EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Integrating identity and access management and privileged access management for enhanced identity security in financial institutions: A zero-trust approach

Felix Behringer and Patrick Baumann
Additional contact information
Felix Behringer: Cybrex, Germany
Patrick Baumann: EY, KG Wirtschaftsprüfungsgesellschaft, Germany

Cyber Security: A Peer-Reviewed Journal, 2025, vol. 9, issue 2, 114-129

Abstract: This paper explores the critical role of identity and access management (IAM) and privileged access management (PAM) in securing the digital identities of employees within financial institutions. It emphasises identity-centric security as the first line of defence in protecting sensitive data and IT assets, especially in legacy IT environments where technological constraints and regulatory demands pose unique challenges. The paper outlines how integrating IAM and PAM supports compliance with industry regulations and enforces zero-trust principles, ensuring continuous verification and control of privileged accounts. Key concepts such as the confidentiality, integrity and availability (CIA) triad, least privilege and need-to-know principles are examined in relation to data classification and risk management. The paper further introduces a practical framework for transforming legacy IT systems through comprehensive organisational and technical measures. Readers will gain insight into the core PAM controls essential for safeguarding privileged access, including account discovery, session isolation, behavioural monitoring, audit trails and risk-based remediation. By following these strategies, financial institutions can enhance transparency, reduce attack surfaces and maintain full control over privileged activities. This paper equips IT and security professionals with a clear understanding of how to implement robust identity-centric security frameworks tailored to complex legacy environments, supporting operational continuity and regulatory compliance in an evolving threat landscape. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.

Keywords: identity and access management; IAM; privileged access management; PAM; legacy IT systems; zero-trust security; data classification and protection; clean state approach; identity security; account privileges (search for similar items in EconPapers)
JEL-codes: M15 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/10268/download/ (application/pdf)
https://hstalks.com/article/10268/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2025:v:9:i:2:p:114-129

Access Statistics for this article

More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-10-26
Handle: RePEc:aza:csj000:y:2025:v:9:i:2:p:114-129