According to Google’s product manager (2017), “The core item is control and Identity Access Management (IAM) gives us that.” IAM is the security order that controls who can do what on which resource (Google cloud platform, 2017). It enables the appropriate individuals’ access the right resources at the appropriate time and for proper reasons. Centralized IAM is highly sought in many organizations in modern IT. However, achieving it is easier said than done. The reason behind this is because most companies are heavily reliant on Microsoft’s Active Directory ecosystem or are trying their best to avoid it. AD does not play nice with cloud or non-windows innovations. Consequently, forcing IT administrators to decentralize their infrastructure for identity management. In the development of IAM, AD offered both system and user management abilities in a single solution, which was not available prior. AD IAM makes it possible for information- what data was accessed at what time by which user authorized by who? To be visualized and retrieved in a matter of seconds (Aretha, 2018).

With many companies embracing technology, businesses are more agile and efficient for example using cloud means that the boundaries of your workforce have been expanded beyond the on-premise security protections. Giving too much access to particular systems can be risky and the opposite hampers productivity and at the same time frustrates the users, hence it is what a centralized IAM is designed for- create balance and reduce redundancies in routine duties such as creating groups and assigning roles and permissions. Over the years AD has survived challenges until now when newly innovated applications like Google Apps, MacOs and AWS were incredibly difficult to bind to an AD made for on-premises networks of recourses and systems based on Windows. Azure AD is an identity and directory management service for Microsoft that is cloud-based- a revolutionized AD (Aretha, 2018). It is capable of creating an identity that is unified to enable the safety of corporate assets across platforms on-premises and applications based on cloud (Aretha, 2018). Google uses cloud IAM that employs IAM roles and permissions that will provide access to specific Google cloud parts. The IAM roles limit instance’s API access and provide a more secure authentication through the use of SSH on the compute engine by managing keys and disabling authentication by use of passwords (Google cloud platform, 2017). No one is ever excited towards an audit- an outsider poking into our business- however, when your organization is attacked you will be the one on the hot seat. Therefore, it provides better auditing and its survival by disabling root logins. Just like Google, Amazon Web Services uses IAM to restrict the use of root accounts (can only be used to come up with the first administrator account) while all other tasks need the creation of an IAM user (Edureka, 2017). Multifactor authentication is also employed and permissions maintained at the group level rather than the individual level to avoid giving individuals unnecessary high degree permissions (Edureka, 2017). This automation assists in the regulation of rights and permissions through workflows and profiles, therefore, reducing time and costs. Companies that manage identities properly have better control of who accesses what thereby, reducing the risk of both external and data breaches..