Critical Analysis: Literature Review on Identity and Access Management
VerifiedAdded on 2023/04/20
|30
|8586
|223
Literature Review
AI Summary
This literature review provides a comprehensive overview of Identity and Access Management (IAM), emphasizing its importance in modern business environments. It begins by defining key concepts such as identity, access, and entitlements, and then delves into the evolution of IAM and its role in securing access to organizational resources. The review highlights the benefits of IAM in future technologies, including managing access through social IDs and ensuring secure single sign-on (SSO). It also discusses the significance of IAM in reducing security costs, managing authentication across heterogeneous technologies, and enabling efficient operations. The review concludes by underscoring the need for a centralized approach to IAM to effectively manage user identities and access rights, ensuring the security of IT systems and sensitive information.
Running head: LITERATURE REVIEW
Literature Review: Importance of Identity and Access Management
Name of the Student:
Name of the university:
Literature Review: Importance of Identity and Access Management
Name of the Student:
Name of the university:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1LITERATURE REVIEW
Table of Contents
Chapter 2: Literature Review...............................................................................................2
2.1 Introduction:..............................................................................................................2
2.2. Research/Definitions.................................................................................................3
2.3. Theories and Models:.............................................................................................15
References..........................................................................................................................24
Table of Contents
Chapter 2: Literature Review...............................................................................................2
2.1 Introduction:..............................................................................................................2
2.2. Research/Definitions.................................................................................................3
2.3. Theories and Models:.............................................................................................15
References..........................................................................................................................24
2LITERATURE REVIEW
Chapter 2: Literature Review
2.1 Introduction:
The company’s existing in today’s world is seen to be much more concerned about the
value chains which are seen to be complex in nature which are also necessary for the integration
as well as for offering a wide range of information system. This has initially made the lines
existing amongst the service providers as well as the users and amongst the competitors blurred,
for this reasons the companies are having an increased need of implementing the efficient and
flexible business processes get focused upon various electronic exchange of the data as well as
information. For this reason this type of processes requires an identity and access management
system (IAM) which is much more reliable. IAM generally refers to the process which is
associated with managing the information and who is having access to what information. The
IAM activities generally includes the creation of the identities for the users as well as for the
system.
The IAM has seen to have recently emerged as one of the critical foundation so as to
realize the various benefits of the business which are mainly related to saving of costs,
controlling the management, efficiency of the operations and most important is the growth of the
business for e-commerce. There is also a need of managing the process of access by the
enterprises to the various information and the application that are seen to be scattered all across
the internal as well as the external application systems. Additionally there is also a need of
providing the access for the identities that are increasing day by day, both in the inside and
outside the organization. This is to be done by maintaining the security as well as by preventing
leakage of any sensitive information.
Chapter 2: Literature Review
2.1 Introduction:
The company’s existing in today’s world is seen to be much more concerned about the
value chains which are seen to be complex in nature which are also necessary for the integration
as well as for offering a wide range of information system. This has initially made the lines
existing amongst the service providers as well as the users and amongst the competitors blurred,
for this reasons the companies are having an increased need of implementing the efficient and
flexible business processes get focused upon various electronic exchange of the data as well as
information. For this reason this type of processes requires an identity and access management
system (IAM) which is much more reliable. IAM generally refers to the process which is
associated with managing the information and who is having access to what information. The
IAM activities generally includes the creation of the identities for the users as well as for the
system.
The IAM has seen to have recently emerged as one of the critical foundation so as to
realize the various benefits of the business which are mainly related to saving of costs,
controlling the management, efficiency of the operations and most important is the growth of the
business for e-commerce. There is also a need of managing the process of access by the
enterprises to the various information and the application that are seen to be scattered all across
the internal as well as the external application systems. Additionally there is also a need of
providing the access for the identities that are increasing day by day, both in the inside and
outside the organization. This is to be done by maintaining the security as well as by preventing
leakage of any sensitive information.
3LITERATURE REVIEW
The IAM mainly consists of peoples as well as products and process which are needed
for managing the identities as well as the access to various kind of resources that an organization
is having and the IAM framework for the various processes of an business is associated with
facilitating the process of managing the electronic identities, this framework is also associated
with including the various technological needs as well which are mainly needed for supporting
the process of identity management. The IAM which are controlled poorly might be associated
with leading to regulatory non-compliance and the reason behind this is that in case if any of the
organization is audited then the management would not be capable to proving the fact that
company data is not facing any kind of risk related to misuse.
2.2. Research/Definitions
The definitions of the key concepts in the IAM are listed below:
Identity: The components or the combination of the components that merely defines the
devices or the person is called the identity. It can be stated as the password or any other personal
data or the combination of these that are known.
Access: The data which represents the right that the data was granted to a particular
person is known as access. This data of the access privilege can be granted to allow the users to
operate transactional operations at different levels. Few examples of the transactional operations
are add, delete, copy, approve, transfer, change and cancel.
Entitlements: The set of access privilege that are to operate the transactional operations is
called the entitlements. The word entitlement is generally used with the access privilege.
The IAM mainly consists of peoples as well as products and process which are needed
for managing the identities as well as the access to various kind of resources that an organization
is having and the IAM framework for the various processes of an business is associated with
facilitating the process of managing the electronic identities, this framework is also associated
with including the various technological needs as well which are mainly needed for supporting
the process of identity management. The IAM which are controlled poorly might be associated
with leading to regulatory non-compliance and the reason behind this is that in case if any of the
organization is audited then the management would not be capable to proving the fact that
company data is not facing any kind of risk related to misuse.
2.2. Research/Definitions
The definitions of the key concepts in the IAM are listed below:
Identity: The components or the combination of the components that merely defines the
devices or the person is called the identity. It can be stated as the password or any other personal
data or the combination of these that are known.
Access: The data which represents the right that the data was granted to a particular
person is known as access. This data of the access privilege can be granted to allow the users to
operate transactional operations at different levels. Few examples of the transactional operations
are add, delete, copy, approve, transfer, change and cancel.
Entitlements: The set of access privilege that are to operate the transactional operations is
called the entitlements. The word entitlement is generally used with the access privilege.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4LITERATURE REVIEW
The IAM is the what, when, why, who and where of the data technology. It surrounds
many automations and the security practices, secure single sign-on (SSO), the user
authentication, authorization, provisioning and de-provisioning.
Identity access management (IAM)
Identity and Access Management is the method that is used for the management of access
to the resources of the organization. It is the base of any information security plan and it is the
one of the important part of the security areas with which the user communicates maximum.
Rubmann et al., (2015) stated that IAM only gave importance for the establishment of
capabilities for supporting the access management and only for the access related consent
requirements. The solutions provided were mainly focused on the machineries technology and
were adopted poorly. It also became the cause of the high costs and also fulfilled limited values.
The organization most of the time struggled to reach the agreement demands in this period and
the solutions that were deployed managed only a few programs and systems.
Automated, centralized and standardized identity management services were developed
to minimize the cost and risk, and improve the efficiency of the operations. Coppola and Morisio
(2016) analyzed that since the agreement is the most important driver in the IAM initiative, the
IAM is developing into the risk based program with the abilities that are focused on the license
management and the implementation of the rules that are to be obeyed for the logical access
controls. Organizations have finally started to achieve the benefits from their costs of the IAM
but still get challenged by the management of the time intensive processes such as the access
review, manual approval and the provisioning. Identity authority extends the function that is to
be delivered to the association storehouse that resulted in the raise in the cost of provisioning and
The IAM is the what, when, why, who and where of the data technology. It surrounds
many automations and the security practices, secure single sign-on (SSO), the user
authentication, authorization, provisioning and de-provisioning.
Identity access management (IAM)
Identity and Access Management is the method that is used for the management of access
to the resources of the organization. It is the base of any information security plan and it is the
one of the important part of the security areas with which the user communicates maximum.
Rubmann et al., (2015) stated that IAM only gave importance for the establishment of
capabilities for supporting the access management and only for the access related consent
requirements. The solutions provided were mainly focused on the machineries technology and
were adopted poorly. It also became the cause of the high costs and also fulfilled limited values.
The organization most of the time struggled to reach the agreement demands in this period and
the solutions that were deployed managed only a few programs and systems.
Automated, centralized and standardized identity management services were developed
to minimize the cost and risk, and improve the efficiency of the operations. Coppola and Morisio
(2016) analyzed that since the agreement is the most important driver in the IAM initiative, the
IAM is developing into the risk based program with the abilities that are focused on the license
management and the implementation of the rules that are to be obeyed for the logical access
controls. Organizations have finally started to achieve the benefits from their costs of the IAM
but still get challenged by the management of the time intensive processes such as the access
review, manual approval and the provisioning. Identity authority extends the function that is to
be delivered to the association storehouse that resulted in the raise in the cost of provisioning and
5LITERATURE REVIEW
de-provisioning, excessive access to the user and the inefficient processes (Dellios,
Patsakis&Polemi, 2016). As the IAM is developing, the association looks into broadening, the
association based on result are adaptable to the latest utilization trends such as the cloud and
mobile computing.
Benefits of IAM in future technologies
Various people are accessing the services and resources to a greater extend using their
social IDs. Gora and Rüb (2016) discussed that the user requires reaching other user through any
type of platform and then granting them easy access to the users services through their existing
digital identities. The concept of bring your own identity (BYOID) grants the user to access the
system of other user through their own identity. By the implementation of such ideas, the user
can minimize the barriers of entry and let the partners, employees and customers securely and
easily access the business capabilities anytime and anywhere from the world.
Building a connection with people, programs and the devices is the most important need
of the digital change in the market. The IAM results can ensure to manage the complexities that
are faced during the making of connections with the most known identity providers such as
Google, Twitter, and Facebook (Coppola & Morisio, 2016). It is done by invoking the security
policies with the strong authentications. The user also needs to be future-proof to ensure that the
user will be able to extend the solution and connect to some new identity provider that is
developed later.
Today, users does not have time to remember the various usernames and passwords. So
they want to use one identity for login in various system. With SSO and unified identity, the user
can have access to various areas of the system with one identity ensuring that the organization
de-provisioning, excessive access to the user and the inefficient processes (Dellios,
Patsakis&Polemi, 2016). As the IAM is developing, the association looks into broadening, the
association based on result are adaptable to the latest utilization trends such as the cloud and
mobile computing.
Benefits of IAM in future technologies
Various people are accessing the services and resources to a greater extend using their
social IDs. Gora and Rüb (2016) discussed that the user requires reaching other user through any
type of platform and then granting them easy access to the users services through their existing
digital identities. The concept of bring your own identity (BYOID) grants the user to access the
system of other user through their own identity. By the implementation of such ideas, the user
can minimize the barriers of entry and let the partners, employees and customers securely and
easily access the business capabilities anytime and anywhere from the world.
Building a connection with people, programs and the devices is the most important need
of the digital change in the market. The IAM results can ensure to manage the complexities that
are faced during the making of connections with the most known identity providers such as
Google, Twitter, and Facebook (Coppola & Morisio, 2016). It is done by invoking the security
policies with the strong authentications. The user also needs to be future-proof to ensure that the
user will be able to extend the solution and connect to some new identity provider that is
developed later.
Today, users does not have time to remember the various usernames and passwords. So
they want to use one identity for login in various system. With SSO and unified identity, the user
can have access to various areas of the system with one identity ensuring that the organization
6LITERATURE REVIEW
provide a logical user experience. When the user is connecting to different identity provider
through the program the risk of a hack is higher. The provider needs to ensure that it has covered
all the bases and has thought of all the securities visible features. With the various factors and the
strong authentication the provider can ensure about the identities that access the users system are
fully genuine. Which part of the system of the organization can be accessed through the user is to
be controlled by the provider. By controlling the systems function through the analytics, using
alert functions and performing fraud detection the provider can know when the organization is at
risk in the real time and ensure to take a quick action toward the risk.
In this fast stepping world, the provider needs to be ensure about the method that can be
adopted by the software as a service offering such as the Google Apps and GoToMeeeting fast.
With SSO, the provisioning and the main authorization management, the provider can grant the
user to have easy and secure access to the systems without creating any type of extra security
storage house. The company provides the user with software that are purposely designed to meet
today requirements for the rapid approach to the API management, identity, integration and the
access management. Automation provisioning guides the user to have speed up and grants the
new employees to access the required part of the providers system. This operations can be
performed manually or and can take a long period of time, and in return it may reduce the
employees ability to start the work faster.
Importance of IAM
Hu et al. (2015) examined that IAM is very important for the future technologies and this
is associated with ensuring the fact that the specified users are having the access to the system or
the technology which they need to access and are authorized to do so, whereas the unauthorized
provide a logical user experience. When the user is connecting to different identity provider
through the program the risk of a hack is higher. The provider needs to ensure that it has covered
all the bases and has thought of all the securities visible features. With the various factors and the
strong authentication the provider can ensure about the identities that access the users system are
fully genuine. Which part of the system of the organization can be accessed through the user is to
be controlled by the provider. By controlling the systems function through the analytics, using
alert functions and performing fraud detection the provider can know when the organization is at
risk in the real time and ensure to take a quick action toward the risk.
In this fast stepping world, the provider needs to be ensure about the method that can be
adopted by the software as a service offering such as the Google Apps and GoToMeeeting fast.
With SSO, the provisioning and the main authorization management, the provider can grant the
user to have easy and secure access to the systems without creating any type of extra security
storage house. The company provides the user with software that are purposely designed to meet
today requirements for the rapid approach to the API management, identity, integration and the
access management. Automation provisioning guides the user to have speed up and grants the
new employees to access the required part of the providers system. This operations can be
performed manually or and can take a long period of time, and in return it may reduce the
employees ability to start the work faster.
Importance of IAM
Hu et al. (2015) examined that IAM is very important for the future technologies and this
is associated with ensuring the fact that the specified users are having the access to the system or
the technology which they need to access and are authorized to do so, whereas the unauthorized
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7LITERATURE REVIEW
users are generally kept away from the sensitive resources as well as information.so by having
the IAM, whenever a user would make attempt for accessing a system or data then the user must
be firstly be associated with making claims related to the identity, typically by means of entering
the username into the system. Then the system must be associated with verifying this particular
claim related to identity by means of an authentication process. The authentication might be
associated with the usage of the basic knowledge based techniques like the usage or passwords
or relying upon the advanced technologies such as the biometric or the token based
authentication (Indu, Anand & Bhaskar, 2018). After completion of the successful authentication
the IAM system of the technologies would then be associated with verifying the authorization of
the user so as to perform the requested activity and this is one of the major reason lying behind
the including of the Identity and Access Management systems in the future technologies.
Another major reason lying behind the usage of the IAM in the future technologies is
that, along with proving the identity of the users the identity and access managements system
would also be ensuring the fact that the technologies which the user wants to used is being
performed within the scope of their authority.
According to Pratiksha, Prasad and Mungara (2017), it is also very important that the
future technologies which are to be used is associated with the usage of a centralized approach to
the IAM. Additionally, one of the major benefits which is associated with the usage of the
centralized approach by the IAM is that the professionals associated with handling this
technologies would not only become capable of managing the authentication but would also be
capable of authorizing the users all across a large number of heterogeneous technology which are
having an increased usage and is likely to have an high usage in the future. These type of
environment is associated with providing support to various kind of operation of the future
users are generally kept away from the sensitive resources as well as information.so by having
the IAM, whenever a user would make attempt for accessing a system or data then the user must
be firstly be associated with making claims related to the identity, typically by means of entering
the username into the system. Then the system must be associated with verifying this particular
claim related to identity by means of an authentication process. The authentication might be
associated with the usage of the basic knowledge based techniques like the usage or passwords
or relying upon the advanced technologies such as the biometric or the token based
authentication (Indu, Anand & Bhaskar, 2018). After completion of the successful authentication
the IAM system of the technologies would then be associated with verifying the authorization of
the user so as to perform the requested activity and this is one of the major reason lying behind
the including of the Identity and Access Management systems in the future technologies.
Another major reason lying behind the usage of the IAM in the future technologies is
that, along with proving the identity of the users the identity and access managements system
would also be ensuring the fact that the technologies which the user wants to used is being
performed within the scope of their authority.
According to Pratiksha, Prasad and Mungara (2017), it is also very important that the
future technologies which are to be used is associated with the usage of a centralized approach to
the IAM. Additionally, one of the major benefits which is associated with the usage of the
centralized approach by the IAM is that the professionals associated with handling this
technologies would not only become capable of managing the authentication but would also be
capable of authorizing the users all across a large number of heterogeneous technology which are
having an increased usage and is likely to have an high usage in the future. These type of
environment is associated with providing support to various kind of operation of the future
8LITERATURE REVIEW
technologies would be performing so as to facilitate the users. In order to make sure that each of
the future technologies is working in an effective and efficient way in such an environment the
security of the IAM solutions must be understood in a proper way and not only the operations
but also the ways that helps in getting access to the IT system which are responsible for enabling
those operations.
Another major reason lying behind the increased importance of the IAM is that it is
associated with helping a lot in reduction of the cost related to the security of the new
technologies which are to be used in the future. According to Hummer et al. (2016), the usage of
the single IAM platform by the new technologies for the purpose of managing all the access of
the users and this in turn would be associated with allowing the technologies to perform in a
more efficient as well as in an effective way. Along with all this another major importance of the
IAM is that it would be helping in improving the security of the data. The consolidation
authentication as well as the authorization functionality on the single platform would be
associated with providing the IT professionals in having a consistent method of managing the
access of the users to the respective technology that they want to access.
Additionally the access of the user by means of the centralized platform would be
benefitting the user by means of the single sign-on or the SSO technology which would be
associated with limiting the number of interactions that the users are having with the security
systems and this in turn increases the likelihood that their legitimate attempts for accessing the
technology or equipment would succeed (Katsikogiannis, Mitropoulos & Douligeris, 2016). The
usage of the IAM in the future world by different organizations and technologies would be
associated with providing a help to the users in having an easy access to everything that are
needed and this would be done just by having a single account. In addition to this the Identity
technologies would be performing so as to facilitate the users. In order to make sure that each of
the future technologies is working in an effective and efficient way in such an environment the
security of the IAM solutions must be understood in a proper way and not only the operations
but also the ways that helps in getting access to the IT system which are responsible for enabling
those operations.
Another major reason lying behind the increased importance of the IAM is that it is
associated with helping a lot in reduction of the cost related to the security of the new
technologies which are to be used in the future. According to Hummer et al. (2016), the usage of
the single IAM platform by the new technologies for the purpose of managing all the access of
the users and this in turn would be associated with allowing the technologies to perform in a
more efficient as well as in an effective way. Along with all this another major importance of the
IAM is that it would be helping in improving the security of the data. The consolidation
authentication as well as the authorization functionality on the single platform would be
associated with providing the IT professionals in having a consistent method of managing the
access of the users to the respective technology that they want to access.
Additionally the access of the user by means of the centralized platform would be
benefitting the user by means of the single sign-on or the SSO technology which would be
associated with limiting the number of interactions that the users are having with the security
systems and this in turn increases the likelihood that their legitimate attempts for accessing the
technology or equipment would succeed (Katsikogiannis, Mitropoulos & Douligeris, 2016). The
usage of the IAM in the future world by different organizations and technologies would be
associated with providing a help to the users in having an easy access to everything that are
needed and this would be done just by having a single account. In addition to this the Identity
9LITERATURE REVIEW
and the Access Management would generally be associated with acting as the key which would
be helping in opening up of various aspects and features of the connected technologies to the
user and this is much simpler to set up and can be used very easily.
According to Sharma, Dhote and Potey (2016), the IAM is associated with bringing the
end users digital life to a connected world of new technologies and this is considered to be one of
the major targets of the Tech industry so as to help the users of the future in making their life
much more convenient assisted by a much more secure system. The target involves the bringing
of the digital life that and user is having into a connected world for the purpose of enabling the
similar set of services at the time of moving physically. Ng (2018) stated that this is also
important as the single sign-on would be associated with providing a simple as well as
frictionless service by the various technologies which in turn is associated with also linking the
authenticated sessions of the different digital services for the new technologies. The digital
identity would also be associated with providing the mechanism so as to have a seamless along
with a secure experience.
Identity and access management security challenges
The future technology that are going to be used in almost every aspect of life are likely to
face an increasingly complex challenges related to the providing of granular access to the
information resources by making use of the contextual information that are the related to the
users and their requests, while there is the existence of a successful restricting unauthorized
access to the sensitive corporate data. Some of the major challenges that are likely to be faced in
the future have been listed below:
and the Access Management would generally be associated with acting as the key which would
be helping in opening up of various aspects and features of the connected technologies to the
user and this is much simpler to set up and can be used very easily.
According to Sharma, Dhote and Potey (2016), the IAM is associated with bringing the
end users digital life to a connected world of new technologies and this is considered to be one of
the major targets of the Tech industry so as to help the users of the future in making their life
much more convenient assisted by a much more secure system. The target involves the bringing
of the digital life that and user is having into a connected world for the purpose of enabling the
similar set of services at the time of moving physically. Ng (2018) stated that this is also
important as the single sign-on would be associated with providing a simple as well as
frictionless service by the various technologies which in turn is associated with also linking the
authenticated sessions of the different digital services for the new technologies. The digital
identity would also be associated with providing the mechanism so as to have a seamless along
with a secure experience.
Identity and access management security challenges
The future technology that are going to be used in almost every aspect of life are likely to
face an increasingly complex challenges related to the providing of granular access to the
information resources by making use of the contextual information that are the related to the
users and their requests, while there is the existence of a successful restricting unauthorized
access to the sensitive corporate data. Some of the major challenges that are likely to be faced in
the future have been listed below:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10LITERATURE REVIEW
Despite of the fact that the future cloud models that are to be used would be making it
easy for the users of the future to gain an easy access of the various applications, the complexity
increases very quickly when the number of applications increases. Each of the application
existing within the future world would be having different password requirements along with the
variety of expiration cycles (Uddin & Preston, 2015). The multiplication of this variety of
requirement by the different kind of expiration cycles would be equaled with the diminished
productivity and increased fatigue and frustration of the users as they would be associated with
spending much of their time in making attempts to reset, remember and managing the passwords
as well as the URLS which changes constantly all across the applications that are going to be
used in the future by different users as well as by the organizations of different size.
Besides this the security risks are increased by users who are password fatigue as they
would be associated with the obvious or the reused passwords. Besides this the cloud based IAM
services that are to be used in the new digital technologies of the user would also be alleviating
these concerns by providing of a SSO or single-sign-on all across the application which in turn is
associated with providing the users with a central place for accessing all the applications of the
new technologies by making use of the single user name and passwords.
Waters (2016) discussed that failure-Prone Manual Provisioning and De- Provisioning
Process is another challenge which is faced whenever a new user would be associated with the
usage of new automated technologies and besides this they would be provided with an access to
the applications as well as to the network. This applications would be managed and access would
be provided to the respective users which would be granted by specific applications
administrator.
Despite of the fact that the future cloud models that are to be used would be making it
easy for the users of the future to gain an easy access of the various applications, the complexity
increases very quickly when the number of applications increases. Each of the application
existing within the future world would be having different password requirements along with the
variety of expiration cycles (Uddin & Preston, 2015). The multiplication of this variety of
requirement by the different kind of expiration cycles would be equaled with the diminished
productivity and increased fatigue and frustration of the users as they would be associated with
spending much of their time in making attempts to reset, remember and managing the passwords
as well as the URLS which changes constantly all across the applications that are going to be
used in the future by different users as well as by the organizations of different size.
Besides this the security risks are increased by users who are password fatigue as they
would be associated with the obvious or the reused passwords. Besides this the cloud based IAM
services that are to be used in the new digital technologies of the user would also be alleviating
these concerns by providing of a SSO or single-sign-on all across the application which in turn is
associated with providing the users with a central place for accessing all the applications of the
new technologies by making use of the single user name and passwords.
Waters (2016) discussed that failure-Prone Manual Provisioning and De- Provisioning
Process is another challenge which is faced whenever a new user would be associated with the
usage of new automated technologies and besides this they would be provided with an access to
the applications as well as to the network. This applications would be managed and access would
be provided to the respective users which would be granted by specific applications
administrator.
11LITERATURE REVIEW
Unfortunately it is expected that the technologies which are to be used in the future
would be suffering from network failures and this in turn would be failing in providing of
enough protection against any kind of unauthorized access to the various digital controls. This
would initially be associated with leaving the connected and the autonomous technologies of the
future vulnerable to various kind of threats from different sources. This in turn makes the
physical access practices lag a lot (Armstrong et al., 2018). One such example is the simple
access code to an application or the PIN consisting of four digits that would be used for granting
access to the application which are very vital such as the system consisting of vital information,
would be associated with the creation of a “one passcode fits all” scenario where any
unauthorized persons could enter the system by usage of the small 4 digit code.
According to Kunz et al. (2015), in the coming future as the connectivity of the various
technology becomes a norm and the increased usage of the various connected technology gets a
steady gain of the mainstream transactions then it becomes very necessary to look out for better
alternatives which would be helping in the secure management access to the different
technologies of the future. The future usage of the inter-operable cloud based platforms in the
future would be associated with enabling of the technologies so as know about anyone who is
trying to have an access of the system and would also be associated with providing of various
levels of authorization, connectivity and privacy protection as well and this is generally
dependent upon one who tries to get access.
According to Indu, Anand and Bhaskar (2018), another major important issue that is
likely to be faced by the technologies of the future is the compliance visibility which generally
refers to who is having access to what. In the future it is very important to understand who is
Unfortunately it is expected that the technologies which are to be used in the future
would be suffering from network failures and this in turn would be failing in providing of
enough protection against any kind of unauthorized access to the various digital controls. This
would initially be associated with leaving the connected and the autonomous technologies of the
future vulnerable to various kind of threats from different sources. This in turn makes the
physical access practices lag a lot (Armstrong et al., 2018). One such example is the simple
access code to an application or the PIN consisting of four digits that would be used for granting
access to the application which are very vital such as the system consisting of vital information,
would be associated with the creation of a “one passcode fits all” scenario where any
unauthorized persons could enter the system by usage of the small 4 digit code.
According to Kunz et al. (2015), in the coming future as the connectivity of the various
technology becomes a norm and the increased usage of the various connected technology gets a
steady gain of the mainstream transactions then it becomes very necessary to look out for better
alternatives which would be helping in the secure management access to the different
technologies of the future. The future usage of the inter-operable cloud based platforms in the
future would be associated with enabling of the technologies so as know about anyone who is
trying to have an access of the system and would also be associated with providing of various
levels of authorization, connectivity and privacy protection as well and this is generally
dependent upon one who tries to get access.
According to Indu, Anand and Bhaskar (2018), another major important issue that is
likely to be faced by the technologies of the future is the compliance visibility which generally
refers to who is having access to what. In the future it is very important to understand who is
12LITERATURE REVIEW
having access to the applications and from where they are accessing the technology and what are
they doing after getting the access.
The connected digital technologies of the future would be struggling in vetting their
identities and approving the access requests as the data generally resides in different locations
and business units. Often it would be seen that the requesters are associated with facing a lot of
roadblocks whenever they try to seek access and this in turn would be associated with leading
them in escalating the various requests made and overriding the proper vetting process
(Majumdar et al., 2015). Additionally those who would be tasked with approving the requests
that lack sufficient insights into which the users would be requiring so as to have an access to the
confidential data.
Besides this the lack of centralized as well as authoritative identity respiratory in the
connected technologies would be associated with making the process of reconciliation another
significant challenge in the future (Swan, 2015). Additional problems generally arises whenever
the privileges upon the systems is seen to have exceeded or is lacking the appropriate access
levels which were previously granted as well provisioned.
According to Elkhodr, Shahrestani and Cheung (2016), the certification and the
accreditation it might be seen that the examiners are lacking or are having insufficient knowledge
about the accessing needs. This process is manual, cumbersome and inconsistent between the
connected technologies and the users. All this in turn is associated with making the task become
much more difficult in the future when the examiner necessarily needs to conduct multiple as
well as redundant and granular validations.
having access to the applications and from where they are accessing the technology and what are
they doing after getting the access.
The connected digital technologies of the future would be struggling in vetting their
identities and approving the access requests as the data generally resides in different locations
and business units. Often it would be seen that the requesters are associated with facing a lot of
roadblocks whenever they try to seek access and this in turn would be associated with leading
them in escalating the various requests made and overriding the proper vetting process
(Majumdar et al., 2015). Additionally those who would be tasked with approving the requests
that lack sufficient insights into which the users would be requiring so as to have an access to the
confidential data.
Besides this the lack of centralized as well as authoritative identity respiratory in the
connected technologies would be associated with making the process of reconciliation another
significant challenge in the future (Swan, 2015). Additional problems generally arises whenever
the privileges upon the systems is seen to have exceeded or is lacking the appropriate access
levels which were previously granted as well provisioned.
According to Elkhodr, Shahrestani and Cheung (2016), the certification and the
accreditation it might be seen that the examiners are lacking or are having insufficient knowledge
about the accessing needs. This process is manual, cumbersome and inconsistent between the
connected technologies and the users. All this in turn is associated with making the task become
much more difficult in the future when the examiner necessarily needs to conduct multiple as
well as redundant and granular validations.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13LITERATURE REVIEW
According to Naik and Jenkins (2016), Provisioning and De-provisioning of the identities
in the various technologies used by individual users as well as by organizations might also be
associated with posing a critical challenge whenever the manual provisioning processes becomes
ineffective. Besides this whenever a connected technology fails in removing the improper IAM
privileges or is associated with resorting to the process of cloning access profiles would also be
facing similar type of struggles.
In the future, failure in segregating the duties and monitoring the administrators’ power
users and the temporary access privileges can further be associated with impeding the
enforcement process (Kunz et al., 2019). Some of the other challenges includes the lack of
proper support so as to have a centralized access management solutions and this includes the
directories and single sign-on, access management policies which are outdated or non-existing
and the failure in establishment of rule-based access.
Lastly one of the major challenge is the concern related to compliance and this happens
mainly when the performance metrics do not exist or when the performance matrix is not well
aligned with the security requirements like the removal of identities and access privileges
automatically upon the change of ownership of the technology. This problem is worsened by the
laborious time-consuming audits.
Reduce complexity
According to Viereckl et al. (2015) in these new era of technology and application in
Internet of Things (IOT) the need for identity as well as access management has become very
important. The essential part of IT plays very important role in the connected cars ad it can
reduce the rate of overall complexity of the applications. Viereckl et al. (2015) opined that,
According to Naik and Jenkins (2016), Provisioning and De-provisioning of the identities
in the various technologies used by individual users as well as by organizations might also be
associated with posing a critical challenge whenever the manual provisioning processes becomes
ineffective. Besides this whenever a connected technology fails in removing the improper IAM
privileges or is associated with resorting to the process of cloning access profiles would also be
facing similar type of struggles.
In the future, failure in segregating the duties and monitoring the administrators’ power
users and the temporary access privileges can further be associated with impeding the
enforcement process (Kunz et al., 2019). Some of the other challenges includes the lack of
proper support so as to have a centralized access management solutions and this includes the
directories and single sign-on, access management policies which are outdated or non-existing
and the failure in establishment of rule-based access.
Lastly one of the major challenge is the concern related to compliance and this happens
mainly when the performance metrics do not exist or when the performance matrix is not well
aligned with the security requirements like the removal of identities and access privileges
automatically upon the change of ownership of the technology. This problem is worsened by the
laborious time-consuming audits.
Reduce complexity
According to Viereckl et al. (2015) in these new era of technology and application in
Internet of Things (IOT) the need for identity as well as access management has become very
important. The essential part of IT plays very important role in the connected cars ad it can
reduce the rate of overall complexity of the applications. Viereckl et al. (2015) opined that,
14LITERATURE REVIEW
connected car technologies shows high level modernism racing as soon as the auto makers reveal
new technology services as well as autonomous driving features. It is determined that the
challenges of user authentication and access will be completely resolved with the innovation and
application of integrated access management and identity management (Contreras-Castillo,
Zeadally & Guerrero-Ibañez, 2018). The connected cars are designed with direct internet
connection that enables automatic links with different connected objects in terms of
Smartphones, tracking devices, motor vehicles, traffic lights along with home appliances. In
these days’ infotainment systems and safety assisting technologies are integrated together make
advanced innovations. Viereckl et al. (2015) identified that, both volume auto makers and
premium makers can clearly see the connected car technologies as very much crucial for the
coming future. On the other hand, it is also argued that, the overall prices of vehicles are not
raisingparalelly with the digital capability charges which again causes additional investment cost.
It is determined that, as a result the Return on Investment (ROI) rate for the traditional cars are
shrinking extremely. Mobility and digital identity access management are the different tools or
processes used reach the advanced success line for the car manufacturers (Swan, 2015). The
uniqueness of each person is identified withphysical characteristics, personal preferences, past
behaviors and respective future plan. The application of digital identity is applicable for both
human and things as well (Hart, 2017). However, the business and systems needs to know those
people who are interacting directly with the things like connected cars or other things such as the
drive through payment terminal, charging station other car etc. In order to secure new mobility
related functionalities, operations and experiences the application of access management and
identity management is very crucial. The basic features of access management and identity
management include authentication, authorization, multifactor authentication, single sign on,
connected car technologies shows high level modernism racing as soon as the auto makers reveal
new technology services as well as autonomous driving features. It is determined that the
challenges of user authentication and access will be completely resolved with the innovation and
application of integrated access management and identity management (Contreras-Castillo,
Zeadally & Guerrero-Ibañez, 2018). The connected cars are designed with direct internet
connection that enables automatic links with different connected objects in terms of
Smartphones, tracking devices, motor vehicles, traffic lights along with home appliances. In
these days’ infotainment systems and safety assisting technologies are integrated together make
advanced innovations. Viereckl et al. (2015) identified that, both volume auto makers and
premium makers can clearly see the connected car technologies as very much crucial for the
coming future. On the other hand, it is also argued that, the overall prices of vehicles are not
raisingparalelly with the digital capability charges which again causes additional investment cost.
It is determined that, as a result the Return on Investment (ROI) rate for the traditional cars are
shrinking extremely. Mobility and digital identity access management are the different tools or
processes used reach the advanced success line for the car manufacturers (Swan, 2015). The
uniqueness of each person is identified withphysical characteristics, personal preferences, past
behaviors and respective future plan. The application of digital identity is applicable for both
human and things as well (Hart, 2017). However, the business and systems needs to know those
people who are interacting directly with the things like connected cars or other things such as the
drive through payment terminal, charging station other car etc. In order to secure new mobility
related functionalities, operations and experiences the application of access management and
identity management is very crucial. The basic features of access management and identity
management include authentication, authorization, multifactor authentication, single sign on,
15LITERATURE REVIEW
security and privacy. Porter and Heppelmann (2015) stated that, the operation and organizational
structure of any firm is radically changing or reshaping by evolution of different evolutionary
products in terms of connected devices and intelligent system etc. In fact, the smart connected
products can transform acomplete scenario of future technologies and connected cars to an
advanced one. The connected cars are meeting consumer demand and satisfying the expected
growing revenue of the companies. Sobh (2019) opined that, single sign on can simplify the
journey of a consumer and reduce operational complexity for each of the application of
connected cars in application by application because a frictionless application is not satisfactory
valuable or convenient. In order to authenticate connected cars multiple factors simple
multifactor authentication is very crucial. The multiple factor authentications are referred to as a
combination of various identity types. The connection can be established through password,
biometrics like fingerprint and retina pattern etc.According to Derikx, de Reuver and Kroesen,
(2016) personal digital information are much precious and therefore consumers data should not
be shared with anyone outside without permission. According to Walter and Abendroth, (2018),
biometric technology is referred to as an automated access monitoring system based on
physiological and behavioral characteristics.
2.3. Theories and Models:
Identity management models
Distinguishing the identity management model is possible by considering its source.
However the principle section of the classification is generally seen to be dependent upon the
authentication and the relationship that exists between the providers of the identity and the
identity. Generally it is possible to identify two main classes of the identity management and this
includes the centralized and the federate. However, four different identity management is found
security and privacy. Porter and Heppelmann (2015) stated that, the operation and organizational
structure of any firm is radically changing or reshaping by evolution of different evolutionary
products in terms of connected devices and intelligent system etc. In fact, the smart connected
products can transform acomplete scenario of future technologies and connected cars to an
advanced one. The connected cars are meeting consumer demand and satisfying the expected
growing revenue of the companies. Sobh (2019) opined that, single sign on can simplify the
journey of a consumer and reduce operational complexity for each of the application of
connected cars in application by application because a frictionless application is not satisfactory
valuable or convenient. In order to authenticate connected cars multiple factors simple
multifactor authentication is very crucial. The multiple factor authentications are referred to as a
combination of various identity types. The connection can be established through password,
biometrics like fingerprint and retina pattern etc.According to Derikx, de Reuver and Kroesen,
(2016) personal digital information are much precious and therefore consumers data should not
be shared with anyone outside without permission. According to Walter and Abendroth, (2018),
biometric technology is referred to as an automated access monitoring system based on
physiological and behavioral characteristics.
2.3. Theories and Models:
Identity management models
Distinguishing the identity management model is possible by considering its source.
However the principle section of the classification is generally seen to be dependent upon the
authentication and the relationship that exists between the providers of the identity and the
identity. Generally it is possible to identify two main classes of the identity management and this
includes the centralized and the federate. However, four different identity management is found
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16LITERATURE REVIEW
when the issues are looked into in a precise way. In the section provided below the types along
with the pros and cons have also been discussed.
Local identity:
This generally refers to the identities which are stored locally and the authentication in
this generally takes place by maintenance of a local register. Managing the local identities is
generally done by usage of a flat namespace and this is done so as to make sure that each and
every identity is unique with respect to the other identity whenever they are compared.
Controlling of the local identities is generally done centrally and for this reason they are always
associated with the usage of a single IMS provider and some of the advantages and
disadvantages have been listed below:
Advantages:
Simplicity: Provisioning of the new identities can be done very easily by means of
comparing the each and every credential of the identities that are already existing and the
structure is made simple by the added Flat namespace.
Maintenance: The maintenance of the registry becomes much easier when the identities
are centrally controlled.
Security: whenever the credentials are in the wrong hands then only the local host are
compromised.
Disadvantages:
when the issues are looked into in a precise way. In the section provided below the types along
with the pros and cons have also been discussed.
Local identity:
This generally refers to the identities which are stored locally and the authentication in
this generally takes place by maintenance of a local register. Managing the local identities is
generally done by usage of a flat namespace and this is done so as to make sure that each and
every identity is unique with respect to the other identity whenever they are compared.
Controlling of the local identities is generally done centrally and for this reason they are always
associated with the usage of a single IMS provider and some of the advantages and
disadvantages have been listed below:
Advantages:
Simplicity: Provisioning of the new identities can be done very easily by means of
comparing the each and every credential of the identities that are already existing and the
structure is made simple by the added Flat namespace.
Maintenance: The maintenance of the registry becomes much easier when the identities
are centrally controlled.
Security: whenever the credentials are in the wrong hands then only the local host are
compromised.
Disadvantages:
17LITERATURE REVIEW
Scalability: despite of easy maintenance of the centrally controlled identities scalability
would be one major issue because the user population and subsystems associated with usage of
the registry grows.
Password authentication. The scenario consists of local identities and this are only valid
for a single system. Usage of same passwords in other systems is possible along with, password
synchronization or Single Sign-On.
Security: Storage of user information in a single place is always associated with setting a
big responsibility for the IMS provider so as to take care of data confidentiality. When the
synchronization of the password or single sign-on is utilized, a hacker might become capable of
breaching the other systems as well.
Network identity:
Countering the drawbacks that the local identities are having is possible by usage of the
network identities. The distribution of the computing is responsible for making this much more
common. The network identities are generally seen to be valid within an enterprise network or a
domain formed that are formed by numerous enterprise networks. The pros and cons of this
includes the following:
Advantage:
Scope: This identity is having access to each and every nodes of the network which includes
authentication, not just for the one which exists in case of local identity.
Disadvantage:
Scalability: despite of easy maintenance of the centrally controlled identities scalability
would be one major issue because the user population and subsystems associated with usage of
the registry grows.
Password authentication. The scenario consists of local identities and this are only valid
for a single system. Usage of same passwords in other systems is possible along with, password
synchronization or Single Sign-On.
Security: Storage of user information in a single place is always associated with setting a
big responsibility for the IMS provider so as to take care of data confidentiality. When the
synchronization of the password or single sign-on is utilized, a hacker might become capable of
breaching the other systems as well.
Network identity:
Countering the drawbacks that the local identities are having is possible by usage of the
network identities. The distribution of the computing is responsible for making this much more
common. The network identities are generally seen to be valid within an enterprise network or a
domain formed that are formed by numerous enterprise networks. The pros and cons of this
includes the following:
Advantage:
Scope: This identity is having access to each and every nodes of the network which includes
authentication, not just for the one which exists in case of local identity.
Disadvantage:
18LITERATURE REVIEW
Security. A malicious user would be having an access of each and every network nodes wherever
the authentication is applicable.
Business Drivers and Trends
According to Todeschini et al. (2017), identity and access management is one of the
security issue that must be considered as one of the major component for the component security
strategies. It is found that efficiency as well as agility of the business that will become one of the
important drivers in context to identity and access management. It further helps in depicting that
the integration that will exist between identity lifecycle as well as data security is quite higher.
Along with proper requirement to properly secure the various types of mobile devices with the
help of second authentication factor which is expected to properly drive both the cloud based
IAM as well as on-premises implementations (Toro-Jarrin, Ponce-Jaramillo&Guemes-Castorena,
2016). Apart from various security related needs, it is found that there are number of factors that
are helpful in influencing the identity as well as access management adoption. The survey that
was conducted in the year 2008 helps in reflecting that the main reason behind the
implementation of IAM solution to reflect cost containment, business agility, IT risk
management as well as operational efficiency as well as various types of regulatory compliance.
On the other hand, it is stated by Jongbloed (2015) that the ability of on broad various
types of internal as well as external resources on the integration based seamless environment
helps in reflecting high business based agility. The proper requirement of identity management
as well as proper access control and authorization cannot get understated. Without appropriate
facility of identity management, it is found that no audit trail can be properly established.
Moreover, proper security as well as risk management helps in dictating the utilization of
Security. A malicious user would be having an access of each and every network nodes wherever
the authentication is applicable.
Business Drivers and Trends
According to Todeschini et al. (2017), identity and access management is one of the
security issue that must be considered as one of the major component for the component security
strategies. It is found that efficiency as well as agility of the business that will become one of the
important drivers in context to identity and access management. It further helps in depicting that
the integration that will exist between identity lifecycle as well as data security is quite higher.
Along with proper requirement to properly secure the various types of mobile devices with the
help of second authentication factor which is expected to properly drive both the cloud based
IAM as well as on-premises implementations (Toro-Jarrin, Ponce-Jaramillo&Guemes-Castorena,
2016). Apart from various security related needs, it is found that there are number of factors that
are helpful in influencing the identity as well as access management adoption. The survey that
was conducted in the year 2008 helps in reflecting that the main reason behind the
implementation of IAM solution to reflect cost containment, business agility, IT risk
management as well as operational efficiency as well as various types of regulatory compliance.
On the other hand, it is stated by Jongbloed (2015) that the ability of on broad various
types of internal as well as external resources on the integration based seamless environment
helps in reflecting high business based agility. The proper requirement of identity management
as well as proper access control and authorization cannot get understated. Without appropriate
facility of identity management, it is found that no audit trail can be properly established.
Moreover, proper security as well as risk management helps in dictating the utilization of
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19LITERATURE REVIEW
identity management. Loss of proper data generally cause number of problems within the
business (Todeschini et al., 2017). Furthermore, the cost containment that is mainly associated
with the adoption of technology that is based on IAM is helpful in driving the IAM strategy as
well as architecture that needs to be adopted. It is found that proper adoption of the IAM
technology is quite helpful in driving the IAM strategy as well as architecture that needs to be
adopted.
It is opined by Jongbloed (2015) that as per the KPMG report, improvement within the
compliance is considered as the main drivers for IAM projects for properly complying with the
rising stringent regulation based requirements that is mainly posed by the legislation and laws.
The survey that is conducted helps in reflecting that more proficient benefits are mainly
associated with proper handling of accounts, proper authorization of employees as well as proper
lifecycle management. The process improvement was considered to envisage for increasing the
consumer experience as well as proper federate with the different partners in a very much
efficiency as well as secure business procedure that generally leads to operational efficiency as
well as cost containment.
Identity management ecosystem
Identity and access management is considered as one of the enterprise solutions which
cannot proper value in a proper standalone mode. The entire value of the identity as well as
access management cannot depend on the level as well as easiness which is generally integrated
with the entire enterprise system. According to Gagic et al. (2015), organizations that generally
operate physical as well as logical system generally runs on two separate departments that are
considered to be evident in the present structure of the organization. This helps in reflecting
identity management. Loss of proper data generally cause number of problems within the
business (Todeschini et al., 2017). Furthermore, the cost containment that is mainly associated
with the adoption of technology that is based on IAM is helpful in driving the IAM strategy as
well as architecture that needs to be adopted. It is found that proper adoption of the IAM
technology is quite helpful in driving the IAM strategy as well as architecture that needs to be
adopted.
It is opined by Jongbloed (2015) that as per the KPMG report, improvement within the
compliance is considered as the main drivers for IAM projects for properly complying with the
rising stringent regulation based requirements that is mainly posed by the legislation and laws.
The survey that is conducted helps in reflecting that more proficient benefits are mainly
associated with proper handling of accounts, proper authorization of employees as well as proper
lifecycle management. The process improvement was considered to envisage for increasing the
consumer experience as well as proper federate with the different partners in a very much
efficiency as well as secure business procedure that generally leads to operational efficiency as
well as cost containment.
Identity management ecosystem
Identity and access management is considered as one of the enterprise solutions which
cannot proper value in a proper standalone mode. The entire value of the identity as well as
access management cannot depend on the level as well as easiness which is generally integrated
with the entire enterprise system. According to Gagic et al. (2015), organizations that generally
operate physical as well as logical system generally runs on two separate departments that are
considered to be evident in the present structure of the organization. This helps in reflecting
20LITERATURE REVIEW
proper logical access to the various ICT resources including e-mail, database applications that
are granted. Moreover, the service as well as facility based departments are generally responsible
for controlling the physical access system including the door access as well as life support
system.
On the other hand, it is stated by Castro et al. (2016) that critical infrastructures generally
depend on the biometric authentication as well as verification of individuals in order to provide
proper access for securing the locations. It is identified that only authorized personnel are
generally verified with the help of biometric data for gaining proper access in order to properly
secure the areas. Single factor authentication is mainly limited to verification of the authorized
users with the help of proper passwords. Moreover, stronger authentication systems are generally
dependent on the biometric based authentication system that is generally dependent on the
biometric data that is generally available on smart cards that is mainly enabled by digital IDs. In
addition to this, identity management helps in moving from facility management to proper IT
administration.
It is opined by Dunphy and Petitcolas (2018), that proper governmental initiative for
identity management is mainly driven by different factors within the enterprise but the various
types of drivers are quite different. The access and identity management is considered to be very
akin in context to the functionality in context to the enterprise context. The government must
facilitate proper identity based issues in order to provide proper assurance to the identity with the
help of appropriate mechanism of authentication. Moreover, this system is helpful in allowing
the government to properly enrol the resident as well as citizen for providing proper identity
baseline that will be utilized as proper credentials for identity provisioning as well as strong
authentication procedure.
proper logical access to the various ICT resources including e-mail, database applications that
are granted. Moreover, the service as well as facility based departments are generally responsible
for controlling the physical access system including the door access as well as life support
system.
On the other hand, it is stated by Castro et al. (2016) that critical infrastructures generally
depend on the biometric authentication as well as verification of individuals in order to provide
proper access for securing the locations. It is identified that only authorized personnel are
generally verified with the help of biometric data for gaining proper access in order to properly
secure the areas. Single factor authentication is mainly limited to verification of the authorized
users with the help of proper passwords. Moreover, stronger authentication systems are generally
dependent on the biometric based authentication system that is generally dependent on the
biometric data that is generally available on smart cards that is mainly enabled by digital IDs. In
addition to this, identity management helps in moving from facility management to proper IT
administration.
It is opined by Dunphy and Petitcolas (2018), that proper governmental initiative for
identity management is mainly driven by different factors within the enterprise but the various
types of drivers are quite different. The access and identity management is considered to be very
akin in context to the functionality in context to the enterprise context. The government must
facilitate proper identity based issues in order to provide proper assurance to the identity with the
help of appropriate mechanism of authentication. Moreover, this system is helpful in allowing
the government to properly enrol the resident as well as citizen for providing proper identity
baseline that will be utilized as proper credentials for identity provisioning as well as strong
authentication procedure.
21LITERATURE REVIEW
Capability maturity mode
Capability maturity model is one of the methodology that is utilized for properly
developing as well as refining the software development procedure of the organization. The
model is generally helpful in describing the proper evolutionary path in order to enhance the
organized as well as systematically more mature procedures (Tahri&Drissi-Kaitouni, 2015). The
CMM generally develops as well as promoted with the help of proper software engineering
institute. The CMM has five maturity levels of software procedures.
The capability maturity mode is helpful in outlining some of the maturity levels for the
IAM life cycle phases as well as various types of corresponding capabilities. According to Le
and Hoang (2017), proper identification of an organizations IAM capabilities uses proper formal
capability maturity model that is considered as the foundation for properly prioritizing the
investments that is mainly close to the compliance gaps as well as proper identification process
improvement in order to drive cost reduction as well as minimizing the risks. It is found that
proper definition of desired state is considered to be fundamental in order to properly define the
strategy as well as road map for properly improving the IAM based capabilities. It is found that
(Yatskovskaya, Srai and Kumar (2018), it is quite important for some of the organization to
properly reach the optimized stage in some of the areas that are related with the maturity model.
It is found that the level that an organization reflect in the maturity model is considered to be
dependent on the entire goals as well as strategies of the organization.
Transformation method
According to Ghazanfari and Ebrahimi (2015), in order to keep the pace with the proper
IT trends as well as changing business needs, it is quite necessary to leverage the insights with
Capability maturity mode
Capability maturity model is one of the methodology that is utilized for properly
developing as well as refining the software development procedure of the organization. The
model is generally helpful in describing the proper evolutionary path in order to enhance the
organized as well as systematically more mature procedures (Tahri&Drissi-Kaitouni, 2015). The
CMM generally develops as well as promoted with the help of proper software engineering
institute. The CMM has five maturity levels of software procedures.
The capability maturity mode is helpful in outlining some of the maturity levels for the
IAM life cycle phases as well as various types of corresponding capabilities. According to Le
and Hoang (2017), proper identification of an organizations IAM capabilities uses proper formal
capability maturity model that is considered as the foundation for properly prioritizing the
investments that is mainly close to the compliance gaps as well as proper identification process
improvement in order to drive cost reduction as well as minimizing the risks. It is found that
proper definition of desired state is considered to be fundamental in order to properly define the
strategy as well as road map for properly improving the IAM based capabilities. It is found that
(Yatskovskaya, Srai and Kumar (2018), it is quite important for some of the organization to
properly reach the optimized stage in some of the areas that are related with the maturity model.
It is found that the level that an organization reflect in the maturity model is considered to be
dependent on the entire goals as well as strategies of the organization.
Transformation method
According to Ghazanfari and Ebrahimi (2015), in order to keep the pace with the proper
IT trends as well as changing business needs, it is quite necessary to leverage the insights with
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
22LITERATURE REVIEW
the proper capability maturity model so that the IAM function need must be transformed. It is
found that IAM is considered as one of the manual procedure that is considered to be effective in
context to the meeting the goals of the organization but in different instances, the cost that is
associated with the labour is high that will further outweigh the cost of the technology (Hamada
et al., 2017). On the different side of the spectrum, highly automated IAM program will have
very low labour cost between the cost of the labour but proper cost of implementation as well as
maintenance. The main key is generally finding the balance that exists between the labour cost as
well as the cost of maintenance and implementation that will be helpful in meeting the overall
goals of the business.
It is found that the steps that are helpful in defining as well as managing the maturity
levels are important. It is found that Adachi et al. (2017) deploying proper centralized access
request as well as approval procedure is considered to be helpful for increasing adhere to SLAs
as well as various types of compliance requirements. In addition to this, it is necessary to
properly integrate the access profiles that is based on the centralized procedure for enforcing the
consistent requests for streamlining the entire procedure. Proper utilization of real- world roles
for properly defining the appropriate access profiles for increasing the users as well as approvals
in order to understand the access that is being requested for minimizing the risks of excessive
access for aligning access requested with the various real world functions
(Ghazanfari&Ebrahimi2015). Moreover, proper support helps in accessing the request
functionality for decreasing the time that is generally required for fulfilling the requests.
It is stated by Adachi et al. (2017), by using proper risk based business centric approach,
it is quite important to downstream the impact on any of the organizations structure as well as on
various key stakeholders including the various IT customers, human resources as well as internal
the proper capability maturity model so that the IAM function need must be transformed. It is
found that IAM is considered as one of the manual procedure that is considered to be effective in
context to the meeting the goals of the organization but in different instances, the cost that is
associated with the labour is high that will further outweigh the cost of the technology (Hamada
et al., 2017). On the different side of the spectrum, highly automated IAM program will have
very low labour cost between the cost of the labour but proper cost of implementation as well as
maintenance. The main key is generally finding the balance that exists between the labour cost as
well as the cost of maintenance and implementation that will be helpful in meeting the overall
goals of the business.
It is found that the steps that are helpful in defining as well as managing the maturity
levels are important. It is found that Adachi et al. (2017) deploying proper centralized access
request as well as approval procedure is considered to be helpful for increasing adhere to SLAs
as well as various types of compliance requirements. In addition to this, it is necessary to
properly integrate the access profiles that is based on the centralized procedure for enforcing the
consistent requests for streamlining the entire procedure. Proper utilization of real- world roles
for properly defining the appropriate access profiles for increasing the users as well as approvals
in order to understand the access that is being requested for minimizing the risks of excessive
access for aligning access requested with the various real world functions
(Ghazanfari&Ebrahimi2015). Moreover, proper support helps in accessing the request
functionality for decreasing the time that is generally required for fulfilling the requests.
It is stated by Adachi et al. (2017), by using proper risk based business centric approach,
it is quite important to downstream the impact on any of the organizations structure as well as on
various key stakeholders including the various IT customers, human resources as well as internal
23LITERATURE REVIEW
audit as well as users for various enhancement that can generally progress smoothly with very
much minimal disruption within the entire business. Furthermore, it is found that placing the
experienced staffs within the program execution team needs to be skilled in IAM methodologies,
control implementation as well as proper process engineering.
audit as well as users for various enhancement that can generally progress smoothly with very
much minimal disruption within the entire business. Furthermore, it is found that placing the
experienced staffs within the program execution team needs to be skilled in IAM methodologies,
control implementation as well as proper process engineering.
24LITERATURE REVIEW
References
Adachi, T., Sahara, T., Okuyama, H., & Morita, N. (2017). Glass Bead-based Genetic
Transformation: An Efficient Method for Transformation of Thraustochytrid
Microorganisms. Journal of oleo science, 66(7), 791-795.
Armstrong, M. E., Jones, K. S., Namin, A. S., & Newton, D. C. (2018, February). What
Vulnerability Assessment and Management Cybersecurity Professionals Think Their
Future Colleagues Need to Know. In SIGCSE (p. 1082).
Asghar, M. R., Backes, M., &Simeonovski, M. (2018, May). PRIMA: Privacy-Preserving
Identity and Access Management at Internet-Scale. In 2018 IEEE International
Conference on Communications (ICC) (pp. 1-6). IEEE.
Castro, A. J., Vaughn, C. C., Julian, J. P., &García‐Llorente, M. (2016). Social demand for
ecosystem services and implications for watershed management. JAWRA Journal of the
American Water Resources Association, 52(1), 209-221.
Dunphy, P., &Petitcolas, F. A. (2018). A first look at identity management schemes on the
blockchain. IEEE Security & Privacy, 16(4), 20-29.
Elkhodr, M., Shahrestani, S., & Cheung, H. (2016). The internet of things: new interoperability,
management and security challenges. arXiv preprint arXiv:1604.04824.
Gagic, V., Bartomeus, I., Jonsson, T., Taylor, A., Winqvist, C., Fischer, C., ...&Tscharntke, T.
(2015). Functional identity and diversity of animals predict ecosystem functioning better
References
Adachi, T., Sahara, T., Okuyama, H., & Morita, N. (2017). Glass Bead-based Genetic
Transformation: An Efficient Method for Transformation of Thraustochytrid
Microorganisms. Journal of oleo science, 66(7), 791-795.
Armstrong, M. E., Jones, K. S., Namin, A. S., & Newton, D. C. (2018, February). What
Vulnerability Assessment and Management Cybersecurity Professionals Think Their
Future Colleagues Need to Know. In SIGCSE (p. 1082).
Asghar, M. R., Backes, M., &Simeonovski, M. (2018, May). PRIMA: Privacy-Preserving
Identity and Access Management at Internet-Scale. In 2018 IEEE International
Conference on Communications (ICC) (pp. 1-6). IEEE.
Castro, A. J., Vaughn, C. C., Julian, J. P., &García‐Llorente, M. (2016). Social demand for
ecosystem services and implications for watershed management. JAWRA Journal of the
American Water Resources Association, 52(1), 209-221.
Dunphy, P., &Petitcolas, F. A. (2018). A first look at identity management schemes on the
blockchain. IEEE Security & Privacy, 16(4), 20-29.
Elkhodr, M., Shahrestani, S., & Cheung, H. (2016). The internet of things: new interoperability,
management and security challenges. arXiv preprint arXiv:1604.04824.
Gagic, V., Bartomeus, I., Jonsson, T., Taylor, A., Winqvist, C., Fischer, C., ...&Tscharntke, T.
(2015). Functional identity and diversity of animals predict ecosystem functioning better
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
25LITERATURE REVIEW
than species-based indices. Proceedings of the Royal Society B: Biological
Sciences, 282(1801), 20142620.
Ghazanfari, B., &Ebrahimi, P. (2015). Differential transformation method for solving fuzzy
fractional heat equations. International Journal of Mathematical Modelling &
Computations, 5(1 (WINTER)), 81-89.
Hamada, H., Linghu, Q., Nagira, Y., Miki, R., Taoka, N., & Imai, R. (2017). An in planta
biolistic method for stable wheat transformation. Scientific reports, 7(1), 11443.
Hu, V. C., Kuhn, D. R., Ferraiolo, D. F., &Voas, J. (2015). Attribute-based access
control. Computer, 48(2), 85-88.
Hummer, M., Kunz, M., Netter, M., Fuchs, L., &Pernul, G. (2016). Adaptive identity and access
management—contextual data based policies. EURASIP Journal on Information
Security, 2016(1), 19.
Indu, I., Anand, P. R., &Bhaskar, V. (2018). Identity and access management in cloud
environment: Mechanisms and challenges. Engineering science and technology, an
international journal.
Jongbloed, B. (2015). Universities as hybrid organizations: Trends, drivers, and challenges for
the European university. International Studies of Management & Organization, 45(3),
207-225.
Jovanović, B., Milenković, I., Sretenović, M. B., &Simić, D. (2016). Extending identity
management system with multimodal biometric authentication. Computer Science and
Information Systems, 13(2), 313-334.
than species-based indices. Proceedings of the Royal Society B: Biological
Sciences, 282(1801), 20142620.
Ghazanfari, B., &Ebrahimi, P. (2015). Differential transformation method for solving fuzzy
fractional heat equations. International Journal of Mathematical Modelling &
Computations, 5(1 (WINTER)), 81-89.
Hamada, H., Linghu, Q., Nagira, Y., Miki, R., Taoka, N., & Imai, R. (2017). An in planta
biolistic method for stable wheat transformation. Scientific reports, 7(1), 11443.
Hu, V. C., Kuhn, D. R., Ferraiolo, D. F., &Voas, J. (2015). Attribute-based access
control. Computer, 48(2), 85-88.
Hummer, M., Kunz, M., Netter, M., Fuchs, L., &Pernul, G. (2016). Adaptive identity and access
management—contextual data based policies. EURASIP Journal on Information
Security, 2016(1), 19.
Indu, I., Anand, P. R., &Bhaskar, V. (2018). Identity and access management in cloud
environment: Mechanisms and challenges. Engineering science and technology, an
international journal.
Jongbloed, B. (2015). Universities as hybrid organizations: Trends, drivers, and challenges for
the European university. International Studies of Management & Organization, 45(3),
207-225.
Jovanović, B., Milenković, I., Sretenović, M. B., &Simić, D. (2016). Extending identity
management system with multimodal biometric authentication. Computer Science and
Information Systems, 13(2), 313-334.
26LITERATURE REVIEW
Katsikogiannis, G., Mitropoulos, S., &Douligeris, C. (2016, December). An Identity and Access
Management approach for SOA. In 2016 IEEE International Symposium on Signal
Processing and Information Technology (ISSPIT) (pp. 126-131). IEEE.
Kunz, M., Fuchs, L., Hummer, M., &Pernul, G. (2015, December). Introducing dynamic identity
and access management in organizations. In International Conference on Information
Systems Security (pp. 139-158). Springer, Cham.
Kunz, M., Puchta, A., Groll, S., Fuchs, L., &Pernul, G. (2019). Attribute quality management for
dynamic identity and access management. Journal of information security and
applications, 44, 64-79.
Le, N. T., & Hoang, D. B. (2017). Capability Maturity Model and Metrics Framework for Cyber
Cloud Security. Scalable Computing: Practice and Experience, 18(4), 277-290.
Majumdar, S., Madi, T., Wang, Y., Jarraya, Y., Pourzandi, M., Wang, L., &Debbabi, M. (2015,
November). Security compliance auditing of identity and access management in the
cloud: Application to OpenStack. In 2015 IEEE 7th International Conference on Cloud
Computing Technology and Science (CloudCom) (pp. 58-65). IEEE.
Naik, N., & Jenkins, P. (2016, March). A secure mobile cloud identity: Criteria for effective
identity and access management standards. In 2016 4th IEEE International Conference
on Mobile Cloud Computing, Services, and Engineering (MobileCloud) (pp. 89-90).
IEEE.
Katsikogiannis, G., Mitropoulos, S., &Douligeris, C. (2016, December). An Identity and Access
Management approach for SOA. In 2016 IEEE International Symposium on Signal
Processing and Information Technology (ISSPIT) (pp. 126-131). IEEE.
Kunz, M., Fuchs, L., Hummer, M., &Pernul, G. (2015, December). Introducing dynamic identity
and access management in organizations. In International Conference on Information
Systems Security (pp. 139-158). Springer, Cham.
Kunz, M., Puchta, A., Groll, S., Fuchs, L., &Pernul, G. (2019). Attribute quality management for
dynamic identity and access management. Journal of information security and
applications, 44, 64-79.
Le, N. T., & Hoang, D. B. (2017). Capability Maturity Model and Metrics Framework for Cyber
Cloud Security. Scalable Computing: Practice and Experience, 18(4), 277-290.
Majumdar, S., Madi, T., Wang, Y., Jarraya, Y., Pourzandi, M., Wang, L., &Debbabi, M. (2015,
November). Security compliance auditing of identity and access management in the
cloud: Application to OpenStack. In 2015 IEEE 7th International Conference on Cloud
Computing Technology and Science (CloudCom) (pp. 58-65). IEEE.
Naik, N., & Jenkins, P. (2016, March). A secure mobile cloud identity: Criteria for effective
identity and access management standards. In 2016 4th IEEE International Conference
on Mobile Cloud Computing, Services, and Engineering (MobileCloud) (pp. 89-90).
IEEE.
27LITERATURE REVIEW
Ng, A. C. K. (Ed.). (2018). Contemporary Identity and Access Management Architectures:
Emerging Research and Opportunities: Emerging Research and Opportunities. IGI
Global.
Othmane, L. B., Weffers, H., Mohamad, M. M., & Wolf, M. (2015). A survey of security and
privacy in connected vehicles. In Wireless sensor and mobile ad-hoc networks (pp. 217-
247). Springer, New York, NY.
Ouaddah, A., Mousannif, H., Elkalam, A. A., &Ouahman, A. A. (2017). Access control in the
Internet of Things: Big challenges and new opportunities. Computer Networks, 112, 237-
262.
Pratiksha, N., Prasad, S. R., &Mungara, J. (2017). Identity and Access
Management. International Journal of Engineering Science, 11907.
Rizzardi, A., Sicari, S., Miorandi, D., &Coen-Porisini, A. (2016). AUPS: an open source
AUthenticated publish/subscribe system for the internet of things. Information
Systems, 62, 29-41.
Sharma, D. H., Dhote, C. A., &Potey, M. M. (2016). Identity and access management as
security-as-a-service from clouds. Procedia Computer Science, 79, 170-174.
Singh, S., & Singh, N. (2015, October). Internet of Things (IoT): Security challenges, business
opportunities & reference architecture for E-commerce. In 2015 International Conference
on Green Computing and Internet of Things (ICGCIoT) (pp. 1577-1581). IEEE.
Sobh, T. S. (2019). Identity management using SAML for mobile clients and Internet of
Things. Journal of High Speed Networks, 25(1), 101-126.
Ng, A. C. K. (Ed.). (2018). Contemporary Identity and Access Management Architectures:
Emerging Research and Opportunities: Emerging Research and Opportunities. IGI
Global.
Othmane, L. B., Weffers, H., Mohamad, M. M., & Wolf, M. (2015). A survey of security and
privacy in connected vehicles. In Wireless sensor and mobile ad-hoc networks (pp. 217-
247). Springer, New York, NY.
Ouaddah, A., Mousannif, H., Elkalam, A. A., &Ouahman, A. A. (2017). Access control in the
Internet of Things: Big challenges and new opportunities. Computer Networks, 112, 237-
262.
Pratiksha, N., Prasad, S. R., &Mungara, J. (2017). Identity and Access
Management. International Journal of Engineering Science, 11907.
Rizzardi, A., Sicari, S., Miorandi, D., &Coen-Porisini, A. (2016). AUPS: an open source
AUthenticated publish/subscribe system for the internet of things. Information
Systems, 62, 29-41.
Sharma, D. H., Dhote, C. A., &Potey, M. M. (2016). Identity and access management as
security-as-a-service from clouds. Procedia Computer Science, 79, 170-174.
Singh, S., & Singh, N. (2015, October). Internet of Things (IoT): Security challenges, business
opportunities & reference architecture for E-commerce. In 2015 International Conference
on Green Computing and Internet of Things (ICGCIoT) (pp. 1577-1581). IEEE.
Sobh, T. S. (2019). Identity management using SAML for mobile clients and Internet of
Things. Journal of High Speed Networks, 25(1), 101-126.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
28LITERATURE REVIEW
Symeonidis, I., Mustafa, M. A., &Preneel, B. (2016, September). Keyless car sharing system: A
security and privacy analysis. In 2016 IEEE International Smart Cities Conference
(ISC2) (pp. 1-7). IEEE.
Tahri, H., &Drissi-Kaitouni, O. (2015). New design for calculating project management maturity
(PMM). Procedia-Social and Behavioral Sciences, 181, 171-177.
Tbatou, S., Ramrami, A., &Tabii, Y. (2017, March). Security of communications in connected
cars Modeling and safety assessment. In Proceedings of the 2nd international Conference
on Big Data, Cloud and Applications (p. 56). ACM.
Todeschini, B. V., Cortimiglia, M. N., Callegaro-de-Menezes, D., &Ghezzi, A. (2017).
Innovative and sustainable business models in the fashion industry: Entrepreneurial
drivers, opportunities, and challenges. Business Horizons, 60(6), 759-770.
Toro-Jarrín, M. A., Ponce-Jaramillo, I. E., &Güemes-Castorena, D. (2016). Methodology for the
of building process integration of Business Model Canvas and Technological
Roadmap. Technological Forecasting and Social Change, 110, 213-225.
Tuecke, S., Ananthakrishnan, R., Chard, K., Lidman, M., McCollam, B., Rosen, S., & Foster, I.
(2016, October). Globus Auth: A research identity and access management platform.
In 2016 IEEE 12th International Conference on e-Science (e-Science) (pp. 203-212).
IEEE.
Uddin, M., & Preston, D. (2015). Systematic Review of Identity Access Management in
Information Security. Journal of Advances in Computer Networks, 3(2).
Symeonidis, I., Mustafa, M. A., &Preneel, B. (2016, September). Keyless car sharing system: A
security and privacy analysis. In 2016 IEEE International Smart Cities Conference
(ISC2) (pp. 1-7). IEEE.
Tahri, H., &Drissi-Kaitouni, O. (2015). New design for calculating project management maturity
(PMM). Procedia-Social and Behavioral Sciences, 181, 171-177.
Tbatou, S., Ramrami, A., &Tabii, Y. (2017, March). Security of communications in connected
cars Modeling and safety assessment. In Proceedings of the 2nd international Conference
on Big Data, Cloud and Applications (p. 56). ACM.
Todeschini, B. V., Cortimiglia, M. N., Callegaro-de-Menezes, D., &Ghezzi, A. (2017).
Innovative and sustainable business models in the fashion industry: Entrepreneurial
drivers, opportunities, and challenges. Business Horizons, 60(6), 759-770.
Toro-Jarrín, M. A., Ponce-Jaramillo, I. E., &Güemes-Castorena, D. (2016). Methodology for the
of building process integration of Business Model Canvas and Technological
Roadmap. Technological Forecasting and Social Change, 110, 213-225.
Tuecke, S., Ananthakrishnan, R., Chard, K., Lidman, M., McCollam, B., Rosen, S., & Foster, I.
(2016, October). Globus Auth: A research identity and access management platform.
In 2016 IEEE 12th International Conference on e-Science (e-Science) (pp. 203-212).
IEEE.
Uddin, M., & Preston, D. (2015). Systematic Review of Identity Access Management in
Information Security. Journal of Advances in Computer Networks, 3(2).
29LITERATURE REVIEW
Walter, J., &Abendroth, B. (2018). Losing a Private Sphere? A Glance on the User Perspective
on Privacy in Connected Cars. In Advanced Microsystems for Automotive Applications
2017 (pp. 237-247). Springer, Cham.
Waters, M. (2016). Evaluating Identity and Access Management (IAM) as a Cloud Service.
Yatskovskaya, E., Srai, J., & Kumar, M. (2018). Integrated supply network maturity model:
water scarcity perspective. Sustainability, 10(3), 896.
Walter, J., &Abendroth, B. (2018). Losing a Private Sphere? A Glance on the User Perspective
on Privacy in Connected Cars. In Advanced Microsystems for Automotive Applications
2017 (pp. 237-247). Springer, Cham.
Waters, M. (2016). Evaluating Identity and Access Management (IAM) as a Cloud Service.
Yatskovskaya, E., Srai, J., & Kumar, M. (2018). Integrated supply network maturity model:
water scarcity perspective. Sustainability, 10(3), 896.
1 out of 30
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.