The State of Identity Management Self-assessment Questionnaire



Similar documents
Provisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1

Identity and Access Management (IAM) Roadmap DRAFT v2. North Carolina State University

Federated Identity Management and Shibboleth: Policy and Technology for Collaboration

Federated Identity Management Checklist

Identity and Access Management Memorial s Strategic Roadmap

A Look at Ourselves: Shibboleth Deployment Self-Assessment Checklist

InCommon Basics and Participating in InCommon

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Active Directory Integration twitter.com/onelogin ONELOGIN WHITEPAPER

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

NCSU SSO. Case Study

IDENTITY & ACCESS MANAGEMENT

Is Your Data Safe in the Cloud?

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

SAP Business Objects Security

Identity Management Basics. OWASP May 9, The OWASP Foundation. Derek Browne, CISSP, ISSAP

CommIT: Simplifying Admissions Identity Management

WHITE PAPER. Active Directory and the Cloud

University of Wisconsin-Madison

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1

CA SiteMinder SSO Agents for ERP Systems

managing SSO with shared credentials

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

Cross-domain Identity Management System for Cloud Environment

Initiative Report for IT CIO: Identity Management/Single Sign-on Trident Setup and Training

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Guide to Getting Started with the CommIT Pilot

Active Directory Integration WHITEPAPER

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014

Increase the Security of Your Box Account With Single Sign-On

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Canadian Access Federation: Trust Assertion Document (TAD)

Intelligent Security Design, Development and Acquisition

Three Case Studies in Access Management

Oracle Fusion Middleware 11g Release 1 IDM Suite

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

C21 Introduction to User Access

Identity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees

Identity Governance Evolution

UW System Identity & Access Management (IAM) Recommended Strategic Roadmap

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Password Management Before User Provisioning

1 Novell Use Cases. 1.1 Use Case: Per Tenant Identity Provider Configuration Description/User Story Goal or Desired Outcome

MicroStrategy Course Catalog

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

Current Environment Assessment Specification. Single Sign On Customer Relation Management Workstation Support

The Challenges of Managing Multiple Cloud Identities and Enterprise Identity by BlackBerry

Directors, Managers, and Supervisors Skill Profile

1 Introduction Product Description Strengths and Challenges Copyright... 5

Sun and Oracle: Joining Forces in Identity Management

Securing the Cloud through Comprehensive Identity Management Solution

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Integrating Biometrics into the Database and Application Server Infrastructure. Shirley Ann Stern Principal Product Manager Oracle Corporation

Single sign on may be the solution

IDENTITY MANAGEMENT ROLLOUT: IN A HURRY. Jason Blackader, UNIX Systems Administrator

Columbia Identity/Access Management. (another tawdry tale of access control convergence)

Technical White Paper. Automating the Generation and Secure Distribution of Excel Reports

SAML-Based SSO Solution

Apache Syncope OpenSource IdM

WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

VERALAB LDAP Configuration Guide

USING FEDERATED AUTHENTICATION WITH M-FILES

Project Charter IDENTITY AND ACCESS MANAGEMENT. Project Information. Project Overview. Project Purpose and Benefits to Campus. Project Scope Statement

Cloud Video Conferencing. A comprehensive guide

IT Governance Committee Review and Recommendation

Information Technology Services

ENZO UNIFIED SOLVES THE CHALLENGES OF REAL-TIME DATA INTEGRATION

Strategic Identity Management for Industrial Control Systems

CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014

Service-Oriented Architecture and Software Engineering

Evaluating time and expense systems: Choosing the right platform for your organization

How To Authenticate With Ezproxy On A University Campus (For A Non Profit)

Office of the Chief Information Officer Department of Energy Identity, Credential, and Access Management (ICAM)

identity management in Linux and UNIX environments

What is TIER? Trust and Identity in Education and Research

EDUCAUSE Security Presentation. Chad Rabideau Senior Consultant Identity Management AegisUSA

Security It s an ecosystem thing

Oracle Identity Manager (OIM) as Enterprise Security Platform - A Real World Implementation Approach for Success

Brought to you by InCommon in cooperation with Internet2 and the EDUCAUSE Identity and Access Management Working Group.

Enterprise Digital Identity Architecture Roadmap

Physical/Logical Access Interoperability Working Group

Top Eight Identity & Access Management Challenges with SaaS Applications. Okta White Paper

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY

Lots of workers, many applications, multiple locations......and you need one smart way to handle access for all of them.

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

7 Steps to Guide Your Field Service Technology Purchase

Security Provider Integration Kerberos Server

USING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS

Case Study: ICICI BANK INTERNAL AUDIT DEPARTMENT PENTANA AUDIT WORK SYSTEM IMPLEMENTATION

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

Redefining Security for the Modern Facility

Identity Management: The authentic & authoritative guide for the modern enterprise

Institutional Effectiveness

Duo Two-Factor Authentication: Frequently Asked Questions

Oracle Identity Manager, Oracle Internet Directory

Transcription:

Identity and the Cloud: Preparing Your Campus EDUCAUSE 2010 Pre-Conference Seminar The State of Identity Management Self-assessment Questionnaire Each entry below describes an aspect of identity management in three ways that that suggest a continuum from basic to capable to advanced, from just starting to battle scarred to been there, done that, from clueless to cluedin to clue-full, from I bought the book to I read the book to I wrote the book, from well, you get the idea. For each item, consider where your institution is today on a scale from 1 to 10. Observe that the 1 and 10 are sometimes extremes of the primitive past or dreams of a perfect future -- we expect everyone lives in the real world in between. Enter each score in the empty box to the right, subtotal each section, then compute your final total at the end. This questionnaire is based on an identity management assessment tool developed by Lynn McRae, Stanford University, for the Internet2/Educause CAMP: Building a Distributed Access Management Infrastructure (http://net.educause.edu/camp064) and updated by John O Keefe, Lafayette College.

1. Would there be a value for my institution to federate? Cloud Resources We rarely if ever look to the cloud to provide resources and services to the institution. Some external applications and resources are of interest to us. Leveraging as many cloud resources as is prudent is a key component of our IT strategy moving forward. Internal support for cloud services We have no support structure in place for cloud services, and must rely on our vendors completely. We have limited support in place for users of cloud services. We have a solid process in place to support external services that is tightly integrated with our internal support structures. External Collaboration Collaboration with other institutions and entities beyond our own is rare or non-existent. There is some ad-hoc collaboration with institutions and entities beyond or own. Collaboration beyond our institution is a key component to our educational and research missions. Security of Identities and Authentication We are comfortable permitting vendor access to BOTH our identity information AND authentication information. We are comfortable permitting vendor access to EITHER identity information OR authentication information. We are not comfortable releasing ANY authentication information and only releasing MINIMAL identity information to the vendor. 2. Current State of Identity Data Coverage Our identity management covers just the core community faculty, staff and students as defined by source systems. Our identity management includes faculty, staff and students, plus secondary sources like library patrons, conference attendees, hospital staff, etc.. We capture information about all people of interest to IT, schools, departments, central offices, libraries, etc.

Matching and Uniqueness We get information from many sources; it s possible someone can be represented multiple times. This is difficult for us to detect except in reaction to service issues. We have good central identity matching processes, but need to work to resolve identity issues mostly as needed. We have strong partners and practices across campus and multiple systems that participate in detecting, avoiding and resolving identity issues. Enterprise reference data and definitions We must deal with a variety of ways in which our systems handle common data like phones, addresses, buildings and locations, etc. We have achieved a fairly high degree of uniformity of data of like type, through cooperation and multiple data mappings. All descriptive data where applicable is governed by local, national and international standards and data definitions are shared across campus systems. Guests or weakly identified entities We do not have a centrally supported guest login. This brings weakly identified people into our identity management system that are poorly tracked and managed over time. We have policies to prevent the abuse of our identity infrastructure, and some infrastructure support for alternatives. We have a centrally supported guest account infrastructure with policies that do not compromise core identity management. How fresh is your data? We periodically gather information from sources on cycles that can vary from daily, to weekly or longer. We regularly gather information from sources, generally no less than daily. We have realtime or near-realtime connections to source and client systems that allow service and access changes to take effect in minutes -- on or off -- when data changes. 3. Current State of IdM Infrastructure Integration technologies We gather information from sources with a mix of flat file transfer, reports, direct SQL access, and/or email. We rely on batch processes but use consistent techniques with our clients and a common secured infrastructure. We have realtime access to data, e.g., through LDAP, as well as an enterprise, message-based integration infrastructure. Identity Store We have many (Student, Faculty, Staff, etc) that don t connect We have many and some connect We have a unified and central Identity Store

SSO and Authentication We have separate authentication credentials for access to different institutional services. We leverage unified authentication for access to different institutional services. We have implemented a single sign-on solution for access to different institutional services. 4. Policies and Practices Identity Management Roadmap Identity Management Roadmap? We don t need no Identity Management Roadmap. An Identity Management roadmap is under development. An Identity Management roadmap is in place and being actively maintained. Account Provisioning Process Our processes are manual, ad-hoc, and not documented or well understood. We have a mix of formal processes and those created on an as-needed basis. Some are automated and some are not. Our processes are established, automated, and documented. 2 2 Account de-provisioning process There is little connection between central IT support for core infrastructure and business systems, and distributed school or departments system. There means many independently maintained shadow systems with poor data sharing and little automated updates from common sources. We can make data available, through reports or directory lookups to more directly enable local systems, but actual reuse is inconsistent across campus. We support collaborative work in schools and departments by enabling them to define and share information and privileges on their own. It is easy to access common enterprise data, either for realtime reference or for ongoing synchronization. Access rule consistency IT staff may find themselves making access management decisions where business rules don t exist and no decision-making body exists. Policies providing a framework for consistent access management decisions are in development or in place. Business units base access management decisions on policies and the classification of the data being protected. Who gets to say who gets to say? We don t have firm policies or guidelines governing who can manage privileges or groups. People are enabled as needed. We have general workplace guidelines that designate who can manage privileges and groups controlling access to services. We have policies that establish responsibilities and a chain of authority for group and privilege management.

jjjkjlkjl 1 Cohesiveness of effort We have little or no development, test, and user acceptance environments, with no source system involvement. We have development, test and useracceptance environments, but inconsistent source system involvement, and problems with authentication/sso. We have end-to-end test, development, and user-acceptance environments with all sources and consumers, and cooperative processes for planning change. 5. On the Road to IdP eduperson We don t have it or not sure what it is. We have heard about it and/or partially implemented it. We have fully implemented and leveraged eduperson on our campus. Practices Our practices are ad-hoc at best. We have a mix of formal practices and those created on an as-needed basis Our practices are established and publically posted. Federating Software We don t have it or not sure what it is. We have heard about it and/or partially implemented it. We have fully implemented and leveraged eduperson on our campus. Staffing We are stretched thin on staffing, especially with respect to Identity Management We have some staffing efforts partly dedicated to IdM, but it is a best-effort and often these staff are pulled away to other projects. We have staff dedicated to managing and growing our IdM infrastructure. 2 3 4 5 6 7 8 9 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information