Over the next month, I'll be posting about identity and access management. Identity and access management is such an important topic today; I believe if we could come up with a successful solution, we could solve the majority of security breaches that occur. That being said, let's start with the definition of what identity and access management is. According to Microsoft, identity and access management is:
"Identity and access management refers to best practices, the process, technologies and policies for managing digital identities and controlling how identities can be used to access resources."
I think we need to go a step beyond this definition and include:
"Identity and access management refers to best practices, the process, technologies and policies for managing digital identities and controlling how identities can be used to access resources and what a user can do with those resources."
Accessing data is only one component of identity and access management. Once a user has access to data, what should they be able to do with it? Should a user be able to modify or delete it? Should they be able to FTP it off to another site outside the company?
There have been many instances of data breaches over the past year. According to the Privacy Rights Clearinghouse, between January and May 19 of this year, 262 million records that contained personal information were compromised.
During the month of June, I will be making posts about what identity and access management technologies exist, vendors that sell the technology, best practices in using the tools, and perhaps a case study or two. If you have any specific topics you would like me to touch on, please feel free to make a post and let me know.