Goal #2: Create an Enterprise IAM Framework
Hello IMAG Jedis, and to all my French IMAG Jedis, congratulations on winning the 2018 FIFA World Cup!
In this leg of our journey to build an IAM operations software factory, we’ll tackle Goal #2, creating the heart, soul and brain of your factory—the enterprise IAM framework. For those who missed it, Goal #1 can be found here.
An enterprise IAM framework is an organized and governed set of solutions, tools, integrations and processes that comply with one or more defined regulatory standards to support:
- Identity life cycle management
- User information repositories
- Authentication
- Authorization
So how do you build an IAM framework? There’s no secret here: Either you get a top security architect locked in a room with a bunch of awesome developers or you adopt an industry-leading security solutions portfolio of products such as CA Identity Suite, CA SSO, CA Advanced Authentication, CA Directory and CA API Gateway.
It’s essential to know that user data protection is of utmost importance, since it covers a broad spectrum of data from personally identifiable information to information about assets such as financial instruments. This brings us to two other important aspects of the IAM framework: identity life cycle management (ILCM) and user information repositories (UIRs). These are closely tied to each other, since UIRs are enablers of all existing ILCM solutions. Your IAM framework must support applicable regulatory needs (PII, PCI, SOX, GDPR, etc.) while managing the identity life cycle across all UIRs. The IAM framework must also maintain a fully secured audit trail of all its transactions (yeah, it can be done the legacy, blockchain or hashgraph way). Note that it is not just creation and maintenance of identities that are important—a compliant purge of identity and related information is a must, too.
Next up are authentication and authorization. Your IAM framework must have capabilities to support multi-factor authentication (MFA) and single sign-on (SSO). Modern enterprises rely heavily on both MFA and SSO to provide the much-needed optimal customer experience (CX) and trustable security. That requires the IAM framework to manage different forms of credentials in its own repository and in other commercial off-the-shelf (COTS) products. Provisioning and management of entitlements across business applications using an access request capability powered by a workflow enabler is essential to an IAM framework’s ability to meet authorization needs.
IAM frameworks have evolved and will continue to evolve. For instance, with widespread adoption of the Internet of Things (IoT), I see IAM frameworks evolving to support the IoT as well. Enabled by secure APIs (SAPI), enterprise IAM frameworks may very well evolve to comprise:
- Endpoint-anchored, multi-property-based identity authentication
- Workflow-enabled seamless authorization for applications
- Token management for delegated and federated user information
More on the future of IAM frameworks in an upcoming post. Before I go there, let me repeat what I said in my first post about the IAM operations software factory: Simplified application onboarding and an enterprise IAM framework can’t by themselves provide the efficiency we seek. We also need standardized, reusable components—a tremendously useful capability, akin to creating a portal and enchanting your inventory items in Minecraft to defeat ender dragon. Stay tuned for my next post on that very topic.
Until then, I look forward to your hearing from you all.