IAM is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements. This security practice is a crucial undertaking for any enterprise. It is increasingly business-aligned, and it requires business skills, not just technical expertise. Enterprises that develop mature IAM capabilities can reduce their identity management costs and, more importantly, become significantly more agile in supporting new business initiatives.
Identity management involves defining what users can do on the network with specific devices and under what circumstances. Today, many security products have an emphasis on managing mobile access to corporate systems. In an enterprise setting, identity management is used to increase security and productivity, while decreasing cost and redundant effort.
For security reasons, tools for managing identity management should run as an application on a dedicated network appliance or server, either on-premises or in the cloud. At the core of an identity management system are policies defining which devices and users are allowed on the network and what a user can accomplish, depending on his device type, location and other factors. All of this also depends on appropriate management console functionality, including policy definition, reporting, alerts, alarms and other common management and operations requirements. An alarm might be triggered, for example, when a specific user tries to access a resource for which they do not have permission. Reporting produces an audit log documenting what specific activities were initiated.