Information Security is all about keeping your personal information and data safe from people who shouldn't have access to it. It's important to stay safe online, and understanding the basics of information security is a great way to start. This series I will be exploring concepts of Information security
The following concepts would be explored as part of this series
Identity and Access Management
Data protection
Infrastructure protection
Threat and Vulnerability
Governance, Risk, and Compliance
In this blog we would deep dive with Identity and access management (IAM)
What is Identity and Access Management (IAM) ?
It is a process that involves managing the identities of users and controlling their access to systems, applications, and data.
Imagine that you have a special box with all your most valuable possessions inside. You wouldn't want just anyone to be able to open the box and take your stuff, right? Identity and access management is like having a special lock on your box that only you and a few other people you trust have the key to. That way, you can keep your valuable things safe and only let the people you trust have access to them. Its all about making sure that only the right people have access to the right things.
Deep Dive on components of IAM
Identity lifecycle management (ILM) is a process that involves managing the entire lifecycle of user identities, from the time they are created to the time they are retired or deleted. Imagine that you are in charge of a big club, and you have to keep track of all the members. Some members might only be able to come to the club on certain days, or for certain activities. Other members might not be able to come to the club anymore because they have moved away or stopped being interested. Identity lifecycle management is like keeping track of all the members and making sure that they have the right access to the club at the right time. IAM is all about making sure that the right people have access to the right things at the right time
Identity store management is the process of managing the database or system that stores information about user identities. Now imagine that in the club that you are managing all the members have to use a badge to get into different activity rooms. You provide them a badge. You can keep track of which user is enjoying which activities. Identity store management is like keeping track of all the activities that a person has enjoyed in your club. You have to make sure that the information is organized and easy to find, and that it is kept safe so that no one can change it or steal it
Access lifecycle management is all about making sure that the right people have access to the right things at the right time. Going back to the club example, some members might only be able to come to the club on certain days, or for certain activities. Other members might not be able to come to the club anymore because they have moved away or stopped being interested. Access lifecycle management is like keeping track of all the members and making sure that they have the right access to the club at the right time.
Credential management is the process of managing the credentials that users need to access systems, applications, and data. So you being in-charge of a big club, you have to keep track of all the members and what they are allowed to do. Some members might need a special card / badge to be able to enter the club, or a special password to be able to use certain equipment. Credential management is like keeping track of all the cards and passwords and making sure that they are given to the right people at the right time.
Identity federation is the process of allowing users to access multiple systems or applications using a single set of credentials. Identity federation is all about making it easier for people to access the things they need. Imagine that you are in charge of a big club, and you have to keep track of all the members and what they are allowed to do. Some members might want to be able to use the club's pool, but they also want to be able to use the club's gym. Instead of having to get a different card or password for each place, identity federation allows members to use the same information to access both the pool and the gym. It's like having a special key that opens all the doors in the club.
Runtime enforcement is the process of monitoring and enforcing security policies at runtime, or while a system or application is in use. As a club authority figure you have to make sure that all the members are following the rules while they are using the club. You might have rules about how loud people can be, or about where they can go. Runtime enforcement is like making sure that everyone is following the rules while they are at the club. It helps keep everyone safe and makes sure that everything runs smoothly. Runtime enforcement is all about making sure that the rules are being followed while something is happening. One of the key capability with Runtime Enforcement is Authentication and Authorization.
Authentication is about proving your identity, and authorization is about determining what you are allowed to do based on that identity. Authentication is the process of proving that you are who you say you are. This is usually done by providing a username and password, or by using a fingerprint or facial recognition.
Authorization is the process of determining whether you are allowed to do something. For example, if you are trying to access a website, the website will check whether you are authorized to view the content. If you are, you will be allowed to continue. If you are not, you will be denied access.