IAM What I Am – Strengthening Digital Trust Through Identity and Access Management

 

IAM What I Am – Strengthening Digital Trust Through Identity and Access Management

In an era where almost every aspect of modern life depends on digital systems, the concept of security has transcended firewalls and passwords — it now revolves around identity. This idea took center stage during the CyberPH Webinar 2, held on October 12, 2025, titled “IAM What I Am: Expert Tips for Identity and Access Management.” The event explored the importance of Identity and Access Management (IAM) in building trust, ensuring data protection, and maintaining ethical governance in today’s digital landscape.

The webinar was hosted virtually via Microsoft Teams and organized by CyberPH, a collective initiative that advocates for cybersecurity awareness and digital resilience among students, professionals, and IT practitioners. The session featured Mr. Tomas Manalo, a Cyber IAM Lead Consultant and Manager at KPMG Philippines, who brought with him nearly a decade of experience in identity governance, cloud security, and enterprise system administration. His impressive background with organizations such as FIS, Accenture, and Safeway Philtech Inc. gave participants a deeper appreciation for how identity management frameworks are applied in real-world industries.

From the very beginning, Mr. Manalo captured the audience’s attention by emphasizing that “IAM is foundational.” It’s not just a technical protocol but a strategic component of every modern organization’s cybersecurity architecture. He explained that IAM ensures the right people have the right access to the right resources at the right time — and just as importantly, for the right reasons. This fundamental principle underscores the need for structure, accountability, and oversight in how digital identities are managed.

One of the core topics discussed was the “Three A’s of Identity and Access Management”Authentication, Authorization, and Auditing. Authentication answers the question “Who are you?” by verifying a user’s identity through methods such as passwords or multi-factor authentication. Authorization then determines “What can you do?” by assigning specific permissions and access levels. Finally, Auditing answers “What did you do?” by monitoring and recording user activities to maintain transparency and detect suspicious behavior. Together, these elements create a layered defense system that helps organizations protect both data integrity and user accountability.

The session also delved into Identity Governance and Administration (IGA), which Mr. Manalo described as the framework that drives IAM from a simple access tool into a powerful risk management system. Within IGA, he elaborated on three key pillars: Access Certification, Role-Based Access Control (RBAC) and Role Mining, and Segregation of Duties (SoD).

Access Certification, as he explained, addresses the problem of “Access Creep” — a common issue where employees accumulate unnecessary permissions as they move across roles. Without regular reviews, these excessive privileges can lead to major security risks. Access certification involves routinely validating who has access to what, ensuring that every permission is justified and aligned with current job responsibilities.

The second pillar, Role-Based Access Control (RBAC) and Role Mining, focuses on managing user permissions according to job functions rather than individuals. By analyzing existing access patterns, organizations can identify the optimal set of roles and create efficient access hierarchies. This strategy not only reduces risk but also enhances operational efficiency and compliance.

Lastly, Segregation of Duties (SoD) was discussed as an essential principle for preventing internal fraud and conflict of interest. Mr. Manalo illustrated this with a simple yet powerful example: the person authorized to create a new vendor in a payment system should not also have the power to approve transactions. Enforcing SoD policies ensures that critical business processes remain transparent and free from manipulation — a principle equally valuable in both corporate and academic environments.

Throughout the webinar, one message stood out: “Identity and Access Management is not just about technology; it’s about trust.” This statement encapsulated the broader philosophy behind IAM — that it is as much a human and ethical issue as it is a technical one. Without a proper governance structure, even the most advanced cybersecurity systems can be rendered ineffective by misuse or negligence.

Mr. Manalo also discussed the business case for IAM, showing how it contributes to regulatory compliance, operational efficiency, and enhanced user experience. Through automation, IAM streamlines processes such as onboarding and offboarding employees, ensuring access rights are granted and revoked in a timely manner. It also helps organizations comply with global regulations like GDPR, SOX, and HIPAA, which demand strict control and reporting of user access. Moreover, with tools like Single Sign-On (SSO), users benefit from a simplified yet secure login experience, reducing password fatigue and human error.

For students like myself, this webinar was both enlightening and empowering. It showed that the principles of IAM are not limited to large organizations — they can be applied even in academic or project-based environments. For example, when managing a collaborative system or database, implementing role-based access control ensures that only authorized team members can modify critical files. Meanwhile, maintaining audit logs in version control systems promotes accountability and transparency among members.

Beyond the technical insights, the webinar also carried a deeper message about responsibility. In a digital age where data breaches and identity theft are increasingly common, every individual plays a part in maintaining cybersecurity. Whether through creating strong passwords, practicing ethical use of technology, or promoting awareness about access control, the human element remains the strongest line of defense.

The organization and flow of the webinar were commendable. The CyberPH team once again demonstrated efficiency and professionalism in coordinating the event. The presentation was clear and visually engaging, and the question-and-answer segment encouraged active participation from attendees. Mr. Manalo’s approachable yet expert manner of speaking made complex cybersecurity concepts easier to understand, making the entire session both educational and enjoyable.

In conclusion, “IAM What I Am: Expert Tips for Identity and Access Management” was more than just a lecture on digital security — it was a profound reminder that identity is at the heart of every secure system. By understanding and applying IAM principles, we can create digital environments that are not only secure but also ethical, transparent, and trustworthy.

The insights I gained from this session have reshaped how I view cybersecurity. It’s no longer just about defending systems — it’s about managing identities, ensuring accountability, and building a culture of digital integrity. As technology continues to evolve, so must our approach to protecting it — and IAM stands as the cornerstone of that evolution.

Events like this serve as an important bridge between academic learning and industry practice. They inspire students to look beyond coding and networking, encouraging a deeper understanding of governance, compliance, and security strategy. Through initiatives like CyberPH, the next generation of IT professionals is being equipped not only with technical expertise but also with the ethical foundation needed to protect the digital future.

Comments

Post a Comment

Popular posts from this blog

Youth and Cybercrime: Awareness and Prevention

Image
Youth and Cybercrime: Awareness and Prevention Introduction The Seminar Series for Youth on Legal Literacy, Safety, and Social Justice officially commenced on September 30, 2025 , with its first session entitled “Youth and Cybercrime: Awareness and Prevention.” The event was organized by the Office of Student Welfare and Services , in collaboration with COMMSOC, IMAGES, and SPECS . The session featured PSSG Princess Rowie D. Garcia from the PNP Anti-Cybercrime Group as the resource speaker. This seminar was particularly timely and relevant, as today’s youth spend much of their time online for learning, communication, and entertainment. The discussion highlighted both the opportunities and risks of the digital age, and provided participants with legal knowledge and practical tools to protect themselves in cyberspace. Key Topics Discussed A major focus of the seminar was the OSAEC and CSAEM Law (RA 11930) , which addresses the pressing issue of online sexual abuse and exploitation of ...
Read more

Malikhaing Pinoy Creative Expo: Celebrating Filipino Innovation and Identity

Image
  Malikhaing Pinoy Creative Expo: Celebrating Filipino Innovation and Identity On September 6, 2025 , the DTI Malikhaing Pinoy Creative Expo was held at SMX Aura Premier , bringing together artists, entrepreneurs, and innovators from across the country in a vibrant showcase of Filipino creativity. Organized by the Department of Trade and Industry (DTI) , the event aimed to strengthen the local creative economy by encouraging Filipinos to turn their artistic passions into sustainable enterprises. The expo covered a wide range of creative domains, including Design, Visual Arts, Performing Arts, Creative Services, Publishing and Printed Media, Traditional Cultural Expressions, Cultural Sites, Digital Interactive Media, and Audiovisual Media . Each section highlighted how Filipino ingenuity continues to shape industries both locally and globally. Inspiring Talks and Creative Insights The event featured a powerhouse lineup of speakers such as Dean Abdulmari “Toym” D. Imao, Jr. from t...
Read more