Systematic review of Identity and Access Management (IAM)

The importance of data cannot be overemphasized in today’s world. Businesses and companies today are dependent and functional on data and information. It is safe to say that data is the engine of every business regardless of whatever sector they fall in. The identity and access of users within and outside the organization are dependent on data. Data manages the identity and access of users. For securing user data, many companies have implemented the utilization of Identity and access management (IAM). The IAM system allows users to access data based on their credentials (Thakur et al., 2021).

As of now, businesses and corporate companies of various sizes are beginning to utilize and understand the need for implementing an IAM framework. Over the years, business leaders and more especially the IT department in several organizations have been placed under increased regulatory and organizational pressure to make sure that corporate resources are protected by way of controlling access to corporate resources and tracking user privileges  (Phil & Gittlen, 2020). As a result of this, corporate businesses can no longer rely on manual and error-prone processes to assign and track user access to resources hence the adoption of IAM. IAM helps automate access control and auditing of corporate resources (Phil & Gittlen, 2020). While the implementation of IAM systems has provided organizations with the appropriate level of security through the use of policies, authentication, validation, and privileges within and outside organizations, the emergence of innovative and sophisticated threats and attacks in recent times has sparked up concerns that question the efficiency of IAM in terms of security. Thus, the risk of attacks posed on IAM is significantly higher than before. This section focuses on different types of overviews of IAM, IAM attacks, the investigation of IAM attack detection techniques, and the revolutionization of  IAM with Machine Learning (ML).