White paper. Business-Driven Identity and Access Management: Why This New Approach Matters

Similar documents
BUSINESS-DRIVEN IDENTITY AND ACCESS GOVERNANCE: WHY THIS NEW APPROACH MATTERS

RSA Identity Management & Governance (Aveksa)

RSA Identity and Access Management 2014

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

Minimize Access Risk and Prevent Fraud With SAP Access Control

Reining In SharePoint

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

RSA enables rapid transformation of Identity and Access Governance processes

A Smarter Way to Manage Identity

Simply Sophisticated. Information Security and Compliance

An Oracle White Paper January Access Certification: Addressing & Building on a Critical Security Control

AD Management Survey: Reveals Security as Key Challenge

Automated User Provisioning

IBM Software Group. Deliver effective governance for identity and access management.

IBM Global Business Services Microsoft Dynamics AX solutions from IBM

Access Governance. Delivering value. What you gain. Putting a project back on track for success

CA Service Desk Manager

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT

Certified Identity and Access Manager (CIAM) Overview & Curriculum

How can Identity and Access Management help me to improve compliance and drive business performance?

IBM Software A Journey to Adaptive MDM

INTELLIGENCE DRIVEN IDENTITY AND ACCESS MANAGEMENT

Published April Executive Summary

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

ROUTES TO VALUE. Business Service Management: How fast can you get there?

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

ROLE-BASED ACCESS GOVERNANCE AND HIPAA COMPLIANCE: A PRAGMATIC APPROACH

Business-Driven, Compliant Identity Management

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

Is Your Mobile App Platform RFP Asking The Right Questions?

Improving Network Security Change Management Using RedSeal

Quest One Identity Solution. Simplifying Identity and Access Management

Identity and Access Management Point of View

Streamlining Identity and Access Management through Unified Identity and Access Governance Solutions

Provide access control with innovative solutions from IBM.

Leveraging Microsoft Privileged Identity Management Features for Compliance with ISO 27001, PCI, and FedRAMP

CA Automation Suite for Data Centers

Enable Business Agility and Speed Empower your business with proven multidomain master data management (MDM)

WHITE PAPER. Automated IT Asset Management Maximize Organizational Value Using Numara Track-It! p: f:

Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER

Choosing the Right Master Data Management Solution for Your Organization

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence

Business-Driven, Compliant Identity Management

SAP Solution in Detail SAP NetWeaver SAP NetWeaver Identity Management. Business-Driven, Compliant Identity Management

Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure?

Take Control of Identities & Data Loss. Vipul Kumra

Leveraging Network and Vulnerability metrics Using RedSeal

SOLUTION BRIEF: CA IT ASSET MANAGER. How can I reduce IT asset costs to address my organization s budget pressures?

Real-Time Security for Active Directory

1 Introduction Product Description Strengths and Challenges Copyright... 5

White Paper Modern HR Case Management

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

Increase Business Intelligence Infrastructure Responsiveness and Reliability Using IT Automation

Transforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency

Boosting enterprise security with integrated log management

SOLUTION WHITE PAPER. BMC Manages the Full Service Stack on Secure Multi-tenant Architecture

BMC Cloud Management Functional Architecture Guide TECHNICAL WHITE PAPER

CA point of view: Content-Aware Identity & Access Management

What You Need to Know About Transitioning to SOA

FIVE PRACTICAL STEPS

SailPoint IdentityIQ Managing the Business of Identity

Extend the value of your service desk and integrate ITIL processes with IBM Tivoli Change and Configuration Management Database.

Healthcare Data Management

10 Building Blocks for Securing File Data

I D C A N A L Y S T C O N N E C T I O N

Leveraging security from the cloud

Enterprise Security. Moving from Chaos to Control with Integrated Security Management. Yanet Manzano. Florida State University.

Meeting the Challenge of Service Request Management SOLUTION WHITE PAPER

Vistara Lifecycle Management

Managing all your customer interactions Ambit CustomerConnect

The Importance of Information Delivery in IT Operations

SOLUTION WHITE PAPER. IT Business Management and Compliance Ensuring Cloud Governance

Q1 Labs Corporate Overview

Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0

Running an Agile and Dynamic Business. Business Solutions Delivered by Microsoft Services

Elevate the Consumer Experience: Creating a Win-win for Both IT and its Consumers

My Experience. Serve Users in a Way that Serves the Business.

TOP 5 REASONS WHY FINANCIAL SERVICES FIRMS SHOULD CONSIDER SDN NOW

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

SailPoint IdentityIQ Managing the Business of Identity

Identity Lifecycle Management. Lessons Learned

SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management

What is Security Intelligence?

Cisco Unified Data Center: The Foundation for Private Cloud Infrastructure

Windows Least Privilege Management and Beyond

CA Service Desk On-Demand

Unparalleled demands on storage shift IT expectations for managed storage services. April 2015 TBR

Compliance and Security Solutions

SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them?

IBM WebSphere Operational Decision Management Improve business outcomes with real-time, intelligent decision automation

RSA VIA LIFECYCLE AND GOVERNENCE: ROLE MANAGEMENT BEST PRACTICES

HP SOA Systinet software

Establishing a Mature Identity and Access Management Program for a Financial Services Provider

Resource Management. Resource Management

It s 2014 Do you Know where Your digital Identity is? Rapid Compliance with Governance Driven IAM. Toby Emden Vice President Strategy and Practices

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?

BMC Remedy IT Service Management Suite

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

BMC Control-M Workload Automation

VMware Cloud Automation Technology Consulting Services

Transcription:

White paper Business-Driven Identity and Access Management: Why This New Approach Matters

Executive Summary For years, security and business managers have known that identity and access management (IAM) must be driven by business requirements. After all, business managers know best who should have access to what. But all too often, IAM processes don t reflect this business context. These processes lack support for a business view of access which reflects the fine-grained entitlements that determine specifically which actions users may take within applications. In addition, traditional IAM systems have consistently been prohibitively expensive to deploy and operate, limiting their breadth of coverage and effectiveness. This business context is the sum total of everything an organization knows about its users, their job responsibilities, and the information, applications and entitlements they need. While some context is contained within IT-managed systems (such as directories and HR applications), additional context is also held by the managers who supervise users or by the owners of business functions, applications and data, not by the IT or security staff. This white paper explains why today s IAM systems fail to properly reflect business context, describes why embracing business-driven identity and access management (BDIAM) reduces costs while increasing security, and describes a step-by-step methodology for implementing it. 2 Business-Driven Identity and Access Management: Why This New Approach Matters

Today s Reality: Failed Identity Management Today s organizations face more security threats and regulatory challenges than ever, not to mention the potential damage to shareholder value and reputation that would result from a data breach. Yet not only are IAM systems failing to keep up, they are falling behind the need to proactively manage ever-changing risk postures. IAM architectures are fragmented, complex, and ill-equipped to deal with the pace of change in an organization, from simple employee transfers to restructuring, new regulatory requirements and mergers and acquisitions. Cloud computing increases complexity by creating a new application silo (and more administrators with privileged access) for every new cloud application and cloud service provider. It also increases the rate of change, as lines of business obtain new services, often without informing the central IT or security groups. Mobile computing and the bring your own device trend create yet more identity and access management silos to accommodate each new platform. The result is that even as organizations need easier, faster and more consistent identity and access management, the pace of change makes their risk posture ever less certain. Relying on siloed, reactive, incomplete systems make it even harder to discover and apply the business context needed for each application or group of systems, and the lack of a single, central IAM infrastructure even more critical. The key to solving these problems is to leverage a modern identity and access management system built around business context. The Importance of Business Context Business context is the often-forgotten, but key ingredient to assure effective, enterprise-wide IAM. It is often overlooked because IAM is usually handled by the CIO, CISO, VP of Security or Director of Security. None have the business context required for efficient, effective enterprise-wide access management. Most of this business context lies instead with the supervisors and other business managers who understand the specific responsibilities various users have, and the access each requires. Consider, for example, a finance department with five employees, each with Analyst Level 2 job codes. The IT department might conclude each should have the same access rights and entitlements. However, their supervisor knows who is responsible for travel and entertainment spending, and who monitors telecommunications and utility expenses, and can thus make more accurate access and entitlement decisions for them. Different members of a drug testing team might have the same job titles, but require different levels of access to test data depending on their seniority, training, or project assignments. Business application owners are also best equipped to understand how applications or data resources are used and what access and entitlement policies are appropriate for them. Application owners, along with risk, audit and compliance teams, have the best context for setting IAM policies specific to various business applications or industry domains. To apply this context most effectively, organizations must enable business managers, business application and data owners and the audit, risk and compliance team to drive access-related policy requirements. IT must then translate those requirements into operational activities. Achieving this business-driven identity and access management requires new processes and new technology. Business-Driven Identity and Access Management: Why This New Approach Matters 3

Business Driven Identity and Access Management Requirements To bring business context into the IAM process, IT must transform the cryptic jargon of application and infrastructure entitlements into a business-friendly view of access and give business managers a simple, intuitive way to make IAM decisions throughout the identity and access lifecycle. Business-driven IAM also requires that the lines-of-business (LOBs) take ownership of the tasks that they have the context for, and become accountable for them. Audit, risk and compliance teams must be able to create requirements, measure results and institute controls. IT security and operations teams must have visibility into and control over how IAM activities are conducted, since they are ultimately responsible for carrying out the decisions made by LOBs. Organizations must be able to easily define policies which capture business context, assuring compliance in areas such as segregation-of-duties (SOD) or access approval. Once a policy has been instantiated, it can be applied automatically and violations dealt with automatically. Since policy creation is familiar to LOBs, Information Security, and Operations, Audit, Risk and Compliance teams, this is an effective way to engage them in the BDIAM process. Automating the fulfillment of access changes can significantly reduce cost and effort, because organizations have struggled to achieve the required automation with IT-focused tools from traditional identity management vendors. A truly business-driven approach to IAM provides a simple access change management mechanism that keeps business logic separate from application-specific integration logic. This enables a cost-effective and rapid method for on-boarding applications from a change fulfillment perspective All of this requires an automated identity and access management platform, which gives business owners a simple view of identity and access management, enables automated, policy-based access controls, fulfills IAM change requests, and builds proactive access compliance into the fabric of the organization. Figure 1 illustrates how such a platform enables an organization to establish business processes to accomplish all of these activities. Figure 1: Business processes for LOBs, Information Security, Audit, Risk and Compliance Information Security Lines of Business Enable the Business: Ownership & Accountability Business Processes Ensure Compliance & Manage Risk Audit, Risk & Compliance 4 Business-Driven Identity and Access Management: Why This New Approach Matters

A Phased Approach to Business Driven IAM Business driven IAM is best made operational by implementing discrete, measurable business processes in a step-by-step phased approach that delivers value in each phase. The steps are: Visibility and Certification: This repeatable, sustainable process automatically collects and cleanses identity and entitlement data to obtain a single unified and normalized view of current access rights. This technical view of access is transformed into a business view so that LOB managers, such as supervisors or business owners of resources, can become accountable for reviewing access rights. This happens via a business user-friendly access certification process (also known as an access review), where people s entitlements are reviewed and approved (or revoked) by a supervisor or application owner. One important step, which is also a good example of establishing business context, is identifying the business owners of data resources (such as file shares, or SharePoint sites), as well as any metadata that defines its business purpose and risk classification. Policy Management: Capturing decision-making context and business logic in a set of policies defined as rules is an excellent way to automate security and compliance controls. Having rules trigger workflows provides process and policy automation, and reduces costs. For example, the identification of a new employee can trigger a multi-step process that includes creating accounts for the employee, providing him with appropriate group memberships, assigning the appropriate entitlements to applications and data and obtaining the necessary approvals Role Management: Roles enable business managers to more easily manage entitlement changes. Consider the role of Bond Trader Level 2. A user in this role might be entitled to 35 different fine-grained entitlements (such as the ability to make trades up to a certain limit) across several applications. Rather than requiring a manager to review and evaluate each of the 35 entitlements, the manager can simply verify that the role is correct for the person. This is an easier and more natural way for the manager to apply the needed business context because they are thinking about the role played by a specific person, not about a detailed list of application entitlements. Roles simplify Joiner, Mover and Leaver processes and makes it easier to assign users additional access. They also make it more efficient to review, validate or test user access to simplify compliance and risk management. This phase also produces processes for lifecycle management of groups, which are often used to govern access (especially to data resources) in much the same way as roles. Request Management: Once a business view of access and the abstractions to simplify and automate access management are in place, an organization is in a good position to establish a self-service access request front-end for business users, and an auditable and policy-compliant change management engine for IT on the backend. This process empowers LOBs to invoke access requests without any knowledge of the infrastructure and details involved in servicing the requests. It also provides proactive compliance by enforcing policies before access is granted. Change Fulfillment: Business-driven changes to identity and access result in actual modifications to user accounts, group memberships and user-entitlement bindings in systems, directories, applications and access control solutions. Change fulfillment is a process that usually exists in some form before an organization embarks on any of the phases mentioned here. The challenge is typically about evolving the process so that it is consistent, policy-driven and as much as possible, automated. Business-Driven Identity and Access Management: Why This New Approach Matters 5

There are several mechanisms for fulfilling access changes. A simple task notification, such as an email to a system administrator, is often the easiest and most straightforward approach to change fulfillment. Creating a ticket in a service desk is a more consistent way to track requests, responses and confirmations, and can leverage an existing enterprise change management system. However, the associated time lag, cost and error rate often drive organizations to automation. An automated fulfillment solution delivers operational efficiency and timely changes, and ideally supports the rapid on-boarding of new applications. Traditional provisioning engines make it difficult to onboard (connect to) more than a few applications because these older systems combine the business logic that defines IAM policies with the logic required to integrate with each application. This requires expensive custom coding for each new connection, and whenever IAM policies change. Modern business-driven IAM systems maintain the policy-related business logic at a higher level, making this last-step integration much easier and less expensive. Summary Organizations cannot afford to spend any more than they must on identity and access management. Nor can they afford the regulatory, legal or intellectual property risks of not properly managing identity and access management. The road to the most efficient and effective identity and access management runs right through the owners of the business processes, applications and data. It uses the detailed business context about which users require what access and entitlements as the foundation for automated, business driven identity and access management that delivers the maximum business value at the lowest cost. 6 Business-Driven Identity and Access Management: Why This New Approach Matters

ABOUT AVEKSA Aveksa is the leading provider of Business-Driven Identity and Access Management solutions. Through its business-driven approach, the Aveksa platform provides a robust way for organizations to shift the accountability and responsibility for making access decisions away from Information Security, and out to the line of business, while enforcing policies and maintaining oversight. Aveksa achieves this by managing the complete lifecycle of user access to information resources through an automated, continuous process for access request, approval, fulfillment, review, certification and remediation. With Aveksa, IT organizations can reduce Access Management complexity and increase operational efficiency while minimizing risk and ensuring sustainable compliance. Many Global 2000 organizations in financial services, healthcare, retail, energy/utility, telecommunications, transportation, manufacturing and other industries rely on Aveksa to efficiently address their Identity and Access Management demands. For more information, visit www.aveksa.com. 303 Wyman Street Waltham, MA 02451 877-487-7797 www.aveksa.com 2013 Aveksa Inc. All rights reserved. Aveksa, Aveksa product names, and the Aveksa logo are registered trademarks of Aveksa Inc. All other company and product names may be the subject of intellectual property rights reserved by third parties. Revised 06-12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information