Learning Library

← Back to Library

Identity Access Management: The Four A’s

3mUnknown ChannelsecuritytutorialbeginnerWatch on YouTube ↗

Key Points

  • Traditional network security focused on a perimeter firewall separating “good guys” inside from “bad guys” outside, but the rise of insider threats and remote workers has made that model obsolete.
  • Modern security must shift the defense line to the end‑user level, emphasizing Identity and Access Management (IAM) to control who can access what, wherever they are.
  • IAM is built around the “four A’s”: **Administration** (provisioning and de‑provisioning accounts), **Authentication** (verifying a user’s identity, often with multi‑factor methods), **Authorization** (determining what actions the user is permitted to perform), and **Audit** (ensuring the previous steps were correctly executed and logged).
  • Proper de‑provisioning is critical because lingering access rights can create serious security exposures, underscoring the need for continuous governance of identities and permissions.

Sections

Full Transcript

# Identity Access Management: The Four A’s **Source:** [https://www.youtube.com/watch?v=aNj36g7fSsU](https://www.youtube.com/watch?v=aNj36g7fSsU) **Duration:** 00:03:33 ## Summary - Traditional network security focused on a perimeter firewall separating “good guys” inside from “bad guys” outside, but the rise of insider threats and remote workers has made that model obsolete. - Modern security must shift the defense line to the end‑user level, emphasizing Identity and Access Management (IAM) to control who can access what, wherever they are. - IAM is built around the “four A’s”: **Administration** (provisioning and de‑provisioning accounts), **Authentication** (verifying a user’s identity, often with multi‑factor methods), **Authorization** (determining what actions the user is permitted to perform), and **Audit** (ensuring the previous steps were correctly executed and logged). - Proper de‑provisioning is critical because lingering access rights can create serious security exposures, underscoring the need for continuous governance of identities and permissions. ## Sections - [00:00:00](https://www.youtube.com/watch?v=aNj36g7fSsU&t=0s) **From Perimeter to Identity Management** - The speaker explains how security has evolved from edge firewalls to pervasive identity and access management, emphasizing the need to protect both internal and remote users and outlining the first of the four A’s—administration of accounts. ## Full Transcript
0:00in the early days of the internet 0:02security was basically about creating a 0:05first line of defense at the edge of the 0:07network 0:08because we had an internal network where 0:10we kept all the good guys an external 0:13network where we assumed all the bad 0:14guys were and so our main job in this 0:17case was basically trying to create 0:21this first line of defense at the edge 0:23of the network 0:24we put in a firewall good guys on the 0:26inside bad guys on the outside 0:29the problem with that is as we've moved 0:31along we've realized that in fact 0:34sometimes bad guys are on the inside 0:36and also as we have more and more remote 0:39workers we've got good guys that are on 0:42the outside 0:43so now it's not as simple as good guys 0:45in bad guys out 0:47what does that mean it means that we're 0:49going to have to move our line of 0:51defense 0:52not to just the perimeter and edge of 0:54the network it's got to be more 0:56pervasive in fact we've got to push it 0:58all the way to the level of the end user 1:00and what that is about is this area of 1:03identity and access management 1:06if you'd like to see more videos like 1:07this in the future please hit the 1:09subscribe button 1:10identity and access management if you 1:12want to simplify it it's really about 1:14four a's 1:18and what are those four a's well the 1:20first one 1:22is administration 1:24administration is basically creating an 1:27account for you 1:28updating it as we need to change the 1:30characteristics of it over time and then 1:32getting rid of that account and deleting 1:34it we call that 1:36identity management 1:38in general that's a traditional term 1:40that has been used here sometimes people 1:42refer to it as identity governance now 1:44but it's basically about provisioning 1:47which is the creation of those accounts 1:49and ultimately deprovisioning those 1:52accounts 1:53and de-provisioning is really important 1:55from a security standpoint because if we 1:58leave your access rights around when 2:00you're no longer permitted to use them 2:02we can end up with an exposure 2:04so the first day a is administration the 2:07next one 2:08is authentication 2:10authentication is basically answering 2:13the question 2:14of who are you 2:16trying to establish in a trustworthy way 2:19that you are in fact the user you claim 2:21to be it's not always easy to do and we 2:24use a lot of different technologies like 2:25multi-factor authentication and things 2:27like that that we can talk about later 2:31in addition to this 2:33the third a 2:34is authorization 2:37authorization is answering the question 2:40are you allowed to do what it is that 2:43you're trying to do 2:45so i first have to know if you're who 2:47you claim to be 2:48then i try to find out if you're allowed 2:51to do that 2:52this is the area that collectively we 2:55know is access management so here's the 2:57identity here's the access 3:00and then the fourth a 3:01this business down here is about audit 3:05audit is really all about trying to make 3:08sure that i did the previous three a's 3:10correctly 3:12so identity and access management 3:14administration authentication 3:16authorization and audit it's all about 3:18the four a's if you'd like to learn more 3:20about this look at the links down below 3:24thanks for watching please remember to 3:25like this video and subscribe to this 3:27channel so we can continue to bring you 3:29content that matters to you