Identity and access management (IAM) is all processes and technologies that together facilitate the management of digital identities and their rights in an automated manner. IAM therefore enables the right person to have the right access at the right time. That is the traditional definition.
IAM has already existed for more than a decade and thanks to the recent disruptive trends such as the cloud, social media, mobile computing and the Internet of Things (IoT), more people, applications and 'things' are connected than ever before.
In today's world, an identity is no longer an individual or a legal entity, but just as much a sensor in a truck or a mobile app. To be able to cope with all these technologies in different locations, the role of IAM has evolved into a flexible platform architecture, built on open standards and APIs. IAM is becoming a central hub that is capable of connecting everything together.
Identity means business opportunities
Based on digital transformation, IAM is moving towards new horizons. The classic B2E and B2B models are now reaching the consumer market (B2C), opening up a whole new area where user-friendliness and an integrated approach are the keys to success.
When identities are linked to relevant data, valuable information appears – which can translate into a win-win situation for the customer. The financial market can take advantage of this, too, by launching products that provide customers with context-driven information. As a result, your bank can, for example, spontaneously provide you with information about your available balance, taking account of any scheduled payments, when you go to the till in the clothes shop to buy a new outfit. Or you may receive a discount voucher by text for the perfume store while waiting to board your flight at the airport.
IAM and regulation
At the same time, banks must constantly ensure that everything remains secure and can be trusted. Customers are very wary of how their personal (financial) data is processed and shared, in particular. The General Data Protection Regulation (GDPR), which is due to come into force in all EU member states in 2018, is an important milestone in this regard. The GDPR focuses on the individual, and IAM systems are a good match to this end from a technological perspective. Imagine, for example, giving explicit authorization and the management of said authorization via Oauth2. User managed access (UMA) builds on this by applying the Privacy by Design principle, by giving the individual concerned the choice as to who may use their information or application. To give a specific example: "Allow only my accountant with the email address firstname.lastname@example.org and via the TaxApp client to see my bank details if they are securely logged on and as long as the tax period has not come to a close."
The imminent PSD2 directive is also a significant factor, as it will oblige banks to open up their data to third parties. IAM and API management will therefore ensure that the right individuals can be associated to the right access rights. This is just another reason for the banking sector to develop applications tailored to customers before the disruptive fintechs beat them to it.
Tailor-made partnerships according to your needs
At a Belgian bank Realdolmen is replacing, in partnership with Evidian, the existing IAM system developed in-house with a flexible platform that is ready to accept modern integrations. Realdolmen is not only ensuring the delivery of the platform, but is also responsible for its maintenance and further development. As part of our vision for IAM, we act as a long-term partner who not only preserves the status quo, but also works proactively alongside the bank to bring further IAM projects to fruition. Alongside our partnership with Evidian, which dates back to 2008, Realdolmen also works with other technologies such as WSO² (open source), Okta (IDaaS) and Microsoft Azure.
Are you interested in more information about IAM? Contact our expert Kenny Willems, Security Architect, at email@example.com.
If you would like to learn more about our expertise in Financial Services, download our SimplICiTy Magazine for Financial services.