What is IAM??

Security

에스테리즘 2018. 12. 19. 08:51

1. Definition of IAM (Identity Access Management)

: Establish security policies that your organization needs and manage user accounts and permissions automatically according to policies.

Solutions (SSO + Authority Management + Resource Management + Security Policy establishment + Provisioning)

2. Components of the IAM

Component	Explanation
Clients	- Delivered on the Internet (Extranet) to various users including internal employees, business partners and customers
EAM	- Authentication, Authorization
Provisioning	- RBAC-based authorization management - Automated account management - Process definition for account management
Workflow	- Process automation of account management - Define work procedures for creating, modifying, approving, or rejecting accounts
Security Policy & Audit	- Integrated management of user information of all system accounts, DB, and applications - Integrated Audit for Account Management Information
Self-Service & Delegation	- Direct management of user-visible information - Delegate administrative authority
Legacy System	- Various period system and application such as groupware, ERP, KMS
Monitoring	- Usage status of each system, real-time monitoring of illegal users

3. Introduction effect of IAM

- Security Efficiency: Affects business processes that need to provide a consistent and improved security access control foundation.

- Security Effectiveness: Provision of safety based on access control and transparency

- Business agility and productivity: Flexible when business changes are needed

- Reduced costs: Automated security management to keep the computer input optimal

- Streamlining IT operations: Automation and transparency of IT resource access requests and approval processing procedures

- Strengthen IT risk management: Apply security policies and effective security controls

- Regulatory Compliance: Compliance with Sarbanes-Oxley, GLBA, etc.

[Note: Comparison of SSO, EAM, IAM]

Division	SSO	EAM	IAM
Purpose	Single login, integrated authentication	SSO + Integrated Rights Management	EAM + Integrated account management
Function	Single account	Access control according to security policy	Automatic account management through provisioning
Tech	PKI, LDAP	ACL, RBAC	Workflow
Pros	User convenience	Security Enhancement	Strengthen management efficiency
Cons	Other than authentication, security vulnerability	User management difficulty	Complex system construction