There are so many ways of looking at IAM, but is looking at IAM differently helping you to DO anything differently? Let me explain.
The market for IAM tools and services coalesces around 3 primary ‘targets’, or environments where managing IAM is a good idea. Those areas are (1) data, (2) systems, and (3) applications.
In the vast majority of cases, data is the ultimate target for users of IT systems. That data may be structured, semi-structured, or unstructured, but at any one moment in time we’re after some data, information, or knowledge to make a decision and/or initiate an action. The IAM and related security industries have products that tend to focus more on data than other dimensions, products such as DLP for example.
When I use the word ‘systems’, I am encompassing IT platforms, operating systems, and networks together. Again, you’ll find a number of products that focus on these systems as the primary target for IAM. Privileged Account Activity Management (PAAM) is a prime example here, as well as some access management solutions.
The applications dimension of IAM is where a lot of action is taking place in the industry today. Mainstream access governance and provisioning solutions have applications as their target focus, and the solutions are architected around how to manage identities for application access.
When an enterprise knows what how the IAM products and services markets target these dimensions, it makes planning easier. It reminds me of the old saying “when you have a hammer, everything looks like a nail.” Remember that IAM products first start as an idea in someone’s head, and if that person has a data, system, or application ‘hammer’ dimension, it’s likely the product will reflect that.
It’s important that the planning and design of an effective IAM system NOT be driven by the way the market defines targets or dimensions, but instead on what then enterprise’s true requirements are and what is currently available in the enterprise to sustain an IAM program. It is one reason why Gartner is emphasizing the concept of an “identity data model” to more formally address the first dimension described here, the data dimension of IAM.
The data dimension itself has three targets: (1) the IAM data itself (identifiers, credentials, attributes, entitlements, etc.); (2) the log information of IAM activities and events, to be collected, correlated, analyzed, and used; (3) the target data to be accessed, structured, semi-structured, and unstructured (e.g. database contents, documents, messages, etc.). An understanding of how all of these different kinds of data interact is the first step towards addressing the data dimension of IAM.
Now you have another way of looking at IAM. Hopefully it is one that can help you plan, build, and operate such systems more effectively.
Category: IAM Tags: