Kuppinger Cole Virtual Conference The Three Elements of Access Governance
|
|
- Harriet Crawford
- 8 years ago
- Views:
Transcription
1 Kuppinger Cole Virtual Conference The Three Elements of Access Governance Martin Kuppinger, Kuppinger Cole December 8th, 2009 This virtual conference is sponsored by Axiomatics and Oracle
2 CREATING MORE VALUE FOR LESS THROUGH IDENTITY MANAGEMENT & GRC MARKET MATURITY REGULATION, PRIVACY, INFORMATION SECURITY GOVERNANCE, MITIGATING RISK CLOUD COMPUTING & TRUST ROLES AND ATTRIBUTES AUTHENTICATION & AUTHORIZATION Call for Speakers: eakers Sponsors/Exhibitors: nfo Seite 2
3 Virtual Conference Enterprise Access Governance Controlling Access, Ensuring Information Security DECEMBER 8-9, 2009 How to efficiently mitigate your access risks Full Access Governance combining access certification, role management, provisioning, and privileged access management RBAC vs. ABAC: Comparing Role Based and Attribute based Access The business view Enterprise GRC vs. IT-GRC and where they should be linked Mitigating application security risks How does Access Governance fit into your GRC roadmap? Seite 3
4 Kuppinger Cole Reports Some of the current reports: Market Report Cloud Computing Product Report Radiant Logic Virtual Directory Server Vendor Report Arcot Systems Product Report Sun Identity Manager Vendor Report ActivIdentity Trend Report Enterprise Role Management Vendor Report Quest Software Product Report SailPoint IdentityIQ Vendor Report BHOLD 2009 Vendor Report Entrust 2009 Vendor Report Oracle 2009 Vendor Report Evidian Business Report Key Risk Indicators Page 4
5 Some guidelines for the Webinar You will be muted centrally. You don t have to mute/unmute yourself we can control the mute/unmute features We will record the Webinar Q+A will be at the end you can ask questions using the Q+A tool anytime which we will pick at the end or, if appropriate, during the Webinar Page 5
6 Agenda Part 1, Martin Kuppinger: The Three Elements of Access Governance: Recertification/Attestation Access Control Privileged Access Management Part 2: Q+A Page 6
7 Access Governance defined Access Governance Access Managing access to systems and information who is allowed to do what? Governance Enforcing a good practice of management in that case particularly for IT Context: IAM Identity and Access Management The management of identities and their access It s mainly about access but we need identities therefore Context: GRC Governance, Risk Management, and Compliance Governance as the basic concept Risk Management and Compliance as elements of Governance Context: Information Security Information Security is the business term That s why we mainly deal with topics like IAM and Access Governance Seite 7
8 Authorization Management Privileged Account Management Attestation/ Recerticiation Auditing The three elements of Access Governance The main elements Analysis Management Standard User Admin User Types of Accounts Analysis Management Seite 8
9 Attestation and Recertification Analyzing the situation The (manual) process of having responsible persons going through existing access controls (authorizations, entitlements) and attesting or revoking them Manual control process Attestation/ Recertification Regularly performed at the departmental manager level (but be careful on that) Supported by escalations and other procedures Seite 9
10 The need for attestation 5 good reasons Attestation is a first step to clean up access controls Attestation is (if done right) an continuous audit mechanism Attestation can show issues in identity and access lifecycle management Attestation educates users about the need for security Attestation can decrease access control-related IT security and depending operational risks Seite 10
11 Approaches to attestation One-way, audit-oriented Two-way, actionable Single-layered Multi-layered Point-of-time Continuous Undifferentiated Risk-based worse Seite 11 Example of vendor rating good
12 Technical approaches Attestation as singular solution Attestation as part of overall GRC platforms Attestation as part of IAM-GRC platforms Identity Provisioning w/ reconciliation Expand/integrate/move to IAM-GRC platforms Attestation features in Provisioning Seite 12
13 Threat: Multi-layered attestation Employees Tasks, Projects, Management Business Roles System Roles Correct Business Roles? Job, Hierarchy, Location, Project, Correct Assignments? Groups, Roles, Profiles Correct Access Controls? Management + Business IT Business IT Business IT + Identity Management Identity Management Identity Management + System Administration Multi-layered Attestation System Security Access Control System Administration Seite 13
14 More Analysis Adding Automated Controls Automated Controls support the ongoing analysis and (potentially) the realtime detection of issues Advanced analysis mechanisms support the ad hoc analysis Specific attestation/recertification solutions typically support at least ad hoc controls Relevant as well for typical day-by-day IT operations Seite 14
15 The situation Increasing awareness of the need of IT Governance Increasing complexity of IT environments breadth and depth Changing role of IT less autonomy, more focus on efficient fulfillment Growing number of compliance regulations Increasing pressure on IT management and operations More fear and awareness of security breaches Seite 15
16 The result More requests More answers to provide Less time to deliver Higher workload for fewer people Operational work is heavily affected Seite 16
17 The real world of core systems Many servers Different systems Different operators, frequently some inconsistency in operations Large amount of data Large amount of controls The answers to questions like what has Mr. X done when requires access to different systems at a detailed level strong capabilities in mapping and normalizing data strong analytic capabilities good reporting tools Seite 17
18 The Reality Missing auditability Which systems are out there? Few enterprises know them all Which users have access to which systems? Which granular entitlements do they have? Sometimes known for central system, if there is a provisioning tool deployed (sometimes even via E-SSO) Usually even for core systems like Active Directory and SAP insufficiently solved Seite 18
19 Auditing, SIEM, Operations Management System-level Auditing Current state and historical data SIEM Current events, sometimes historical Operations Management Current events Ex post Real time Real time Security-focused Security-focused Operations-focused, all types of operational aspects Mainly access controls All types of security events, frequently more classical security than access controls All types of events Seite 19
20 Approaches to audit optimization Integration Define the required elements less is more Platforms help few platforms are better than many point solutions Integrate these elements to support drill-down Automation Focus on automated collection and strong analytical capabilities Seite 20
21 Authorization Management Closing the loop The different terms all about the same Access Control Authorization Management Entitlement Management Authorization Management Actively managing access Not detective, but preventive Seite 21
22 Authorization Management Closing the loop Analysis and Recertification Managing Authorizations Seite 22
23 Authorization Management Beyond Attestation Business Policies IT Controls Business Roles Policies IT Management Attestation Roles, Groups Entitlements Seite 23
24 Multi-layered Authorization Management Business-Policies Assigment of Users to Groups, Roles, Profiles (Provisioning) Management of detailed Entitlements (System and App level, might be XACML based, ) Seite 24
25 The Reality Missing consistency Consistent, centralized Authorization Management for heterogeneous environments? Windows, Active Directory, Exchange, SharePoint, SAP, Enterprise Portals, other Business Applications, Host, own applications, Seite 25
26 The Reality Missing management Controls layer Authorization Management Status analysis System layer Seite 26
27 Privileged Account Management Focus on sensitive accounts Adding privileged accounts How to control the access of users using these accounts? Emerging field, not fully covered by existing approaches (neither detective nor preventive) Seite 27
28 Many terms One target The terms PAM: Privileged Account Management PIM: Privileged Identity Management PUM: Privileged User Management Root Account Management The target Controlling privileged accounts and how they are used Seite 28
29 Privileged Accounts Beyond root Administrators: root Windows Administrators (Domain and local) Database Administrators Technical users System accounts Service accounts Seite 29
30 Why are these accounts that critical? Missing Auditability Not necessarily associated with a single physical person Elevated Privileges Missing Lifecycle Management High risk Seite 30
31 PAM The approaches Differentiated auditing of administrative activities Integration with Lifecycle Management approaches no orphaned privileged accounts One time passwords for privileged accounts Reduced entitlements of privileged accounts, for example using specialized shells Organizational actions Automatic generation of passwords for accounts without interactive logon Avoiding technical users SSO for privileged accounts Seite 31
32 PAM market Evolution Point solutions Integration with Identity Lifecycle Management PAM suites Application Security Infrastructures Changing Security Models at the System Level (OS, Business Apps, ) Identity Federation, Endto-End Security Seite 32
33 Maturity Levels of PAM approaches Missing Ad hoc Unplanned Isolated Integrated Status No PAM at all Tools None Risk Very high Status Point solutions, typically for UNIX/Linux Tools Mainly sudo Risk Very high Status Non coordinated use of point solutions Tools PAM Tools for specific system environments Risk Still high Status Coordinated use of PAM tools, but not integrated with other security approaches Tools Cross-platform PAM solutions Risk Reduced Status Integration of PAM with provisioning, Access Governance, and Application Architectures Tools Cross-Platform PAM, Provisioning, Access Governance, Application Security Infrastructures Risk Minimized Seite 33
34 Putting it all together Consistent strategies Define a strategy go beyond tactics Understand the relationship between different GRC layers Combine reactive and preventive approaches Combine analyis/attestation and active management Focus on a small set of tools keep it simple Seite 34
35 Information Security and Access Governance Information Security Access Governance Access Governance Attestation and Recertification Advanced Analysis and Auditing Authorization Management Privileged Account Management Seite 35
36 CREATING MORE VALUE FOR LESS THROUGH IDENTITY MANAGEMENT & GRC MARKET MATURITY REGULATION, PRIVACY, INFORMATION SECURITY GOVERNANCE, MITIGATING RISK CLOUD COMPUTING & TRUST ROLES AND ATTRIBUTES AUTHENTICATION & AUTHORIZATION Call for Speakers: eakers Sponsors/Exhibitors: nfo Seite 36
37 Virtual Conference Enterprise Access Governance Controlling Access, Ensuring Information Security DECEMBER 8-9, 2009 How to efficiently mitigate your access risks Full Access Governance combining access certification, role management, provisioning, and privileged access management RBAC vs. ABAC: Comparing Role Based and Attribute based Access The business view Enterprise GRC vs. IT-GRC and where they should be linked Mitigating application security risks How does Access Governance fit into your GRC roadmap? Seite 37
Identity Access Management Challenges and Best Practices
Identity Access Management Challenges and Best Practices Mr. Todd Rossin, Managing Director/Founder IDMWorks Special Thanks to JHU APL for providing the Parsons Auditorium for our use this evening 1 December
More informationIdentity Management Roadmap and Maturity Levels. Martin Kuppinger Kuppinger Cole + Partner mk@kuppingercole.de
Identity Roadmap and Maturity Levels Martin Kuppinger Kuppinger Cole + Partner mk@kuppingercole.de Major Trends in Identity Guidelines for an IAM roadmap Service-orientation: Identity has to provide defined
More informationQuest One Identity Solution. Simplifying Identity and Access Management
Quest One Identity Solution Simplifying Identity and Access Management Identity and Access Management Challenges Operational Efficiency Security Compliance Too many identities, passwords, roles, directories,
More information<Insert Picture Here> Oracle Identity And Access Management
Oracle Identity And Access Management Gautam Gopal, MSIST, CISSP Senior Security Sales Consultant Oracle Public Sector The following is intended to outline our general product direction.
More informationIDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach
IDENTITY MANAGEMENT AND WEB SECURITY A Customer s Pragmatic Approach AGENDA What is Identity Management (IDM) or Identity and Access Management (IAM)? Benefits of IDM IDM Best Practices Challenges to Implement
More informationThe Unique Alternative to the Big Four. Identity and Access Management
The Unique Alternative to the Big Four Identity and Access Management Agenda Introductions Identity and Access Management (I&AM) Overview Benefits of I&AM I&AM Best Practices I&AM Market Place Closing
More informationIdentity & Access Management Gliding Flight. Paolo Ottolino PMP CISSP ISSAP CISA CISM OPST ITIL
Identity & Access Management Gliding Flight Paolo Ottolino PMP CISSP ISSAP CISA CISM OPST ITIL Agenda 1 General Concepts 2 Logical Components 3 Implementation Structure 4 5 Governance Web App Firewall
More informationSecurity management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.
Security management White paper Develop effective user management to demonstrate compliance efforts and achieve business value. September 2008 2 Contents 2 Overview 3 Understand the challenges of user
More informationRSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation
RSA Via Lifecycle and Governance 101 Getting Started with a Solid Foundation Early Identity and Access Management Early IAM was all about Provisioning IT tools to solve an IT productivity problem Meet
More informationIdentity Governance Evolution
Identity Governance Evolution Paola Marino Principal Sales Consultant Agenda Oracle Identity Governance Innovation Cloud Scenarios enabled by Oracle Identity Platform Agenda Oracle
More information1 Introduction... 2 2 Product Description... 2 3 Strengths and Challenges... 4 4 Copyright... 5
KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger April 2015 ITMC, a Danish vendor, delivers a comprehensive solution for Identity Provisioning and Access Governance with its IDM365 product. The
More informationCertified Identity and Access Manager (CIAM) Overview & Curriculum
Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management
More informationRSA Identity Management & Governance (Aveksa)
RSA Identity Management & Governance (Aveksa) 1 RSA IAM Enabling trusted interactions between identities and information Access Platform Authentication Federation/SSO Employees/Partners/Customers Identity
More informationSIEM and IAM Technology Integration
SIEM and IAM Technology Integration Gartner RAS Core Research Note G00161012, Mark Nicolett, Earl Perkins, 1 September 2009, RA3 09302010 Integration of identity and access management (IAM) and security
More informationIdentity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities
Identity and Access Management Integration with PowerBroker Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 4 BeyondTrust
More informationVermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0
Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0 EA APPROVALS EA Approving Authority: Revision
More informationEnterprise Identity Management Reference Architecture
Enterprise Identity Management Reference Architecture Umut Ceyhan Principal Sales Consultant, IDM SEE Agenda Introduction Virtualization Access Management Provisioning Demo Architecture
More informationObserveIT User Activity Monitoring
KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger April 2015 ObserveIT provides a comprehensive solution for monitoring user activity across the enterprise. The product operates primarily based on
More informationIAM Open Discussion. Todd Rossin Managing Director 610.329.3276 todd@idmworks.com
Identity & Access Management, Managed Services, Custom Application Development and Data Center Solutions IAM Open Discussion Leave it to us Todd Rossin Managing Director 610.329.3276 todd@idmworks.com
More informationThe Principles of Audit Automation for Access Control
The Principles of Audit Automation for Access Control Redmond Identity Summit 2014 Directories Devices Identity Marvin Tansley Thank You to our Sponsors Gold Silver Plus Silver Agenda The Role of Identity
More informationPROTECT YOUR WORLD. Identity Management Solutions and Services
PROTECT YOUR WORLD Identity Management Solutions and Services Discussion Points Security and Compliance Challenges Identity Management Architecture CSC Identity Management Offerings Lessons Learned and
More informationIdentity Management Basics. OWASP May 9, 2007. The OWASP Foundation. Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com. http://www.owasp.
Identity Management Basics Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com May 9, 2007 Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms
More informationCloud SSO and Federated Identity Management Solutions and Services
Cloud SSO and Federated Identity Management Solutions and Services Achieving Balance Between Availability and Protection Discussion Points What is Cloud Single Sign-On (SSO) What is Federated Identity
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationStephen Hess. Jim Livingston. Program Name. IAM Executive Sponsors. Identity & Access Management Program Charter Dated 3 Jun 15
Program Name Identity and Access Management (IAM) Implementation IAM Executive Sponsors Jim Livingston Stephen Hess 1 P age Project Scope Project Description The goal of this project is to implement an
More informationTrust but Verify: Best Practices for Monitoring Privileged Users
Trust but Verify: Best Practices for Monitoring Privileged Users Olaf Stullich, Product Manager (olaf.stullich@oracle.com) Arun Theebaprakasam, Development Manager Chirag Andani, Vice President, Identity
More informationSSO-Report 2007 Key-Player, Status, Trends. Martin Kuppinger, KCP mk@kuppingercole.de
SSO-Report 2007 Key-Player, Status, Trends Martin Kuppinger, KCP mk@kuppingercole.de What will I talk about? SSO Single Sign-On defined: User perspective: The ability to use multiple applications with
More informationEXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski March 2015 is a comprehensive Privileged Identity Management solution for physical and virtual environments with a very broad range of supported
More informationProtecting the keys to your kingdom against cyber-attacks and insider threats
KuppingerCole Report WHITEPAPER by Martin Kuppinger November 2015 Protecting the keys to your kingdom against cyber-attacks and insider threats All organizations today are under constant attack, and high-privilege
More informationCA SiteMinder SSO Agents for ERP Systems
PRODUCT SHEET: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS CA SiteMinder SSO Agents for ERP Systems CA SiteMinder SSO Agents for ERP Systems help organizations minimize sign-on requirements and increase security
More informationTrue Information Security only a click away for anyone"
True Information Security only a click away for anyone" Webinar, Tuesday 22nd July 2014 7/22/2014 WEBINAR on "True Information Security only a click away for anyone" 1 Agenda Where the industry is going
More informationOracle Mobile Security Suite. René Klomp 6 mei 2014
Oracle Mobile Security Suite René Klomp 6 mei 2014 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be
More informationWith Great Power comes Great Responsibility: Managing Privileged Users
With Great Power comes Great Responsibility: Managing Privileged Users Darren Harmer Senior Systems Engineer Agenda What is a Privileged User Privileged User Why is it important? Security Intelligence
More informationB2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value
B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value IDM, 12 th November 2014 Colin Miles Chief Technology Officer, Pirean Copyright 2014 Pirean Limited. All rights reserved. Safe Harbor All
More informationCloud Security: Is It Safe To Go In Yet?
Cloud Security: Is It Safe To Go In Yet? Execu1ve Breakfast Roundtable June 22, 2011 Boston Chapter WAY TO GO BRUINS! Welcome, Introduc4ons AGENDA Legal Perspec4ve, Bingham McCutchen Break Featured Speakers
More informationIdentity and Access Management Point of View
Identity and Access Management Point of View Agenda What is Identity and Access Management (IAM)? Business Drivers and Challenges Compliance and Business Benefits IAM Solution Framework IAM Implementation
More informationPrivileged Account Management Mar3n Cannard, Security Solu3ons Architect
Privileged Account Management Mar3n Cannard, Security Solu3ons Architect Customer Use Cases - Introduc3on A US-based Natural Gas and Electric company serving multiple states Project Requirements Only grant
More informationIAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions.
Research Publication Date: 1 September 2009 ID Number: G00161012 SIEM and IAM Technology Integration Mark Nicolett, Earl Perkins Integration of identity and access management (IAM) and security information
More informationIBM Software Group. Deliver effective governance for identity and access management.
IBM Software Group Deliver effective governance for identity and access management. June 2009 June 2009 Deliver effective governance for identity and access management. Today, companies face many hurdles
More informationAchieving PCI COMPLIANCE with the 2020 Audit & Control Suite. www.lepide.com/2020-suite/
Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite 7. Restrict access to cardholder data by business need to know PCI Article (PCI DSS 3) Report Mapping How we help 7.1 Limit access to system
More informationAPIs The Next Hacker Target Or a Business and Security Opportunity?
APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone
More informationOracle Privileged Account Manager 11gR2. Karsten Müller-Corbach karsten.mueller-corbach@oracle.com
R2 Oracle Privileged Account Manager 11gR2 Karsten Müller-Corbach karsten.mueller-corbach@oracle.com The following is intended to outline our general product direction. It is intended for information purposes
More information1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges
1 Building an Identity Management Business Case Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Justifying investment in identity management automation. 2 Agenda Business challenges
More informationmanaging the risks of virtualization
managing the risks of virtualization Chris Wraight CA Technologies 28 February 2011 Session Number 8951 abstract Virtualization opens the door to a world of opportunities and well managed virtualization
More information1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information The following is intended to outline our general product direction. It is intended for information purposes only,
More informationHow To Create Situational Awareness
SIEM: The Integralis Difference January, 2013 Avoid the SIEM Pitfalls Get it right the first time Common SIEM challenges Maintaining staffing levels 24/7 Blended skills set, continuous building of rules
More informationSelect the right solution for identity and access governance
IBM Security Buyer s Guide June 2015 Select the right solution for identity and access governance Protecting critical assets from unauthorized access 2 Select the right solution for identity and access
More informationSaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology
SaaS at Pfizer Challenges, Solutions, Recommendations Agenda How are Cloud and SaaS different in practice? What does Pfizer s SaaS footprint look like? Identity is the Issue: Federation (SSO) and Provisioning/De-provisioning
More informationGlinda Cummings World Wide Tivoli Security Product Manager
Featured Speaker IBM Security Solutions! Glinda Cummings World Wide Tivoli Security Product Manager 2010 IBM Corporation IBM Security Solutions! How IBM defines Cloud Computing IBM Security Solutions!
More informationEXECUTIVE VIEW. KuppingerCole Report. Content. Related Research
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski February 2015 by Alexei Balaganski ab@kuppingercole.com February 2015 Content 1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges...
More informationAD Management Survey: Reveals Security as Key Challenge
Contents How This Paper Is Organized... 1 Survey Respondent Demographics... 2 AD Management Survey: Reveals Security as Key Challenge White Paper August 2009 Survey Results and Observations... 3 Active
More informationBy Makesh Kannaiyan makesh.k@sonata-software.com 8/27/2011 1
Integration between SAP BusinessObjects and Netweaver By Makesh Kannaiyan makesh.k@sonata-software.com 8/27/2011 1 Agenda Evolution of BO Business Intelligence suite Integration Integration after 4.0 release
More informationModule 6 Essentials of Enterprise Architecture Tools
Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade
More informationADAPTABLE IDENTITY GOVERNANCE AND MANAGEMENT
OMADA IDENTITY SUITE - Adaptable Identity Management and Access Governance Governance Compliance Identity Management Cloud Self-Service Security Complete control of who has access to what is an essential
More informationPCI DSS Compliance: The Importance of Privileged Management. Marco Zhang marco_zhang@dell.com
PCI DSS Compliance: The Importance of Privileged Management Marco Zhang marco_zhang@dell.com What is a privileged account? 2 Lots of privileged accounts Network Devices Databases Servers Mainframes Applications
More informationThe X-Factor in Data-Centric Security. Webinar, Tuesday July 14 th 2015
The X-Factor in Data-Centric Security Webinar, Tuesday July 14 th 2015 *The Insider Threat SpotlIght Report Tuesday July 14th 2015 WEBINAR: The X-Factor in Data" 2 Agenda Introductions & House Rules A
More informationMetrics that Matter Security Risk Analytics
Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationIdentity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015
Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud
More informationWestcon Presentation on Security Innovation, Opportunity, and Compromise
Westcon Presentation on Security Innovation, Opportunity, and Compromise Christian A. Christiansen Program Vice President IDC Security Products & Services What s Happening with Threats? 1.5B 80% 33% $1.3M
More informationSEC 07 : L IAM : Comment accorder sécurité et productivité?
SEC 07 : L IAM : Comment accorder sécurité et productivité? Arnaud DELANDE IBM Security TSS Team Leader Arnaud.delande@fr.ibm.com 2 Multi-perimeter approach to security focuses on the data and where it
More informationUnified Identity Management
Unified Identity Management Across Data Center, Cloud and Mobile Enterprise of Things = More Complexity DESKTOPS + MOBILE DATA CENTER APPS CLOUD (SaaS) by Red Hat + DATA CENTER SERVERS + CLOUD (IaaS &
More informationQuest InTrust. Change auditing and policy compliance for the secure enterprise. May 2008. Copyright 2006 Quest Software
Quest InTrust Change auditing and policy compliance for the secure enterprise May 2008 Copyright 2006 Quest Software Quest is the Thought Leader in Active Directory Named Microsoft Global ISV Partner of
More informationMicrosoft Services Premier Support. Security Services Catalogue
Microsoft Services Premier Support Security Services Catalogue 2014 Microsoft Services Microsoft Services helps you get the most out of your Microsoft Information Technology (IT) investment with integrated
More informationApproaches to Enterprise Identity Management: Best of Breed vs. Suites
Approaches to Enterprise Identity Management: Best of Breed vs. Suites 2015 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Executive Summary 1 3 Background 2 3.1 Enterprise Identity
More informationSupporting GIS Best practices for Incident Management and Daily Operations
Supporting GIS Best practices for Incident Management and Daily Operations Shaun Collins, Project Manager Venkat Nittala, Operations Lead Agenda Introduction & History of GIS at PG&E PG&E GIS Environment
More informationThe. Tenets of IAM. Putting Identity Management at the Center of Security. Darran Rolls, Chief Technology Officer
The 7 Tenets of IAM Putting Identity Management at the Center of Security Darran Rolls, Chief Technology Officer About SailPoint Magic Quadrant Leader, Gartner 2016 550+ Customers and Growing 95% Customer
More informationGoverned Migration using Dell One Identity Manager
Governed Migration using Dell One Identity Manager How Dell Identity Manager not only reduces migration costs and improves migration outcomes, but delivers ongoing value Abstract Sooner or later, your
More informationRole Based Access Control for Industrial Automation and Control Systems
Role Based Access Control for Industrial Automation and Control Systems Johan B. Nye ExxonMobil Research and Engineering Co. Kevin P. Staggs Honeywell ACS Advanced Technology Labs 27 October 2010 abstract
More informationSOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?
SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY How Can I Both Enable and Protect My Organization in the New Application Economy? CA Security solutions can help you enable and protect your business
More information1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 4 4 Copyright... 5
This document is licensed to iwelcome KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger April 2015 iwelcome Identity & Access Management as a Service iwelcome delivers Identity and Access Management
More informationInformation & Asset Protection with SIEM and DLP
Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the
More informationSeven Steps to Complete Privileged Account Management. August 2015
Seven Steps to Complete Privileged Account Management August 2015 2015. Beyond Trust. All Rights Reserved. Warranty This document is supplied on an "as is" basis with no warranty and no support. This document
More informationHow can Identity and Access Management help me to improve compliance and drive business performance?
SOLUTION BRIEF: IDENTITY AND ACCESS MANAGEMENT (IAM) How can Identity and Access Management help me to improve compliance and drive business performance? CA Identity and Access Management automates the
More informationPRIVILEGED IDENTITY MANAGEMENT CASE STUDY. Barak Feldman, Cyber-Ark Software Seth Fogie, Lancaster General Health
PRIVILEGED IDENTITY MANAGEMENT CASE STUDY Barak Feldman, Cyber-Ark Software Seth Fogie, Lancaster General Health November 10, 2011 Cyber-Ark Overview! Established in 1999, HQ Boston, MA Strategic Partnerships!
More informationAn Oracle White Paper Feb 2012. Buyer s Guide for Access Management
An Oracle White Paper Feb 2012 Buyer s Guide for Access Management Oracle White Paper Buyer s Guide for Access Management Disclaimer The following is intended to outline our general product direction.
More informationThe 7 Tenets of Successful Identity & Access Management
The 7 Tenets of Successful Identity & Access Management Data breaches. The outlook is not promising. Headlines practically write themselves as new breaches are uncovered. From Home Depot to the US Government
More informationOracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007
Oracle Identity Management for SAP in Heterogeneous IT Environments An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments Executive Overview... 3 Introduction...
More informationSecret Server Qualys Integration Guide
Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server
More informationEXECUTIVE VIEW. Centrify Identity Service. KuppingerCole Report. by Martin Kuppinger January 2015
KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger January 2015 by Martin Kuppinger mk@kuppingercole.com January 2015 Content 1 Introduction... 3 2 Product Description... 4 3 Strengths and Challenges...
More informationIdentity & Access Management new complex so don t start?
IT Advisory Identity & Access Management new complex so don t start? Ing. John A.M. Hermans RE Associate Partner March 2009 ADVISORY Agenda 1 KPMG s view on IAM 2 KPMG s IAM Survey 2008 3 Best approach
More informationHow to best protect Active Directory in your organization. Alistair Holmes. Senior Systems Consultant
How to best protect Active Directory in your organization Alistair Holmes. Senior Systems Consultant So where do we start? Lets break it down Security Management 2 Security concerns with Active Directory
More informationWhite Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution
White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 Realization of the IAM (R)evolution Executive Summary Many organizations
More informationProduct overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities
PRODUCT SHEET: CA SiteMinder CA SiteMinder we can CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to
More informationA Smarter Way to Manage Identity
IdentityIQ A Smarter Way to Manage Identity COMPLIANCE MANAGER LIFECYCLE MANAGER GOVERNANCE PLATFORM INTEGRATION MODULES SailPoint is competing and winning against some very large companies in the identity
More informationEnabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1
Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1 Agenda Introduction PAGE 2 Organization Speakers Security Spectrum Information Security Spectrum Oracle Identity Management
More informationIt s 2014 Do you Know where Your digital Identity is? Rapid Compliance with Governance Driven IAM. Toby Emden Vice President Strategy and Practices
It s 2014 Do you Know where Your digital Identity is? Rapid Compliance with Governance Driven IAM Toby Emden Vice President Strategy and Practices 2014 CONTENTS Evolution Business Drivers Provisioning
More informationDelivering value to the business with IAM
Delivering value to the business with IAM IDM, 18 th June 2014 Colin Miles Chief Technology Officer, Pirean Copyright 2014 Pirean Limited. All rights reserved. Safe Harbor All statements other than statements
More informationAn Oracle White Paper Dec 2011. Identity and Access Management: Comparing Oracle and NetIQ/Novell
An Oracle White Paper Dec 2011 Identity and Access Management: Comparing Oracle and NetIQ/Novell EXECUTIVE OVERVIEW... 1 COMPARING ORACLE AND NETIQ/NOVELL IDENTITY MANAGEMENT SUITES... 2 BUSINESS RELEVANCE
More informationRSA ACCESS MANAGER. Web Access Management Solution ESSENTIALS SECURE ACCESS TO WEB APPLICATIONS WEB SINGLE SIGN-ON CONTEXTUAL AUTHORIZATION
RSA ACCESS MANAGER Web Access Management Solution ESSENTIALS Secure Access Enforces access to Web applications based on risk and context Centralizes security and enforces business policy Web Single Sign-on
More informationCSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO
CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO 2009 by Lieberman Software Corporation. Rev 20090921a Identity Management Definitions
More informationHow To Manage A Privileged Account Management
Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least
More informationOracle Role Manager. An Oracle White Paper Updated June 2009
Oracle Role Manager An Oracle White Paper Updated June 2009 Oracle Role Manager Introduction... 3 Key Benefits... 3 Features... 5 Enterprise Role Lifecycle Management... 5 Organization and Relationship
More informationThe Importance of Information Delivery in IT Operations
The Importance of Information Delivery in IT Operations David Williams Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from
More informationC21 Introduction to User Access
C21 Introduction to User Access Management Introduction to User Access Management What we'll cover today What is it? Why do I care? Current trends in Identity & Access Management How do I audit it? What
More informationSecure Your Cloud and Outsourced Business with Privileged Identity Management
Secure Your Cloud and Outsourced Business with Privileged Identity Management Table of Contents Executive Summary... 3 Understanding Privilege... 3 Do All Service Providers Get It?... 5 Managing Privilege
More informationLEADERSHIP COMPASS by Martin Kuppinger January 2014. Enterprise Single Sign-On. KuppingerCole Report
KuppingerCole Report LEADERSHIP COMPASS by Martin Kuppinger January 2014 Leaders in innovation, product features, and market reach for Enterprise Single Sign-On. Your Compass for finding the right path
More informationHow Microsoft runs IT. Ludwig Wilhelm CIO Central & Eastern Europe Microsoft IT
How Microsoft runs IT Ludwig Wilhelm CIO Central & Eastern Europe Microsoft IT 2 Source: Accenture Cloudrise: Rewards & Risks at the Dawn of Cloud Computing, November 2010 3 Source: Accenture Cloudrise:
More informationReal-Time Database Protection and. Overview. 2010 IBM Corporation
Real-Time Database Protection and Monitoring: IBM InfoSphere Guardium Overview Agenda Business drivers for database security InfoSphere Guardium architecture Common applications The InfoSphere portfolio
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More information