Architecting dynamic privileges in protected systems through hardening Identity and Access Management

Information sharing is a fundamental enabler in facilitating better business and security practices, where exchange of information automated. The goal is to design smart systems that monitor and control authorized data to propagate through between security domains to authenticated and authorized users, while removing unauthorized blocks as required by policy. The Department of Defense (DoD) and Federal Agencies have established an information strategy for their respective communities that implement the national level information sharing strategy. The inclusion of a comprehensive Identity and Access Management (IDAM) capability is a fundamental building block to address these strategies. Given that business and mission environments will transition to the use of virtual environments if only to achieve IT efficiencies, this paper discusses additional advantages inherent in virtual environments. If the security posture of the overarching enterprise relies on a layered defense strategy, the IDAM capabilities provide what may be a last line of defense for controlling access to critical enterprise information and resources. The study addresses the architecture, development, and implementation of IDAM capabilities in the Enterprise, as well as the required modification to function in a Cloud Environment.