In our view, information security is managing who can have access to what. IAM, Identity and Access Management, is often seen as the single profession to manage the who, what and why.
Well, in our opinion it is not. Managing identities and managing access cover lots of ground in different domains. Identity management is all about automating joiner, mover and leaver processes in an identity lifecycle. It is about workforce management, customers and consumers, things, every single object or service that may need to get access to whatever needs to be secured.
Access management is different. Access management is all about handing out the keys to the castle. But who is allowed to hand out the keys, and to what part of the castle? And why would anyone hand out the keys?