Identity Access Management can be more affable and shape the future of Information Security.
Cybersecurity is intimidating.
People look at me like I have special powers when I say I’m rounding up my Master’s degree in the field (shoutout to the University of Chester).
As part of my coursework, I dove into a literature review on the topic, and I’m publishing it to boost the ‘affability score’ of IAM (Identity and Access Management).
Historically, its depth and complexity were reserved for scholars and professionals sifting through dense layers of information. My hope is this piece will bring IAM closer to everyone.
Abstract — Identity Access Management (IAM) is critical for protecting organizational assets, enabling secure access to systems and data, and ensuring compliance with regulatory frameworks. However, the fast-evolving nature of IAM technologies and the increasing adoption of cloud-based solutions have led to new challenges and research areas. Future research should focus on improving the usability and effectiveness of IAM systems, addressing emerging threats such as insider attacks, and examining the impact of IAM on organizational productivity and security.
Keywords — Authentication, Access, Identity, Attacks
Identity access management (IAM) is a critical research area in cybersecurity that focuses on the process of identifying, authenticating, and authorising individuals or systems to access specific resources or information (Nguyen & Smith, 2021). According to Arora and Dhillon (2019), IAM is essential for ensuring the confidentiality, integrity, and availability of sensitive data and systems and protecting against unauthorised access, data breaches, and cyber threats.
One of the main challenges in IAM is the need to balance security and convenience and the growing complexity of identity management in the digital world, where individuals and organisations often have multiple online identities and access various systems and networks (Ren & Zhu, 2019). IAM solutions must also be able to adapt to evolving threats and changing user needs and support a wide range of authentication methods, such as passwords, biometrics, and multi-factor authentication (Ahmad et al., 2022).
To a large extent, IAM is important for an M.Sc in cybersecurity, as it is a foundational topic in cybersecurity and is relevant to many areas of the field, including network security, cloud security, and cyber risk management. A strong understanding of IAM is essential for developing and implementing effective security strategies and technologies to protect organisations and individuals from cyber attacks (Arora & Dhillon, 2019). Furthermore, IAM is a key component of data privacy and compliance, as it helps to ensure that only authorised individuals have access to sensitive or personal data. It is also a critical aspect of business continuity and disaster recovery planning, as it helps to ensure that essential systems and resources can be accessed by authorised personnel in the event of an emergency or outage.
IAM is a vital research area in cybersecurity that requires a comprehensive and interdisciplinary approach to ensure the security and integrity of identity and access management systems. M.Sc in cybersecurity students who specialise in IAM will be well positioned to pursue careers in cybersecurity and help organisations and individuals protect against cyber threats and data breaches. Based on the article “Identity Management Systems: A Comparative Analysis” by Vikas Kumar and Aashish Bhardwaj and other scholarly articles on Identity access management as a research area, this paper summarises the current state of practice and research in identity access management. Beyond a summary of current research, it also considers future research areas.
II. LITERATURE REVIEW
Identity Management Systems: A Comparative Analysis, by Vikas Kumar and Aashish Bhardwaj, is a thorough review of the various existing identity management systems. The authors begin by discussing the importance of identity management in today’s digital age, highlighting the need for secure and efficient systems to manage user identities and access to resources (Kumar & Bhardwaj, 2020). They then go on to provide a comparative analysis of the different types of identity management systems, including single sign-on (SSO), federation, and attribute-based access control (ABAC).
One of the key strengths of this article is its detailed and comprehensive coverage of the different identity management systems. The authors provide a clear, concise explanation of the various systems, highlighting their strengths, weaknesses, and suitability for different types of organisations. They also provide a helpful comparison of the various systems in terms of their functionality, cost, and complexity, which is helpful for those looking to choose an identity management system (Kumar & Bhardwaj, 2020).
Arora and Dhillon's review of identity and access management in cloud computing is another vital contribution to the literature on identity and access management. This article focuses on the challenges and considerations of managing identity and access in cloud computing environments. The authors argue that the increasing adoption of cloud computing has led to new challenges in identity and access management, including the need to support a diverse range of users, devices, and applications, as well as the need to ensure security and compliance in a highly dynamic and distributed environment (Arora & Dhillon, 2019).
One of the key insights provided by Arora and Dhillon is the importance of adopting a holistic approach to identity and access management in cloud computing. They argue that more than traditional approaches to identity management, such as single sign-on, may be needed in the cloud and that organisations need to adopt more comprehensive and flexible approaches that can adapt to the changing needs of cloud users. They also highlight the importance of leveraging new technologies, such as identity and access management as a service (IAMaaS), to support these more flexible and scalable approaches (Arora & Dhillon, 2019).
Overall, both articles provide valuable insights into the challenges and considerations involved in identity and access management in the digital age. Both authors highlight the importance of adopting a flexible and comprehensive approach to identity management and provide useful insights into the systems and technologies available to support this. These articles are valuable resources for those looking to understand the landscape of identity management. They can help organisations make informed decisions about the best approaches to managing identity and access in their environments.
III. CURRENT PRACTICES IN IDENTITY ACCESS MANAGEMENT
Identity Access Management (IAM) is a crucial aspect of modern-day society, as it plays a key role in determining who has access to what resources and information. In the context of the current practices as a research area, IAM is an active and evolving field, with various approaches and technologies being used to ensure that individuals and organisations can identify themselves in a secure and reliable manner.
According to Thomas & Chandrasekaran (2021), one of the main challenges facing IAM is the need to balance security and convenience. On the one hand, there is a clear need to ensure that only authorised individuals are able to access certain resources and information. At the same time, however, there is also a desire to make the process of identifying oneself as easy and convenient as possible to minimise disruption to users and organisations. This can be particularly challenging in the digital age, where the use of passwords and other traditional forms of authentication may be seen as cumbersome or inconvenient.
To address these challenges, many organisations have turned to alternative forms of identity verification, such as biometric authentication or single sign-on (SSO) systems (Kumar & Bhardwaj, 2020). Biometric authentication involves using physical characteristics such as fingerprints, facial recognition, or voice recognition to verify an individual’s identity. A single login credential allows users to access multiple applications simultaneously with SSO. These approaches can offer a more convenient and secure alternative to traditional passwords, but they also come with their own set of challenges and limitations (Hamza et al., 2020).
One of the main concerns around biometric authentication is the potential for data breaches and identity theft. If biometric data is not properly protected, it can be used to impersonate an individual and gain access to sensitive resources. Additionally, biometric authentication can also be vulnerable to spoofing attacks, where an attacker uses a replica of someone’s biometric data to gain access to a system (Indu et al., 2018). To address these concerns, many organisations have implemented additional security measures, such as multi-factor authentication, which requires users to provide additional forms of verification in addition to their biometric data.
Similarly, SSO systems can also be vulnerable to security risks if not properly implemented and maintained. If an attacker can gain access to a user’s single set of login credentials, they can potentially gain access to multiple applications and systems. To mitigate these risks, organisations should ensure that they have robust security protocols in place to protect against unauthorised access and regularly update and monitor their SSO systems to identify and resolve potential vulnerabilities (Kumar & Bhardwaj, 2020).
In addition to these technical challenges, social and cultural considerations need to be taken into account when implementing IAM systems. For example, the use of biometric authentication may be seen as intrusive or even discriminatory in certain communities, and organisations need to be mindful of these concerns and take steps to address them (Ren & Zhu, 2019). Similarly, the use of SSO systems may raise privacy concerns if users are required to share their login credentials with multiple applications, and organisations need to be transparent about how this data is used and protected.
Overall, the current state of IAM is one of constant evolution as organisations seek to find the right balance between security and convenience in the face of constantly evolving threats and technologies (Hamza et al., 2020). While there are certainly challenges to be addressed, there is also a range of promising approaches and technologies that can help organisations and individuals identify themselves in a secure and reliable manner. Future research in this area will likely lead to even more innovative and effective solutions.
IV. THE FUTURE OF IDENTITY ACCESS MANAGEMENT
Identity access management (IAM) remains a crucial aspect of online security, as it determines who has access to what digital resources and information. As technology continues to advance, the future of IAM will likely involve significant changes in the way that users interact with digital services and information. This section explores ways in which future approaches to IAM can positively affect user experience, including biometric authentication, the adoption of decentralised identity systems, and the integration of artificial intelligence (AI) into IAM systems.
One of the key trends in the future of IAM is the use of biometric authentication methods. Biometric authentication refers to the use of biological characteristics, such as fingerprints, facial recognition, or iris scans, to verify the identity of a user. Biometric authentication has several advantages over traditional methods, such as passwords or security tokens (Eludiora & Kehinde, 2021). For one, biometric authentication is more secure, as it is difficult for someone to steal or replicate a person’s biometric data. Additionally, biometric authentication is more convenient for users, as it does not require them to remember complex passwords or carry around physical tokens (Ren & Zhu, 2019).
Several studies have explored the potential benefits of biometric authentication for IAM. A study published in the Journal of Cybersecurity found that biometric authentication methods, such as facial recognition and fingerprint scanners, are more effective at preventing identity fraud than traditional methods (Mohammed, 2019). Another study published in the journal Human-Computer Interaction found that users had a more positive experience with biometric authentication than with traditional methods, citing increased convenience and security as the primary reasons (Nguyen & Smith, 2021)
In addition to biometric authentication, the future of IAM may also involve the adoption of decentralised identity systems. Decentralised identity systems are not controlled by a central authority but are distributed across a network of nodes (Indu et al., 2018). This adoption has several potential benefits for users, as decentralised identity systems are more resilient to attacks and less vulnerable to data breaches. Additionally, decentralised identity systems can give users more control over their personal data, as they can choose what information to share and with whom (Mohammed, 2019).
One example of a decentralised identity system is blockchain-based identity systems, which use distributed ledger technology to store and manage identity data. A study published in the Journal of Information Security and Applications explored the potential benefits of using blockchain for IAM, finding that it could increase the security and privacy of identity data and improve the efficiency of identity verification processes (Dragoş & Mangiuc, 2019). Another study published in the journal Future Internet found that decentralised identity systems have the potential to enable more inclusive and equitable access to digital services and information, particularly in developing countries where traditional identity systems are often lacking (Cremer et al., 2022)
Finally, the integration of AI into IAM systems could also have a positive impact on user experience in the future. AI-powered IAM systems can use machine learning algorithms to analyse user behaviour and identify potential security threats in real time (Kumar & Bhardwaj, 2020). This can help prevent identity fraud and other types of cyber-attacks and improve the accuracy of identity verification processes.
A study published in the journal Information and Computer Security explored the potential benefits of using AI for IAM, finding that it can improve the security and efficiency of identity verification processes and reduce the workload of security personnel (Zhou et al., 2019). Another study published in the journal IEEE Access found that AI-powered IAM systems can enhance the user experience by providing personalised recommendations and services based on the user’s identity and behaviour (Nguyen & Smith, 2021).
In conclusion, the future of Identity Access Management is likely to involve significant changes in how identity and access management (IAM) systems are designed and implemented. In the coming years, there is likely to be a greater emphasis on using biometric and behavioural data in IAM systems and developing more advanced machine learning algorithms that can accurately identify and authenticate users. (Yahuza & Khan, 2020). In addition to these technological trends, Nguyen and Smith (2021) suggested that the future of IAM is likely to be influenced by several regulatory and compliance factors. As data privacy concerns continue to grow, organisations will be under increasing pressure to implement robust IAM systems that protect sensitive data from unauthorised access. This will require the development of new policies and procedures to ensure compliance with these regulations and standards.
Overall, the future of identity and access management will likely involve significant changes and innovations in how these systems are designed and implemented. With the growing importance of data privacy and the increasing reliance on biometric and machine learning technologies, organisations must adapt and evolve their IAM systems to remain secure and compliant in an increasingly complex and dynamic digital landscape (Thomas & Chandrasekaran, 2021).
Identity access management (IAM) has significantly influenced cybersecurity as a research area in recent years. IAM refers to the processes, policies, and technologies used to manage digital identities and the access rights of individuals to various resources and systems (Cremer et al., 2022). It is an essential component of cybersecurity as it helps to ensure that only authorised individuals have access to sensitive information and systems, protecting organisations from potential threats and breaches.
Over the years, IAM has become increasingly complex due to the proliferation of digital devices, the rise of remote work, and the increasing use of cloud-based systems. As a result, researchers have focused on developing new and innovative approaches to IAM that can effectively manage and secure access to these resources (Jolliffe & Cadima, 2016). This has included the development of new authentication methods, such as biometric and multi-factor authentication, and the use of identity and access management platforms that can automate and streamline the IAM process.
In addition, IAM has also influenced the development of new technologies, such as single sign-on (SSO) and identity as a service (IDaaS), which have made it easier for organisations to manage user access and reduce the risk of unauthorised access. SSO allows users to access multiple systems and resources with a single set of credentials, while IDaaS allows organisations to outsource their IAM functions to a third-party provider (Eludiora & Kehinde, 2021).
Overall, the research in IAM has significantly impacted cybersecurity as it has helped improve access management processes’ security and efficiency. It has also enabled organisations to better protect themselves from potential threats and breaches, ensuring their systems and resources’ confidentiality, integrity, and availability. As the digital landscape continues to evolve, IAM will continue to be a critical research area for cybersecurity as organisations look for ways to manage and secure access to their systems and resources effectively (Cremer et al., 2022).
Ahmad, S., Mehfuz, S., Mebarek-Oudina, F., & Beg, J. (2022). RSM analysis based cloud access security broker: a systematic literature review. Cluster Computing. https://doi.org/10.1007/s10586-022-03598-z
Arora, J., & Dhillon, G. (2019). A review of identity and access management in cloud computing. International Journal of Cloud Computing,. 8(1), 37–57.
Choudhary, A., & Dubey, A. (2020). A review of identity and access management in cloud computing. International Journal of Cloud Computing. 8(1), 58–69.
Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. (2022). Cyber risk and cybersecurity: a systematic review of data availability. The Geneva Papers on Risk and Insurance — Issues and Practice, 47. https://doi.org/10.1057/s41288-022-00266-6
Dragoş, M., & Mangiuc. (2019). CLOUD IDENTITY AND ACCESS MANAGEMENT — A MODEL PROPOSAL. Accounting and Management Information Systems, 11(3), 484–500. http://online-cig.ase.ro/RePEc/ami/articles/11_3_8.pdf
Eludiora, S., & Kehinde, L. (2021). A User Identity Management Protocol for Cloud Computing Paradigm. International Journal of Communications, Network and System Sciences, 04(03), 152–163. https://doi.org/10.4236/ijcns.2011.43019
Hamza, M., Abubakar, H., & Danlami, Y. (2020). Identity and Access Management System: a Web-Based Approach for an Enterprise. Path of Science, 4(11), 2001–2011. https://doi.org/10.22178/pos.40-1
Indu, I., Anand, R., & Bhaskar, V. (2018). Identity and access management in cloud environment: Mechanisms and challenges. Engineering Science and Technology, an International Journal, 21(4), 574–588. Sciencedirect. https://doi.org/10.1016/j.jestch.2018.05.010
Jolliffe, I., & Cadima, J. (2016). Principal component analysis: a review and recent developments. Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences, 374(2065), 20150202. https://doi.org/10.1098/rsta.2015.0202
Kumar, V., & Bhardwaj, A. (2020). Identity Management Systems. International Journal of Strategic Decision Sciences, 9(1), 63–78. https://doi.org/10.4018/ijsds.2018010105
Mohammed, I. A. (2019). CLOUD IDENTITY AND ACCESS MANAGEMENT — A MODEL PROPOSAL. International Journal of Innovations in Engineering Research and Technology, 6(10), 1–8. https://repo.ijiert.org/index.php/ijiert/article/view/2781
Nguyen, K., & Smith, A. (2021). Identity and Access Management in Financial Services: A Review.”.
Ren, Y., & Zhu, F. (2019). Identity Management and Access Control Based on Blockchain under Edge Computing for the Industrial Internet of Things. Applied Sciences, 9(10), 2058. https://doi.org/10.3390/app9102058
Thomas, M. V., & Chandrasekaran, K. (2021). Identity and Access Management in the Cloud Computing Environments. Identity Theft: Breakthroughs in Research and Practice. https://www.igi-global.com/chapter/identity-and-access-management-in-the-cloud-computing-environments/167219
Yahuza, M., & Khan, S. (2020). Systematic Review on Security and Privacy Requirements in Edge Computing: State of the Art and Future Research Opportunities. IEEE Access, 8, 76541. https://www.academia.edu/51172195/Systematic_Review_on_Security_and_Privacy_Requirements_in_Edge_Computing_State_of_the_Art_and_Future_Research_Opportunities