Identity & Access Management
Having worked for over 15 years on Identity and Access Management (IAM) projects, I have noticed that many of these projects only partially met user expectations, that they had many flaws, and that they did not respect the budget and/or the deadline desired by the business teams. Even worse, many security flaws can be traced back to the technical implementation of these infrastructures or to the implementation, or even the design, of business processes.
The post-mortem analysis of some of them allowed me to identify the origins of this lack of quality and to propose a methodology in order to carry out such projects. The broad outlines of this methodology can be adapted to other types of IT projects, only the details of this methodology will be applied to Identity and Access Management (IAM) projects.
In many projects, we also notice that many security vulnerabilities do not come from identity management products themselves but are introduced by the complexity of the integration of third-party applications as well as the lack of knowledge of the development teams of the underlying technologies of these applications. The article "How to Introduce Vulnerabilities into Your IAM Solution" [Restricted Access] presents the main causes leading to weaknesses in your identity and access management solution. In particular, you will find in this article an example of a vulnerability introduced into an architecture that is still too often encountered in real projects, called "meta-directory flaw", which can be easily used internally to recover passwords or important information about the authorizations held by users.
A large part of the leakage of confidential data, which the company is often not even aware of, is possible because your users have too many permissions on your systems: this is what leads to the concept of "Zero Trust Architecture". So, remember that the management of access that users (or robots) have on your applications should not be taken lightly.
In addition, the following topics are also covered:
- Business Analysis: How to conduct a successful business analyis of the processes in the context of IAM.
- Architecture and Technical Implementation: Mostly based on SailPoint's IdentityIQ
- Dataset: clean data sets are essential for success. How to check it?
- Identities, Accounts, and Entitlements
- Business Modeling
- Compliance
- Provisioning and Workflows
- Auditing
- Security and the Environment
- The Power of AI: Artificial Intelligence (AI) may be useful to model your business, to detect outliers. But, implementing it may also introduce new security flaws, and you should consider to protect your solution.
Notice: You must be registered to get access to the most of the detailed parts of this domain.