock showed that CIAM could reduce security-related calls to the help center by 40%, resulting in a cost savings of $24 million.
IAM's Role in Compliance
All organizations are subject to regulatory audits, and they must demonstrate compliance and repeatable results. That's why many companies are turning to IAM solutions based on a Zero Trust model, which removes all implicit trust and grants access to resources based on the continuous evaluation of user identity, device posture, and fine-grained access policies defined by the organization. Zero Trust, built on the principle of least-privileged access, removes the risk of overly permissive policies, which are a compliance risk, and eliminates the ability of unauthorized users to move laterally across a network.
IAM infused with AI/ML also supports compliance by fully automating the access review and approval processes. It also reduces human errors and the problems that can occur as a result of too many access requests, which often lead to over-provisioned users and failed compliance audits.
Finally, data sovereignty is a key requirement of many regulations, and companies must be able to prove that data is being stored in its country or region or origin. You need a cloud architecture with full tenant isolation to meet the strictest global privacy and data residency requirements, and to keep your sensitive data and backups under your control and in the required region or country.
The ForgeRock Identity Platform offers the sophisticated IAM capabilities you need to protect every identity in your organization — people, systems, applications, and things. It includes AI-powered solutions to manage digital identities at scale and ensure that entities are who they claim to be.
The ForgeRock Identity Platform is the only offering for AI-driven access management, identity management, user-managed access, directory services, and an identity gateway, designed and built as a single, unified platform.
ForgeRock Recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Access Management
What are the Critical Capabilities of Access Management in 2023?
AI-Driven Threat Prevention
ForgeRock Access Management
Sichere und nahtlose Kundenerlebnisse für Ihre Kunden und Mitarbeiter
Gartner Critical Capabilities for IAM
Gartner Critical Capabilities for IAM
Die Identitätsplattform von ForgeRock
Eine Plattform. Alle Identitäten.
ForgeRock Access Management
Schaffen Sie außergewöhnliche Erlebnisse und kompromisslose Sicherheit für Ihre Kunden, Mitarbeiter und IoT-Geräte.
Identity Cloud von ForgeRock
Die einzige Identity Cloud, die speziell für Großunternehmen entwickelt wurde.