Identity and access management (IAM) is a security approach of business technologies, policies, and processes that facilitates the management of digital and electronic identities. With an IAM security protocol in place, IT administrators can manage user access to private information within their companies. This is not to be confused with customer identity and access management. 

Security approaches deployed by IAM systems include privileged access management, two-factor authentication, single sign-on systems, and multi-factor authentication. These frameworks allow IT admins to store identities and profile data securely. They also promote data governance, ensuring that only data that’s relevant and necessary is shared.

IAM systems can be used by businesses to promote data security, and are provided by third-party vendors via cloud-based subscription models or deployed using hybrid models. These systems encompass the following elements:

• how users are identified in a network
• how roles are identified in systems and how they’re assigned to users
• adding, updating, and removing users and their roles from a system
• assigning different levels of access to individual account users or groups of account users
• protecting vulnerable data within systems and securing those systems

Historical Background of IAM

Restricting access to data is older than the human race. Even animals keep secrets about the location of their food supply or living area.

The most obvious way to limit access to information is to keep it physically secure and to only share sensitive information with authorised persons who can be personally and physically identified. 

Identity Verification 

The first step to controlling access to vulnerable information is to verify that those transmitting and receiving the information are authorized. Different methods have evolved over the years to address this need including:

• Passwords. Passwords date back over 2,000 years ago. Traditionally, the use of passwords in the military took the form of a challenge and response. Sentinels would challenge people who wanted to access secured areas, and entry would be denied for those who didn't know the password. Challenges would also be called out and recruits needed to answer with the correct response. Those who didn’t know the correct response would face tragic consequences.
• Seals. During ancient times, identifying the sender and the authenticity of a message often depended on a seal. The use of seals precedes pen and paper and dates back to ancient Mesopotamia when scribes used cylindrical seals. These seals were used to create impressions on clay tablets used for hieroglyphics. These ancient seals evolved into signet rings that were used to seal documents. In Roman times, letters were sealed using bitumen stamped with a seal. This served two fundamental purposes: it helped to identify the sender, and was a sign that the content hadn’t been opened or tampered with by an unauthorized person. In the Middle Ages, sealing wax served the same purpose and replaced bitumen.
• Identity Documents and Passports. The first passports were issued in 1914 by King Henry V of England. They were known as safe-conduct documents and ensured that a person could travel safely across different kingdoms. Over the years, passports evolved significantly to ensure that the person presenting the document was the correct person. Photos were the first steps taken, but passports today also contain biometric data.

Access Management

In the past, access management was achieved through encryption to make sure vulnerable data didn’t land in the wrong hands.

The use of cryptography to limit access to sensitive information dates back 3,500 years to Mesopotamia when a craftsperson encrypted a valuable recipe for a pottery glaze. Simple forms of cryptography were also used in ancient Rome, Greece, India, and Israel. In the 8th century, Arabs made significant developments in both cryptography and cryptanalysis (the technique for breaking codes). 

Cryptography was also popular in the late 19th century and early 20th century with the invention of the telegraph and radio communications.

Key Components of Modern-Day IAM

IAM frameworks have always been a fundamental component of corporate computing. And as cyber attacks became more complicated, the demand for IAM exploded. Today, IT admins consider IAM a crucial integrated protocol because sensitive data is only as secure as the weakest link in a network.

The fundamentals of IAM include:

• Authentication or identification to determine if the account user is who they say they are.
• Authorisation to confirm that the account user is authorised to access specific resources.
• User management to create, delete, and update users and user groups. 
• Data security to protect private information within the system.

Historical security approaches actually had digital components that are leveraged in IAM security systems today:

• Passwords. Passwords are still a crucial factor in authentication today.
• Seals. Hardware authentication tokens work just like ancient seals. They are a physical mobile device that identifies the sender.
• Identity documents and passports. Some countries issue electronic identity cards that identify individuals in digital and physical landscapes.
• Biometric token authentication. Newer smartphones are equipped with facial recognition and fingerprint identification, making biometric authentication an integral part of user authentication.
• Cryptography. Cryptography is still an essential technology that ensures data security and session privacy.

IAM has come a long way since the early days—and it’s here to stay. As your business goes digital; adopts new technologies and stores more data in the cloud, IAM is a crucial way to secure sensitive information and manage account users while staying up-to-date with current trends.

For more information about IAM, check out this article on Identity and Access Management Implementation Plan.