Identity and Access Management



Similar documents
secure user IDs and business processes Identity and Access Management solutions Your business technologists. Powering progress

Role Based Identity and Access Management Basic Infrastructure for New Citizen Services and Lean Internal Administration

Business-Driven, Compliant Identity Management

Compliance & SAP Security. Secure SAP applications based on state-of-the-art user & system concepts. Driving value with IT

Trusted business data. Data Center Services. Siemens IT Solutions and Services

Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, :00 AM

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

Business-Driven, Compliant Identity Management

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT

SAM Enterprise Identity Manager

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

The Unique Alternative to the Big Four. Identity and Access Management

SAP Solution in Detail SAP NetWeaver SAP NetWeaver Identity Management. Business-Driven, Compliant Identity Management

Identity and Access Management Point of View

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

Provide access control with innovative solutions from IBM.

SAP ERP FINANCIALS ENABLING FINANCIAL EXCELLENCE. SAP Solution Overview SAP Business Suite

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Identity & access management solution IDM365 for the Pharma & Life Science

1 Introduction Product Description Strengths and Challenges Copyright... 5

Foundation ACTIVE DIRECTORY AND MICROSOFT EXCHANGE PROVISIONING FOR HEALTHCARE PROVIDERS HEALTHCARE: A UNIQUELY COMPLEX ENVIRONMENT

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

White paper December Addressing single sign-on inside, outside, and between organizations

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

Automated User Provisioning

How can Identity and Access Management help me to improve compliance and drive business performance?

<Insert Picture Here> Oracle Identity And Access Management

CA SiteMinder SSO Agents for ERP Systems

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

Status: Final. Form Date: 30-SEP-13. Question 1: OPDIV Question 1 Answer: OS

The Return on Investment (ROI) for Forefront Identity Manager

Identity Management Overview. Bill Nelson Vice President of Professional Services

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Enterprise Management Solutions Protection Profiles

The Benefits of an Industry Standard Platform for Enterprise Sign-On

IBM Maximo technology for business and IT agility

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Sarbanes-Oxley Compliance and Identity and Access Management

White Paper Identity and Access Management (IAM). Gain Agility through IAM in Companies and Complex Supply Chains.

Manufacturer to Enhance Efficiency with Improved Identity Management

Enterprise Identity Management Reference Architecture

Sun and Oracle: Joining Forces in Identity Management

Aurora Hosted Services Hosted AD, Identity Management & ADFS

EXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report

Research. Identity and Access Management Defined

Password Management Buyer s Guide. FastPass Password Manager V 3.3 Enterprise & Service Provider Editions

Approaches to Enterprise Identity Management: Best of Breed vs. Suites

When millions need access: Identity management in an increasingly connected world

Choosing an SSO Solution Ten Smart Questions

Identity and Access Management: The Promise and the Payoff

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

Citrix Password Manager 4.5 Partner and Sales FAQ

1 Introduction to Identity Management. 2 Identity and Access Needs are Ever-Changing

Simplify and Secure Cloud Access to Critical Business Data

RSA SecurID Two-factor Authentication

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

White Paper The Identity & Access Management (R)evolution

Identity Management Basics. OWASP May 9, The OWASP Foundation. Derek Browne, CISSP, ISSAP

Open Source Business Rules Management System Enables Active Decisions

VENDOR REPORT by Martin Kuppinger April Atos DirX. KuppingerCole

Presentation to House Committee on Technology: HHS System Identity & Access Management

Customer success story: Clal Group Ltd

EDUCAUSE Security Presentation. Chad Rabideau Senior Consultant Identity Management AegisUSA

OracleAS Identity Management Solving Real World Problems

The Four "A's" of Information Security

How To Achieve Pca Compliance With Redhat Enterprise Linux

Entrust Secure Web Portal Solution. Livio Merlo Security Consultant September 25th, 2003

How the Quest One Identity Solution Products Enhance Each Other

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

PROTECT YOUR WORLD. Identity Management Solutions and Services

Security management solutions White paper. Extend business reach with a robust security infrastructure.

SAP NetWeaver Identity Management Experiences from an Implementation at Colgate-Palmolive Company

Service management White paper. Manage access control effectively across the enterprise with IBM solutions.

iworks healthcare Administrative Systems Integration

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

Password Management Before User Provisioning

SOA REFERENCE ARCHITECTURE: WEB TIER

Open source business rules management system

Five Business Drivers of Identity and Access Management

CoSign by ARX for PIV Cards

IBM Software Group. Deliver effective governance for identity and access management.

Cybersecurity and Secure Authentication with SAP Single Sign-On

Transcription:

Cut costs. Increase security. Support compliance. www.siemens.com/iam

Scenarios for greater efficiency and enhanced security Cost pressure is combining with increased security needs compliance requirements in particular to cause enterprises and other organizations to look for new ways of optimizing their business processes. An (IAM) system gives them efficient support in doing that. IAM solutions enhance the security and quality of processes while also reducing costs. For example, they control access rights for IT resources, centralized authentication for portal applications, and the use of external partner applications. And they enable efficient administration. However, IAM solutions can do much, much more. As an integral component of vertical solutions, they provide increased support for core industry-specific processes. Recent examples include the implementation of the EU Services Directive for the public sector, hospital information systems and the electronic case record for the healthcare sector as well as partner networks for automobile manufacturers and their suppliers. Siemens offers IAM solutions based on its proven DirX product family. The following scenarios show the potential of this portfolio. Efficient integration of new employees high productivity New employees should get started with productive work as quickly as possible. DirX provides them with access rights to the IT resources they need in the shortest possible time. It does so in automated fashion and in a single step in keeping with the employees defined role and for all systems connected to DirX (provisioning). DirX then provides the users with efficient support in doing their work. Selfservice functions, such as quick and easy resetting of forgotten passwords, save time and reduce the workload on the help desk. Workflows such as approvals under the two pairs of eyes principle, automatically integrate the right people in coordination processes. And administrators can work more productively since they no longer have to handle authorizations manually. The right access rights for the right people at the right time DirX lets employees access only that information and those services that they need and for which they are authorized. For instance, developers do not usually have access to ordering systems or processes relating to invitations to tender. However, if they switch to a different role in sales, for example, their rights are changed in a single step. The same naturally applies if they leave the company their user permissions are revoked in full. This keeps people from accidentally retaining rights that no longer apply. DirX enables unambiguous identities and offers highly secure authentication with one-time passwords, smart cards or biometrics, for example. Solutions for recognizing fingerprints, hand veins or facial features can be used, depending on the needs of the specific case. Observance of compliance regulations Compliance, i.e. the observance of legal, regulatory and internal policies, requires that financial or personal data and the intellectual property of enterprises and organizations be protected. Publicly listed companies must document all transactions truthfully. Even if employees do not know the specifics of all the many relevant regulations, IAM with DirX gives them effective help in complying with the rule that the person submitting an application cannot also be the one who approves it, for example. Audit and reporting functions provide complete tracking of who accessed what and who approved it. Trusted cooperation with partners In a partnership, for example between manufacturers and suppliers in the automotive industry, DirX lets employees share information and services of their own company and similar resources of the partner s. The partners mutually trust each other s identities. The security required here is achieved with Identity Federation technology. The solution is not only secure, but also highly efficient, since it significantly reduces administrative overhead. Access to IT and buildings The use of smart cards or biometrics makes sure that only authorized employees have access to buildings and specially protected rooms. DirX offers a particularly efficient solution here: The same technology is used on the PC to enable secure IT access, so that the automatic assignment of rights covers both the IT and access control systems. When smart cards are used as employee IDs, this automated approach also includes the administration and issuing of the cards. DirX transfers the data for the employees to the card management system and assigns them access profiles. Single sign-on for portal applications Thanks to DirX, employees only have to log on to a portal once in order to use the applications and services integrated in it. With their single electronic identity, they can use not only the SAP solutions in the SAP NetWeaver portal, for instance, but also all third-party applications provided via the portal if they have authorization for them. In addition, external users contractors, for example can also be integrated without letting unauthorized persons access the resources provided by the portal. Efficiency in mergers and acquisitions Speed and security are crucial factors in the success of mergers and acquisitions. Among other things, employees have to be able to access the new organization s IT resources as quickly as possible. IAM is an elegant and efficient solution for combining the different user management systems into a single central system. With the aid of DirX s outstanding role management facility, the required user permissions can be granted in the shortest possible time. International compliance requirements Sarbanes-Oxley Act (SOX) Confirmation by the CEO and CFO of the accuracy and reliability of financial statements and the adequacy of internal control systems. More stringent criminal-law provisions. Basel II Banks need sufficient equity and monitored risk management. With the help of greater transparency, the goal is to make the financial market more secure for all players. Foreign Corrupt Practices Act Law against corruption. Publicly listed companies must document all transactions. Sentencing Guidelines These guidelines govern the penalty for crimes. They also contain stipulations on the efficiency of compliance programs. Regulations of the Food and Drug Administration (FDA) Controls on protecting public health in the U.S. Applies to products made in and imported to the U.S. 2 3

Siemens is unique in the IdM market because it can combine professional services and technology to integrate modular capabilities into a broader solution set that encompasses smart cards and converged physical/logical IdM on a global basis. with DirX a unique offering Burton Group report on DirX Identity, October 2008 Users Employee Partner Supplier Customer Biometrics Smart cards Secure tokens Single Sign-On Identity Federation Authentication Security in SOA environments Service-Oriented Architectures (SOAs) allow applications to be built from individual, loosely linked and interoperable services. Resources and application interfaces are made accessible as independent services in the network and can be shared by different enterprises and organizations. Administration User & role Management Self service & delegation Provisioning Workflows Metadirectory Audit Authorization Policy enforcement Policy & entitlement management Web services security This is recommended for implementing the EU Services Directive, for example, since such an architecture can give government agencies outstanding cost-efficiency thanks to sharing of the new resources they have to provide. Of course, there are special security requirements here. IAM with DirX makes certain that only authenticated and authorized Web services are executed. Target systems Web Portals Platforms Applications An acknowledged solution Analysts recognize Siemens as a world leader in role management and the integration of IAM in comprehensive security solutions for heterogeneous IT landscapes. This is particularly true for SAP environments. Moreover, Siemens is the only vendor able to combine IAM with professional services and smart card technology and biometrics to create a solution that includes physical and logical access. This integration expertise is also incorporated in Siemens own solutions, for example in Product Lifecycle Management. DirX is the leader in terms of scalability, reliability and high availability and offers outstanding flexibility when it comes to the automated creation of users, assignment of rights and operation. Proven in many industries DirX solutions have been in widespread use in a broad range of industries for over 10 years. And Siemens has its own pool of internal industry expertise in the public sector, healthcare, financial services and power engineering, for example. That is why Siemens can assess the needs of its customers so well and offer them tailored solutions for Identity and Access Management ranging from project consulting, analysis and planning, solution implementation and maintenance to training. Siemens is one of the pioneers in IAM technology and has always played an active part in standardization and new developments. Recent examples include the electronic case record for the healthcare sector and SOA Identity Services for auto makers and their suppliers. The DirX portfolio With its DirX family, Siemens offers its own product suite of perfectly tuned and integrated individual components. DirX Identity Comprehensive Identity Management for automated user and rights management. DirX Audit Effective support for compliance through continuous identity auditing of user access and user rights. DirX Directory A high-end directory server for ebusiness and egovernment environments. DirX Access Secure and reliable access management and Identity Federation for Web and SOA environments. Professional services and consulting We offer an extensive range of Identity and Access Management services in connection with our DirX products: project consulting, analysis and planning, solution implementation and maintenance, and training. Support of regulatory compliance, integration in SAP, security for SOA and Web environments, Hospital Information Systems, business partner networks, integration of logical & physical security, 4 5

First we created a total concept a requirement inventory. Siemens offered us a role-based solution, which seemed to suit us perfectly. We initially tested it in a field trial, and it worked perfectly. All of our requirements could be integrated one hundred percent. Jürgen Lorek, Internal Auditor, Generali Insurances Successful solutions DirX systems from Siemens are used successfully around the world by wellknown customers in a wide range of industries as a standalone implementation or an integral part of vertical solutions. Here are just a few examples. Healthcare To provide their patients with stateof-the-art medical care, hospitals are looking for ways to cut costs while also increasing efficiency and security. For that, they need leaner administrative processes, information that is always upto-date pager numbers, for example and a reliable and auditable means of granting users access rights to highly sensitive data. Several large hospitals and hospital groups rely on IAM with DirX to achieve these goals. In addition, Siemens, together with a large German hospital group, is involved in developing and testing the electronic case record, work that is being led in Germany by the Fraunhofer Society. The file can be accessed across hospital boundaries if needed when dealing with the patient. The security required here can only be achieved with Identity Federation. egovernment To cut administrative costs and speed up processes such as those for handling resident registration or tax returns, for example, many government agencies have already introduced electronic processes. Under the EU Services Directive, these processes are now mandatory and must be implemented quickly. The goal is to make it easier for people to begin offering and performing services, ensure their quality and guarantee the highest possible security. DirX solutions are being used successfully by many administrative bodies, from the municipal to the state level. The oldest egovernment solution commissioned by a government body has been in productive operation for more than 10 years. In part to implement the EU Services Directive, Siemens is partnering with the Fraunhofer Society to develop innovative egovernment solutions and is contributing the experience gathered in its many projects. Banking and insurance Banks require highly secure authentication solutions. Moreover, acquisitions and mergers are frequent in the banking and insurance arena, and customers who use a bank s credit cards, for example, expect these organizational changes to be made smoothly. That is only possible if the new organization works productively as soon as possible. Siemens integrated the user and rights management systems of five insurance companies that had been merged under a single roof. Five different manual administration systems were transformed into a single automated IAM solution based on centrally assigned user roles. Virtually the entire authentication and authorization process is now fully automated across all applications and systems, smoothly and securely. Automotive industry The automotive industry requires secure and efficient internal business processes. For many customers in the automotive industry, Siemens has installed IAM solutions in which the HR database and an array of other systems, including Microsoft Outlook, Exchange and Active Directory Services or SAP systems, have been synchronized for ordering processes, for example. The result is a secure and efficient user and rights management system. Increasingly, manufacturers also want to enable the secure integration of their partners in their processes. As part of a Federated Identity Management project (SESAM), involving Siemens and other IAM vendors and their customers, IAM is being developed in an SOA environment so that auto makers and suppliers can access shared identities. Universities Colleges and universities must manage a large volume of data on students and temporary academic staffers and give them the necessary IT access rights. Since the fluctuation rate in these user categories is high, universities need a very flexible system to handle such tasks. Moreover, many offices, labs and other rooms require special protection, so there is a particular need for integrated solutions that cover both physical access and access to IT. Thanks to IAM, Siemens has been able to slash the administrative overhead at universities, enable flexible role-based assignment of user rights and successfully deploy its portfolio for integrated physical and logical access. 6 7

Siemens IT Solutions and Services GmbH Otto-Hahn-Ring 6 81739 Munich, Germany Global Info Desk Tel.: +49-1805-444713 it-solutions@siemens.com All hardware and software names used are brand names and/or trademarks of their respective holders. Siemens IT Solutions and Services GmbH, 2010. Right of modifications reserved Order No. U29782-J-Z401-2-7600 10/10 Printed in Germany www.siemens.com/it-solutions

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information