Skip to Main Content
Practical Cloud Security
book

Practical Cloud Security

by Chris Dotson
March 2019
Intermediate to advanced content levelIntermediate to advanced
193 pages
5h 46m
English
O'Reilly Media, Inc.
Content preview from Practical Cloud Security

Chapter 4. Identity and Access Management

Identity and access management (IAM) is perhaps the most important set of security controls. In breaches involving web applications, lost or stolen credentials have been attackers’ most-used tool for several years running.1 If an attacker has valid credentials to log into your system, all of the patches and firewalls in the world won’t keep them out!

Identity and access management are often discussed together, but it’s important to understand that they are two distinct concepts:

  • Each entity (such as a user, administrator, or system) needs an identity. The process of verifying that identity is called authentication (often abbreviated as “authn”).

  • Access management is about ensuring that entities can perform only the tasks they need to perform. The process of checking what access an entity should have is called authorization (abbreviated as “authz”).

Authentication is proving your identity—that you are who you say you are. In the physical world, this might take the form of presenting an ID card issued by a trusted authority that has your picture on it. Anyone can inspect that credential, look at you, and decide whether to believe that you are who you say you are. As an example, if you drive up to a military base and present your driver’s license, you’re attempting to authenticate yourself with the guard. The guard may choose to believe you, or may decide you’ve provided someone else’s driver’s license, or that it’s been forged, or ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Practical Cloud Security, 2nd Edition

Practical Cloud Security, 2nd Edition

Chris Dotson

Publisher Resources

ISBN: 9781492037507Errata Page