James Thew - Fotolia
Identity and access management is becoming more essential in the enterprise, especially as security threats rise and user privacy preferences become more difficult to control.
Fortunately, the technology in identity and access management (IAM) products is advancing, enabling organizations to get a better handle on IAM than ever before.
Here, discover emerging IAM products and tools and learn what it takes to create a strong IAM team.
A changing IAM landscape
A variety of identity and access management providers have emerged that focus on different facets of IAM. IAM providers such as Ping Identity and ForgeRock offer a wide range of services, from attribute exchange to authentication.
Other providers have a more narrow focus. IAM vendors such as Trulioo and Signicat, for example, focus on collecting identity data to identify online end users. Companies such as OpenID, on the other hand, angle themselves as attribute exchange services and share identity information between endpoints.
Other companies, like Facebook and Google, are technology organizations that provide a breadth of services, but which also enable end users to use their login credentials to authenticate with a variety of third-party providers.
IAM of the future
Many current IAM providers rely on user actions, such as entering passwords, to gain access to a given system. But experts predict that in the next two to three years, end users will be able to use known things, places and experiences as access credentials.
IAM products will begin to integrate more AI components; systems such as SailPoint already use AI to deterministically support identity management and calculate a user's location. A login from an end user that typically works in New York, for example, would raise a red flag if he or she is suddenly logging in from Russia.
Other security enhancements are coming down the pike for IAM tools. RSA SecurID can be built into users' smartphones and newer PCs at the chip level to verify an end user's identity. IAM products can use information from other IT tools, such as corporate directories, to determine whether an end user can access a given app and for what reasons.
IAM products can also analyze network traffic and packets to verify an end user's activity.
IAM forecast is cloudy
An important trend in the identity and access management space is the emergence of IAM as a service, which enables IT pros to be more hands off. IAM as a service can run the entire IAM infrastructure in the cloud and allow service providers to manage the back end, eliminating the day-to-day management tasks of IT.
Some organizations, such as those in the financial and healthcare industries, might want to keep their IAM products on premises for regulatory reasons. When IT doesn't want to hand over the reins of an IAM system to a third-party provider, they can still maintain a level of control. Many IAM as a service vendors allow IT to store data, such as customers' personal and geolocation information, in their company's own database.
An IAM cloud strategy can enable seamlessness and automation in an organization's infrastructure. However, it's important to find a trustworthy cloud provider first.
IAM engineers are in high demand
Some organizations opt for a hands-off role with IAM, but that doesn't mean there aren't a variety of opportunities for an IAM engineer. In fact, thousands of IAM roles are open in major tech hubs like Boston and Silicon Valley, which have a shortage of people to fill those gaps.
IT departments can train existing staff to handle identity and access management, but there are some soft skills essential to IAM roles that cannot be taught. IAM engineers should be flexible, creative and willing to ask difficult questions.
IT departments that are willing to train their staff on IAM should use an organized approach. First, the organization should determine where an IAM role will fit, whether it's in security, operations or development. Trainees should undergo basic IAM training combined with vendor-specific training. Then, IT departments should ensure that their IAM engineers obtain a Certified Information Systems and Security Professional certification.