European Journal of Engineering and Technology Research

Vol 8 | Issue 4 | August 2023

ISSN 2736-576X

RESEARCH ARTICLE

IAM Identity Access Management—Importance

in Maintaining Security Systems within
Organizations
Chetanpal Singh1, * , Jatinder Warraich2 , and Rahul Thakkar1

ABSTRACT
Identity and Access Management proposes a web service that assists in Submitted: June 14, 2023
controlling the entire work through secured ways. This research study Published: August 31, 2023
has been started to highlight the importance of IAM by discussing its
roles, characteristics, advantages and disadvantages. It is a framework 10.24018/ejeng.2023.8.4.3074
comprising processes, policies, and the latest technologies, allowing the
organization to monitor digital identities and control exclusive access to 1 Faculty
follow information based on user data. The IAM component proposes of Business, Design and IT,
Holmesglen Institute Chadstone Campus,
an approach of centralized user management, account management Australia.
console, authentication approaches, and so on. In this research work, 2 Faculty of ICT, Victorian Institute of
roles and key components of IAM have been discussed with all types of Technology (VIT), Australia.
possible challenges. Furthermore, this research will help readers and future
researchers easily identify the importance of IAM in maintaining security *Corresponding Author:
systems within organizations. e-mail: Chetanpal.singh@holmesglen.edu.au

Keywords: Access control, IAM (Identity Access Management),

reliability viable solutions, security maintenance.

1. Introduction open-source IAM that focuses on current administrations

and applications designed to provide a keyguard for appli-
1.1. Research Background
cation protections and administrations [1]. ‘Azure ATP
User identity management is a common component (Advanced Threat Protection)’ is a completely cloud-based
that provides security and easy auditable access to some solution that helps investigate and detect any type of secu-
limited assets. The term “Identity Access Management” rity incidents across the entire network system. It assists
ensures the job identities and nature of the right people in securing any organization from compromised identities
c easily accessed through relevant tools. The framework and insider threats. It has the ability to identify the threat
includes different processes, policies, and technologies to patterns along with its resources within the cloud and
monitor user access and manage digital identities. Identity on-premises.
management is needed to improve data security, control Nowadays, as passwords are one of the important pre-
user data access, and maintain distance from illegal access. dominant mechanisms used for authentication processes,
It helps any organization to identify illegal access, mitigate it becomes impossible to remember those passwords if the
data breaches, and propose sensitive information about the users have more than one account. It frequently forces
corporate world. The components of IAM can be classified the users to choose weaker passwords which damages the
into the following four important categories: ‘authoriza- user’s own revealing passwords. It has been noticed that
tion’, ‘authentication’, ‘central user repository’, and ‘user it becomes easy for attackers to grant access to those
management’ [1]. accounts and hack users’ credentials. ‘SailPoint’ cloud
This research paper has been conducted to highlight platform for maintaining identity security helps users
IAM’s significance, advantages, and disadvantages. It to realize the accesses and identities of all the secure
has been noticed that “Google”, “Facebook”, “GitHub”, information [2]. This identity management solution helps
and other well-known web-based organizations provide organizations easily manage digital identities, employee
free confirmation opportunities that can be easily coor- permissions, data access, information security, and com-
dinated through online applications. ‘KeyCloak’ is an pliance. Similarly, it has also been noticed that ‘CyberArk’

Copyright: © 2023 Singh et al. This work is licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in
any medium, provided the original work is properly cited.

Vol 8 | Issue 4 | August 2023 30

Singh et al. IAM Identity Access Management—Importance in Maintaining Security Systems within Organizations

proposes the most extensible and complete platform of 1.3.2. Objectives

identity security that helps to protect critical assets and • To highlight the role of “Identity Access Manage-
identities in the vicinity of zero trust. It is a complete ment” (IAM).
‘security-focused IAM’. On the other hand, ‘Okta’ is such • To identify the key components and process of
an IAM platform that can be used easily and neutrally IAM that deeply impact on acquiring so many
with all relevant existing solutions, which selects the best experiences on organizational productivities.
technologies. Identity authentication, as well as access con- • To point out the possible challenges of IAM that
trol of different participating nodes, propose cross-chain can interfere with its credibility.
transactions to practice different accesses [3]. • To find out and analyze the solutions to mitigate all
In this research work, IAM proposes opportunities to possible challenges of IAM.
access all types of cloud-resourced project-level access eas-
ily. It allows maintaining IAM standards to access the
1.3.3. Research questions
data that need to complete the job. Achieving identity
authentication and access control in support of transaction 1. What is the role of the IAM identity and access
circulation uses various types of changes which maintain management?
low chain intrusion [2]. Moreover, with the assistance of 2. How do the key components and process of IAM
the IAM scheme, it becomes easy to realize conversion develop a considerable impact on the experience of
based on cross-chain identity in the middle of recorded the user along with organizational productivity?
illegal transactions and different chains. IAM risks are 3. What are the challenges of IAM that can interfere
always inherent in the cloud environment, where different with its credibility in terms of implementation in
types of potential risks are easily resolved through the help large firms?
of cloud service providers. Therefore, it is also necessary 4. Critically analyze the solutions present to miti-
to manage all the IAM risks, which are the outcomes of gate the challenges of IAM and strategies required
any cyber criminals, negligence in vendor management, to adhere to when choosing the IAM system for
industrial espionage, or maltreatment by any privileged the firm.
users [5].
This research paper is organized into different chapters; 1.4. Research Significance
chapter 1, within the introduction section, explains the The significance of this research is to outline a frame-
background of the research work based on the proposed work that has been designed to assign digital identities. It
topic. In chapter 2, it has critically discussed the points consists of different types of processes and policies, along
of view of different authors’ perspectives on IAM. It has with the latest technologies. This section highlights the
explained the in-depth information, which helps the read- important roles of IAM, its key components, and possible
ers of this paper to acquire all the relevant information challenges which adhere to its values of it. Security main-
based on research objectives and questions. Chapter 3 has tenance is always a pivotal part of any type of application
explained the research methodology, which is followed by [8]. Behalf of increasing awareness about identity manage-
the researcher while conducting the research. Chapter 4 ment, it is required to carry on the entire research study to
is designed to explain the outcomes of this research work highlight the importance of identity access management to
and comparisons between all the article papers. Chapter 6 the readers of this paper and future researchers.
provides the conclusion of this entire research work [6].

1.2. Problem Statement

2. Literature Review
This research work has been conducted depending on
the significance of IAM. It is mainly an important cyber- 2.1. Role of the IAM Identity and Access Management
security activity that helps to organize different access As in the latest technological era, the revolution of
management. With its assistance of it, it automatically computerized devices is increasingly attractive constantly;
boosts the entire monitoring processes and security con- due to that reason, most attacks also try to take various
trols. This research work will help to understand the types of tactics to access users’ devices [10], stated that,
importance of identity management systems that are for handling the latest cyber-attacks, traditional security
actively used to propose safeguarding security-based inci- controls process cannot provide better outcomes, and with
dents. As in the recent era, cybercrime incidents are this, failed to handle threats also.
increasing day by day, and it will be necessary to realize the The Fig. 1 provided information about the IAM con-
importance of identity management systems [7]. Moreover, figuration phase, as well as the IAM operation phase.
it can be said that the current research is needed to solve “Identity Access Management” (IAM) can support han-
the possible issues behind the identity management system. dling permissions, which manage how AWS resources can
access users. IAM is also known as “role-based access
1.3. Research Aim & Objectives controls” (RBAC), through which cloud customers can
1.3.1. Aim easily assign individual function, which is related to a set of
This research work will be carried on with the aim of permission to access other functions, data stores, as well as
completing the research work by focusing on the impor- open Internet. Roles of strict IAM can be constructed for
tance of “Identity Access Management” (IAM) along with those functions which are limited to communicating with
all its pros and cons. those important requirements to handle their activities.

Vol 8 | Issue 4 | August 2023 31

IAM Identity Access Management—Importance in Maintaining Security Systems within Organizations Singh et al.

Fig. 2. IAM model for artificial intelligence. Source: [14].

Fig. 1. IAM phases. Source: [10].

that the right people can access the organizational network
and, with this, manage employee applications also.
In this research paper, the author proposed “WILLIAM”
as a workflow-aware access management model, as well 2.2. Key Components of the Process of IAM
as a reference monitor, which satisfies the functional IAM professionals should have a proper vision for the
requirements of the “serverless computing paradigm” [11]. IAM circumstances which satisfy the requirements of the
William has the capability to encode a serverless appli- corporate. Every IAM project should develop towards
cation’s protection state as a permission graph, which the required target state. The components of IAM can
defines permissible transitions. It has the capability to be categorized into four different categories, concluding
avert unauthorized requests’ processing costs, as well as authentication, user management, central user, and with
minimize applications’ attack surface also. By adopting this authorization. In the present age, most business orga-
IAM, business organizations can ensure high-quality secu- nizations increase their focus on the adaptation of cloud
rity systems production processes and, with this, improve infrastructure platforms in equal capability.
regulatory compliance also. IAM has the capability to In hybrid IT architecture, IAM is a crucial compo-
increase the flexibility of traditional usernames, as well as nent. Hybrid IAM has the capability to develop a basic
password solutions [12]. credential, which can be allowed for access in cloud
Based on the previous author’s statement [13] stated environments [16], defines components of hybrid IAM
that, in information security systems, IAM plays a signif- architecture, concluding on-premise corporate directory,
icant role. To handle the latest IT environment, and with on-premise federation service, Identity Sync services, and
this handle database platform, it is important for the users with this cloud IAM service. Directory services, which
to identify network access properly. Through this research allow authentication to access organizational resources,
paper, the author tried to provide how IAM can connect conclude Active Directory. Directory objects highlight the
with innovative Artificial Intelligence (AI) technologies to user account as well as the service account. For that, iden-
ensure high standard identity management, as well as user tity service implements basic access management abilities
authentication [14]. concluding authentication, as well as authorization for the
Through the above Fig. 2, the author defined the AI organizational applications. Fig. 3 shows how it supports
approach to IAM. As in the current age, due to innu- identity standards, such as SAML as well as OpenID Con-
merable effectiveness, the popularity of AI and ML is nect, to allow access to both internal, as well as external
constantly increasing; due to that reason, there is no doubt resources. Identity Sync Service is basically implemented
it can develop the efficiency of IAM. Modern technologies in cloud direction-based organizations to reduce risk, as
have the capability to speed up the latest IAM compli- well as complexity. In the public cloud, platform ser-
ance. AI has the capability to detect abnormalities, as well vice implements fundamental IAM abilities, concluding
as possible threats. It equips customers with the proper authentication, federation, as well as access management,
information required to take proper decisions, both tech- and with this can be exploited access assumption sources
nical, as well as non-technical [15]. Due to technological as well [17], [18].
advantages, hackers are becoming proficient as well as Based on the previous author’s opinion, the other author
daring constantly, and due to that reason, for infiltrating [19] defines IAM systems as required to be realized prop-
user’s networks, often it can be difficult for organizational erly, that can be utilized for on-premises services, as well
managers to handle issues properly. Through this research as cloud services correctly, as well as securely. IAM has
paper, the author clearly defines the beautiful relationship the capability to provide massive security features for
between AI and IAM. Through the research findings, it providing user access within the organization. “Security
has been noted that the implementation of AI is a totally Assertation Markup Language”, commonly known as
new approach, and there are no proper organizations that SAML, is utilized in this research paper. It is basically
take any approach to implement AI in IAM. Those two a standard protocol structured by the ‘‘Security Ser-
are the most innovative combination for developing a suit- vices Technical Committee’’ [19]. An IAM SAML allows
able monitoring system through which IAM can visualize identity providers to ensure user authentication through
connectivity and decrease cyber breach risks. With the interchanging user information, concluding login data,
combination of innovative technologies, IAM can ensure authentication state, identifiers, as well as different relevant

Vol 8 | Issue 4 | August 2023 32

Singh et al. IAM Identity Access Management—Importance in Maintaining Security Systems within Organizations

Fig. 3. SAML authentication process. Source: [15].

attributes between the service provider and, with this, the

identity.

2.3. Analysis of IAM Challenges Developed During the

Implementation Process
A firm or organization can easily face different chal-
lenges at the time outlining, implementing, as well as
controlling IAM solutions. It has been noticed that the
latest cloud-dependent IAM solutions propose simplified
and uniform identity management practices, which easily
become popular as the day advances, for optimizing the
existing solutions of identity and access management. As
Fig. 4. IAM components. Source: [18].
per the opinions of the authors [20], the way of the latest
businesses is completely revolutionized through storing,
processing, as well as managing the relevant data. For all come to know that board members, as well as busi-
sizes of businesses, cloud security nowadays has become a ness leaders, propose success on behalf of following the
great concern. The user’s identity is verified through identi- IAM initiative. Nowadays, almost all activities have slowly
fication processes that easily access any cloud resources as adopted the latest technologies, which creates an inter-
well as control the user’s actions to perform better. Imple- national shortage among all tech professionals. Finding
mentation of effective authentication along with access trustworthy employees with sufficient knowledge creates
controls is important for keeping away from any illegal difficulties in a global shortage system. All the important
access to all the cloud resources [20]. data should be encrypted in both situations that are in
Fig. 4 shows there are so many challenges that are asso- transit forms and even in rest positions. Both SSL (Secure
ciated with the implementation of the IAM system, and Socket Layer) and TLS (Transport Layer Security) are
those are ‘lack of sufficient planning’, ‘lack of management utilized for data encryption [22].
support’, ‘poor user role management’, ‘misapplication of the It has also been noticed that the lack of proper planning
roles and responsibilities of access management’, ‘lack of guides to the mismanagement of different resources which
attention in the near future’, ‘lack of relevant points of views’, are required to manage and implement IAM. It has been
and ‘poor privileged access management (PAM)’. The pro- noticed that IAM needs an extensive roadmap that needs
posed system provides a dynamic field that always remains to be extended over the past few years, and this roadmap
progressive for helping combat cybercrime for continuing is completely supported by all the relevant stakeholders.
the development of the latest methods. IAM should be The path of implementation of IAM should be designed
implemented in the company of effective authentication by prioritizing the possible risks. As it is completely based
mechanisms like MFA and RBAC to ensure the right on the latest technologies, it has been noticed that risks
of only authorized users to access cloud-based resources. or challenges will change as time goes on, but at the same
Besides this, it has been required to regularly review the time, unexpected changes will arise. IAM implementation
user’s data [21]. is difficult and completely resource-based. Despite all of
Implementation of IAM represents its own challenges, this, it can be said that the implementation of IAM is
together with many SMBs (small and medium-sized busi- a relevant opportunity to focus on access controls and
nesses) [21]. Whatever the size of an organization, it has proposed risk assessments in regard to IAM activities [23].

Vol 8 | Issue 4 | August 2023 33

IAM Identity Access Management—Importance in Maintaining Security Systems within Organizations Singh et al.

2.4. Mitigation Strategies of IAM challenges and objectives. Further, the consideration of the secondary
Based on the previous author’s opinion about the IAM’s research method supported to conduct of the research
implementation challenges, it has been noted that there works fast and in a cost-effective way by using the data
are different basic issues that should be mitigated prop- of past researchers who have used vital data for reflecting
erly. Among various issues, the most common risk is IAM implementation.
authentication issues [24] defines that, for ensuring authen-
tication, it is important to implement authenticate method. 3.3. Research Philosophy
Authentication factors can be categorized into three dif- The considered research work has made effective uti-
ferent groups, such as ‘‘personal identification numbers’’, lization of the “Interpretivism research philosophy”, which
biometrics, or authentication key. Additionally, the multi- supported the researcher to put more stress on factual
layer security system is also an essential process that data. This philosophy helped the researcher to form the
can support ensuring authentication. Through multiple belief by which the required data will be accumulated,
authentication mechanisms within the IAM process, it can evaluated and utilized [25]. In the process, this research
be easy to mitigate challenges as well as increase efficiency
philosophy enabled the researcher to conduct the research
levels also.
work in a subjective way while stating that data evaluates
2.5. Research Gap the rationalization of the research in an effective way and
This research is conducted by focusing on the impor- the main meaning is acquired at the end of the research
tance of Identity Access Management. Besides this, its key method. When conducting the secondary research method
components, roles etc., have been discussed here, but no for evaluating challenges of IAM that can interfere with its
detailed information about its risk mitigation strategies has credibility in terms of implementation in large firms, the
been mentioned here. As this identity and access manage- interpretivism research philosophy enabled to conduct of
ment system help to provide organizational security, it is the research in depth while providing higher range validity
necessary to follow uniqueness at the time of implementing as it involved authentic data.
IAM. There are robust solutions that help to mitigate
all the possible threats, but in this research study, those 3.4. Research Approach
are not discussed in-depth, and it creates gaps in this The research formed on evaluating the role of “IAM
research work. identity and access management” make effective use of the
“Deductive research approach”. This particular deductive
research approach enabled us to put stress on utilizing the
3. Research Methodology existing theories. This supported critically emphasizing the
3.1. Research Overview key contents of the present information white acquired
The researcher put stress on evaluating the “role of the reliable evaluation from it to justify the cumulated
“Identity Access Management” (IAM)”, and in the pro- content [22]. Apart from this, the researcher put stress
cess, the concern has been laid on assessing the set research on reflecting the key facts as well as ideas reflected in
question and aim. Even the researcher put concerned the literary contents to give an effective evaluation and
with evaluating the considered scholarly articles through stating the relevancy of the objectives set. Further, the
the lens of positivist research philosophy. The considered researcher reflects on the efficiency of the objectives set by
research work will be formed by considering the secondary considering the qualitative research method and making a
research method as it will support considering the qualita- considerable contribution to future research development.
tive research method generated from the literary analysis This deductive research approach supported more logical
while emphasizing the content. The consideration of the inferences involved in the literary data that highlight the
deductive research approach supports the existing theories. relevance of the research.
Further, the researcher has managed the ethical issues for
managing the research result [20]. 3.5. Research Design
3.2. Research Methods The considered research work has made effective utiliza-
tion of the “Descriptive research design” to systematically
Identity and access management security are regarded
accumulate the data for evaluating the IAM identity and
as the prime element of the entire IIT security system that
access management role in the organization in a critical
manages digital identities along with user access in the
firm. In order to evaluate the role of IAM, the concern has way. This research design does not enable the researcher
been laid on making effective utilization of the “secondary to manipulate the data but evaluates it in its actual ver-
research method”. Further, the qualitative data reflected sion to extract the desired outcome [21]. This enabled the
the research’s significance in terms of justifying the objec- researcher to evaluate the key components of the IAM
tors of the research [23]. The researcher to recognized key in an effective way and the way it reduces the threat of
components and processes of IAM and acquired the key identity-related access in the firm. The consideration of
facts through a secondary data collection method. The the descriptive research design enabled to form of the
consideration of the secondary data supported the acquisi- strategy by which varied components of the paper have
tion of literary sources and supported the accumulation of been integrated and assuring that the research problem can
sufficient data that can help in meeting the set research aim be addressed effectively.

Vol 8 | Issue 4 | August 2023 34

Singh et al. IAM Identity Access Management—Importance in Maintaining Security Systems within Organizations

3.6. Research Data Collection intelligence (AI) all have the potential to enhance iden-
The “Secondary data collection method” has been used tity and access management (IAM). Every single study
in this research paper, and this supported to make effec- acknowledges that concerns regarding safety and confi-
tive utilization of the existing data acquired from the dentiality are the main barriers to the implementation of
scholarly articles. Even in the process of collecting the these technologies in IAM [24]. However, there are a few
data, the concern has been laid on making utilization of significant differences that may be found between the six
the “government and non-government records”, “maga- publications as show in Table I.
zines”, “newspapers, libraries”, and “internet” [23]. Even
the record of different organizations using “systematic 4.1. Result of the Papers
review of identity Access Management (IAM)” can be The six papers offer a range of viewpoints on the
considered to evaluate the critical use of the IAM and possibility of enhancing IAM through the use of AI,
the issues that it laid in the process of implementation in sophisticated authentication techniques, blockchain tech-
the large organization. The accumulated literary sources nology, distributed ledger technology, and workflow
reflected the new aspect of the considered research topic. integration. These are some of the subjects that the papers
In the process of data collection, the stress has been laid on cover.
making utilization of the literary sources.
• A variety of chances for IAM improvement are
3.7. Research Data Analysis presented by the application of AI, some of which
are highlighted below:
In the research work, the concern has been laid on mak-
ing utilization of the “qualitative data analysis” method.  This method can be used to automate a
This supported to make use of only descriptive data, number of processes, such as password man-
and no statistical data have been utilized in the process agement and user provisioning.
of undertaking the overall research work. This enabled  Supplying information on user behavior that
systematizing the descriptive data collection via schol- can be used to spot potential dangers in the
arly articles and then evaluating it. It helped to stress immediate area.
accumulating effective data and then facilitating the key  Spotting unusual user activity patterns and
elements for implementing the IAM [24]. In the process, using that information to help prevent
the acquired data has been interpreted in an effective way assaults.
to ensure that the data analysis process can be executed
• One way to improve IAM’s current security is
in an authentic way. This supported undertaking a criti-
to use more complex authentication processes.
cal analysis of the accumulated paper from the scholarly
These steps increase the difficulty of unauthorized
articles to reflect the overall scenario associated with the
considered research topic. users accessing systems and data, which ultimately
enhances the security of IAM.
3.8. Data Validity and Reliability • By providing a tamper-proof and decentral-
The researcher has evaluated the necessity of IAM and ized method of storing identifying information,
the way it involved the policies, methods and techniques blockchain technology can help identity and access
that support reducing identity-associated access in the management (IAM) increase its security and
firm. In order to achieve this, the research has put con- privacy. Identity and access management (IAM)
cern on considering the reliability to form consistency and can become more secure as a result of this.
the aspect of the research result that supported reflect • Identity and access management (IAM) could
the relevancy of the research effectively [26]. Further, the become more effective with the use of distributed
researcher has reflected on managing consistent outcomes ledger technologies. This is achieved by offering
though out the research and the work or evening the a shared, unchangeable ledger of access control-
rationale of counting secondary research methods. related data.
The validity of the research work has been considered • The process of providing and rescinding access
to reflect the accuracy development in the result of the to systems and data can be automated with the
research and recognize the genuineness of the research use of workflow integration, which can increase
output gathered via literary sources. Even in the process, IAM’s effectiveness. As a result, IAM could be
the concern has been laid on making use of literary sources more efficient.
published in the last three years to ensure that only current
data can be used to meet the set aim and objectives. 4.2. Comparison of Results
The six papers give a thorough explanation of how
blockchain technology, distributed ledger technology,
4. Result & Comparison workflow integration, more robust authentication meth-
The six distinct papers are related to one another ods, and artificial intelligence may improve IAM. But
in a variety of ways. All of the papers arrive at each of the six papers focuses on a different subject.
the same conclusion, which is that workflow integra- Paper 1 examines the perspectives of IT professionals,
tion, blockchain technology, distributed ledger technology whereas Paper 2 examines the technical challenges of
(DLT), enhanced authentication methods, and artificial enhanced authentication systems. In contrast, Paper 3

Vol 8 | Issue 4 | August 2023 35

IAM Identity Access Management—Importance in Maintaining Security Systems within Organizations Singh et al.

TABLE I: Comparison of Different Literature in AIM

Sl. No. Title of the Citation Critical Discussion Result
paper
1 “The [4] The author of this paper looks into the In the first paper in this series, the researcher
Interaction relationships between identity access management examines the perspectives held by IT specialists.
Between (IAM) and artificial intelligence (AI). To gather The researchers who were in charge of drafting
Artificial their opnions on AI and IAM in light of the Paper 1 noticed that IT staff members generally
Intelligence and study’s findings, the authors polled 100 had a positive outlook on the application of AI to
Identity and individuals who work in the information enhance IAM. But in addition to that, they also
Access technology sector. The poll’s findings indicate that emphasized worries about the effects AI will have
Management: the majority of IT professionals are upbeat about on people’s safety and privacy.
An Empirical the prospect of AI assisting IAM. But they also
Study” expressed their worry about how AI may harm
people’s safety and privacy in the future.
2 “Advanced [9] The author of this paper examines the usage of In the second paper, the researcher examines the
Authentication sophisticated authentication techniques to meet technical details of various advanced
Mechanisms for identity and access management (IAM) needs in authentication techniques in greater detail. The
Identity and cloud computing. According to the authors, authors of Paper 2 propose that cloud computing
Access utilizing novel authentication techniques can can be used to create a greater level of security for
Management in enhance IAM security in cloud computing. They IAM and that this level of security can be
Cloud assert that further research on this subject will be contributed by improved authentication
Computing” needed in the future. The authors also stress the mechanisms. However, they do mention that
importance of conducting additional research that installing more sophisticated authentication
is more in-depth within this sector. They do, techniques might be difficult and expensive.
however, concede that the implementation of
more complex verification methods might be
challenging and costly.
3 “Achieving [23] A decentralized and dynamic single sign-on (SSO) An overview of a centralized, static single sign-on
Decentralized identity access management solution for many and identity access management system is
and Dynamic cloud-hosted applications has been shown in this provided in Paper 3, and it may be applied to a
SSO-Identity study. This work’s goal is to achieve that. The number of cloud-based applications. The system
Access system includes the use of blockchain technology includes the use of blockchain technology to
Management to achieve decentralization and dynamic achieve decentralization and dynamic behaviour,
System for behaviour, respectively. The strategy, according to respectively. The strategy, according to the
Multi- the authors, has the potential to increase both the authors, has the potential to increase both the
Application security and effectiveness of IAM in cloud security and effectiveness of IAM in cloud
Outsourced in computing, and they advise using it. computing, and they advise using it.
Cloud”
4 “Blockchain- [24] This article offers a thorough analysis of In Paper 4, which is available here, the BIMs used
Based Identity blockchain-based identity management systems, in health-related IoT are examined in-depth.
Management or BIMs, for usage in contexts relating to the Twenty different BIMs that are either now in use
Systems in Internet of Things in the healthcare industry. or being developed were uncovered by the authors.
Health IoT: A Twenty different BIMs that are either now in use The authors contend that BIMs should be taken
Systematic or being developed were uncovered by the authors. into consideration since they have the potential to
Review” The authors contend that BIMs should be taken enhance the security and privacy of IoT-related
into consideration since they have the potential to health data. They further assert that this potential
enhance the security and privacy of IoT-related might be leveraged to raise the standard of BIMs.
health data. They further assert that this potential
might be leveraged to raise the standard of BIMs.
5 “Identity and [25] In the preceding part, the researcher discussed The fifth paper provides an introduction to IAM
Access distributed ledger technology (DLT), which is by utilizing DLT. The authors talk about the
Management used in this work to give study of identity and various ways distributed ledger technology (DLT)
using distributed access management (IAM). The authors talk applications could be used to improve IAM.
ledger about the various ways distributed ledger According to the authors, distributed ledger
technology: A technology (DLT) applications could be used to technology (DLT) has the potential to spark a
Survey.” improve IAM. According to the authors, period of radical change in IAM.
distributed ledger technology (DLT) has the
potential to spark a period of radical change in
IAM.
6 “Workflow [26] The difficulties that arise when employing In paper six, which is available here, the difficulties
integration serverless computing for identity and access that arise with IAM in serverless computing are
alleviates management (IAM) are the main subject of this analyzed. According to the authors, integrating
identity and study. According to the authors, integrating workflows is one way to assist in mitigating the
access workflows is one way to assist in mitigating the effects of these difficulties, and this should be
management in effects of these difficulties, and this should be taken into consideration as a viable solution.
serverless taken into consideration as a viable solution.
computing.”

Vol 8 | Issue 4 | August 2023 36

Singh et al. IAM Identity Access Management—Importance in Maintaining Security Systems within Organizations

proposes a decentralized and dynamic SSO IAM frame- regular workflow. As the day advanced, it really has
work for cloud multi-application outsourcing. Despite become so challenging to find out all the internal threats
this, Paper 4 provides a comprehensive review of BIMs and and cyber-attack incidents in the organization. It has been
their relationship to the Internet of Medical Things. The noticed that all the latest applications and required ser-
findings from both of the aforementioned investigations vices propose cloud services over the traditional systems
are included in this volume’s presentation. In Paper 5, and servers, which easily manage security areas through
IAM is presented by utilizing DLT, and after that, the using different tools, which creates difficulties in managing
difficulties associated with merging IAM with serverless the entire identity management processes. Identity-based
computing are investigated. The six papers present an activities are basically used to accumulate all the relevant
in-depth analysis of how IAM could be improved with data, such as public keys. Data-centric characters always
the implementation of blockchain technology, distributed propose outcomes by following the latest security needs for
ledger technology, workflow integration, more depend- secured communication. The data source authentication
able authentication approaches, and artificial intelligence. always makes sure about the data packets that have been
However, it is essential to keep in mind that these tech- followed during the identity access management processes.
nologies are still in their infancy and that a large number So after completing the entire research work, it can
of obstacles need to be conquered before a sizeable per- be concluded that data-centric authentication always pro-
centage of the population will be able to make use of poses a common security service that is needed by
them. However, it is essential to keep in mind that research proposing different types of security solutions [29]. The
on these technologies is still in its infant stage. This is key importance behind the IAM system is to automate
something that must not be forgotten. recording, capturing, and controlling access permissions
Rather than focusing on improving IAM with just one and user identities to improve data security. Not only that,
of these technologies, the best strategy would be to improve but it also helps to provide solutions that can easily identify
it simultaneously with all of them. Businesses may make possible issues and find ways to mitigate them. Future
use of a wide range of different technologies to build
research on this proposed topic will open a new door to
identity and access management (IAM) systems that are
be updated with the attitude of the latest technologies
safer, more efficient, and easier to use. In the end, the type
as well as keep away from any data breaches or cyber-
of paper that is appropriate for you will be determined by
attacks. With the assistance of IAM, people can easily
the specific criteria that you have. Paper 1 is an excellent
avoid sharing any long-term credentials as well as propose
option to go with if you are interested in the beliefs held by
protection against any kind of illegal access. Maintaining
those who operate in the field of information technology
user authentication is an important component of best
because it offers a variety of points of view. Paper 2 should
practices of access management which helps to keep away
be studied in its entirety if you wish to acquire a deeper
comprehension of the more complicated aspects of modern any kind of unauthorized access and secure the data from
authentication systems. data breaches [30]. Future research on this topic will help
to be more conscious about the responsibilities of identity
and access management.
5. Conclusion
IAM plays an important role in the case of accessing Acknowledgment
important data. As the cybersecurity industry becomes
aware of maintaining login credentials, it becomes impor- I would like to thank God for all the blessings and
tant to accomplish IAM solutions depending on access opportunities bestowed on me. I would like to thank my
privileges and user credentials. After conducting this family for their love, prayers, encouragement and uncon-
research work, it can be concluded that IAM systems ditional support throughout my research process. Special
utilize different protocols and standards for securing per- thank you to my sisters and other family members, without
sonally identifiable information. With the assistance of this whom I wouldn’t have made it so far and enjoyed life half
system, it becomes easy to follow the track of users’ activi- as much! I would also like to express my gratitude to my
ties as well as prior authorizations, which can easily change supervisor for guidance, support, clarity and constructive
the employees’ performances. It has the ability to integrate feedback throughout the dissertation project. Lastly, thank
the authentication of organizational infrastructure in the you to the survey participants, without whom this project
company of identity governance that follows different data would not be possible.
security policies by following or informing any top-level
decisions [27]. At the time of collecting relevant informa-
tion from various research papers, it has come to know References
that the right and rule of compliance management software [1] Divyabharathi DN, Cholli NG. A review on identity and access
helps to automate as well as follow the track of different management server (keycloak). Int J Secur Priv Pervasive Comput
(IJSPPC). 2020;12(3):46–53.
components of the IAM activities [28].
[2] Ding Y, Zhang Y, Qin B, Wang Q, Yang Z, Shi W. A scalable cross-
All the updated services and applications always prefer chain access control and identity authentication scheme. Sens.
both storage and cloud services together with any kind of 2023;23(4):2000. doi: 10.3390/s23042000.
traditional systems and on-premise servers. Most organi- [3] Sankaran A, Datta P, Bates A. Workflow integration alleviates
identity and access management in serverless computing. ACSAC
zations always target to sort out cyber-attacks and external ’20: Annual Computer Security Applications Conference, pp. 496–
threats so that all the employees can easily maintain the 509, December 2020. doi: 10.1145/3427228.3427665.

Vol 8 | Issue 4 | August 2023 37

IAM Identity Access Management—Importance in Maintaining Security Systems within Organizations Singh et al.

[4] Mohammed IA. The interaction between artificial intelligence and [29] Bera B, Saha S, Das AK, Vasilakos AV. Designing blockchain-
identity and access management: an empirical study. Int J creat Res based access control protocol in IoT-enabled smart-grid system.
Thoughts (IJCRT), ISSN. 2021;2320(2882):668–71. IEEE Internet Things J. 2020;8(7):5744–61.
[5] Cameron A, Williamson G. Introduction to IAM Architecture (v2). [30] Tan L, Shi N, Yang C, Yu K. A blockchain-based access control
IDPro Body of Knowledge. 2020;1(6). doi: 10.55621/idpro.38. framework for cyber-physical-social system big data. IEEE Access.
[6] Carnley PR, Kettani H. Identity and access management for the 2020;8:77215–26.
internet of things. Int J Future Comput Commun. 2019;8(4):129–33.
[7] Saranya N, Sakthivadivel M, Karthikeyan G, Rajkumar R. Secur-
ing the cloud: an empirical study on best practices for ensuring data
privacy and protection. Int J Eng Manag Res. 2023;13(2):46–9.
[8] Liu H, Han D, Li D. Fabric-IoT: a blockchain-based access control
system in IoT. IEEE Access. 2020;8:18207–18218.
[9] Alsirhani A, Ezz MM, Mostafa AM. Advanced authentication
mechanisms for identity and access management in cloud comput-
ing. Comput Syst Sci Eng. 2022;43(3):967–84.
[10] Kaiser T, Siddiqua R, Hasan MMU. A multi-layer security system
for data access control, authentication and authorization. Doctoral
dissertation. Brac University; 2022.
[11] Gangavarapu T, Jaidhar CD, Chanduka B. Applicability of
machine learning in spam and phishing email filtering: review and
approaches. Artif Intell Rev. 2020;53:5019–81.
[12] Du J, Jiang C, Wang J, Ren Y, Debbah M. Machine learning for 6G
wireless networks: carrying forward enhanced bandwidth, massive
access, and ultrareliable/low-latency service. Ieee Veh Technol Mag.
2020;15(4):122–34.
[13] Chaudhry SA, Alhakami H, Baz A, Al-Turjman F. Securing
demand response management: a certificate-based access con-
trol in smart grid edge computing infrastructure. IEEE Access.
2020;8:101235–43.
[14] Mandal S, Bera B, Sutrala AK, Das AK, Choo KKR, Park
Y. Certificateless-signcryption-based three-factor user access
control scheme for IoT environment. IEEE Internet Things.
2020;7(4):3184–97.
[15] Song F, Ai Z, Zhang H, You I, Li S. Smart collaborative balancing
for dependable network components in cyber-physical systems.
IEEE T Ind Inform. 2020;17(10):6916–24.
[16] Saini A, Zhu Q, Singh N, Xiang Y, Gao L, Zhang Y. A
smart-contract-based access control framework for cloud smart
healthcare system. IEEE Internet Things J. 2020;8(7):5914–25.
[17] Putra GD, Dedeoglu V, Kanhere SS, Jurdak R. Trust management
in decentralized iot access control system. 2020 IEEE International
Conference on Blockchain and Cryptocurrency (ICBC), pp. 1–9,
IEEE, May 2020. doi: 10.48550/arXiv.1912.10247.
[18] Kayes ASM, Kalaria R, Sarker IH, Islam MS, Watters PANg A,
Hammoudeh M, et al. A survey of context-aware access control
mechanisms for cloud and fog networks: taxonomy and open
research issues. Ah S Sens. 2020;20(9):2464.
[19] Sevilla G. Zoom vs. Microsoft Teams vs. Google Meet: Which top
videoconferencing app is best. PC Mag; dated 16 April 2020. https://
au.pcmag.com/how-to-work-from-home/66389/zoom-vs-microsoft
-teams-vs-google-meet-a-videoconferencing-face-off.
[20] Egala BS, Pradhan AK, Badarla V, Mohanty SP. Fortified-chain:
a blockchain-based framework for security and privacy-assured
internet of medical things with effective access control. IEEE Inter-
net Things J. 2021;8(14):11717–31.
[21] SophosLabs Research Team. Emotet exposed: looking inside highly
destructive malware. Network Security. 2019;2019(6):6–11.
[22] Alsirhani A, Ezz MM, Mostafa AM. Advanced Authentication
Mechanisms for Identity and Access Management in Cloud Com-
puting. Comput Syst Sci Eng. 2022;43(3):967–84.
[23] Fugkeaw S. Achieving decentralized and dynamic SSO-identity
access management system for multi-application outsourced in
cloud. IEEE Access. 2023;11:25480–91.
[24] Alamri B, Crowley K, Richardson I. Blockchain-based identity
management systems in health IoT: a systematic review. IEEE
Access. 2022. doi: 10.1109/ACCESS.2022.3180367.
[25] Ghaffari F, Gilani K, Bertin E, Crespi N. Identity and access
management using distributed ledger technology: a survey. Int J
Netw Manag. 2022;32(2):e2180.
[26] Tang Y, Yang J. Lambdata: Optimizing serverless computing by
making data intents explicit. 2020 IEEE 13th International Confer-
ence on Cloud Computing (CLOUD), pp. 294–303, IEEE, October
2011.
[27] Egala BS, Pradhan AK, Badarla V, Mohanty SP. Fortified-chain:
a blockchain-based framework for security and privacy-assured
internet of medical things with effective access control. IEEE Inter-
net Things J. 2021;8(14):11717–31.
[28] Belchior R, Putz B, Pernul G, Correia M, Vasconcelos A, Guerreiro
S. SSIBAC: self-sovereign identity based access control. 2020 IEEE
19th International Conference on Trust, Security and Privacy in
Computing and Communications (TrustCom), pp. 1935–43. IEEE,
December 2020. doi: 10.1109/TrustCom50675.2020.00264.

Vol 8 | Issue 4 | August 2023 38