1 Introduction
As we are approaching the 2020s, Identity and Access Management (IAM) has already been implemented and deployed in many companies for decades. The management of identities, their lifecycle and the access to resources (applications, infrastructures, roles or authorizations) typically originated in the classical enterprise environment. HR management systems often served as a data source and a supplier of the respective current master records, which were then transferred to the IAM and from there to supplied systems. While the first installations mainly focused on improving administrative efficiency, over time the security aspect came more into focus, as well as obtaining a comprehensive overview of the authorizations granted.
Over time the role and importance of IAM have changed. As the level of global connectivity increases, the protection of stable, trusted digital identities becomes even more important. The administration of identities, user accounts and access rights for thousands to millions of users is a pivotal factor for secure access to applications and systems, for tailor-made authorization to hybrid IT according to the "need to know" or "least privilege" principle.
As a result, an IAM prevents unauthorized access to networks, data and applications and is therefore a key component of a company or group-wide IT security infrastructure.
Modern and up to date IAM concepts, architectures and processes must ensure that all access to systems is uniformly administered and monitored, regardless of whether it is standard access, highly privileged access, or personalized or non-personalized access. The challenges associated with such a requirement are considerable. A consistent implementation for the fulfilment of these requirements must be reflected in an appropriate architecture, which in turn must represent a valid portion of an overall IAM architecture.
Well-defined processes and systems used consistently ensure user insight and control. Companies can manage and monitor which user is allowed access using which authentication and actually uses it. This enables a company to recognize when misuse has occurred and prevent it.The trustworthy and well-documented documentation of the existence and continuous implementation of such processes is an essential prerequisite for proving compliance with legal, regulatory or industry-specific requirements.
But the changes go further, because IAM has long since gone beyond IT security and compliance. New identities, especially of partners, customers and consumers, make a next generation IAM an indispensable component that advances business performance, digital transformation and, last but not least, competitive advantage.
Digital Transformation affects all businesses, and Digital Transformation is changing IT in businesses fundamentally. Business workloads are shifting to the cloud and to as-a-service models. Businesses provide digital services to their customers and consumers via apps and integrate with devices and things. Business models are changing, customer relations are changing, and business partnerships are far more volatile than ever before.
Digital Identities are moving to the center of attention in this transformation. Without the ability to manage and control the access of everyone to every service, businesses will fail in their transformational initiatives. No business is unaffected by the Digital Transformation. Businesses and their leadership teams are challenged by the need for continuous innovation of both technology and business models as well as ubiquitous change in business partnerships and internal organizations.
KuppingerCole provides a comprehensive IAM/IAG Reference Architecture as the common denominator for describing a building block-based approach for individual architecture designs. This document defines a versatile and dynamic architecture blueprint for designing and continuously refining a standardized yet flexible next-generation IAM infrastructure, tailor-made for organizations within the hybrid reality of today’s digitalized world.
The reader and user of this document should of course be aware that this document does not provide a directly applicable architecture for any purpose. Rather, this document is intended to provide a new, significantly changed view of identity management that is appropriate for the digital enterprise and its services in a baseline document (Blueprint). With this guiding principle and the underlying concepts, companies, integrators, manufacturers and all other stakeholders will be given a resilient framework for the development of individual, but integrable and future-proof infrastructures.