Organizations use identity lifecycle management (ILM) to track and control their digital identities, from the moment they’re created to when they’re deactivated or deleted.
ILM is a key component of identity governance and administration (IGA), which lets IT security teams monitor and control the behavior of all the identities in an organization’s system. ILM, in particular, focuses on managing and securing these identities as they change between different roles, privileges, and work environments.
Types of identities
Computers use digital identities to identify humans or machines operating on a system. These identities can include:
- People
- Employees (internal)
- Third parties (external)
- Customers
- Contractors
- Service providers
- Partners
- Organizations
- Applications
- Devices
The identity lifecycle
Creation: When a new hire joins the company, an account is created for them and added to a directory. This new identity is then given the access rights the employee needs to get started with their job.
Operation: Employee identities and permissions can evolve following promotions and transfers, and for projects that involve accessing a range of internal and external resources across different onsite and cloud environments. Third-party identities, meanwhile, often need similar privileges to employees for short-term projects.
Deletion: When an employee leaves the company, their identity is usually deactivated first, in case they return or the identity needs to be used again. Then, after a while, the identity is deleted from the system.
Why is ILM important?
From onboarding new hires and helping employees take on new roles and responsibilities across the company, to revoking access from identities when needed, ILM is crucial for preventing unchecked identities from causing havoc on the system. ‘Zombie’ accounts with high-level permissions can be abused by internal threats or targeted by attackers to breach a system and access sensitive data and resources.
ILM helps security teams make sure that identities don’t collect excess privileges during their lifespans, that customers and third parties are offboarded as soon as their job is done, and that employees are prevented from accessing the network once they’ve left the company.
The key features of ILM
ILM solutions offer several features for organizations to manage identities throughout their lifecycle, including:
- Self-service portals where users can update their account details and ask for new access rights without the need for admin support.
- Automated tools for tracking and updating identities, and assigning permissions in real-time.
- Visibility over what identities are doing on a system to help detect security risks, investigate incidents, and comply with audits and regulations.
- Integration with HR systems and corporate directory services which make it easier to onboard and offboard identities.
What are the differences between IGA, ILM, IAM, and PAM?
Organizations use IGA as a framework for governing all the identities in their system and remaining compliant with regulations. ILM is a key component of IGA that covers the operational aspects of creating, managing, and securing these identities. Both IGA and ILM encompass IAM and PAM, with PAM being a subset of IAM.
Purpose | Scope | |
Identity Governance and Administration (IGA) | Provides an overall security and compliance framework for identities | High-level identity management |
Identity Lifecycle Management (ILM) | Managing identities across their entire lifecycle | Operational identity management |
Identity and Access Management (IAM) | Managing the access that identities have to resources | Subset of IGA |
Privileged Access Management (PAM) | Managing and securing privileged access | Subset of IGA and IAM |