By now, most people know that identity and access management (IAM) is a framework of policies and technologies that are designed so that the right users have the appropriate access to the technology resources that they need. IAM is all about using a set of known, good information like passwords and multi-factor authentication (MFA) codes that match what is expected for the accounts on an organization’s network. This has been a fundamental security touchstone for as long as information security has been around. It is codified in every book, standard, policy and product since time immemorial.