Transitioning corporate cybersecurity: An analysis of Decentralized Identity and Access Management (DIAM)

Abstract

Classic Identity Access Management (IAM) schemes come along with a host of vulnerabilities, such as single points of vulnerability and susceptibility to credentials thefts. In this paper, we analyze Decentralized Identity and Access Management (DIAM) as a potential alternative to legacy IAM in business environments. DIAM utilizes Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs), allowing workers to autonomously manage their digital identity credentials. A comparison was made between centralized IAM and DIAM based on underlying technologies, security implications, and real-world implementation issues in a business environment. Our analysis suggests that although DIAM might eliminate some risks present in centralized schemes, such as rampant credentials compromise, simultaneously, it poses unique security risks, specifically about compromising individual cryptographic keys, along with certificate issuers' reliability. The requirement of secure, user-friendly key management tools for workers turns into a significant challenge. The integration of DIAM into business schemes, affording optimal system operation, along with a strong establishment of governing structures, are prerequisites to its successful implementation. These are specifically identified in this work, along with practical solutions needed to overcome these, thus offering a realistic analysis of DIAM’s potential to improve enterprise-level cybersecurity in terms of more than theoretical advantages.