in the AWS Cloud
Erik Rush | March 9, 2021
In practical terms, Identity and Access Management (IAM) is a system that enables authorized individuals—and only those individuals—to access the resources needed to execute the functions of their jobs. In the operational sense, IAM is an amalgam of processes, policies and technologies that facilitate the management of the electronic or digital identities corresponding to those authorized individuals.
With the IAM framework in place, IT managers are able to control user access to critical information within their organizations. IAM systems can either be deployed on-premises, provided by third-party vendors via cloud-based subscriptions or deployed in a hybrid modality.
Aspects of IAM can include sign-on systems, two-factor authentication, multifactor authentication and privileged access management. These also facilitate the secure storage of identity and profile data, as well as data governance functions to ensure that only the relevant data is shared with the requisite user(s).
The Importance of Identity and Access Management
Business owners, executives and IT managers are under unprecedented regulatory and organizational pressure to protect access to data. This has become even more pressing since 2020, when legions of remote workers came into the mix as a result of the COVID-19 pandemic. This resulted in millions of unsecured devices and less-than-ideal procedures (relating to security) coming into practice as workers and managers feverishly adjusted to the “new normal.”
Consequently, stakeholders can no longer rely on less-than-ideal, error-prone processes to establish and monitor user privileges. IAM automates these tasks and enables compartmentalized access control and auditing of organizational assets on-premises and in the cloud.
IAM provides a wide range of features that have been crafted with the new security landscape in mind. These include biometrics, behavior analytics and AI, among a host of others. “For example, IAM’s tight control of resource access in highly distributed and dynamic environments aligns with the industry’s transition from firewalls to zero-trust models and with the security requirements of IoT.” (TechTarget)
What Does Identity and Access Management Do?
Typically, IAM systems perform two tasks:
Authentication. This simply means that the AIM system is capable of making the determination that an individual is who they claim to be. A user enters a username and password into a form, and the website authenticates the user by checking its database to confirm that the username and password matches what is in the database.
Authorization. This is the process of the IAM system determining the level of access an authenticated user is allowed to have to various data, and ensuring only that level of access. For example, authorized editors in WordPress are typically allowed to make changes to content, but are not allowed to make changes to user accounts or to install new plugins.
IAM systems can be on-premises systems or cloud-based. While the first IAM systems were on-premises, most organizations these days are gravitating toward cloud-based IAM systems. Recently, McKinsey reported that just 38% of the enterprises they interviewed expect to have on-premises IAM systems within three years. They project that in three years, approximately 60% will rely on third-party IAM services that support multiple public-cloud environments and unifies access across on-premises and public cloud resources.
This gravitation to cloud IAM is largely being driven by cost savings and reliability. Again, the disruption of traditional work modalities due to the coronavirus pandemic has accentuated the need for increased reliability. Using a third-party cloud IAM translates into savings in infrastructure, maintenance and reduced downtime risk.
AWS Identity and Access Management in the Cloud
Amazon Web Services Identity and Access Management (IAM) empowers organizations to manage access to AWS services and resources securely. Using IAM, IT managers can create and manage AWS users and groups, as well as using permissions to allow or deny access to AWS resources.
AWS IAM allows organizations to:
Manage IAM users and access – Create users in IAM, assign them individual security credentials, or request temporary security credentials to provide users access to AWS services and resources. Permissions can be managed in order to control which operations a user can perform.
Manage IAM roles and permissions – Create roles in IAM and manage permissions to control which operations can be performed by the user or AWS service that assumes the role. Define which entities are allowed to assume designated roles. Service-linked roles can be used to delegate permissions to AWS services that create and manage AWS resources.
Manage federated users and permissions – Enable identity federation to allow existing users, groups, and roles to access the AWS Management Console, call AWS APIs, and access resources, without the need to create an IAM user for each identity.
IAM also helps organizations analyze access across their AWS environment. Security teams and administrators can quickly validate that policies only provide the intended public and cross-account access to resources. Policies can be easily refined to allow access to only the services being used, which helps organizations better adhere to the principle of least privilege. Finally, IAM is a feature of every AWS account, so the service is offered at no additional charge!
Order of the Cipher is an Amazon Web Services (AWS) training company and a novel approach to training that combines theatrical presentation with proven teaching techniques. We’ve mastered Amazon Web Services, and we’ve perfected how to showcase the versatility and capability of AWS technology in a manner that provides real-world immersion experiences that prepare students to expertly navigate the AWS ecosystem.