Identity and access management

Ensuring that only authorised users or systems can access data or services.

Identity and access management

Control who and what can access your systems and data.

Access to data, systems and services needs to be protected. Understanding who or what needs access, and under what conditions, is just as important as knowing who and what needs to be kept out.

You must choose appropriate methods to establish and prove the identity of users, devices, or systems, with enough confidence to make access control decisions.

What are the benefits?

  • only individuals and systems that are authorised to have access to data or services are allowed to do so
  • having the identity and access management set up correctly across an organization, provides a more efficient workplace
  • smoother collaboration with customers, suppliers, and partners
  • more effective security monitoring and other controls that require identity and access management to function effectively

What should you do?

  • develop appropriate identity and access management policies and processes
  • consider multi-factor authentication for all user accounts
  • use MFA and other mitigations for privileged accounts
  • employ security monitoring to detect potential malicious behaviour

Related links