ORSYS le mag 2025 logo

The training and skills medium

Home > Cybersecurity glossary > IAM (Identity and Access Management) 🟢 Protection

IAM (Identity and Access Management) 🟢 Protection

Identity and access management (in English IAM or Identity and Access Management) is an area of cyber security that encompasses the processes and technologies used to control user access to the resources of an information system.

In other words, IAM answers the following questions:

  • Who has access to what?
  • When and how is this access authorised?
  • What what actions can this user perform?

 

Definition and operation of IAM

IAM is a set of processes and technologies that enable companies to manage digital identities and control access to systems, networks and resources.1. It has two main components:

  1. Identity management Verifies the identity of users based on information stored in a database.
  2. Access management Use verified identity to determine access rights to the company's various resources.13.

IAM operates on three pillars:

  • Authentication Checks the user's identity.
  • Authorisation Resources: Determines the resources to which the user has access.
  • Management : Supervises and analyses IAM processes to ensure security and compliance3.

🎯 IAM objectives

  • Enhanced security : protect data and systems against unauthorised access, intrusions and data breaches.
  • Regulatory compliance : comply with data protection standards and regulations (RGPDHIPAA, etc.).
  • Increased efficiency : simplify access management and reduce administrative costs.
  • Improved productivity : facilitating users' access to the resources they need to work.

👉 Types of IAM solutions

IAM solutions can be deployed in different ways:

  • On site
  • In the cloud
  • Hybrids (combination of the two above)

 

Benefits of IAM

  1. Enhanced safety access to sensitive resources is restricted to authorised users only.
  2. Simplified access management Automate user provisioning and deprovisioning processes.
  3. Improving operational efficiency : Reduces the administrative workload for the IT team.
  4. Regulatory compliance : Facilitates compliance with security and data protection standards.
  5. Enhanced user experience : Allows you to set up a single sign-on (SSO) for simplified access to applications.

 

  Disadvantages of IAM

  1. Complexity of implementation This may require major changes to the existing IT infrastructure.
  2. High initial costs Implementing a robust IAM solution can represent a substantial investment.
  3. Single point of failure risk If the IAM system is compromised, this could potentially expose all the company's resources.
  4. Training needs IAM: employees and IT staff must be trained to use the IAM system.
Back to Glossary

field of training

Cybersecurity

associated training

Systems and network security, level 1

Hacking and security, level 1

Information systems security, summary

BEST

Towards the ORSYS Cyber Academy: a free space dedicated to cybersecurity