Web Access Management (WAM)
What is Web Access Management?
According to Gartner, Web Access Management (WAM) provides integration of identity and access management for Web-based applications. While initially focused on external user access using username and password key pairs, the expansion of web portals for employee access has spurred the development of WAM software solutions that feature several capabilities such as:
- Self-service password reset
- Delegated administration (including user self-service)
- Role-based access control model
- Automated processes to fulfill access requests
WAM tools are generally considered a subset of access and identity management designed to control access to web resources such as web servers and secure servers using policy-based authorization for authentication. In many cases, they also provide auditing and reporting.
How does Web Access Management work?
Web Access Management tools typically verify a user’s identity by asking for a username and a password. However, other methods may use access tokens to generate a one-time password or digital certificate.
Once the user’s identity has been confirmed, they can request access to a particular web resource subject to policy-based authorization applied to that user. The system matches the user authorization level to the policy of the requested resource to grant or deny access. Policies take the form of rules that specify who can access a specific information resource. For example, is the user an administrator with wider access or a general user (employee) with more limited access?
Legacy web access management vs. modern access management
As access to web resources has evolved with cloud-based services, the traditional legacy model for Web Access Management has not kept pace with the latest technologies. Instead of one user getting access to a specific machine or application, you might find many different instances of cloud-based applications throughout your IT infrastructure. Containers may also complicate the picture since users commonly need granular access to services or sub-services within a distributed application. User identities also encompass many more types than the typical full-time employee, including contractors and third parties whose access must be strictly controlled for security and compliance requirements.
WAM technologies have not always kept up with these changes and challenges as newer identity access management solutions have come to the forefront. As such, legacy WAM systems can be costly to maintain while posing security vulnerabilities from incompatibility with newer authentication methods.