Identity and access management (IAM) is a framework that businesses use to address how they manage digital identities. An IAM framework includes technologies, policies and business processes that support better visibility into who users are and more control over what resources they can access. While it may seem a bit abstract, IAM is a critically important issue for organizations given increasing cybersecurity threats, pressure to protect corporate intellectual property, and regulatory scrutiny.
IAM asks questions such as:
- How do we manage the unique identities of our users and devices?
- How do we authenticate those identities to ensure they have the right credentials?
- Who is allowed access to which corporate resources?
- What is our mechanism for authorizing access and monitoring or changing permissions?
With IAM tools, you can automate many of these aspects of identity management and get more granular control over who has permission to access corporate resources—whether that’s employees, business partners or customers. Increasingly, businesses are using capabilities like biometrics and AI to facilitate IAM, as well as security processes like multifactor authentication (MFA).
Why is IAM important?
Data and intellectual property are often an organization’s most valuable resources. Securing those resources and preventing unauthorized access are vital. According to a survey by Dimensional Research, sponsored by the Identity Defined Security Alliance (IDSA), identity-related security breaches have been on the rise. Eighty-four percent of surveyed firms suffered an identity-related breach in the prior 12 months.[1]
Companies now have to manage and secure more digital identities than in the past, and cybersecurity threats have become more sophisticated. Many of the older approaches to IAM are no longer adequate. So, organizations are making changes to move toward zero-trust security postures.
Modern IAM solutions can support a zero-trust posture by enabling greater control of identities and permissions. An IAM framework should include the following components:
- Identity lifecycle management
- Authentication services like MFA
- Authorization based on role-based access control or attribute-based access control
- Authorization based on resource hierarchy defined by the administrator
- A central repository for user identities and data
- Monitoring and auditing
When you have these components in place, your IAM framework will help ensure that only authorized users can access your critical resources—and only the resources you grant them permission to access.
What are the benefits of IAM?
Having a robust identity and access management framework offers several benefits:
- Greater security: By streamlining digital identities, you minimize risk and reduce the number of potential exposure points for your resources. Better IAM helps you prevent data breaches, phishing attacks and malware, among other threats.
- Centralized control: IAM enables role-based-access control (RBAC) of how people authenticate their identities and who can access what. You can set up access rules aligned to your company’s needs and manage them in a centralized platform.
- Regulatory compliance: Greater visibility and control of your resources enable you to adhere to regulatory requirements in your industry or region.
- Auditability: With modern IAM solutions, you can record every action a user performs, including who made a change, what the change was and when it happened. This level of accounting ensures greater visibility as well as traceability in the event of a breach or misuse of resources.
It’s also advantageous for employees or customers to engage with companies that have good identity and access management. Having a single credential and more secure authentication makes it easier to access resources while protecting their security.
Simplifying your experience with Equinix digital services
Equinix is always evolving our services to offer a more seamless user experience that incorporates industry best practices around security of corporate assets. For Equinix digital services users, we’ve been working to implement the latest IAM methods and tools and simplify both identity and access management. We’ve updated our IAM approach to make it faster and easier for Equinix users to access the resources they need securely.
Identity authentication for Equinix digital services
For Equinix solutions and services, we now have single sign-on (SSO) based on the user’s email address. When you log into an Equinix portal with your email address, you automatically have access to the Equinix platform.
New customers will automatically enabled for email-based authentication. Existing Equinix customers can transition to this single-credential system through self-service migration. The next time you log in, you’ll be prompted to migrate your credentials to email-based authentication, and from there you’ll be able to link your existing profiles to the new email-based credential. From that point forward, you’ll log into Equinix portals with SSO using your email address.
For authentication, you also have the option to enable and manage your use of MFA, including changing your MFA method, generating a recovery code or deactivating MFA on your account.
Access management for Equinix digital services
The current industry best practice for access management is role-based access control. Instead of granting specific permissions for every resource or activity, this model involves creating roles that are assigned a set of permissions that determine access to resources within your organization.
For Equinix digital services, we’ve implemented RBAC (Role-based access control). An administrator defines the resource hierarchy of their organizational resources and then uses RBAC for that resource hierarchy. Permissions assigned on a resource are inherited to all the child resources.
Assigning access privileges based on a user’s job or role in an organization can simplify access management. Instead of assigning access privileges one by one, administrators can control access based on job requirements or job level. Additionally, RBAC controls can specify whether a user class can view, create, or modify files, to make it easier to manage and control access to organizational resources. Organizations may use roles pre-defined by Equinix such as End Customer Fabric Manager, Network Edge Viewer, Fabric Cloud Router Manager, Fabric Connection Manager, etc., as well as administrative roles such as Org Admin, Project Admin and Finance Admin. You can also define custom roles at the root organization level.
This method offers simpler management and control for organizations. It’s also hierarchical in nature, such that users assigned to an organization automatically inherit access to organizations and projects nested under the given role. In other words, if a role is given access to certain resources, that access will be applied to child resources too.
With these new IAM updates for Equinix digital services, users can have a single credential and clearly defined access permissions based on their identified roles. We believe this will make it easier to get the security and control required to safeguard your organizational assets.
Learn more about identity and access management at Equinix on our IAM webpage.
[1] Robert Lemos, 80% of Firms Suffered Identity-Related Breaches in Last 12 Months, June 22, 2022.