Course Wrap-up

Let’s wrap up what you have learned from part 1 and part 2 of this course!

• Identity and access management is an increasingly complex but critical area of IT security. The traditional paradigms of perimeter access for a local area network has shifted with the advent of internet-based services, cloud-based services, and software as a service (SaaS). There is also a greater requirement for federation management.
• Identity and access management is involved in every single transaction within your organization. As such, you must effectively maintain it and it is an ongoing process. It’s not something you do once and forget about.
• We have looked at the key concepts of Identification, Authentication, Authorization, and Accounting. These helped shape our capability to address requirements and these must be embedded in governance. This necessitates policies and procedures to form part of our identity and access management solution. Don’t fall into the trap of thinking that this is just about technology. Making sure that we’re using the technology appropriately and that we choose the right technologies forms part of a wider set of processes around identity and access management.
• Technologies exist in a variety of formats and types to address the different and complex requirements and needs relating to identity and access management. We have seen technologies like CobraS through to SAML, OpenID Connect, OAuth – all of which have different places within our identity and access management world. These technologies include traditional directories, but also recent solutions much more focused on meeting requirements of cloud services, SSO, and federated identity management. The technology supporting identity and access management continue to develop and evolve at a rapid pace, and so do the threats and vulnerabilities. This is a very challenging area to work in and means that any identity and access management system requires careful design, sponsorship, architecture, and ongoing governance. Again, don’t forget the sponsorship, we need buy-in from our senior management team.
• Technology and standards continue to evolve rapidly as do legislation compliance and threats. We have looked at GDPR, we have looked at PII and standards like PCI DSS. All of these impact the way we work, and increasingly so. Often internationally, we have standards that conflict. Some of the legislative requirements in one country may conflict with another.
• Lastly, effective identity and access management is crucial for any organization. All security incidents, in some way, relate to identity and access management.