Identity and Access Management (IAM) Basics
Identity and Access Management, usually abbreviated to IAM, controls who can do what within your cloud account. Getting it right is one of the most important security decisions you will make, because over-broad access is behind a great many incidents.
This article introduces the core ideas in plain terms.
Least Privilege
The guiding principle is ‘least privilege’: every person and system gets only the access they genuinely need, and no more. This limits the damage if any single account is compromised or misused.
Good Practices
- Give people roles rather than sharing one master login.
- Require multi-factor authentication for all users.
- Review access regularly and remove what is unused.
- Avoid using the all-powerful root account for daily work.
Why It Pays Off
Tight access control means a stolen password or a mistaken click does far less harm. It also makes audits and compliance straightforward, because you can show exactly who can do what.
Frequently Asked Questions
Is multi-factor authentication really necessary?
Yes — it is one of the single most effective defences against compromised passwords, and we enable it as standard.
If you need a hand with any of this, your Progressive Robot delivery team is ready to help. Raise a ticket from the Support area of your client portal or speak to your account manager and we will guide you through the next steps.