¿Qué es la gestión de identidades y accesos (IAM)?

La gestión de identidad y acceso (IAM) se ha convertido en la base de la ciberseguridad para las empresas. En el pasado, todas las aplicaciones estaban alojadas en el centro de datos de una empresa y todos los usuarios que accedían a esas aplicaciones estaban en la red. Todo lo que una empresa tenía que hacer para mantener sus datos seguros era inspeccionar el tráfico que intentara ingresar a la red y el tráfico que intentara salir de ella. Los cortafuegos hicieron un gran trabajo en ese entorno.

Today, that world, which relied on creating a secure perimeter around the network, is long gone. While most organizations retain some applications in the data center, the majority are now hosted in public and private clouds, and access over the internet. And employees that were once tethered to the network are now working from anywhere using a variety of managed and unmanaged devices.

En lugar de proteger la red y el centro de datos, el trabajo de la ciberseguridad ahora debe ser proteger cada conexión entre usuarios y dispositivos a aplicaciones y recursos. La tecnología que habilita esta seguridad verifica la identidad de un usuario o dispositivo que busca acceso, y luego aplica controles para garantizar que el acceso esté autorizado. Las tecnologías de gestión de identidad y acceso (IAM) identifican, autentican y otorgan autorización a los usuarios y prohíben el acceso a usuarios no autorizados, con lo que la seguridad se distancia de los esquemas del pasado y se traslada al mundo moderno, en el que el usuario puede conectarse desde cualquier lugar.Llamamos a este esquema perímetro de identidad.

La identidad se ha vuelto más importante desde que el COVID ha hecho irrelevantes los límites físicos.

Andras Cser, vicepresidente y analista de IAM, Forrester Research

Workforce Identity vs. Customer Identity

The scenario described above largely describes workforce identity, whereby companies provide their employees and partners with secure access to applications. But there is a much larger demand for identity solutions that protect customers who are increasingly living their lives online. The rise in online activity has created the need for customer identity and access management (CIAM) solutions to protect consumers as they access online banking, e-commerce sites, government services, tele-health services, and much more.

Why Digital Identity is so Important

Everyone and everything that connects to the internet has an identity. In IAM terms, these may include employees, partners, contractors, customers, suppliers, computers, servers, smartphones, IoT devices, applications/workloads, and APIs. Each of these entities has an identity that must be confirmed and its permissions must be assessed before access to any resources can be granted. It's not unusual for an enterprise to have many millions of identities connecting to its resources.

La mejor forma de verificar todas esas identidades que gestionan sus permisos de acceso es mediante una plataforma de IAM completa que sea rápida y escalable para tomar decisiones de acceso inteligentes sin afectar el rendimiento, incluso durante los momentos de mayor tráfico.

What should an IAM solution offer?

Single Sign-On (SSO) – SSO allows users to login once to gain access to all their applications and services whether they're in the cloud or data center. It prevents the frustration of repeated logins, which harm productivity in the enterprise and cause customer drop-off for e-commerce sites.

Multifactor Authentication (MFA)– MFA improves security by requiring an added credential, such as a fingerprint (biometric), acceptance of a push notification via authenticator app, or a one-time password (OTS) delivered via text message or email. With MFA, even with login credentials, an attack will not succeed in gaining access to targeted resources.

Authorization – Authorization is used to determine the [authenticated] user's approved level of access. In the enterprise, entities are granted certain privileges related to what may be accessed, based on their roles, and such access may be extremely granular. For example, an accountant may have extensive privileges within most financial applications, but not those related to compensation.

Cómo la IAM previene las amenazas

According to the U.S. Census Bureau, retail e-commerce alone grew 18.3% in 2021₁, even after the massive, pandemic-fueled growth of 31.8% in 2020². The increase in online activity has proven to be lucrative for attackers, who are using previously stolen credentials to execute new, more wide-ranging, attacks. In fact, the latest ForgeRock Identity Breach Report, showed that unauthorized access was the leading cause of breaches for the fifth consecutive year, accounting for half of all breaches.

Questionable yet common practices, like simple passwords and password reuse, enable bad actors to gain access to valuable data, such as birth dates and Social Security numbers. Attackers can steal this data and sell it on the black market, or they can use the data to carry out fraudulent activities, such as account takeover (ATO), which increased 307 percent from 2019 to 2020. In a successful ATO, an attacker can move money, open other accounts, and create financial havoc for the customer and the institution. Read more about ATO in this blog.

Organizations can reduce the likelihood and cost of breaches by using an IAM solution infused with artificial intelligence (AI) and machine learning (ML) to quickly identify and contain attempts at unauthorized access. Such solutions also ensure that the right access roles, entitlements, and policies are in place within your organization to protect against overprovisioned access.

AI specializing in risk decisioning can…prevent attempts to gain unauthorized access by incorporating multiple contextual signals into the decision process, such as login location, IP network reputation, and the distance between login attempts and registered MFA devices.

2022 ForgeRock Identity Breach Report

How IAM Enhances the User Experience

Whether you're talking about IAM in the enterprise or CIAM for providers of consumer services, user experience is a top priority.

In the enterprise, it's important to connect users, especially employees, to their resources as quickly as possible to keep workflows moving and productivity high. In the consumer marketplace, the stakes are even higher. A company's registration or login page is the "front door" to its business. If a consumer has a bad experience upon entering the "store," the company has a very high chance of losing that customer. In the financial services sector, for example, 40% of consumers abandon their registrations when opening a new bank account for reasons that include an overly lengthy process, time-consuming authentication, and difficulty filling out forms.¹

An intelligent IAM system also reduces helpdesk calls. A 2022 Total Economic Impact study by Forrester Consulting on behalf of ForgeRock showed that CIAM could reduce security-related calls to the help center by 40%, resulting in a cost savings of $24 million.

IAM's Role in Compliance

All organizations are subject to regulatory audits, and they must demonstrate compliance and repeatable results. That's why many companies are turning to IAM solutions based on a Zero Trust model, which removes all implicit trust and grants access to resources based on the continuous evaluation of user identity, device posture, and fine-grained access policies defined by the organization. Zero Trust, built on the principle of least-privileged access, removes the risk of overly permissive policies, which are a compliance risk, and eliminates the ability of unauthorized users to move laterally across a network.

IAM infused with AI/ML also supports compliance by fully automating the access review and approval processes. It also reduces human errors and the problems that can occur as a result of too many access requests, which often lead to over-provisioned users and failed compliance audits.

Finally, data sovereignty is a key requirement of many regulations, and companies must be able to prove that data is being stored in its country or region or origin. You need a cloud architecture with full tenant isolation to meet the strictest global privacy and data residency requirements, and to keep your sensitive data and backups under your control and in the required region or country.

ForgeRock IAM

The ForgeRock Identity Platform offers the sophisticated IAM capabilities you need to protect every identity in your organization — people, systems, applications, and things. It includes AI-powered solutions to manage digital identities at scale and ensure that entities are who they claim to be.

The ForgeRock Identity Platform is the only offering for AI-driven access management, identity management, user-managed access, directory services, and an identity gateway, designed and built as a single, unified platform.