Identity and Access Management

Transcript

1. IDENTITY AND ACCESS MANAGEMENT By Tracy Magoma

2. WHOAMI Principal Officer, Cybersecurity GRC at Safaricom PLC Mentor –

   SheHacksKE Mountaineer Avid Reader Home Chef

3. TOPICS TO BE COVERED 1. Introduction to IAM 2. Core

   Components of IAM 3. Key Principles of IAM 4. IAM Lifecycle 5. Common IAM Technologies 6. Identity Governance 7. The Future of IAM

4. INTRODUCTION TO IAM IAM – Identity and Access Management Set

   of policies, processes, and technologies used to ensure that the right individuals have the appropriate access to resources in an organization Benefits 1. Enhanced Security 2. Regulatory Compliance 3. Operational Efficiency 4. Streamlined User Experience 5. Better Visibility & Control

5. CORE COMPONENTS OF IAM Authentication Verifies a user’s identity before

   granting access. Example: Passwords, biometrics, tokens. Authorization Determines what resources a verified user can access. Example: Role-Based Access Control (RBAC) or policy-based permissions. User Management Handles user accounts and access throughout their lifecycle. Example: Includes onboarding, modifying roles and deprovisioning when users leave. Directory Services Stores and manages digital identities in a centralized system. Example: Active Directory, LDAP

6. KEY PRINCIPLES OF IAM 1. Least Privilege - Grant users

   only the access they need, nothing more. 2. Role-Based Access Control (RBAC) - Assign permissions based on job roles. 3. Separation of Duties (SoD) - Split critical tasks to prevent abuse or fraud. e.g., one person approves, another executes. 4. Zero Trust - “Never trust, always verify”. Every access request must be authenticated and authorized.

7. IAM LIFECYCLE Provisioning: Create and assign access for new users.

   Modification: Adjusting access as roles or responsibilities change. Deprovisioning: Revoking access when users leave or no longer need it. Review: Regularly review and update user access rights.

8. COMMON IAM TECHNOLOGIES Single Sign-On (SSO) Users log in once

   to access multiple applications securely. Directory Services Store user identities (e.g., Active Directory, LDAP). Privileged Access Management (PAM) Protects and monitors access for high-level accounts. Federation Services Enable trust between domains (e.g., SAML, OAuth, OpenID Connect).

9. IDENTITY GOVERNANCE Identity Governance is the “oversight” layer of IAM

   It ensures policies are followed and access remains appropriate over time. Key Components • Access Reviews - Regular checks that users still need their permissions. • Access Certification - Formal approval from managers or system owners. • Policy Enforcement - Automated rules that prevent policy violations. • Audit & Reporting - Evidence for compliance.

10. THE FUTURE OF IAM Automation  Routine IAM tasks (like

    provisioning, deprovisioning, and access reviews) will become fully automated. Artificial Intelligence  AI-driven analytics will identify abnormal login behaviors and potential insider threats in real time. Passwordless Authentication  Rapid move toward biometrics, tokens and FIDO2 standards, eliminating passwords entirely. Zero Trust  Ensure that every access request is continuously verified, making identity the central control point for securing all resources in dynamic and cloud-first environments. Cloud-Native IAM  Shift toward cloud-based identity-as-a-service (IDaaS) solutions for hybrid and multi-cloud environments.  Seamless integration across platforms like AWS, Azure and Google Cloud.

11. THANK YOU