Identity & Access Management
Identity and access management is the process to manage user’s digital identities and ensure that only authorized users gain access to specific application estate of the organization based on users’ role and rule-based access control. It ensures that the right people get the right access, to the right resources, at the right times, for the right reasons, enabling the right business outcomes.
It comprises of three core areas:
Directory Store
The user database where users’ credentials and attributes are stored. Should be designed for fast response times as generally identity information is queried much more often than it is updated.
Identity Management
The process by which user identities are defined and managed in an enterprise environment which includes creation, modification, self-service, synchronization, revoking and password management.
Access Management
The mechanism under which protecting and managing access to an application is done. Which allows only authorized users to access after proper authentication. It includes federation approach which allows access to users of other organizations or sites to access applications seamlessly.
“Identity & Access Management will reduce cost, increase security, ease integration and enable business.”
Cost reduction
Offloading extra code need to be developed by all web applications for checking user permissions. Centralized user management using self service tools reduces user help desk calls.
Business Enablement
Capability to support future business initiatives such as reorganizations, mergers and acquisitions, new business partnerships, new product and system rollouts. And providing managers and employees necessary rights to quickly react to various requirements without IT department involvement.
Compliance cost reduction
It automates compliance controls such as separation of responsibilities, restriction on information sharing and extensive auditing and reporting allows quick and efficient implementation of new requirements.
Increased security
Centralization of security policy enforcement gives leverages to organization to exhibit how security is being enforced and managed, by imposing various authentication methods and single sign-on solution for minimizing unauthorized access
Ease in integration
Centralized user management and security management, provides consistent use of data and ease in integrating new applications seamlessly.
Gourang Chaturvedi
I am an Identity & Access Management Technical Architect at DevOn, with rich experience of working on wide range of Access Management tools for various multinational clients.
In recent project have setup entire Identity & Access Management from scratch over cloud for a renowned European eHR organization.
Apart from IAM products have worked on LDAP, SQL/PLSQL, java code development, shell & powershell scripting, docker and webservers.
In spare time I used to play games, it could be any game either outdoor, indoor or online.
Downloads
Download the whitepaper by Security Expert Marudhamaran Gunasekaran below.
Download our Open Source contribution the OWASP ZAP DOT NET API on nuget.org
Assessment
Take a few minutes for our online assessment, get insight in your current state of security and get concrete proposals for improvement.
Events
Training
Web Application Security Testing
“How can I test my applications for security so that security bugs can be fixed?”
“How can I ensure that I write bullet proof code that repels hackers?”
