Skip main navigation

Course Wrap-up

Effective identity and access management is an increasing need as it is involved in every single transaction done within an organisation.

Let’s wrap up what you have learned from part 1 and part 2 of this course!

  • Identity and access management is an increasingly complex but critical area of IT security. The traditional paradigms of perimeter access for a local area network has shifted with the advent of internet-based services, cloud-based services, and software as a service (SaaS). There is also a greater requirement for federation management.
  • Identity and access management is involved in every single transaction within your organization. As such, you must effectively maintain it and it is an ongoing process. It’s not something you do once and forget about.
  • We have looked at the key concepts of Identification, Authentication, Authorization, and Accounting. These helped shape our capability to address requirements and these must be embedded in governance. This necessitates policies and procedures to form part of our identity and access management solution. Don’t fall into the trap of thinking that this is just about technology. Making sure that we’re using the technology appropriately and that we choose the right technologies forms part of a wider set of processes around identity and access management.
  • Technologies exist in a variety of formats and types to address the different and complex requirements and needs relating to identity and access management. We have seen technologies like CobraS through to SAML, OpenID Connect, OAuth – all of which have different places within our identity and access management world. These technologies include traditional directories, but also recent solutions much more focused on meeting requirements of cloud services, SSO, and federated identity management. The technology supporting identity and access management continue to develop and evolve at a rapid pace, and so do the threats and vulnerabilities. This is a very challenging area to work in and means that any identity and access management system requires careful design, sponsorship, architecture, and ongoing governance. Again, don’t forget the sponsorship, we need buy-in from our senior management team.
  • Technology and standards continue to evolve rapidly as do legislation compliance and threats. We have looked at GDPR, we have looked at PII and standards like PCI DSS. All of these impact the way we work, and increasingly so. Often internationally, we have standards that conflict. Some of the legislative requirements in one country may conflict with another.
  • Lastly, effective identity and access management is crucial for any organization. All security incidents, in some way, relate to identity and access management.
This article is from the free online

Cyber Security Foundations: Reinforcing Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education