Identity and Access Management vs. Identity and Access Governance

Identity and access management and identity and access governance are two similar terms which are often used in the tech world, which can be quite confusing. What do they mean? Are they the same thing? What do they encompass, and what can they do for my organization?

First, while the terms are similar, they do not mean the same thing. Identity and Access Governance (IAG) is the larger umbrella term. It refers to a process that allows organizations to monitor and ensure that identities and security rights are correct, as well as managed effectively and securely. It encompasses everything from business, technical, legal and regulatory issues for organizations. Identity and Access Management (IAM), on the other hand is only one component of IAG. IAM as a term is the technology for managing these user identities and their access privileges for various systems and platforms. There are then many components that make up of the concept of IAM.

Here are some of the many components that make up identity and access management.

• Account Management - This is the management of creating accounts, making changes when necessary, and disabling accounts once the end user is no longer with the organization. IAM solutions allow organizations to automate these processes so that they need only to make a change in the source system and all connected systems and applications will automatically be updated.

Role Based Access Control/ Access Governance - Another component of IAM is the management of access rights. Within an organization there are many different types and levels of access that employees may have, and employees need to have access to the correct systems and applications to perform their jobs. The primary function of access management is to guarantee that users can only access applications and network resources that are strictly necessary for their work within the organization.

• Compliance Management - This component is used to monitor what is taking place in the IT infrastructure, and making the appropriate changes. All user actions are stored and can be correlated to the access privileges that have been assigned. The relevant data is collected, correlated, analyzed and reported for audit purposes. The findings can also be used to refine IAM rules and to control processes. You can read more about compliance management in our blog post 'Why organizations need automated reporting'.

• Password/ Authentication Management - This component is used to verify whether a user’s identity matches the person he or she claims to be. This includes traditional methods, such as user name and password combinations that include single sign-on, self-service password resets, password complexity and password synchronization. It also encompasses more recent authentication methods like biometrics, two-factor authentication and portal SSO.

Overall, it is important to understand the many components of IAM and IAG so as to determine which of them can be helpful to your organization. Many of these components can assist your organization in automating processes and making them more efficient for your employees.

Battle of the email solutions: Exchange vs. Google Apps

In the industry I am in, with the job functions I perform daily, I see more and more organizations moving from an in-house email solution such as Exchange to cloud-based email solutions like Office 365 and Google Apps. This is due to many reasons and an easy way to see why is to compare Exchange and Google Apps.

Read more


Identity en Access Management

automated account management, cloud based email solutions, Compage Exchange and Google Apps, compare cloud based email solution, compare email solutions, Exchange, Google Apps

How to manage credentials the easy way

A seemingly simple, yet tedious task for anyone in the information technology field is credential management. End users are given usernames and passwords for various systems in an organizations environment, and the hope is that the end users can manage these credentials with very little issue or assistance.

Read more

Account Management in Education: How Can It Be Improved?

Many school districts and even some higher-learning institutions have their technological infrastructure run by a skeleton crew due to things such as politics and budgetary constraints. Situations such as this can often lead to many issues within the organization: Lack of network resources for end users Inability to properly support end users and systems No time to research and implement newer technology This causes frustrated overworked admins to think outside the box and turn to other solutions, such as software-based, automated or semi-automated identity management.

Read more

Group Policy Object; What is it and how can it allow for seamless deployment of software

In any organization from a small business to a large enterprise, control over user’s access to various resources on the network is a key component of managing the corporate environment. Access to resources such as network shares and printers to things such as settings on local stations, are just some of the items an administrator wants to manage centrally and cohesively. A common method to manage domain resources like this is via Group Policy in Active Directory.

Read more

What is the Next Step in the Evolution of the Password?

Passwords are the most common form of authentication and the current de-facto standard. In fact, passwords have existed in tech since the early 1960’s when they were implemented at MIT for the time sharing system on their computer systems for researchers. In order to allow multiple researchers to have their own personal “profile” when logging in each user was given a login name and password. This allowed each registered user to access the system for their weekly time allotment.

Read more