seela logo

Identity Access Management

Discover the stakes of Identity Access Management in the implementation of infrastructure access security levels.

Introduction to MRI

2 Lessons - 200 min

IAM (Identity Access Management) allows you to define user categories and their privileges.

IAM manages and administers a given set of user digital identities, and the privileges associated with each identity. IAM can be a single product or a combination of processes, software products, cloud services and hardware that give administrators visibility and control over the organizational data that individual users can access.

01. Introduction to MRI

180 minutes

An introduction to cybersecurity

Definition of AMI

Identity and Access Management is the set of components, concepts and processes that aim to consider identity and its elements as security criteria to define the legitimacy of an interaction with an information system.

The IAM thus embeds all the elements necessary to :

  • The definition, modeling and assignment of the actors' authorizations;
  • The evaluation of authorizations during an access ;
  • The governance at one point and over time of the authorizations and associated risks.

In summary, IAM will provide the processes necessary to:

  • Empowering users;
  • Provide access to the information system;
  • Protecting the system from illegitimate access and use;
  • Define, identify and prevent identity-related risks.

By extension, the following areas are associated with AMI topics:

  • Privilege Access Management (PAM): These are identity management processes that are intended for so-called privileged users because of their impact on the information system (shutting down a server, purging a log, etc.);
  • Customer (or Consumer) Identity and Access Management (CIAM): These are the processes associated with customer management, enabling the enrichment of the customer experience while collecting the data necessary to conduct business.

The expected benefits of AMI

Various benefits are expected from MRI:

  • The protection of the information system: this involves limiting access to the information system to legitimate users and for legitimate purposes;
  • Facilitate the life of the actors of the information system by providing them, at the right time, with the right authorizations;
  • Participate in the organization's image by adopting the right empowerment or authentication processes in relation to the needs of the actors.

The benefits are directly measurable through the management of the risks associated with the identity and the chosen methodology.

Principles for MRI

The principle of least privilege

This principle stipulates that the user should only have the authorizations strictly necessary for a task. This defines a limit to the quantity of authorizations held by a user. But also to the evolution over time of these authorizations. The user acquires and loses authorizations according to the needs associated with the evolution of his tasks.

Patterns applicable to AMI

Zero Trust

Zero Trust is a security framework that takes as a principle :

  • That the network infrastructure should not be trusted as the main defense perimeter of the information system. This is a paradigm shift from historical approaches to security, due to the transformation of the information system, especially with the adoption of the cloud and new consumer habits;
  • That we must take the Identity as the first perimeter of defense. It is also important to understand this identity in all its richness, going beyond the static attributes of the person record in the directory, and to contextualize this understanding, if possible, to the session or transaction. The framework reminds us here of the primordial role of the principle of least privilege and the importance of strong authentication;
  • That we must assume that an attack will break through the defenses and that we must adopt a defense in depth and be ready to manage the situation;
  • That the audit and risk analysis model must be enriched to take into account the role of identity and the new uses of the information system.

This framework is often illustrated through the opposition of the images of the fortress (perimeter defense at the drawbridge) and the airport (multiple controls and in depth reinforcing the authentication and authorization requirements). 

QUIZ. IAM Introduction

20 minutes

An introduction to cybersecurity

03. Introduction to the course

An introduction to cybersecurity