Blog Posts Business Management

IAM’s role within your enterprise cyber framework

Blog: Capgemini CTO Blog

Identity and Access Management (IAM) is a very important functional area of cybersecurity, as it involves identifying the people, accounts, and objects connecting to your network and accessing your data, applications, and other resources. These capabilities are critically important to the protection of the modern enterprise, where billions of computers are communicating together over the internet, every day, serving the purposes of billions of people conducting their personal and business lives. The old joke, “on the internet, nobody knows you’re a dog,” holds true and is applicable as ever.

Failures in IAM can result in inadvertent breaches of data, intruder access to online systems, and loss of control of enterprise IT. Many of the most devastating cyberattacks of the past two decades have involved some measure of IAM breach, compromise, hijacking, or failure.

As a security practice, IAM usually involves eight major areas of capabilities, processes, and technology:

  1. Identity governance: The process of managing the lifecycle of electronic identities, including identity provisioning, de-provisioning, and revision upon changes to relationships, roles, permissions, and personnel
  2. Enterprise directories: Infrastructure used to keep track of who the users are and what they can access, and to make that information available to enterprise IT applications
  3. Access management: The process of identifying who can access what and who can do what within the enterprise, its data, and its applications; major access management models role-based access control (RBAC) and attribute-based access control (ABAC)
  4. Credential management: Capabilities related to managing user credentials including password policies, password management, password reset, account unlock, and emergency access; also includes management of biometric identity validation, multi-actor authentication (MFA), and cryptographic keys used for online identities
  5. Single sign-on (SSO): Capabilities related to enabling enterprise users to access multiple applications without having to log in separately to each application; this greatly simplifies the user experience and productivity
  6. Identity Federation: Capabilities related to allowing the organization to conduct identity collaboration, or federation, with external parties; with federation, the organization can allow third parties to validate their users’ credentials when those individuals access the organization’s IT systems, and can similarly allow its users to access third-party applications, without having to directly share credentials
  7. Privileged account management (PAM): Capabilities related to managing highly privileged accounts such as system administrator accounts, application administrator accounts, system and service accounts, and “break-glass” emergency accounts or system backdoors; usually coordinated with network protections, bastion hosts, and MFA capabilities to provide robust protection for system administration channels
  8. Audit and compliance: Capabilities related to tracking user logins, permissions, and activity, to detect cyber incidents, investigating cyber incidents, and auditing cyber controls related to IAM.

Over the past decade, IAM has dramatically increased in importance for most enterprises.  Several factors drive this increase:

Over the past several years, we have seen these drivers cause many of our clients and partners to invest significantly in deploying, maintaining, expanding, and improving their enterprise’s IAM capabilities. A strong IAM infrastructure can help the organization effectively apply its policies and standards to reduce cyber risk across the enterprise and supply chain, and ensure the ongoing compliance of its cyber program.

Learn more about Capgemini Identity & Access Management.

Follow me on LinkedIn

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples