fb
API Management 4 minutes

Three cheers for Identity and Access Management

RZW pasfoto 2020
Ruben van der Zwan
CEO & Co-Founder
IAM2
Scroll

Typically, when we talk about digital transformation, we leave out security. It’s just not sexy. The Internet of Things and APIs are, so we rather focus on all the cool things we could do by deploying them. What we tend to forget, though, is that security, and especially Identity and Access Management (IAM), is at the core of every IT breakthrough. The reason for this is very simple, as these measures enable you to safely share your data with other people and systems. And it just so happens that this streamlined data exchange is exactly what digital transformation is about. Three cheers for IAM!

From IAM to IGA

Identity and Access Management includes all processes within an organization that focus on user administration, user governance, and access control. Or in simpler words: IAM policies make sure that resources are made available to the right users, at the right time, and for the right reasons. Quite an important task, we’d say, especially now that your -often confidential- data is shared with many external companies, institutions, and customers. Due to an increased number of audits and compliance requirements, securing your data streams is now more important than ever, in such a way it even resulted in a brand new IAM term launched by Gartner: Identity Governance & Administration (IGA). The only difference is in the ‘A’, as the administration aspect of IAM policies is now more highlighted.

IAM2.jpg

Cheers 1. Oh API!

Audits are not the only reason you should value Identity and Access Management, though. They may protect you against reputational damage; they won’t get you anywhere interesting. APIs will, on the other hand, and to make sure the information they gather is sent off to the right destination safely, you need to set rules. Let’s say your company used APIs to identify and target customers based on their location (this situation is applicable to both B2C and B2B!). We’re talking about sensitive information here, which should only be shared with several employees or departments within your company. If you have implemented the right IAM tools, this process should go automatically. People who are trying to gain access to your data will be identified through authentication tools (such as passwords, keycards, or even finger prints), before they are permitted (or refused!) access based on authorization schemes. Your gain? Many interesting insights against full integrity.

Cheers 2. Platform key please

Many businesses choose to open up their API platform to external developers. Taxi company Uber joined forces with many other app providers such as restaurant raters; smart thermostat Quby happily collaborates with other household appliances such as Philips Hue; while many bus companies share their time tables with Google maps. Opening up your API platform is an easy way to provide your customers with extra services without putting in too much time and effort. At the same time, welcoming external developers to your platform can be dangerous, as you don’t know the person behind the coupled application. What are his intentions? Will he bring malware to your systems, (either intentionally or by accident) and does his application add value to your services? IAM policies can take away most of your sorrows, as they allow you to carefully monitor whoever uses your API platform. You simply hand out keys to your external developers, and easily withdraw them in case of abuse or underperformance.

Cheers 3. Who’s there?

So far for APIs. Despite of your focus on the outside world, there’s much going on between your four company walls as well. You probably work with several departments, employees with different types of contracts, and teams that are subject to change (retirements, pregnancy leaves, reorganizations). Chances are you don’t want your cleaner to gain access to your customer data, or your brand and retail manager to look into your cleaner’s personal details. Given the enormous amount of data streams that flow within companies, a solid IAM must be implemented to guarantee both privacy and efficiency. Single Sign On (SSO) solutions, for example, enable employees to get into several systems and information databases based on a predefined set of rules. Such policies will also get you through audits and times of crisis in which you have to proof you did everything in your power to protect your data.

Puzzling

As you can see, Identity and Access Management is more than a necessity; it’s one of the very important puzzle pieces that together make your digital transformation. Without it, data would run free, jeopardizing your customer’s privacy and your own integrity. And now that data is one of our most important assets, you better make sure you keep it under surveillance.

Want to know about the other elements of your digital transformation? Download our whitepaper, it’s free!