At the core of every cyber-security strategy is identity and access management. Because so many security issues and audit failures are user-related, organizations need to make sure people have appropriate, up-to-date access entitlements and that their access activities are monitored wherever they are located. The "users" are not only your own employees, but also customers, partners, contractors and other third parties. Organizations now need to secure an extended enterprise, where employees work remotely on mobile devices, applications are outsourced to cloud providers, and traditional borders have disappeared.
The velocity and volume requires a different approach to security a risk-based approach. In today's open enterprise, users can be the weakest link in security. To combat these insider threats and protect critical assets, organizations need automated, role-based access controls that can help identify who the users are, where they are located, what they want to do, and what their normal behavior is before letting them in the door.
To help you evaluate whether an IAM solution effectively supports your short and long-term objectives, this guide includes checklists of key features and capabilities in the following areas:
- Identity governance and management
- Access management for web, cloud and mobile environments
- Policy-based entitlements and access controls
- Identity intelligence (for monitoring and auditing)
- Time to value