What is Identity and Access Management (IAM)?

Workforce Identity vs. Customer Identity

The scenario described above largely describes workforce identity, whereby companies provide their employees and partners with secure access to applications. But there is a much larger demand for identity solutions that protect customers who are increasingly living their lives online. The rise in online activity has created the need for customer identity and access management (CIAM) solutions to protect consumers as they access online banking, e-commerce sites, government services, tele-health services, and much more.

Why Digital Identity is so Important

 Everyone and everything that connects to the internet has an identity. In IAM terms, these may include employees, partners, contractors, customers, suppliers, computers, servers, smartphones, IoT devices, applications/workloads, and APIs. Each of these entities has an identity that must be confirmed and its permissions must be assessed before access to any resources can be granted. It’s not unusual for an enterprise to have many millions of identities connecting to its resources.

The job of verifying all those identities managing their access permissions is best handled by a comprehensive IAM platform that is fast and scalable to make smart access decisions without impacting performance, even during traffic surges.  

What should an IAM solution offer?

Single Sign-On (SSO) – SSO allows users to login once to gain access to all their applications and services whether they’re in the cloud or data center. It prevents the frustration of repeated logins, which harm productivity in the enterprise and cause customer drop-off for e-commerce sites. 

Multifactor Authentication (MFA) – MFA improves security by requiring an added credential, such as a fingerprint (biometric), acceptance of a push notification via authenticator app, or a one-time password (OTS) delivered via text message or email. With MFA, even with login credentials, an attack will not succeed in gaining access to targeted resources.

Authorization – Authorization is used to determine the [authenticated] user’s approved level of access. In the enterprise, entities are granted certain privileges related to what may be accessed, based on their roles, and such access may be extremely granular. For example, an accountant may have extensive privileges within most financial applications, but not those related to compensation.  

How IAM Prevents Threats

According to the U.S. Census Bureau, retail e-commerce alone grew 18.3% in 2021₁, even after the massive, pandemic-fueled growth of 31.8% in 2020₂. The increase in online activity has proven to be lucrative for attackers, who are using previously stolen credentials to execute new, more wide-ranging, attacks. In fact, the latest ForgeRock Consumer Identity Breach Report, showed that unauthorized access was the leading cause of breaches for the fourth consecutive year, accounting for half of all breaches. 

Questionable yet common practices, like simple passwords and password reuse, enable bad actors to gain access to valuable data, such as birth dates and Social Security numbers. Attackers can steal this data and sell it on the black market, or they can use the data to carry out fraudulent activities, such as account takeover (ATO), which increased 307 percent from 2019 to 2020. In a successful ATO, an attacker can move money, open other accounts, and create financial havoc for the customer and the institution. Read more about ATO in this blog.

Organizations can reduce the likelihood and cost of breaches by using an IAM solution infused with artificial intelligence (AI)  and machine learning (ML) to quickly identify and contain attempts at unauthorized access. Such solutions also ensure that the right access roles, entitlements, and policies are in place within your organization to protect against overprovisioned access.

How IAM Enhances the User Experience

Whether you’re talking about IAM in the enterprise or CIAM for providers of consumer services, user experience is a top priority. 

In the enterprise, it’s important to connect users, especially employees, to their resources as quickly as possible to keep workflows moving and productivity high. In the consumer marketplace, the stakes are even higher. A company’s registration or login page is the “front door” to its business. If a consumer has a bad experience upon entering the “store,” the company has a very high chance of losing that customer. In the financial services sector, for example, 40% of consumers abandon their registrations when opening a new bank account for reasons that include an overly lengthy process, time-consuming authentication, and difficulty filling out forms.¹

An intelligent IAM system also reduces helpdesk calls. A 2022 Total Economic Impact study by Forrester Consulting on behalf of ForgeRock showed that CIAM could reduce security-related calls to the help center by 40%, resulting in a cost savings of $24 million. 

IAM’s Role in Compliance

All organizations are subject to regulatory audits, and they must demonstrate compliance and repeatable results. That’s why many companies are turning to IAM solutions based on a Zero Trust model, which removes all implicit trust and grants access to resources based on the continuous evaluation of user identity, device posture, and fine-grained access policies defined by the organization. Zero Trust, built on the principle of least-privileged access, removes the risk of overly permissive policies, which are a compliance risk, and eliminates the ability of unauthorized users to move laterally across a network.

IAM infused with AI/ML also supports compliance by fully automating the access review and approval processes. It also reduces human errors and the problems that can occur as a result of too many access requests, which often lead to over-provisioned users and failed compliance audits.

Finally, data sovereignty is a key requirement of many regulations, and companies must be able to prove that data is being stored in its country or region or origin. You need a cloud architecture with full tenant isolation to meet the strictest global privacy and data residency requirements, and to keep your sensitive data and backups under your control and in the required region or country.  

ForgeRock IAM

The ForgeRock Identity Platform offers the sophisticated IAM capabilities you need to protect every identity in your organization — people, systems, applications, and things. It includes AI-powered solutions to manage digital identities at scale and ensure that entities are who they claim to be. 

The ForgeRock Identity Platform is the only offering for AI-driven access management, identity management, user-managed access, directory services, and an identity gateway, designed and built as a single, unified platform.

1. https://www.genesys.com/blog/post/5-ways-to-fix-customer-onboarding-processes-in-financial-services