Employees in organizations need access to various resources (e.g. groups, applications, systems …) for their tasks. Managing these accesses is a challenge because the requirements are always changing as soon as new applications are added or users require additional access permissions.
Often, in this context, the terms ” permission management ” and ” identity access management ” are used in the same breath to describe the management of permissions on a system. Although the German Federal Office for Information Security, or BSI for short, combines the terms under the umbrella term “identity and access management”, in practice there is a clear separation of the two systems, as there are some differences between the two solutions.
In this article, we want to clarify the meaning of the two terms and show how the two systems differ and whether there is a dependency on the size of the company.
What is Permission Management?
With an permission management or permission management application, we can generally manage access to various resources, such as groups, applications or systems for users who need to access these resources. In most companies, the Active Directory is in the foreground, which largely “caps” the administration of resources. Other possibilities that a “classic” permission management brings with it include:
- Intuitive administration of permissions for individual systems, e.g. the Active Directory or various file servers
- Automated implementation of permission requests
- Automation of audit-proof permission reporting for individual systems, e.g. the Active Directory or various file servers
However, should the requirements become more complex over time, the limits are quickly reached. Despite the advantage of having a high degree of standardized processes and procedures for creating group and role structures, a standardized permission management system is not sufficient for more complex workflows and/or additional systems due to rigid structures.
If you reach this point, you need to think about establishing a suitable additional solution or replacing the permission management system.
Download our Whitepaper!
In it, you will learn all the necessary steps to successfully implement an IAM system.
What is Identity Access Management?
Identity and Access Management (IAM) deals with the central administration of identities and access permissions on various systems and applications used in the company. However, the administration goes beyond standardized processes and procedures, both in terms of complexity and functional scope. As soon as more complex requirements become necessary, the establishment of an IAM solution should come to the foreground.
All processes and applications that address user-related permissions in the company – from the application and approval process to the allocation of resources and permissions – can be mapped and evaluated more comprehensively using an IAM solution.
However, the introduction of such a solution is often time-consuming and cost-intensive, which is why some companies “shy away” from investing in an IAM. In the short term, however, not only the costs should be considered, but also the positive effects that result from the optimization and automation of processes within user management and user lifecycles in the long term. A cost-benefit analysis can certainly be helpful in the decision-making process.
An identity and access management system offers the following additional possibilities, among others:
- Management of all persons and accesses in the company
- Mapping of the complete user life cycle (entry, exit, change, downtime …)
- Management of all permissions on systems and applications in use
- Mapping of complex approval processes and workflows
- Automation of application and approval processes
- Audit-proof documentation of all applications, approvals and actions performed
An IAM can help, especially in large corporate environments, to bundle the multitude of individual, decentralized access processes and bring them into line with the company’s internal guidelines. In this context, IAM is not solely an IT issue, but rather has an impact on the entire company. The central management of permissions and identities, coupled with a clear structure, processes and self-services, minimizes the risk of unauthorized access to important data by both internal and external persons.
Are you looking for professional advice?
Do you need support with the introduction of an IAM system? Feel free to contact us!
What is the Difference?
We have now become more familiar with the two terms or topics ” Permission Management” and “Identity and Access Management” and discussed their advantages and possible applications. But what exactly is the difference between these two topics?
While permission management focuses on the access control of the individual systems and rather “looks” at the applications and their permissions, identity and access management goes one step further. IAM additionally considers the user to whom access is granted and his or her state as a whole and combines all permission assignments under one interface. It also offers more flexibility in terms of processes, procedures and complex workflows.
Although both approaches overlap in their capabilities ( permission control, reporting, automation), it can be said that permission management is only one part of identity and access management. The IAM is not only capable of bundling several permission administrations and integrating them into the overall concept of corporate data protection, but also considers the persons to whom the permissions are assigned and can control their status, independent of their accesses.
Thus, an IAM not only increases IT security (e.g., by automating workflows) and improves compliance (by providing complete documentation of all processes), it also improves employee productivity (by providing uniform self-services) and reduces IT costs in the long term (by replacing multiple solutions with a uniform system).
In conclusion, both solution options have their raison d’être! Depending on the customer’s needs, the right system must be implemented, whereby the use of an IAM application already covers future requirements.