Delivering value to the business with IAM

Transcription

1 Delivering value to the business with IAM IDM, 18 th June 2014 Colin Miles Chief Technology Officer, Pirean Copyright 2014 Pirean Limited. All rights reserved. Safe Harbor All statements other than statements of historical fact could be deemed forward-looking statements, including: any projections of product or service availability, customer or market growth projections, earnings, revenues, or other financial items; any statements regarding strategies or plans of management for future operations; any statements concerning new, planned, or upgraded services or developments; statements about current or future economic conditions; and any statements of belief. Pirean accepts no responsibility or liability for any decisions that you make based on, or influenced by, forward looking statements. Pirean undertakes no obligation to revise or update forward-looking statements as a result of new information, since these statements may no longer be accurate or timely, except as required by law.

2 Agenda 1 Understanding IAM: Define the strategic roadmap 2 Plan for success: Marke>ng IAM to the business 3 Focus on the user experience 4 Extending the boundaries of IAM with SSO & IDaaS 5 Iden>ty and Access Intelligence 6 Building a bemer framework for IAM

3 Introducing Pirean We are a software enabled consultancy and recognised experts in Identity and Access Management. We enable organisations to provide secure, people-focused access for employees, customers and partners across on-premise and cloud-based applications With over twelve years experience of deployment experience our cross industry expertise enables us to work with clients to deliver the right balance between rigorous control and enabled delivery. Our solutions portfolio brings together industry leading Security Systems technology with recognised best practice.

4 1 Understanding all that is possible. Defining your strategic roadmap for IAM.

5 Where are we now? Nexus of Forces CLOUD COMPUTING MOBILE COMPUTING BIG DATA BUSINESS SOCIALISATION Business Drivers AGILITY COLLABORATION COMPLIANCE UXP EFFICIENCY / COST GOVERNANCE OPTIMISATION People CUSTOMERS COLLEAGUES PARTNERS Devices Iden/ty and Access Management AUTHENTICATION AUTHORISATION USER LIFECYCLE MANAGEMENT ADAPTIVE ACCESS PERSONALISATION FEDERATION / SSO SELF- SERVICE USER EXPERIENCE BUSINESS PROCESS INTEGRATION TECHNICAL INTEGRATION Applica>ons and Services

6 Roadmap and Maturity Model for IAM Strategic Identity Governance & Administration BUSINESS ORIENTED Federation Identity Analytics Web Access Management User Administration & Provisioning SSO Privileged Identity Management IT ORIENTED Tactical ESSO Password Management Simple Complex

7 Roadmap and Maturity Model for IAM

8 Conclusions & Recommendations v IAM solutions will have wide ranging impact across the organisation. v IAM solutions are complex with multiple dependencies and risks to be managed. v The perception of IAM has changed. Technology only views are out-dated. v Template IAM paths for B2B, B2E and B2C are evolving. Recommendations: 1. Understand what is achievable based not only on available solutions, but what success should and could look like for your organisation. 2. Regardless of where you are in your IAM journey ensure that the time is taken to define and refine the strategic view. 3. Articulate the plan clearly to all stakeholders.

9 2 Planning for success. Marketing IAM to the business.

10 The perception of IAM has changed Security / Control / Compliance Who When New Channels Operational Efficiency Business Agility What How New Services

11 Themes for IAM programmes today are more diverse Agility Collaboration Consolidation Customer Experience Efficiency Cost Control Expansion Governance Service Optimisation

12 What do we need to do? Identify the stakeholders Articulate the business value Set realistic and achievable goals Seek commitment and active participation Communicate openly and clearly

13 Who are the stakeholders? Operations Executive Sponsors Line of Business Leads Data Owners System Owners

14 ... and who do we need for delivery? Phase Design Build Systems Integration Test Go-live Who (examples) Business Process Owners, Systems/Application Owners, Data Owners & Executive Sponsors. Data Centre Teams, Network Teams, Information Security, 3 rd party suppliers Application owners. Data owners, Subject Matter Experts, Systems Monitoring, Service Desk, HR Operations, User Teams, Test functions BAU Operations

15 Example

16 Conclusions & Recommendations v Buy-in to the strategic plan for IAM from across the business is essential for the success of the programme. There have been some hard experiences for many past IAM projects when this has been under-scoped. v Poor governance and poor management contribute to most IAM project failures. Having an executive mandate for the programme, coupled with clear priorities, goals and a proven decision-making process will help avoid gaps in the perception of what is being delivered in terms of cost, functional and time. Recommendations: 1. Determine your business & technology priorities and analyse how well current IAM initiatives are aligned to these items. 2. Identify and engage with all stakeholders to market IAM initiatives. 3. Publish and follow an consistent, clear IAM communications plan

17 3 Focus on the User Experience.

18 IAM solutions focus areas IAM solutions should be built around three core areas of focus: User experience Ensuring a first class user experience for all system touch points. Actively promoting the use of new identity and access services to drive business value. Business process integration Ensuring identity and access is aligned to business processes and can adapt as business requirements change. Technical integration Building the information flows between directories, databases, applications and systems (both on-premise and cloud based) that ensure identity and access controls can be enforced across a heterogeneous estate.

19 Why is User Experience important? 1. Treat every user as a consumer 2. IAM is a brand opportunity 3. Move from Gatekeeper to Guide 4. Increase service adoption 5. Reduce load on helpdesks / call centres

20 What makes a good User Experience? Follow best practice for UX design: 1. Be helpful 2. Be logical 3. Be consistent 4. Keep it brief

21 User experience - Examples

22 Conclusions & Recommendations v IAM is often the first touch-point for a user accessing a service (registration, login) so UX should be a fundamental consideration for any IAM solution design. v IAM provides an opportunity to build your brand and increase adoption of services. v Multiple channels for access and the different demands for different types of user make this a challenge. Recommendations: 1. Stay ahead of your users their expectations for UX will be high. 2. Follow best practice steps for good UX design. IAM presents great options for transforming the user experience quickly and at a low cost. 3. Aim to provide the same experience, regardless of device.

23 4 Extending the boundaries with IAM. SSO, WAM, Federation & the Cloud.

24 Approaches for Single Sign-On USERS Employees UIs & DEVICES Terminal Emulators Java TARGETS Mainframe TECHNIQUES ENTERPRISE SSO Partners Thick Client Application Client Application Servers Web Portals WEB SSO Customers Browser Mobile Cloud / SaaS FEDERATED SSO IDaaS

25 What is IDaaS? a predominantly cloud-based service in a multi-tenant or dedicated and hosted delivery model that brokers identity and access functions to target systems on customer s premises and in the cloud. Gartner Functionality will include coverage across: Identity Governance and Administration Lifecycle management of identities and accounts & governing the access request process. Access Management User authentication, SSO and authorisation enforcement. Intelligence Logging IGA and access events.

26 IDaaS as an integration Layer An IDaaS service can also be a central point of integration, bringing together users & components across both the enterprise and the cloud. Integrated components cover: Users (colleagues, partners, clients all accessing via different channels) Existing and new onpremise enterprise applications Cloud based SaaS applications

27 Example value-add SSO portals The examples above provide an application launch-pad, SSO, access store as well as end user identity and device management screens

28 Conclusions & Recommendations v SSO is a very common use-case within IAM. v The forces of Cloud, Mobile and Business Socialisation are presenting organisations with new opportunities to deliver SSO in an effective manner. Recommendations: 1. Identify key target systems (most used, most administrative effort). 2. Evaluate how systems requirements will change. 3. Select the right solutions to meet requirements. 4. IDaaS solutions maybe the best fit for internal-to-saas scenarios. 5. Leverage IDaaS for more than SSO

29 5 Identity and Access Intelligence.

30 Identity and Access Intelligence Basic Model Systems, Applications, Databases & Directories Identity & Access Management Collect Data Cleanse Correlate Classify Information Sort Transform Knowledge IT Business

31 Identity and Access Intelligence Example: User Tracking

32 Conclusions & Recommendations v IAM has traditionally had one customer IT. This misses the value that IAM can bring to the business. v Identity and Access Intelligence is about leveraging identity information to enable better business decisions. Recommendations: 1. Engage with your stakeholders to discuss requirements and opportunities for leveraging identity and access data to meet business focussed objectives. 2. Identify the repositories to mine information regarding identifiers, credentials, attributes, policies, rules, roles, entitlements, events, status and access. 3. Implement the structured, formal processes to supply the business with identity enriched information on who/what/when/where and why.

33 6 Building a better framework for IAM.

34 There is a lot to cover

35 What is the best approach? Key questions: v How can we avoid becoming locked-in to individual technologies or suites? v How can we adopt best-of-breed today and retain flexibility for tomorrow? v How do we do this without disrupting the user experience? We need a framework that will: 1. Support seamless integration of the right technology at the right time. 2. Allow swap-in / swap-out when changes are needed. 3. Remain current with business requirements and be able to integrate with changing business processes. 4. Don t disrupt the consumer ensuring User Experience is a constant.

36 Example: IAM as a framework Build a framework for IAM. Utilise plug-in architectures and workflow to aid integration but retain loose coupling / high cohesion on individual components.

37 Conclusions and Recommendations v The IAM market is evolving as new demands shape new solutions, driving innovation and requiring new approaches. v While deployment of IAM solutions remains a complex, multi-dependency undertaking customers need to be wary of solution inertia leading to stagnation. Recommendations: 1. IAM services should be built upon a framework building value in phases and aligning to a strategic plan while remaining adaptable for the unknown. 2. Plug-in architectures and approaches enable loose coupling of components and encourage adoption of best-of-breed software & services. 3. Workflow engines provide the flexibility needed for integration of both technology and business process at the right points. 4. The user experience should remain your constant concern.

38 Summary 1 Understanding IAM: Define the strategic roadmap 2 Plan for success: Marke>ng IAM to the business 3 Focus on the user experience 4 Extending the boundaries of IAM with SSO & IDaaS 5 Iden>ty and Access Intelligence 6 Building a bemer framework for IAM