KuppingerCole Report
Leadership Brief
By Dave Kearns

The 5 Biggest IAM Myths

Identity and Access Management (IAM) have been with us long enough to develop a strong history, but also a strong mythos, that is, a set of beliefs or assumptions which might or might not be correct – or which may have once been correct but are no longer.
By Dave Kearns

1 Recommendations

IAM is the granddaddy of identity related technologies, having been with us since the last century. But in that time, a mythology has been created including things that were once true but are no longer, things that are only partially true and things which never did have any validity. These are our recommendations for overcoming these myths.

  • Integrated architecture, services, applications and – equally as important – user education are necessary. No software alone can solve your IAM problems.
  • Dynamic, policy-based access control is necessary to protect your data and resources; static ACLs (Access Control Lists) no longer do the job properly.
  • Proper IAM, as well as proper governance, requires all users and resources are part of a single integrated identity domain – separate structures for on-premise business, industrial control systems and cloud-based services can only stay separate at the risk of massive data breaches.
  • Authentication methods all have exploitable flaws. Use risk mitigation techniques and policies to overcome their weaknesses. None of these methods is a “magic bullet.”
  • Employee education –especially in the area of IAM – must be an on-going process. To say that “they all attended an orientation briefing and signed the appropriate policy when they joined“ ignores the lesser fact that not everyone retains information from orientation and the greater fact that not everyone (e.g., partners, vendors, contractors) goes through orientation.

2 Analysis

Since the dawn of the PC era thirty years ago a large body of mythology has developed around its hardware and software:

  • Macs Can't Get Viruses
  • L ...
Login Get full Access

3 Summary

Identity and Access Management (IAM) has come a long way in the past 20 to 30 years. But, as with most rapidly developing technology, beliefs about IA ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.