One of the key terms in cybersecurity is Identity and access management (IAM). IAM is defined as a complex process that implements key security mechanisms such as identification, authentication, authorization, and accounting for users to securely interact and use computer assets such as the hardware and software equipment. Further in this post we will define and describe these processes.
Identification is the first process in the IAM processes chain and means creating and managing user accounts for the people or devices. The key goal of the identification process is to ensure that person or device is uniquely represented in the system by generating the account credentials (for example login and password).
Authentication is the next process after identification which validates the person’s or device’s unique credentials. While the person or device passes through the authentication process it proves its identity and ownership of the account credentials. Implementation of strong authentication is a cornerstone requirement for a secure IT environment. At the same time authentication is not a single process. Instead, it incorporates many different methods and mechanisms. Proper understanding of the authentication concepts, terms, and requirements can help to build a secure environment capable to face nowadays threats and protect the organization from cyber-attacks.
Authorization is a process of determining and enforcing the rights and privileges of an authenticated user. Although the user can be successfully authenticated it does not mean that the user has access to all resources of the system automatically. Here is the time when authorization comes to the action. Systems use authorization mechanisms to allow users access only the resources assigned to the user during the account creation.
Accounting is a process of tracking the usage of a resource or use of rights. It is the last process of IAM and allows to record actions performed by the user including the attempts to access the non-authorized resources or unsuccessful attempts to authenticate in the system.
Conclusion
It is important to remember that IAM is not a simple chain of four processes. Rather than thinking of simply provisioning and revocation of access credentials, IAM should be looked at as a defender and enabler of the resources behind its walls. The knowledge of IAM is important to understand the place of identification, authentication, authorization, and accounting in the puzzle of security landscape for the organizations and enterprises.
Davit's Blog 