This article can also be found in the Premium Editorial Download "Information Security magazine: Seven questions to ask before committing to SaaS."
Download it now to read this article plus other related content.
As the mix of systems, portals and applications-- whether Web-based, client-server or mainframe-- becomes increasingly complex, the need for tighter access control will grow as companies work to meet compliance demands. This will require the type of fine-grained entitlement management not currently found in IAM suites. Entitlement management further restricts access to systems and applications beyond just the types of roles and groups in traditional access management systems. It can involve restricting access based on time of day, geographical location or even type of transaction.
Compliance requirements are also affecting the growth of the IAM suite in the area of multifactor authentication. An example is the directive in 2005 from the Federal Financial Institutions Examination Council (FFIEC) recommending two-factor authentication for Web-based banking. So not only do IAM suites have to handle standard user IDs and passwords, they're now expected to handle smart cards, one-time password (OTP) tokens and even biometrics.
This trend will grow as IAM suites will also have to bear the burden of the integration of logical and physical security, much of it underpinned by smart cards and other two-factor authentication devices.
The evolution of IAM suites is driven both by the natural trend of consolidation in
| all industries and market demand for compliance tools. Compliance doesn't equal security but, for better or worse, compliance is king, and IAM suites are just following the lead.
This was first published in May 2008