Identity and Access Management (IAM) has seen both technological changes and market growth. The market for IAM solutions is building fast with a CAGR of around 15%; consumer solutions alone are likely to be worth almost $32 billion by 2022. In terms of technological changes, the IAM space has opened up along with the enterprise perimeter. The result is ‘digital identity’ now has a wide definition and has become the lynchpin of everything from authorization to service enablement to secure data access. IAM solutions, like most other applications, have moved to the cloud and work across all types of platforms and devices, including mobile, and the Internet of Things (IoT). The mosaic requirements, use models, and ever-advancing technology stack of a modern identity system, requires a new breed of IAM professional.
Skills for a Modern IAM Professional
Today’s identity professional needs to be an all-rounder. Modern identity systems have to be robust and flexible enough to be used across myriad use cases. Identity systems offer a framework which touches on everything from UX design, to backend services, authentication and verification protocols, and to data layer access methods. The expert maintaining these systems needs to understand all of these things and their job is one of the most holistic in the tech industry.
Below, we have compiled some of the areas that an IAM professional, wishing to keep at the top of their game, or as a new entrant into the industry, should know about.
Education vs. Experience - New Technologies/New Ideas
The IAM space is changing quickly. As new technologies such as the IoT and blockchain start to enter the arena, even those of us with vast experience in IAM need to understand how identity fits into place. IAM professionals need to understand the technology landscape more than most as identity touches this landscape across many layers.
Need protocols also come under this umbrella. An area that was once short in standards, now has quite a few - SAML, OpenID Connect, Oauth, XACML, SCIM, and UMA. Some are mentioned and utilised more often, and should be known by their main function and fit at the very least.
IAM has had somewhat of a renaissance in recent years. New ideologies which explore the very basis of what a digital identity can do, have entered the vocabulary of IAM professionals. Ideas such as Identity Relationship Management (IRM) was introduced by the Kantara working group of the same name. Other ideas include the focus of IAM on customers, the term Customer Identity Access Management (CIAM) being coined by analysts KuppingerCole. Keeping up to date with new initiatives in the identity space is an important part of the education of both seasoned and new IAM professionals.
Having at least some basic coding skills is always useful to an identity professional. You may rarely use them, but understanding how software works can help you understand where identity and authorization controls come into place.
The Challenge of Compliance
The world of compliance is ever-changing and identity has overlap across many industry regulations and laws. Keeping up-to-date with both new regulations and how this converges with changes in IAM is an important aspect of an IAM professional’s job.
A current example can be seen in banking and retail. In banking, new initiatives like the Payment Services Directive 2 (PSD2) has stringent regulations around authentication. The new EU General Data Protection Regulation (GDPR) has wide implications for organizations who utilize identity attributes within their processes. IAM professionals need to be at least educated about the regulatory landscape and need to work closely with compliance officers.
Understanding the Impact of Security on IAM and Vice Versa
Digital identity is now part of the default security toolset of an enterprise, but identity, also, has security requirement within its own right. As more and more identity systems and associated ecosystem components become cloud-based, understanding cloud and as-a-Service security is part of the IAM professional’s remit.
Importantly, they need to understand how to achieve a balance between the right level of security and usability. This is especially tricky in customer facing or consumer systems.
Soft skills are often underrated by the tech industry but for IAM professionals, communication is paramount, as they need to be able to communicate across multiple teams and disciplines. Good writing and verbal skills are a must, as often the IAM professional will need to justify decisions and explain complex concepts to non-technical folk.
Research is an essential skill too. As mentioned earlier, the identity space is evolving fast, and understanding where those changes are occurring is part of the pro knowledge base.
Getting Certified and Industry Bodies
A number of certifications are available that benefit the IAM professional, these include:
- The Identity Management Institute who offer certification as a Certified Identity and Access Manager® (CIAM). The exam covers the main areas of IAM: provisioning of identities, administration of IAM, and enforcement.
- The Certified Information Systems Security Professional (CISSP) is a security professional based exam which also covers Identity and Access Management.
- Certified Information Systems Auditor (CISA) award is for persons involved in IT systems and covers security and information systems. The award is multi-part and requires you to pass an exam and have a certain level of practical experience.
IDPro is an incubator out of the Kantara Initiative which is a not-for-profit organization working in the advancement of digital identity. IDPro’s goal is to create a platform for identity professionals to support each other, provide a global voice to advise policy makers and to offer professional development in the identity space. The Kantara Initiative work across all aspects of identity and have a number of working groups such as Identity Relationship Management (IRM), and the User Managed Access Group (UMA).
Privacy is becoming an important aspect of many types of IAM systems, especially customer based ones. The International Association of Privacy Professionals (IAPP) offers a platform for professional engagement and development. They also run certification for privacy professionals and general IT professionals where privacy is part of their work.
One last thing. Professional conferences are always a great way to network with your peers and find out about new innovations in the world of identity. A run-down of some of this best can be found by clicking here.