Hi infosec professionals,
Can you share your best practices and advice to follow (by an enterprise) when implementing IAM in the Cloud?
Thanks for your help in educating our community!
Identity and access management in the cloud - there are more interpretations of this question - like where are the identities stored (on-premise/in cloud/ both with sync between them already)?
where is the service with managed access located? what is the access based on?
what kind of SSO service API is supported by the user store/ application if any?
what authentication methods are supported by applications/services?
what technology is preferred by customers consuming/planed to consume those services?
What authorizations are possible/requested and based on what?
Too many possibilities, too many options to answer it in short.
To be honest, universal best practices in this area, as I am aware of, don't exist yet.
Case by case, the best practices will be different based on answers to the questions above.
Cloud IAM is a different beast from traditional on-premises IAM.
There are very many web pages and posts on Q&A sites that deal with common best practices for cloud-based IAM. Many of the points suggested in these web pages and posts are very general in nature and could apply to on-premises IAM installations too.
So, I am going to offer up some unique advice. Here are some best practices for IAM in the cloud:
It is worth noting that Compact Identity from IlantusProducts is the only true Converged IAM product on the market, and is offered as pay-per-use as well.
Understanding who may access your sensitive data and under what circumstances they can access it is necessary for enforcing identity and access management best practices.
You'll also need a full picture of your company's IT architecture to keep an eye on all of your components for future and existing dangers. Staying current with industry developments will help you better your existing IAM situation.
Keep these identity management best practices in mind as you develop your Identity and Access Management (IAM) strategy:
- Implement zero-trust security
- Use multi-factor authentication
- Avoid privileged accounts
- Enforce a strong password policy
- Adhere to regulatory compliances
- Automate Onboarding and Offboarding
- Go passwordless
- Conduct routine audits
Below are some of the best Practices for Identity Access Management
Case by case, that will be the very first thing I am going to tell.
In general, you will definitely need a team to start, IT professionals, application owners, and a trustworthy partner who has the skills.
IAM product-wise, the top-ranking list on the market is always the resort, so go and find someone (architecturally, not sales) from e.g., One Identity, AAD, and have them carve your way out.
Among many relevant responses from other peerposters, I can provide you with the following recommendation: "Always stay in control of your identity data".
That means:
- know where your data are (in the normal situation and after a breach).
- be prepared to restore a degraded service on another provider (or on prems) backing up user data, application config, business rules and compliance reports.
It is usually simple and cheap to achieve this with some Curl commands to get JSON from your IAM cloud provider instance. It is more complex and expensive to have a B plan ready for deployment and to transform those JSON extracts into CSV ready to upload in the new alternative
Hi all,
Can anyone help me out to understand what's the difference between the IDAM, PIM and PAM terms?
I've tried to check them out on the Web but unfortunately, was unable to understand the core concept.
I appreciate the help!
Hi community,
How do you practically use it and apply Security Posture/Security Posture Management in a large organization?
Tnx.