What is Access Management (AM)?
Access management (AM) is the "access" component of identity and access management (IAM) technology. AM refers to the principles and practices for granting users admittance to IT systems. AM controls access to resources, such as computers, applications and services, networks, shared drives, and data. It involves the use of tools, policies, and procedures by organizations to determine who can access these resources.
The benefits of access management
Access management ensures that the right people get access to the IT resources they need, quickly and securely. And it keeps out unauthorized users and devices, such as hackers, bots, and even unauthorized insiders.
Access management is a crucial first step in the deployment of any IT asset. It provides a level of assurance about user identity — who is accessing systems and resources. This assurance is necessary for passing audits, ensuring the confidentiality of data, or securing an organization against fraud. Access management is a key discipline in both IT and cybersecurity.
A comprehensive access management policy gives organizations the confidence to place digital assets "online," which makes them accessible over the internet and through mobile channels. Online access means that common tools, such web applications, browsers, and mobile apps, are available to users. This enables organizations to increase user productivity, secure their data and users, and potentially increase revenues.
What does access management cover?
Access management covers both human and non-human entities, including:
- Workforce users, such as employees and contractors
- Consumers and customers
- Partners and third-party organizations and users
- Cloud containers and Kubernetes
- Devices such as printers and workstations
- Application programming interfaces (APIs)
- Internet-of-things (IoT) devices
Zero trust and access management
A comprehensive AM policy finds "gaps" in secure access. These gaps may include weak password policies, default passwords and simple user credentials, or insecure authentication and authorization factors. AM policies establish procedures and technology to address these shortcomings.
A key principle of a Zero Trust architecture is ensuring that all access decisions are positively confirmed every time a person or device requests access to a resource. Zero trust and AM are integral security concepts that ensure every entity is known. It also enforces the principle of "least-privileged access," which means that authenticated users can gain access to resources they are authorized to use — and nothing more.
Passwordless authentication is on the upswing
A key area of innovation in access management is something known as passwordless authentication. Passwordless authentication is defined by the ability for users to gain access without the use of a static, user-selected password. Examples could include using the biometrics on a mobile phone, such as face or fingerprint, instead of passwords.
But passwordless can also involve a one-time passcode sent via email or text message (SMS), a magic link, or the use of a hardware-based token such as a Yubikey device. The idea is to move away from static usernames and passwords due to their abysmal track record as a leading cause of breaches. They are also well known by almost everyone for their poor usability, with frequent resets and sometimes account lockout. Instead, access management is moving towards stronger encryption-based concepts that offer greater security and ease of use.
Single sign-on (SSO) for consistent login experience
Requiring multiple logins leads to customer frustration and drop out. Multiple logins also impact productivity for the workforce, especially when users have to reset passwords or get locked out of their accounts. Single sign-on (SSO) allows users to log in once, then gain secure access to all their applications and services.
SSO can be enabled for each domain, across domains, and even outside your organization with federated SSO. It means that all applications — cloud, legacy, third-party, and more — can be accessed from a single, secure login. This "federated access" enables organizations to allow users of other trusted partners to access applications securely.
Designing user journeys using orchestration
A key component of access management is creating ways for users to gain access to the applications they need. Traditionally, this has been done through a login screen that required a username and password.
But for greater security, there's been an increase in the use of multi-factor authentication (MFA). MFA may use a combination of the traditional password approach plus< a href="/blog/7-ways-enterprises-are-taking-advantage-biometrics">biometric authentication methods, risk-based authentication, and various other "signals" gathered from user browsers and devices. Depending on risk, users now have a host of options for gaining access.
No matter how a user gains access, the process is known as a "journey." The design of user journeys can take into account many variables, such as contextual information about the user and device, as well as information about the sensitivity of the data the user is seeking to access.
Designing these journeys using no-code drag-and-drop identity orchestration tools can deliver a highly secure login and one that is nearly invisible to the user. As circumstances change, new user journeys can be created quickly to accommodate new users or a changing security situation. Ultimately, user access journeys should have the least amount of friction possible to create smooth user experiences.