Is Identity and Access Management Part of IT or Cybersecurity?
According to a Verizon investigation, more than 4 billion digital records were exposed in the first half of 2019 alone. Most breaches that involved hacking were due to weak or compromised user credentials. Most hacks occurred at the password level.
With cloud technology, mobility and remote jobs on the rise, information technology professionals have less control over workers’ access to sensitive data. Even worse, the sprawl of user identities often extends to partners, contract workers, customers and vendors.
User groups at various levels need their own set of requirements and restrictions. Not only that, but users are signing in from a range of devices such as smartphones, laptops and tablets. Every time a user logs in, onboards, offboards, resets a password or changes jobs within a company, sensitive data is put at risk.
That’s where identity and access management, or IAM, comes in. This highly specialized offshoot of IT focuses more narrowly on cybersecurity.
IAM professionals primarily ensure that only authorized programs, users and devices are connected to one another. They manage ever-changing user identities as users come and go. They authenticate all users and allow or disallow access at every point of entry. When employees leave a company, credentials are immediately removed.
IAM systems even create behavior baselines to reflect typical usage. For instance, if a location or device is out of the ordinary for a specific user, IAM notices.
In short, IAM provides an extra layer of security that no business, large or small, can function without these days. Worldwide, cybercrime costs are expected to reach $6 trillion annually through 2021. Businesses are vulnerable to monetary theft, theft of intellectual property, data destruction, personal identity theft, fraud, a damaged reputation and a host of other evils.
There are other benefits in addition to enhanced security. A centralized IAM platform saves time, man-hours and costs because it’s all automated. Administrators don’t have to manually grant permission each time a user wants to access a database, network or application.
Also, governments and industries are getting stricter all the time with security and privacy regulations. IAM enforces policies and closely monitors compliance, which could save companies millions of dollars in fines.
For all those reasons, more and more businesses are creating IAM teams. Skilled IAM professionals are in hot demand.
IT or Security?
In its infancy, IAM was usually a small, specialized department functioning under the overall IT strategy. IAM team members traditionally reported to the chief information officer.
As cybercrime became more frequent and more sophisticated, IAM gradually became a distinct discipline. The gap between IT and IAM seems to be getting even wider.
Many longtime IT professionals are simply not trained in the cutting-edge technology, engineering, software development and security improvements that are vital to strong IAM.
In big corporations that can afford a larger security staff and a chief security officer, IT directors have less and less to do with identity strategies. Many IT departments these days have no ownership at all over IAM, and IAM employees report to the CSO.
CSOs are more intimately familiar with internal controls requirements, threat and risk management processes, and cybercrime prevention strategies. CIOs are typically more outward-facing, technology focused, and less concerned with security than a CSO would be.
In smaller companies, the lines get somewhat blurrier, and who reports to whom really depends on how things are structured. Some smaller firms merge two executive jobs; CIO and CSO become CISO, or chief information security officer.
At any rate, IAM largely functions under the security category.
A Fast-growing Career With Diverse Opportunities
It’s estimated that half a million specialists are needed in the cybersecurity sector. That’s just in the U.S.
Unlike other specialized fields, such as nuclear medicine or aerospace engineering, IAM has opportunities across countless sectors and industries. Who doesn’t need first-rate cybersecurity?
Every day, IAM is being designed and implemented for medical settings, banks, universities, government agencies, real estate firms, insurance companies, human resources departments, software companies and retail stores. Businesses from startups to major corporations seek top talent.
That gives job seekers in IAM numerous choices that they wouldn’t have in other fields.
Jobs in IAM
There are both technical and nontechnical jobs in this burgeoning field.
Strong technical skills are needed in system design, architecture and engineering; implementation; database and operating system management; system integration; software development; and programming.
Nontechnical jobs include project planning and management, risk assessment, identity management training, compliance, auditing, data analysis, advisory and consulting.
These are some of the most popular jobs:
- System architect
- System engineer
- Access control specialist
- Data protection specialist
- Identity protection adviser
Most require a bachelor’s degree with a focus on higher education in a computer-related field, and job-specific certifications. A strong background in IT is a great launching pad for technical IAM roles, however, nontechnical IAM professionals such as governance experts, auditors, risk managers, process re-engineering staff, compliance professionals, data protection officers, and identity theft protection advisors also contribute greatly to the IAM field with their diverse professional background and experience.
There are enough jobs to go around at just about every level, and salaries range anywhere from $35,000 to $200,000. IAM is an ideal career for creative types with extensive computer knowledge.
Identity and Access Management Certifications
Identity Management Institute offers distinct identity management certifications for each set of inter-related IAM roles listed above and others. Click below to learn more.