Abstract
Identity Access Management (IAM) is an area posing significant challenges, particularly in the context of remote connectivity and distributed or cloud-based systems. A wide range of technical solutions have been proposed by prior research, but the implementation and integration of these
solutions in the commercial sector represent steps that significantly hamper their acceptance. The study aims to outline the current perception and security issues associated with IAM solutions from the perspective of the beneficiaries. The analysis relies on a series of interviews with 45 cyber security professionals from different
organisations all over the world. The particular focus of the study is represented by the challenges and vulnerabilities of onpremises and cloud-based IAM deployment models. As highlighted by the interviewees, cloud IAM solutions and on
premises IAM solutions are affected by different issues. The main challenges for cloud based IAM solutions were Default configurations, Poor management of Non-Human Identities such as Service accounts, Poor certificate management, Poor access review, Poor API configuration and limited Log analysis. In contrast, the challenges for on premise solutions were Multi Factor Authentication, insecure Default configurations, Lack of skillsets required to manage IAM solution securely, Poor password policies, Unpatched vulnerabilities, and compromise of Single-Sign on leading to compromise of multiple entities. The study also determined that, regardless the evolving functionality of cloud based IAM solutions, 41% of respondents believe that
the on premise solutions more secure than the cloud-based ones. As pointed out by the respondents, cloud IAM may potentially expose organisations to a wider range of vulnerabilities due to the complexity of the underlying solutions, challenges with
managing permissions, and compliance to dynamic IAM policies.
solutions in the commercial sector represent steps that significantly hamper their acceptance. The study aims to outline the current perception and security issues associated with IAM solutions from the perspective of the beneficiaries. The analysis relies on a series of interviews with 45 cyber security professionals from different
organisations all over the world. The particular focus of the study is represented by the challenges and vulnerabilities of onpremises and cloud-based IAM deployment models. As highlighted by the interviewees, cloud IAM solutions and on
premises IAM solutions are affected by different issues. The main challenges for cloud based IAM solutions were Default configurations, Poor management of Non-Human Identities such as Service accounts, Poor certificate management, Poor access review, Poor API configuration and limited Log analysis. In contrast, the challenges for on premise solutions were Multi Factor Authentication, insecure Default configurations, Lack of skillsets required to manage IAM solution securely, Poor password policies, Unpatched vulnerabilities, and compromise of Single-Sign on leading to compromise of multiple entities. The study also determined that, regardless the evolving functionality of cloud based IAM solutions, 41% of respondents believe that
the on premise solutions more secure than the cloud-based ones. As pointed out by the respondents, cloud IAM may potentially expose organisations to a wider range of vulnerabilities due to the complexity of the underlying solutions, challenges with
managing permissions, and compliance to dynamic IAM policies.
Original language | English |
---|---|
Publication status | Accepted/In press - 1 Jun 2024 |
Event | IEEE International Black Sea Conference on Communications and Networking - Tbilisi, Georgia Duration: 24 Jun 2024 → 27 Jun 2024 https://blackseacom2024.ieee-blackseacom.org/about |
Conference
Conference | IEEE International Black Sea Conference on Communications and Networking |
---|---|
Abbreviated title | IEEE BlackSeaCom |
Country/Territory | Georgia |
City | Tbilisi |
Period | 24/06/2024 → 27/06/2024 |
Internet address |