IAM Strategy
IAM is a combination of processes, technologies, and policies enabled by software to manage digital identities in their lifecycle and specify how they are used to access resources. IAM is a superset of AAA (Authentication, Authorization, Auditing)*. Here are some general strategies for enterprise to consider:
- Obtain executive sponsorship because IAM is an important part of information security
- Understand your business and define processes first
- Automate provisioning process
- Offer self services to employees
- Buy: Directory Servers, Meta Directories, Virtual directory servers, Administration products (directory and PKI management tools, and provisioning products)
- Build: Access Layer, Workflow Processes
- Architect: Integrates above compoments and processes together, takes forethought and skill (may not need all components at first)
- Lay out requirements and business logics as much as possible before starting integration
- Before signing a contract with any vendor, check out references and foster a good partner relationship
*Note: Gartner and Forrester have 4 A's with additional Administration. Auditing is also referred as Audit or Accounting or Accountability.
