What is Identity and Access Management (IAM)?

Identity and access management (IAM) has become the foundation of cybersecurity for the enterprise. In the past, all applications were hosted in a company’s data center and all users accessing those applications were on the network. All a company had to do to keep its data safe was to inspect any traffic that tried to enter the network and traffic that tried to exit it. Firewalls did a great job in this environment.

Today, that world, which relied on creating a secure perimeter around the network, is long gone. While most organizations retain some applications in the data center, the majority are now hosted in public and private clouds, and access over the internet. And employees that were once tethered to the network are now working from anywhere using a variety of managed and unmanaged devices.

Instead of protecting the network and data center, the job of cybersecurity must now be to protect every connection between users and devices to applications and resources. The technology that enables this security verifies the identity of a user or device seeking access, then it applies controls to ensure the access is authorized. Identity and access management (IAM) technologies identify, authenticate, and authorize users and prohibit unauthorized users, thereby detaching security from the frameworks of the past and moving it to the modern world, where the user may be connecting from anywhere. We call this framework the identity perimeter.

Identity has become more important since COVID has made physical boundaries irrelevant.

– Andras Cser, VP and IAM Analyst, Forrester Research

Workforce Identity vs. Customer Identity

The scenario described above largely describes workforce identity, whereby companies provide their employees and partners with secure access to applications. But there is a much larger demand for identity solutions that protect customers who are increasingly living their lives online. The rise in online activity has created the need for customer identity and access management (CIAM) solutions to protect consumers as they access online banking, e-commerce sites, government services, tele-health services, and much more.

Why Digital Identity is so Important

Everyone and everything that connects to the internet has an identity. In IAM terms, these may include employees, partners, contractors, customers, suppliers, computers, servers, smartphones, IoT devices, applications/workloads, and APIs. Each of these entities has an identity that must be confirmed and its permissions must be assessed before access to any resources can be granted. It's not unusual for an enterprise to have many millions of identities connecting to its resources.

The job of verifying all those identities managing their access permissions is best handled by a comprehensive IAM platform that is fast and scalable to make smart access decisions without impacting performance, even during traffic surges.

What should an IAM solution offer?

Single Sign-On (SSO) – SSO allows users to login once to gain access to all their applications and services whether they're in the cloud or data center. It prevents the frustration of repeated logins, which harm productivity in the enterprise and cause customer drop-off for e-commerce sites.

Multifactor Authentication (MFA)– MFA improves security by requiring an added credential, such as a fingerprint (biometric), acceptance of a push notification via authenticator app, or a one-time password (OTS) delivered via text message or email. With MFA, even with login credentials, an attack will not succeed in gaining access to targeted resources.

Authorization – Authorization is used to determine the [authenticated] user's approved level of access. In the enterprise, entities are granted certain privileges related to what may be accessed, based on their roles, and such access may be extremely granular. For example, an accountant may have extensive privileges within most financial applications, but not those related to compensation.

How IAM Prevents Threats

According to the U.S. Census Bureau, retail e-commerce alone grew 18.3% in 2021₁, even after the massive, pandemic-fueled growth of 31.8% in 2020². The increase in online activity has proven to be lucrative for attackers, who are using previously stolen credentials to execute new, more wide-ranging, attacks. In fact, the latest ForgeRock Identity Breach Report, showed that unauthorized access was the leading cause of breaches for the fifth consecutive year, accounting for half of all breaches.

Questionable yet common practices, like simple passwords and password reuse, enable bad actors to gain access to valuable data, such as birth dates and Social Security numbers. Attackers can steal this data and sell it on the black market, or they can use the data to carry out fraudulent activities, such as account takeover (ATO), which increased 307 percent from 2019 to 2020. In a successful ATO, an attacker can move money, open other accounts, and create financial havoc for the customer and the institution. Read more about ATO in this blog.

Organizations can reduce the likelihood and cost of breaches by using an IAM solution infused with artificial intelligence (AI) and machine learning (ML) to quickly identify and contain attempts at unauthorized access. Such solutions also ensure that the right access roles, entitlements, and policies are in place within your organization to protect against overprovisioned access.

AI specializing in risk decisioning can…prevent attempts to gain unauthorized access by incorporating multiple contextual signals into the decision process, such as login location, IP network reputation, and the distance between login attempts and registered MFA devices.

2023 ForgeRock Identity Breach Report

How IAM Enhances the User Experience

Whether you're talking about IAM in the enterprise or CIAM for providers of consumer services, user experience is a top priority.

In the enterprise, it's important to connect users, especially employees, to their resources as quickly as possible to keep workflows moving and productivity high. In the consumer marketplace, the stakes are even higher. A company's registration or login page is the "front door" to its business. If a consumer has a bad experience upon entering the "store," the company has a very high chance of losing that customer. In the financial services sector, for example, 40% of consumers abandon their registrations when opening a new bank account for reasons that include an overly lengthy process, time-consuming authentication, and difficulty filling out forms.¹

An intelligent IAM system also reduces helpdesk calls. A 2022 Total Economic Impact study by Forrester Consulting on behalf of ForgeRock showed that CIAM could reduce security-related calls to the help center by 40%, resulting in a cost savings of $24 million.

IAM's Role in Compliance

All organizations are subject to regulatory audits, and they must demonstrate compliance and repeatable results. That's why many companies are turning to IAM solutions based on a Zero Trust model, which removes all implicit trust and grants access to resources based on the continuous evaluation of user identity, device posture, and fine-grained access policies defined by the organization. Zero Trust, built on the principle of least-privileged access, removes the risk of overly permissive policies, which are a compliance risk, and eliminates the ability of unauthorized users to move laterally across a network.

IAM infused with AI/ML also supports compliance by fully automating the access review and approval processes. It also reduces human errors and the problems that can occur as a result of too many access requests, which often lead to over-provisioned users and failed compliance audits.

Finally, data sovereignty is a key requirement of many regulations, and companies must be able to prove that data is being stored in its country or region or origin. You need a cloud architecture with full tenant isolation to meet the strictest global privacy and data residency requirements, and to keep your sensitive data and backups under your control and in the required region or country.

ForgeRock IAM

The ForgeRock Identity Platform offers the sophisticated IAM capabilities you need to protect every identity in your organization — people, systems, applications, and things. It includes AI-powered solutions to manage digital identities at scale and ensure that entities are who they claim to be.

The ForgeRock Identity Platform is the only offering for AI-driven access management, identity management, user-managed access, directory services, and an identity gateway, designed and built as a single, unified platform.