The document explores Identity and Access Management (IAM) systems, detailing key components such as authentication, authorization, and audit management. It also outlines best practices for effective IAM system design, including the principle of least privilege and multi-factor authentication. Additionally, examples of IAM architectures for AWS, Microsoft Azure, and Google Cloud are provided, emphasizing the importance of balancing security, usability, and scalability.

1. Cloud Computing
Assignment - 5
Submitted by
Name :Mohammed irfan M
Roll No :22csb08
Reg No :711722104071

2. Exploring Identity and Access Management
(IAM) Systems
1. Key Components of IAM Systems
Authentication
Authentication is the process of verifying a user's identity. It ensures that only legitimate
users gain access to the system.
 Technologies Used:
 Passwords
 Multi-Factor Authentication (MFA)
 Single Sign-On (SSO)
 Biometric methods
 Examples:
 OAuth for delegating access
 LDAP for user directory services
 Social logins (Google, Facebook)
Authorization
Authorization determines what authenticated users are allowed to do. It ensures that users
have access only to the resources they are authorized to use.
 Technologies Used:
 Role-Based Access Control (RBAC)
 Attribute-Based Access Control (ABAC)
 Examples:
 AWS IAM policies allow granular control over resources
 Azure's Conditional Access policies
Audit Management
Audit management tracks and monitors access activities for compliance and security. It
provides insights into potential threats and ensures adherence to regulatory requirements.
 Technologies Used:
 • Logging systems
 • Anomaly detection algorithms
 • Compliance tools
 Examples:

3.  • AWS CloudTrail for activity logs
 • Azure Monitor logs for auditing
2. Best Practices for Designing Effective IAM Systems
1. Principle of Least Privilege: Assign minimal access rights necessary for a user's role.
2. Multi-Factor Authentication (MFA): Add extra layers of security.
3. Centralized Identity Management: Manage all identities through a single platform.
4. Continuous Monitoring: Regularly audit user access and modify as needed.
5. Integration with Enterprise Systems: Ensure compatibility with existing IT
infrastructure.
6. Zero Trust Architecture: Verify every request as if it originates from an open network.
7. Periodic Role Reviews: Ensure roles align with job functions.
8. Automation: Use workflows to automate access provisioning and deprovisioning.
3. Examples of IAM Architectures
AWS IAM
Authentication: AWS supports IAM users, roles, MFA, and federated access.
Authorization: IAM policies define fine-grained permissions.
Audit: AWS CloudTrail records actions for compliance and troubleshooting.
Microsoft Azure AD
Authentication: Provides seamless SSO, conditional access, and MFA.
Authorization: Offers RBAC and dynamic groups for resource management.
Audit: Azure Active Directory tracks sign-ins and access attempts.
Google Identity Platform
Authentication: Includes Firebase Authentication, SSO, and OAuth.
Authorization: Uses IAM roles and policies.
Audit: Google Cloud provides Cloud Audit Logs.

4. Conclusion
An effective IAM system must balance security, usability, and scalability. Designing
such systems requires adopting a layered approach and leveraging best practices like least
privilege and Zero Trust. AWS, Azure, and Google Cloud offer robust IAM architectures,
each tailored to specific enterprise needs.
References
 AWS Documentation - IAM
 Microsoft Azure Active Directory Documentation
 Google Cloud IAM Documentation
 "Zero Trust Security Model: Principles and Architecture," IEEE Security & Privacy,
2023.
 Best Practices in Identity and Access Management, Gartner Research, 2022.