Identity and Access Positioning of Paradgimo

Similar documents
Privileged Administra0on Best Prac0ces :: September 1, 2015

Qubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management

It s 2014 Do you Know where Your digital Identity is? Rapid Compliance with Governance Driven IAM. Toby Emden Vice President Strategy and Practices

Using FICAM as a model for TSCP Best Prac:ces in Physical Iden:ty and Access Management. TSCP Symposium November 2013

C21 Introduction to User Access

Project Por)olio Management

AVOIDING SILOED DATA AND SILOED DATA MANAGEMENT

Introduc)on to the IoT- A methodology

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

Delivering value to the business with IAM

Business Analysis Center of Excellence The Cornerstone of Business Transformation

Connec(ng to the NC Educa(on Cloud

Performance Management. Ch. 9 The Performance Measurement. Mechanism. Chiara Demar8ni UNIVERSITY OF PAVIA. mariachiara.demar8ni@unipv.

WHY ANALYSE? BOB APOLLO

Everything You Need to Know about Cloud BI. Freek Kamst

How To Perform a SaaS Applica7on Inventory in. 5Simple Steps. A Guide for Informa7on Security Professionals. Share this ebook

Program Model: Muskingum University offers a unique graduate program integra6ng BUSINESS and TECHNOLOGY to develop the 21 st century professional.

White Paper The Identity & Access Management (R)evolution

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP HP ENTERPRISE SECURITY SERVICES

DTCC Data Quality Survey Industry Report

Case Study. The SACM Journey at the Ontario Government

Developing Your Roadmap The Association of Independent Colleges and Universities of Massachusetts. October 3, 2013

SDN- based Mobile Networking for Cellular Operators. Seil Jeon, Carlos Guimaraes, Rui L. Aguiar

Key New Capabilities Complete, Open, Integrated. Oracle Identity Analytics 11g: Identity Intelligence and Governance

How To Use Splunk For Android (Windows) With A Mobile App On A Microsoft Tablet (Windows 8) For Free (Windows 7) For A Limited Time (Windows 10) For $99.99) For Two Years (Windows 9

Big Data. The Big Picture. Our flexible and efficient Big Data solu9ons open the door to new opportuni9es and new business areas

Introducing Data Visualiza2on Cloud Service

Secure your cloud applications by building solid foundations with enterprise (security ) architecture

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

Phone Systems Buyer s Guide

Uniting IAM and data protection for greater security

Modernizing EDI: How to Cut Your Migra6on Costs by Over 50%

The Pitfalls of Encrypted Networks in Banking Operations Compliance Success in two industry cases

Fixed Scope Offering (FSO) for Oracle SRM

The Right BI Tool for the Job in a non- SAP Applica9on Environment

Identity and Access Management. Key Initiative Overview

Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protec/ng Informa/on Assets Greg Senko

Founda'onal IT Governance A Founda'onal Framework for Governing Enterprise IT Adapted from the ISACA COBIT 5 Framework

Shannon Rykaceski Director of Opera4ons CCFHCC

The Real Score of Cloud

Online Enrollment Op>ons - Sales Training Benefi+ocus.com, Inc. All rights reserved. Confiden>al and Proprietary 1

Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0

Investor Presenta,on Third Quarter ServiceNow All Rights Reserved 1

Identity Access Management Challenges and Best Practices

Metrics that Matter Security Risk Analytics

PROJECT PORTFOLIO SUITE

Protec'ng Communica'on Networks, Devices, and their Users: Technology and Psychology

Private Cloud Website Solu2on

Cloudian The Storage Evolution to the Cloud.. Cloudian Inc. Pre Sales Engineering

Strategy and Architecture to Establish 'Smart Plants'

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Critical Controls for Cyber Security.

Computer Security Incident Handling Detec6on and Analysis

Jeff Warson, GCIH, SCPS, CISSP, CCSK Sr. Principal Security Strategist Symantec Corpora5on

Main Research Gaps in Cyber Security

IBM Security Strategy

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework

Security Information & Event Management (SIEM)

THE KEY ADVANTAGES OF BUSINESS INTELLIGENCE AND ANALYTICS

Oracle Role Manager. An Oracle White Paper Updated June 2009

Keynote: Gartner Magic Quadrants and MarketScopes. Ant Allan Felix Gaehtgens Gregg Kreizman Earl Perkins Brian Iverson

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

ISSA Phoenix Chapter Meeting Topic: Security Enablement & Risk Reducing Best Practices for BYOD + SaaS Cloud Apps

Transcription:

1 1 Identity and Access Positioning of Paradgimo Olivier Naveau Managing Director assisted by Bruno Guillaume, CISSP

IAM in 4D 1. Data Model 2. Functions & Processes 3. Key Components 4. Business Values 2 2

1. Data Model IAM can be viewed as a set of complex func7ons or processes that manipulate three kinds of data: ü Iden&ty data ü Access data ü Ac&vity data Users' digital identities Identity Attributes Accounts Profiles Data Model Entitlements Permissions Roles Rules Policies Success & failed login Success & failed access Changes to Identity data Changes to Access data 3

2. Functions & Processes Create, Maintain & Retire IAM Data Use IAM Data Log Correlate Analyze Report 4

2. Functions & Processes is the construc7on phase of iden7ty, and subsequently providing it with a "personality" by assigning abributes, en7tlements, creden7als It provides the create/maintain/re7re capabili7es of IAM. Administra7on also provides the plaeorm for intelligence: a means to make sense of the iden7ty and access events. serves as a founda7onal plaeorm to facilitate authen7ca7on and authoriza7on, and the capabili7es within them, from single sign- on to en7tlements resolu7on and enforcement of access decisions. Access is the "engine" of IAM that takes iden77es and their informa7on and uses them to effect. generates reports for auditors, provides real- 7me monitoring for opera7ons and delivers the analy7cs necessary for analysts and business stakeholders to make intelligent, ac7onable decisions in the business and in IT. 5 5

3. Key Components Policies & Practices instantiation Formal sets of Actions & Information Flows Optimal organizational structure Optimal human resources allocation All products, services, open-source software and in-house developments 6 6

4. Business Values ü Improve Operational Level ü Improve Service Level ü Reduce Costs ü Governance ü Risk Management ü Compliance ü Business Agility ü Business Decisions 7

IAM in a Users' digital identities Identity Attributes Accounts Profiles Policies & Practices instantiation Formal sets of Actions & Information Flows Optimal organizational structure Data Model Optimal human resources allocation All products, services, open-source software and in-house developments Entitlements Permissions Roles Rules Policies Succes & failed login Success & failed access Changes to Identity & Access data! Improve Operational Level! Improve Service Level! Reduce Costs! Governance! Risk Management! Compliance! Business Agility! Business Decisions 8 8

Why IAM often fails? Efficiency ü No vision / No strategy ü No feedback loop / No measurements (KPI s) ü Efficiency? ü Effec7veness? Business ü Business Improvement? Enablement ü Lack of execu7ve sponsorship ü No quick win à Tunnel effect ü Lack of true IAM Governance ü Lack of con7nuous improvement process ü Insufficient involvement from the business ü Technology focus instead of Process focus (à 7 P s model) ü Poor data model Doesn t match reality ü Effec&veness 9 9

IAM 7 P s Model Complexity Time to Deliver Proper planning direc&on Killing Added Complexity I A M 10

New trends in IAM Iden&ty & Access Governance (IAG) & Iden&ty & Access Intelligence (IAI) 11

From User Provisioning to IAG & IAI «Identity Life Cycle» Basic Changes Advanced Changes Data Model «Role Life cycle management» Basic Business Intelligence Governance Compliance Performance Business Decisions «Intelligent» Reports «Bulk» Reports Advanced Refined Data Model Who had this access? Who? Access Rights? Assets? Rules? Policies? Discover Mine Engineer Monitor & Report Analysis Model Correlate Report Who did what? «Bulk» Reports Potential Enrichment SIEM 12 Authentications Autorizations Security Incident & Event Monitoring DLP Data Loss Prevention NAC Network Access Control

IAM challenges for the coming years? Mobile Crisis Cloud Crisis Governed Crisis Intelligence Collect Correlate Analytics Reporting Compliance Business improvement Social Networks 13

IAM at 14 14

Gartner s Hype Cycle for IAM Technologies, 07/2011 s expertise 15 15

Major references 16 16

Web Access Management ü Defini&on : Web access management (WAM) tools provide control of users' iden77es and Web en7tlements, authen7ca7on and authoriza7on to Web- based applica7ons and to some non Web- based resources. ü Maturity : Mature mainstream ü Technology: AM OpenSSO OAM 11g 17 17

User Provisioning ü Defini&on : User- provisioning or account- provisioning technology creates, modifies, disables and deletes user accounts and their profiles across IT infrastructure and business applica7ons. Provisioning tools use approaches such as cloning, roles and business rules so businesses can automate on- boarding, off- boarding and other administra7on workforce processes (for example, new hires, transfers, promo7ons and termina7ons). Provisioning tools also automa7cally aggregate and correlate iden7ty data from HR, CRM, email systems and other iden7ty stores. ü Maturity : Mature mainstream IDM OIM 11g Custom scripts 18 18

Federated Identity Management ü Defini&on : Federated iden7ty management enables iden7ty informa7on to be shared among several en77es and across trust domains. Tools and standards permit iden7ty abributes to be transferred from one trusted iden7fying and authen7ca7ng en7ty to another for authen7ca7on, authoriza7on and other purposes. ü Maturity : Early mainstream ü Technology : OpenSSO OIF SAML 2.0 19 19

IAM Services Consulting & Integration IAM Managed Services ü Defini&on : Iden7ty and Access management (IAM) consul7ng and integra7on providers deliver specific presales and implementa7on services for clients seeking to select, install, configure and customize IAM products and services. Managed iden7ty and access management (IAM) services are IAM product implementa7ons whose opera7ons and maintenance responsibili7es are handled by IAM service providers. Thus, the customers of those IAM products can handle IAM via outsourcing. ü Maturity : Early mainstream ü Technology : see other slides 20

«Identity Life Cycle» Basic Changes Who? Access Rights? Assets? Rules? Policies? Data Model Discover Mine Engineer «Role Life cycle management» Refined Data Model Business Intelligence Governance Compliance Performance Business Decisions «Intelligent» Reports Analysis Model Correlate Report Authentications Autorizations Who did what? «Bulk» Reports Potential Enrichment SIEM ü Defini&on : «Bulk» Reports Advanced Basic Monitor & Report Who had this access? Identity & Access Governance Changes Advanced Security Incident & Event Monitoring DLP Data Loss Prevention NAC Network Access Control Iden7ty and Access Governance (IAG) is a broad discipline that ul7mately delivers a life cycle of control and decision making to the management of iden77es and how they are used to access systems, applica7ons and data. Role life cycle management is part of IAG, and is replaced on the Hype Cycle with IAG. ü Maturity : Adolescent ü Technology : IDM OIM 11g Oracle Iden&ty Analy&cs (OIA) 21 21

«Identity Life Cycle» Basic Changes Who? Access Rights? Assets? Rules? Policies? Data Model Discover Mine Engineer «Role Life cycle management» Refined Data Model Business Intelligence Governance Compliance Performance Business Decisions «Intelligent» Reports «Bulk» Reports Advanced Basic Monitor & Report Who had this access? Identity & Access Intelligence Changes Advanced Analysis Model Correlate Report Who did what? «Bulk» Reports Potential Enrichment SIEM ü Defini&on : Security Incident & Event Monitoring DLP Data Loss Prevention NAC Network Access Control Iden7ty and Access Intelligence (IAI) is the output derived from: Collec7ng iden7ty and access ac7vity and event data Correla7ng that data with iden7ty and access repositories Applying formal (BI) analy7cs to the collected informa7on in search of paberns and other useful knowledge for IT and the business Then using that output for: Repor7ng for compliance and IAM performance management Providing modeling and simula7on func7onality for applying en7tlements Providing the means to improve IAM and business decisions ü Maturity : Emerging ü Technology : Iden&ty GRC 22 Authentications Autorizations

Maturity Levels Maturity Level Status Products/Vendors Embryonic Emerging s presence Identity & Access Intelligence Adolescent Maturing technology capabilities and process understanding Uptake beyond early adopters Second generation Less customization Identity & Access Governance Early mainstream Proven technology Vendors, technology and adoption rapidly evolving Third generation More out of box Methodologies Public Key Operations IAM Services Consulting & Integration IAM Managed Services Federated Identity Management Mature mainstream Robust technology Not much evolution in vendors or technology Several dominant vendors User Provisioning Web Access Management Privilege Account Activity Management Legacy Obsolete 23

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information