The 7 Tenets of Successful Identity & Access Management

Similar documents
The. Tenets of IAM. Putting Identity Management at the Center of Security. Darran Rolls, Chief Technology Officer

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

The Cloud App Visibility Blindspot

A Smarter Way to Manage Identity

<Insert Picture Here> Oracle Identity And Access Management

Delivering value to the business with IAM

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

managing SSO with shared credentials

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Mobile Device Inventory the first step in enterprise mobile management

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

How can Identity and Access Management help me to improve compliance and drive business performance?

Safeguarding the cloud with IBM Dynamic Cloud Security

AirWatch Solution Overview

How To Protect Your Cloud From Attack

An Oracle White Paper January Access Certification: Addressing & Building on a Critical Security Control

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

The Oracle Mobile Security Suite: Secure Adoption of BYOD

CA SiteMinder SSO Agents for ERP Systems

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. Identity-centric Security: The ca Securecenter Portfolio

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

Trust but Verify: Best Practices for Monitoring Privileged Users

IBM Security Intelligence Strategy

Identity Governance Evolution

How to Choose the Right Security Information and Event Management (SIEM) Solution

Leveraging Privileged Identity Governance to Improve Security Posture

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

STRONGER AUTHENTICATION for CA SiteMinder

How To Manage A Privileged Account Management

Passlogix Sign-On Platform

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

Teradata and Protegrity High-Value Protection for High-Value Data

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

1 Introduction Product Description Strengths and Challenges Copyright... 5

A HIGH-LEVEL GUIDE TO EFFECTIVE IDENTITY MANAGEMENT IN THE CLOUD

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Top Eight Identity & Access Management Challenges with SaaS Applications. Okta White Paper

PROTECT YOUR WORLD. Identity Management Solutions and Services

Mobile device and application management. Speaker Name Date

FUJITSU Software Interstage Business Operations Platform: A Foundation for Smart Process Applications

SIEM and IAM Technology Integration

Symantec Enterprise Vault for Microsoft Exchange Server

White paper. Four Best Practices for Secure Web Access

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

How To Make A Multi-Tenant Platform Secure And Secure

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

RESEARCH NOTE CYBER-ARK FOR PRIVILEGED ACCOUNT MANAGEMENT

RSA Identity Management & Governance (Aveksa)

The Top 5 Federated Single Sign-On Scenarios

The Who, What, When, Where and Why of IAM Bob Bentley

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

HP CLOUD SYSTEM. The most complete, integrated platform for building and managing clouds featuring Intel technologies.

An Overview of Samsung KNOX Active Directory and Group Policy Features

C21 Introduction to User Access

Cloud Computing An Elephant In The Dark

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Managing Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense

An Overview of Samsung KNOX Active Directory-based Single Sign-On

CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

Oracle Role Manager. An Oracle White Paper Updated June 2009

The Benefits of an Integrated Approach to Security in the Cloud

Business-Driven, Compliant Identity Management

Ensuring the Security of Your Company s Data & Identities. a best practices guide

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Data Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information

Andrej Zdravkovic Regional Vice President, Platform Solutions Intellinet

Secure Cloud Computing

EXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report

#ITtrends #ITTRENDS SYMANTEC VISION

10 Building Blocks for Securing File Data

Security Information & Event Management (SIEM)

Take Control of Identities & Data Loss. Vipul Kumra

ADDING STRONGER AUTHENTICATION for VPN Access Control

People-centric IT: Bedeutung für das Identity und Access Management. Uwe Lüthy Solution Sales Specialist Core Infrastructure Microsoft Schweiz Gmbh

Cloud Backup and Recovery for Endpoint Devices

RSA Identity and Access Management 2014

Service management White paper. Manage access control effectively across the enterprise with IBM solutions.

Mobile Device Strategy

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Finding Security in the Cloud

QLIKVIEW IN THE ENTERPRISE

Veritas Enterprise Vault for Microsoft Exchange Server

SERVICES. Software licensing and entitlement management delivered in the cloud for the cloud

A modern Human Resource Management - supported by SAP s cloud and on premise portfolio of solutions. Joachim Förderer, SAP AG

Transcription:

The 7 Tenets of Successful Identity & Access Management

Data breaches. The outlook is not promising. Headlines practically write themselves as new breaches are uncovered. From Home Depot to the US Government s Office of Personnel Management to Ashley Madison, targeted attacks are on the rise. They have increased 91% since 2013 which was known as the year of the Mega Breach1. The total number of breaches themselves have increased 62% since that same time and the role of insiders in these breaches is significant. According to Verizon s Data Breach report, 88% of insider breaches are due to privilege abuse. In fact, according to SailPoint s own survey, 1 in 7 employees would be willing to sell their login credentials for as little as $150. The insider risk remains. The external and internal risk are real. 1 According to Symantec 1 SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management

The Disappearing Perimeter The relationship between enterprises and their data is much more complex than ever before. In a regular workday, the average employee touches a massive number of systems each with different levels of privilege demands. A head of HR needs high levels of privilege access to the HR system but low privilege to the IT infrastructure, product intellectual property or sales database. Product managers need almost the opposite access. How do you know each only has access to the level they are authorized? And while everyone thinks about employees and IT staff access, what about the contractors and suppliers? And while many may not consider customers as needing access, they leverage product support, partner portals and all sorts of semiprivileged data. Then there are the ex-employees who still have their personal phones, computers and data sources they accessed while still on the inside. Were their access rights revoked timely? With all these scenarios and complexity, the notion of network and perimeter is becoming irrelevant. Data is in the cloud and on mobile devices; it is accessed not just by employees but also external parties. Enterprise security is in need of a new paradigm and evolving from network-centric to identitycentric. The increasingly complex relationships between people and data is redefining perimeter defenses and making us think about access management in a very different way. The primary controls provided by network security are just not enough anymore. SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management 2

Enterprise Security Has Become Identity-Centric Security starts with a subject (an employee or a program) gaining access to a resource (an application or data file) via access controls. Access controls are the system-level constraints that make sure that the right people have the right access and the bad guys are kept out. Application services now support a vast array of internal customers from employees to contractors to partners. In addition, it is common today to host applications on-premises and in the cloud in true hybrid environments. Between mobile platforms and data hosted in multiple clouds, system-to-system data flows are complex. The Identity Access Management (IAM) job is simple in principle: give the right people the right access to the right data. To do this, trusted and properly managed identity access has to become the primary control. It comes down to three basic questions to govern access: 1. Who has access today? This is a question of inventory and compliance. It starts with understanding the current state. It is about cataloging and understanding access in order to ensure it is correct. 2. Who should have access? Models and automation are the cornerstones to determining who should have access. For us to answer the question should Joe have access to this file, we must first know who Joe is. We then have to understand and classify the data he is attempting to access. We have to establish a model that defines if Joe s access conforms to his pre-defined policy. While partitioning data this way may be more complex, it is critical to implementing any form of preventive controls. 3. Determining who did have access is a question of monitoring and audit. It is no longer enough to understand who does and who should have access. It is vital for IT security forensics and auditing to surface who was actually granted access, in addition to when and where it was last used. DATA ACCESS RIGHTS PEOPLE 3 SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management

Know the Points of Weakness in your IAM When looking at the post-incident forensic reports from any high-profile data breach, there are always basic identity and access management errors at the root cause. Simple things like overly complex data access and unknown data classification are usually a factor. Some others include: 1. Can you tell what files have been stolen? What kind of data inventory do you have to help you find out? 2. How many separate login systems are you managing between Product, Sales, Ops, Finance and Support and are they all on-premises or are some hosted in the cloud? 3. Are your data pools in large repositories and how finely have you partitioned access? 4. What is the difference in access level to your employees, contractors, partners and customers? Are they all accessing the same networks at different levels or do you host duplicate but separate networks for each? 5. Can you tell the difference between a valid account and a rogue account? There are obviously many more factors and the identity access questions get complex quickly. At SailPoint, we have had the privilege to be invited into a wide range of customer environments and witnessed an even wider range of identity management challenges. We have assembled the knowledge we gained from these experiences into 7 basic tenets of best practices enterprises should use when designing and integrating a next generation Identity Access Management system. Complex Data Access Overentitled Users Corporate IT & Data Assets Rogue Accounts Privileged Access SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management 4

The 7 Tenets of Successful Identity & Access Management 5 SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management

Consider Everything 1 Identity and access management is no longer a do it yourself project. The sheer number of users, data applications, interfaces and platforms in the modern enterprise requires an integrated IAM system. From password management across multiple data repository platforms to compliance to role management to audit, misalign one interface and at best your system will fail. At worst, your identity access system ends up with a vulnerability that does not surface immediately, but that a cybercriminal might exploit later. A single integrated IAM platform can coordinate all rules, all compliance and all monitoring into one place ensuring that nothing is missed. Patching together an enterprise-level IAM solution by stitching the embedded identity control systems of multiple SaaS and enterprise software vendors leaves your network open to potential gaps in coverage and creates fragile links between systems. An integrated enterprise solution will control and monitor all your users, all your applications, all your data, and all access rights. Role Management Password Management Identity Analytics Compliance Controls IAM Platform Data Governance Single Sign-On Access Request SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management 6

2 Remember your Customer The enterprise has to service a wide range of internal customers with different data access needs from different locations using different access devices. The IAM solution must be adaptable across all this. Whether a user is accessing a sales database from a hotel in Europe via their smartphone, an ERP system from a tablet on a production floor or a finance system from a desktop at the corporate headquarters, each access needs to be authenticated quickly, transparently and accurately. This includes an internal contractor requesting simple access via single sign-on, a business user adjusting data ownership rights, a high-level compliance officer monitoring compliance or a road warrior asking for a password reset behind the corporate firewall. Any user, any platform, any time. In a friendly, easy way. 7 SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management

Be Context Aware 3 Understanding users and, most importantly, the data and resources they should and typically access is critical. Identity context is about sharing and understanding these relationships and translating them into entitlements or rights. That context model needs to sit in the center of the security and operations infrastructure as the identity governance and administration engine. It is a model of known relationships between people, accounts, privileges and data. For example, when a security event is generated out of a SIEM or DLP system, a context-aware identity management system can use its knowledge of people, their accounts and the data they are allowed to access and take remediation actions. If an access request is outside the boundaries of their approved access levels, a good IAM system may suspend their account or even lock their mobile container. Identity context is about sharing and understanding the relationship among people, accounts, privilege and data. SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management 8

4 Govern by Model Managing the access of thousands of users requires governance models. These models are what make the IAM engine effective. They consist of a set of Automation Models, Role Models, Change Models, Risk Models, and Control Models. They each drive individual compliance and groupings interactions which as a group drive common policy. Models often start in HR and monitor new employees, employee changes and employee terminations. These are called Joiner/Mover/Leaver events. From there, access models are created for the bulk of users who operate in self-service modes. In addition, IT security requires models for automation and control to closely monitor access activity, and the IT audit department needs special compliance and audit actions that wrap around the core of the enterprise s data protection strategy. Placing governance models at the center creates a stable, repeatable and scalable approach to enterprise identity control. Role Models Policy Models Risk Models IAM Platform Entitlement Models 9 SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management

Managing Risk is a Verb 5 Managing risk is the mechanism for how you know when an action falls outside of normal usage. Identity risk scoring can be accomplished by model in an advanced IAM system. Risk scoring allows for faster access authentication and tracking strategies. For instance, a low risk account may have only read privileges, no policy violations and no access to high risk data or applications. A high risk profile may have orphaned accounts, system administrative access to highly sensitive data with lots of privileges, or has been associated with active policy violations. These accounts may require event-based certification whenever something changes in their environments for logins rather than a simple quarterly review audit. Low Risk Medium Risk High Risk And in between are accounts upgraded from low risk or downgraded from high risk. For these, a series of failed login attempts may prompt immediate event-based certification, restrict their access request environments or other actions. In any case, knowing a user s risk profile helps in assessing how closely their online activities need to be monitored. Magnitude Vulnerability SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management 10

6 Connect to Everything When considering an integrated IT system such as identity access management, the most difficult decision an enterprise needs to make is determining how much of an existing platform to keep and how much needs to be replaced. Some parts of their internal IT architecture will stay the same and so the IAM system needs to be flexible enough to connect to everything and anything. Effective identity and access management requires connectivity from any kind of platform to any kind of data repository. This may mean working with older 3rd party provisioning platforms as well as more recent infrastructure like Mobile Device Management software managing mobile security or Service Management Platforms that may still be using manual fulfillment processes. Accomplishing this requires a direct connector framework with the ability to manage databases, directories and servers. Also important is the ability to provide out-of-the-box connectors for enterprise applications like SAP and Oracle Fusion, mainframe security managers, cloud and SaaS apps. Agent-less technology that makes each connector easier to deploy and maintain over time is key for a successful IAM platform deployment. IAM Provisioning MIM Mobile Device Management Platform SIM Service Management Platform PIM 3rd Party Provisioning Platform Connector Framework 11 SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management

Be Consistent 7 This may sound intuitive but consistency in all these actions and approaches is key. The business user wants access regardless of where the apps are served. The auditor only cares about compliance, not where data is stored. The IAM solution needs to bridge gaps like these seamlessly and consistently to secure the business in a scalable way. Regardless of where the data resides, one-off connections or patched provisioning should be excluded from the IAM implementation design, otherwise scalability will be impacted whether data is structured or unstructured. Structured Data Cloud / SaaS / Mobile Unstructured Data Enterprise / On-prem SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management 12

Summary The modern enterprise is more complex than ever and identity and access management is at its core. While it is possible for enterprises to piece together their own solutions, the number of rules, number of best practices, and number of intricacies involved with implementing a secure IAM solution is huge. There is a lot at stake. It only takes one misconfiguration to open your enterprise to anyone wanting in. Only SailPoint offers all these 7 tenets in one solution. Since our inception, SailPoint has been integrating complex IAM solutions for a wide range of customers in a wide range of markets. SailPoint is the IAM market leader and has been a Gartner Magic Quadrant market leader for several years with over 500 customers around the world. We are innovators in the area of identity and access management and have helped a lot of customers navigate through exactly the obstacles we have shared in the 7 tenets. We understand business users, business complexities and most of all, we understand what is at stake when it comes to accurate identity monitoring and compliance. You spent your life s work on your business. We have done the same in identity and access management. We have refined the mechanisms for fast and effective IAM strategy and are ready to share our vision, solutions and knowledge with your organization. Visit SailPoint.com for more information and to schedule a demonstration. 13 SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management

About SailPoint Corporate Headquarters 11305 Four Points Drive Building 2, Suite 100 Austin, Texas 78726 512.346.2000 USA toll-free 888.472.4578 www.sailpoint.com As the fastest-growing, independent identity and access management (IAM) provider, SailPoint helps hundreds of global organizations securely and effectively deliver and manage user access from any device to data and applications residing in the datacenter on mobile devices and in the cloud. The company s innovative product portfolio offers customers an integrated set of core services including identity governance, provisioning and access management delivered on-premises or from the cloud (IAM-as-a-service). For more information, visit www.sailpoint.com. 2015 SailPoint Technologies, Inc. All rights reserved. SailPoint, the SailPoint logo and all techniques are trademarks or registered trademarks of SailPoint Technologies, Inc. in the U.S. and/or other countries. All other products or services are trademarks of their respective companies.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information