Cyber Security

Securing Identity Access Management (IAM) Platforms

Identity Access Management (IAM) platforms are a highly adopted security solution, growing in popularity, and rightly so, considering the benefits they bring to organisations. However, as with any application, programme, or platform, it is vital to assess and evaluate the associated risks to develop a strategy to mitigate against them and ensure stringent cyber security standards are upheld. This document outlines some of these risks and provides suggestions on how to address them.

Written by

Team Nucleus

Written on

27th February, 2024


What is IAM?

IAM is the security discipline that enables the right individuals to access the right resources at the right times and for the right reasons. IAM addresses the need to ensure appropriate access to resources across increasingly diverse technology environments and to meet increasingly rigorous compliance requirements. IAM platforms usually offer some or all of the following services:


  • Directory Services - Stores user profile data and credentials for authentication
  • Identity Provisioning - Creates, manages, and governs user identities and access
  • Access Management - Grants authenticated users the appropriate access to resources
  • Identity Governance - Establishes processes and policies for managing identities
  • Access Certification - Reviews and approves user access rights periodically


Examples of IAM Platforms

  • Microsoft Active Directory
  • Okta
  • IBM Security Identity Manager
  • Oracle Identity Management

The Problem

As more organisations move to cloud-based networks, it is vital that cyber security standards are upheld. IAMs are a great way to centralise cloud-based applications into one platform. However, unfortunately, this also means that if your organisation's IAM platform is hacked, it provides cyber criminals with access to significant amounts of data.


MGM RESORTS: The September MGM attack initiated after the attacker was granted the ability to change the password for an account linked to the organisation’s IAM, Okta. This occurred due to a vishing attack, where the attacker pretended to be an employee when making a call to the MGM help desk. After gaining access to Okta, the attacker went on to effect wider areas of MGM’s network.


OKTA: The IAM company, Okta, also experienced a breach. While Okta initially stated that only a small portion of customers had been affected, it was later announced that the data of all customers had been stolen. The breach occurred after a hacker used stolen credentials to access Okta’s support case management system. From there, the hacker could access the network of Okta customers.


These examples both highlight that IAM platforms need to have stringent cyber security measures in place. While IAMs are designed to be secure, the old mantra of cyber security still holds true; nothing is 100% protected.


The following section outlines the best practices to ensure an organisation’s IAM remains secure.


Best Practices for IAM

Effective IAM depends on people, processes, and technology across an organisation. Here are some best practices to build a robust IAM program:


  • Document IAM policies and procedures clearly
  • Classify data by sensitivity and assign access levels accordingly
  • Integrate IAM processes with HR systems for user lifecycle management
  • Use role-based access control (RBAC) to restrict privileges
  • Implement multifactor authentication (MFA) for additional user verification
  • Monitor user activities for security incidents and policy violations
  • Review user entitlements and access rights regularly
  • Maintain well-defined incident response plans for IAM breaches

Building comprehensive IAM with appropriate controls takes time but pays dividends in improved security and compliance. With thoughtful planning and disciplined execution, organisations can strike the right balance between ensuring security, while maintaining usability.


How Can Telesoft Help Your Organisation?

Full Network Visibility in Real-Time

Telesoft provide comprehensive network monitoring tools designed specifically for your organisation’s needs. With industry leading processing power, our tools enable unsampled visibility that allows for granular analysis of network threats and vulnerabilities.

The Telesoft Data Analytics Capability (TDAC) Enterprise Platform provides complete network visibility, real-time threat detection, and sophisticated data retention for historic investigation. As an engineering-led organisation, we work with our customers to provide effective solutions, tailored towards their network infrastructure.

24/7 Managed Security Operations Center (SOC) Service

Telesoft's in-house, UK-based Security Operations Center offers a Managed SOC Service to continuously monitor and detect threats within an organisation’s network. Our team of expert analysts utilise the TDAC Platform to gain full network visibility and conduct proactive threat hunting 24/7/365.


Our cyber team will monitor your network environment, including cloud applications such as Okta and other IAMs, rapidly alerting you to any suspicious or malicious activity, including unauthorised logins to your organisation's IAM application. Based on your organisation’s requirements, our team can also provide active response, isolating suspicious servers and / or suspending rogue users, preventing the breach from escalating.



Identity access management platforms offer significant benefits in terms of centralising user authentication and enabling secure access controls. However, as with any centralised system, IAM platforms also introduce risks if not properly secured. Recent breaches such as the MGM Resorts attack, highlight the need for robust security practices.

Organisations must implement a layered approach to securing their IAM platforms and integrations. Policies, access controls, active monitoring, and incident response plans are all critical. Leveraging solutions services such as Telesoft’s UK Managed SOC Service can also help to reduce risk by identifying and remediating threats and vulnerabilities in real-time.


Recommended Posts

Subscribe to Nucleus blog updates.

Subscribe to our newsletter and stay updated.

Subscribe to Nucleus