1 Enter Click Here
2 The challenge of identity management Today organizations are facing paradoxical demands for greater information access and more stringent information security. You must deliver more data more quickly to more users inside and outside your organization. Yet, even as you re pressured to make information readily available, you re facing stricter security and privacy requirements. Meeting these conflicting needs often produces another set of. When you re pulling data from numerous systems and delivering it to a large user base with different levels of security managing roles and access can be overwhelming. Often, user identities are implemented and managed manually by local system administrators. That approach is inefficient and may not be secure. What s more, it could be inhibiting the development and deployment of new business initiatives. If you d like to improve identity management within your organization, this guide is for you. It explains how you can be faster, more efficient and cost-effective in providing information access while meeting requirements for security and privacy. Why is security and privacy so important today? Click Here The challenge of identity management
3 Thanks to a bevy of regulatory requirements, ensuring security and privacy is no longer optional. For the healthcare industry, the Health Insurance Portability and Accountability Act (HIPAA) establishes rigorous requirements to safeguard protected health information. For financial services organizations, the Gramm-Leach- Bliley Act places stringent demands for the protection of personal financial data. For publicly held companies across industries, the Sarbanes-Oxley Act of 2002 (more commonly referred to as "SOX") mandates a series of internal controls. SOX requires top management to sign off on the adequacy of these controls and has focused attention on security. No one disputes that security and privacy are important. But, in the "real world," implementing effective policies and processes is challenging. After all, most organizations have massive user communities and complex IT infrastructures that have evolved over time. Chances are, your environment includes diverse resources from legacy to open systems with data straddling multiple applications. In such an environment, ensuring security and privacy can be frustrating not to mention expensive. There s an abundance of individual security products and solutions on the market. But implementing limited products will produce limited results. What you need is an integrated approach driven by a clear view of your business requirements. Then can you ensure that the right people have access to the right information regardless of where that information lives. To get there, you may need help addressing the full scope of your enterprise needs and integrating new security tools into your existing environment. How can I enhance security and privacy quickly, efficiently and cost-effectively? Click Here Today s security and privacy
4 Identity management enables organizations to cost-effectively balance information access with security and privacy. But what, exactly, is it? Identity management is the concept of providing a unifying interface to manage all aspects related to individuals and their interactions with your business. It s the process that enables business initiatives by efficiently managing the user life cycle from creating, modifying and managing to terminating user credentials and by integrating it into the required business processes. In other words, identity management encompasses all the data and processes related to the representation of an individual involved in electronic transactions. It delivers the power and efficiency of a single, integrated view of each user across all of your systems and applications. It allows you to administer user identities and passwords more quickly and cost-effectively. And, you can support fast-changing business-unit and end-user needs while meeting regulatory requirements without further straining your resources. Achieving effective identity management requires you to have the right mix of business know-how and technical experience. Many companies find they benefit from expert, third-party assistance. Who can help me implement an effective identity management infrastructure or deal with a short-term need for design and implementation services? Click Here What is identity management?
5 IBM s Security & Practice designs and delivers the security architecture and infrastructure necessary to build trusted electronic relationships between our clients' employees, business and trading partners, shareholders and customers. For identity management, we deliver identity lifecycle management (user self-service, enrollment and provisioning), identity control (access and privacy control, single sign-on and auditing), and identity foundation (directory and workflow) to effectively manage internal users, as well as an increasing number of customers and partners through the Internet. Only IBM can deliver comprehensive enterprise identity management for even the largest, most complex organizations. We offer a full portfolio of products and professional services to help ensure optimal solution design, implementation and integration. Our experts understand the business process and technical issues that often arise when implementing identity management. We have the breadth and depth of resources to help make your initiative a success without straining your internal business or IT teams. And, no one knows our IBM products better. We can accelerate your implementation and integration so you enjoy the benefits of identity management quickly and fully. How can you help ensure the success of my identity management initiative? Click Here
6 IBM s Services To help accelerate and optimize development of your identity management infrastructure, IBM offers these services: Secure Identity Workshop helps you understand identity and authentication technology, policy, practices and implementation considerations and formulate a preliminary strategy and action plan for applying identity and authentication to your business. Secure Identity Assessments help your line of business leaders and IT decision makers understand the state of your current identity management environment. We also help develop a strategy for improving the effectiveness of managing identities in line with your business goals. Identity Management Solution Design analyzes the identity management components currently deployed within your organization and the potential for unifying those components into a central identity management system. We outline the benefits of implementing a central system and provide a high-level estimation of the effort such an implementation would involve. Role Based Control (RBAC) Role Definition helps develop roles for use in managing identities and access control. What tools do you use to implement identity management infrastructures? Click Here IBM s Services
7 How IBM Tivoli delivers When it s time to implement an identity management infrastructure, many organizations choose IBM Tivoli s suite of security products. Tivoli s security products provide the tools to secure and manage your information environment. IBM service professionals assist as required to quickly get systems and applications online and productive while reducing costs and maximizing return on investment (ROI). As part of the IBM identity management solution, IBM Tivoli products support identity lifecycle management, identity control, and identity foundation. Complementing the IBM Security & services, IBM Tivoli offers a Security Assessment to help determine which products best meet your identity management needs and how they will integrate into and unify your existing security structures. Just as important, we offer planning, implementation and integration services to help our products deliver maximum value to your organization. Using proven methodologies, our experts help you overcome any integration and assist you in establishing effective policies and procedures. Our team has the skills and experience to integrate and optimize our products in virtually any environment no matter how complex. Interesting. Could you tell me more about IBM Tivoli s services and products? Click Here How IBM Tivoli delivers
8 Managing identities IBM Tivoli Identity Manager provides a secure, automated and policy-based user management solution that helps address information access and security across both legacy and e-business environments. Intuitive Web administrative and self-service interfaces integrate with existing business processes to help simplify and automate managing and provisioning users. It incorporates a workflow engine and leverages identity data for activities such as audit and reporting. As you consider implementing IBM Tivoli Identity Manager, you may be overwhelmed by the complexity of your environment. After all, most organizations run hundreds, if not thousands, of applications and have many different systems for creating users. Fortunately, IBM Tivoli offers professional services to help with installation and integration of this product. Turn to our experts for help prioritizing applications, creating business-processbased roles and applying those roles using Tivoli Identity Manager. IBM services professionals can bring the benefits of IBM Tivoli Identity Manager, online quickly in your organization. This solution: Reduces help-desk load by using Web self service and password reset/sync interfaces Cuts elapsed turn-on time, automates routine administrative tasks and helps eliminate errors Assists in addressing compliance issues and enables you to quickly respond to internal audits and regulatory mandates Automates business processes related to changes in user identities by using life-cycle management For more information, vist: I see how you can help me better manage my user community. Now, how about single sign-on? Click Here Managing identities
9 Managing access IBM Tivoli Manager for e-business is an award-winning, policy-based access control solution for e-business and enterprise applications. Tivoli Manager for e-business can help you manage growth and complexity, control escalating management costs and address the difficulties of implementing security policies across a wide range of Web and application resources. TAMeB delivers a single sign-on across diverse applications that leverage Web browser clients. IBM Tivoli Manager for Operation Systems provides single sign-on across multiple UNIX systems. IBM professional services can help ensure a faster, smoother implementation and integration of this solution. What s more, our experts can program custom links between Tivoli Manager and your non-browser-based applications. IBM professional services assure rapid installation and configuration in your environment, whether simple or complex. This solution: Lowers application development, deployment and management costs by delivering unified identity and security management Achieves rapid and scalable deployment of Web applications, with standards-based support for Java 2 Enterprise Edition (J2EE) applications Offers design flexibility through a highly scalable proxy architecture and/or easy-to-install Web server plug-ins, rule- and role-based access control, support for leading user registries and platforms, and advanced APIs that can be used to further customize security For more information, vist: Sounds great for our internal identity management and access control. What can you do for our external partners? Click Here Managing access
10 Managing identities in federated environments Traditionally, providing users with easy access to resources in external domains has meant adhering to specific technologies, high integration costs and low flexibility. In a federated environment, a user can log on through his identity provider in order to conduct transactions or easily access resources in external domains. Partners in a federated identity management environment depend on each other to authenticate their respective users and vouch for their access to services. Federated identity standards, like those being produced by the Liberty Alliance or the Web services security specifications, form an encapsulation layer over local identity and security environments of different domains. This encapsulation layer provides the ingredients for interoperability between disparate security systems inside and across domains, thus enabling federation. IBM s Tivoli federated identity management solution allows you to extend identity management to your business partners helping to ensure trust throughout your value chain. And, because we work with virtually every standard in the industry, we can integrate all of your external users. The Tivoli professional services team has extensive experience in and proven methodologies for designing secure applications and secure authorization. We can help you link and extend your existing security infrastructure throughout the federated model. IBM professional services can help you more quickly enjoy the benefits of federated identity management. This solution: Empowers you to enforce security policies, even when business demands require use of applications owned by other companies Automates implementation of trust policies throughout your value chain Simplifies administration, allowing you to maintain administrative authority over your internal users and delegate administration of foreign users to the appropriate organization Allows you to rapidly create or participate in federated identity environments Allows you to retain control of your local security technology while still remaining interoperable (standards-based) Wow, this solution could really help us with security. Can you do the same with privacy? Click Here Managing federated identities
12 Managing directories IBM Tivoli Directory Integrator synchronizes identity data residing in directories, databases, collaborative systems, applications used for human resources (HR), customer relationship management (CRM) and Enterprise Resource Planning (ERP), and other corporate applications. By serving as a flexible, synchronization layer between a company's identity structure and the application sources of identity data, Tivoli Directory Integrator eliminates the need for a single, centralized datastore. For those enterprises that do choose to deploy an enterprise directory solution, IBM Tivoli Directory Integrator can help ease the process by connecting to the identity data from the various repositories throughout the organization. IBM Tivoli Directory Server provides a powerful Lightweight Directory Protocol (LDAP) identity infrastructure that is the foundation for deploying comprehensive identity management applications and advanced software architectures like Web services. The IBM Tivoli professional services team can help sort through your directories which, in most organizations, number in the hundreds and have inconsistent formats and user credentials. Using Tivoli Directory Integrator and Directory Server, we work with you to share and apply user credentials across multiple data stores. In other words, we help to ensure that the right identity data is in the right location at the right time and that only the right people can access it. For more information, vist: So, you can handle hundreds of directories. Can you handle security compliance for hundreds of servers and desktops? Click Here Managing directories
13 Managing compliance IBM Tivoli Security Manager is a security policy compliance product that acts as an early warning system by identifying security vulnerabilities and security policy violations. Tivoli Security Manager helps organizations define consistent security policies and monitor compliance with them. Security policies can be based on both internal security requirements and industry-standard security policies. IBM Tivoli professional services can help you address security compliance in your server and desktop environments. Using industry best practices as our guide, we help you establish security standards and code those parameters. In addition, our team can support ongoing monitoring and management of security compliance. With the help of IBM professional services, you can more quickly enjoy the benefits of Tivoli Security Manager. This solution: Automates scans of servers and desktop systems, which can help reduce the cost and time associated with manual security checks Provides reports to security officers and compliance auditors with detailed information about the security health of the business so they can take the appropriate steps to make individual systems and departments compliant Identifies software vulnerabilities prior to costly damage being inflicted by security incidents Improves business operations and helps to increase efficiencies though automation and centralization Assists in addressing compliance issues in regulations and standards by automating compliance tasks, monitoring correspondence, reducing human error and taming compliance costs For more information, vist: When we identify non-compliance and other security threats or breaches how should we manage those? Click Here Managing compliance
14 Managing risk Today, you face increasing risks from a multitude of fronts virus threats, unauthorized access, denial-of-service attacks and other forms of intrusions that target e-business applications, networks, hosting infrastructure, servers and desktops. Customers are demanding the highest quality of service, trust and security from corporations. As a result, implementations of e-business should be secure, enforce the privacy of business transactions, protect the integrity of business operations, protect customer data and provide around-the-clock access. IBM Tivoli Manager can help you centrally manage security incidents and vulnerabilities across your enterprise. Tivoli Manager is a powerful solution for collating and analyzing the hundreds of thousands of security incidents you log every day on multiple, discrete systems. Working with you, IBM Tivoli professional services can help establish a series of incident profiles. For each type of incident, we ll map appropriate responses. And, we can even fine-tune your correlation activities over time. With the help of IBM Tivoli professional services, you can more quickly enjoy the benefits of Tivoli Manager. This solution: Can reduce and classify security incidents to quickly identify and address real threats or vulnerabilities Manages risk in near real-time Provides a single centralized view of security events across your enterprise Helps integrate security management data from applications, operating systems and network devices Helps provide business intelligence that enables organizations to proactively address their business risks using analytical historical reporting guides For more information, vist: Who s already using IBM Tivoli professional services? Click Here Managing risk
15 IBM Tivoli Identity Manager With some 28,000 employees working throughout the United States and in Canada, Ireland, Spain, and the United Kingdom, the world's largest independent credit card issuer was facing significant help desk costs. Up to 60 percent of calls to the help desk were for password resets and each call was costing the company between $20 and $45. As the user community continued to grow and with many users having multiple passwords these support requirements were having an impact on profitability. Working with IBM professional services, this organization adopted an automated password reset solution based on IBM Tivoli Identity Manager. Implemented in less than six months, the solution enables users to reset their own NT, Novell, UNIX and mainframe system passwords through an automated, self-service system. In other words, they can do so without having to contact the help desk or information security department. Users can simply go to any PC on the network and securely and safely reset one or more passwords simultaneously. Thanks to this solution, the company s help desk is now positioned to offer additional technical services to end users without having to grow resources. Just as important, end users are enjoying increased productivity and satisfaction. The solution has reduced the number of unique passwords a user needs to maintain and virtually eliminated the need to call for help with password resets. Impressive! Anyone else? Click Here Identity management in action: IBM Tivoli Identity Manager
16 IBM Tivoli Manager A large insurance provider offering a wide array of automotive, travel, insurance and financial services relies on a secure portal to help its 6,000 employees conduct day-to-day business. The trouble was, the portal lacked a unified security architecture and a single sign on for users. With application-specific authentication, authorization and access control, there were inconsistencies in the level of protection for information assets, service interruptions and data compromises. And, the company was paying up to $80,000 to develop custom security for each application. As if that weren t enough, there were associated with monitoring and responding to security audit and log information across the disparate applications. The company turned to IBM professional services for help. Our solution based on IBM Tivoli Manager and WebSphere Portal enables single sign on (SSO) for the company s enterprise portal. Serving core membership, travel and insurance web systems, the portal applications are driven by a wide range of software packages. Up and running in five months, the new portal infrastructure establishes unified and centralized authentication and authorization for Web browser access to both legacy and new applications. This approach reduces administrative overhead and helps avoid the security breaches that may occur due to inconsistent enforcement or human error. It supports real-time audit logs of which users are accessing which resources and for what business purposes. And, it eliminates the need for developers to code security into each application., further reducing cost and speeding implementation and deployment. Bottom line: The new approach enhances user productivity and security while reducing costs and accelerating the development and launch of new business initiatives. Identity management services and products from IBM Tivoli sound like just what we need. Click Here Identity management in action: IBM Tivoli Manager
17 Is your organization experiencing an "identity crisis"? Or, would you simply like to improve the way you re managing identities? Only IBM can deliver a comprehensive identity management solution including industry-leading products and services to efficiently and effectively integrate these tools into even the most complex of environments. Our Security & experts offer deep experience and proven methodologies accelerating your implementation of an identity management infrastructure and enhancing its value to your enterprise. For more information about identity management from IBM including the related services and products from IBM Tivoli please contact your IBM or Tivoli sales representative. IBM Security and Practice Charles Carrington Tivoli Professional Services Darrius Terrell IBM Integrated Technology Solutions David Pipher Copyright IBM Corporation 2005 IBM, Tivoli and the IBM logos are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. All IBM product names are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both.