Security for IAM
Overview
User, Group, Service Account, and Policy are resources defined on the IAM Portal. Each customer can create and maintain multiple resources at a time to be used in the resource allocation plan within the enterprise, as well as the organizational hierarchy.
Security in an Identity and Access Management (IAM) system is crucial for businesses and organizations. IAM is a solution that helps manage and protect user identities, access rights, and resources across systems, applications, and services. IAM provides functions such as authentication, authorization, role-based access control, access control, identity synchronization, and identity management.
Security Standards Applied to IAM Include
Principles for Review and Evaluation: Monitor and review user access activities, assess the effectiveness of IAM measures, and update as necessary.
Principle of Task Separation: Prevent a single user from performing activities that could create conflicts of interest or security risks.
Principle of Least Privilege: Limit the number of users with the highest or special access rights in the system.
Principle of Necessity: Grant users only the access rights needed for their job, no more, no less.
Principle of Consistency: Ensure that IAM policies and procedures are applied consistently across the entire system.
By adhering to these security principles and standards, businesses and organizations can enhance information security on the IAM system, protect user identities and resources, minimize security breaches and intrusions, and boost customer and partner trust and reputation.
To protect customer information and the data that customers use on the IAM service, VNG Cloud is currently implementing security control measures such as:
Securing Sensitive Information on IAM: VNG Cloud will be responsible for encrypting sensitive information on its storage servers. The data will be encrypted using a key provided by VNG Cloud.
Data Security in Transit: VNG Cloud uses HTTPS to encrypt data in transit. HTTPS is a secure protocol based on HTTP, using TLS/SSL encryption to protect data during transmission.
Access Control Security: VNG Cloud uses IAM itself to manage user access to IAM resources. IAM allows businesses to create and manage access policies for each IAM resource. This ensures that only those with necessary access privileges can access the resources.
VNG Cloud continuously strives to enhance its security measures to ensure customer safety.
Last updated