In a nutshell: What IAM, IDM and DAG are all about
IAM, IDM and DAG – you are probably familiar with these abbreviations if you deal with IT security, compliance and the allocation of authorizations and access within a company. But what exactly do these terms mean? What role do identities play? And what is user provisioning? We will give you a brief insight.
Identity and Access Management (IAM) – What is it?
Managing the identities of employees and their access rights within the company is the task of identity and access management. IAM is one of the most important prerequisites for ensuring data compliance. This is because every person within a company is linked to a digital identity in order to make it possible to trace who (via different accounts) has access to which data, folders and systems and when. It is therefore a system based on roles and rules.
However, it is often challenging to manage this and keep it up to date at all times – and the trend is increasing as the size of the company grows. To support the IT department in this complex process, you can use specialized software tools. These automate identity and authorization assignments and also ensure a comprehensive overview of current situations through monitoring and reporting.
Identity Management (IDM) and Access Management (AM) considered separately?
The abbreviation IDM stands for the first aspect of Identity and Access Management. Specifically, IDM refers to the permanent control of assigned digital identities – the who and where. Who has access to which systems with which accounts? And is the access authorization currently (still) required? The aim is to standardize and automate the management of users and authorizations and, for example, the provision of IT services such as file services or mailboxes.
The second aspect of access management is the implementation – the how. How is it possible to grant access rights to authorized persons or groups? And who grants authorizations? Access management also includes the option of requesting authorizations via self-service.
Which existing authorizations can you remove? In practice, this decision is often difficult for those responsible. This can mean that authorizations that are no longer required are not removed due to the time-consuming differentiation.
What is user provisioning?
User provisioning is the provision of access for users. Ultimately, this means that users receive access that matches their current digital identity. The difficulty in ensuring this lies with the IT administration, as personnel and structural changes within an organization require regular adjustments.
Data Access Governance (DAG) – What is it?
This term is also often used in connection with IAM: Data Access Governance – the management of data access. This includes the control and assignment of access authorizations to unstructured data, such as file servers or SharePoint. Compared to role-related, more static rights (such as in identity management), data access governance requires dynamic and often short-term changes.
The idea: The aim here is also to create standardized structures and guidelines for handling data in order to ensure data security and company compliance. This goal – or rather this process – can only be achieved if the internal guidelines are continuously maintained and constantly monitored by designated persons.
The obstacle: A weakness compared to identity and access management: Existing access authorizations, i.e. the digital identity of users, are not recorded and compared centrally. This can lead to an accumulation of assigned authorizations that become obsolete, e.g. when changing departments, but still exist.
An automated solution for managing access rights in combination with a regular check of existing rights provides a remedy and significantly reduces the workload of the IT department.
