Identity Management. Presented by Richard Brown. November 2014. November 2014. MILCIS IdM

Similar documents
IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

Automated User Provisioning

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

RSA Identity Management & Governance (Aveksa)

Certified Identity and Access Manager (CIAM) Overview & Curriculum

The Unique Alternative to the Big Four. Identity and Access Management

Identity and Access Management. An Introduction to IAM

Identity Governance Evolution

<Insert Picture Here> Oracle Identity And Access Management

Identity Relationship Management

Strategic Identity Management for Industrial Control Systems

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

The Design Principles of Relationship Management

Ensim Unify INFRASTRUCTURE OPTIMIZATION FOR MANAGED SERVICE PROVIDERS. An Ensim Business Whitepaper

How To Improve Your Business

Identity and Access Management

Department of Technology Services

EOH Cloud Mobile Device Management. EOH Cloud Services - EOH Cloud Mobile Device Management

MICROSOFT HIGHER EDUCATION CUSTOMER SOLUTION

Length of time to deploy, difficult to use and costly to implement. Just provided basic functionality which added little business value.

C21 Introduction to User Access

How can Identity and Access Management help me to improve compliance and drive business performance?

Successful Real-World Implementations of Identity and Access Management

Identity & Access Management

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

It s 2014 Do you Know where Your digital Identity is? Rapid Compliance with Governance Driven IAM. Toby Emden Vice President Strategy and Practices

Extending Identity and Access Management

Provide access control with innovative solutions from IBM.

White Paper. Simplify SSL Certificate Management Across the Enterprise

Unlocking & Locking Big Data: Defending the DataLake

1 Introduction to Identity Management. 2 Identity and Access Needs are Ever-Changing

The Benefits of an Industry Standard Platform for Enterprise Sign-On

MICROSOFT HIGHER SOLUTION

Quest One Identity Solution. Simplifying Identity and Access Management

Creating a Holistic Mobility Strategy Revised Edition. Strategy Analytics Business Mobility Solutions June 2009

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

Is Your Identity Management Program Protecting Your Federal Systems?

Identity & Access Management new complex so don t start?

The Return on Investment (ROI) for Forefront Identity Manager

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

INTELLIGENCE DRIVEN IDENTITY AND ACCESS MANAGEMENT

Identity Management with midpoint. Radovan Semančík FOSDEM, January 2016

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR OPTIMIZING BUSINESS PROCESS MANAGEMENT IN GOVERNMENT

Your Mobility Strategy Guide Book

Executive Summary P 1. ActivIdentity

Unifying framework for Identity management

RSA Identity and Access Management 2014

15 Rules for a Successful User Management and Provisioning Project

Identity and Access Management: The Promise and the Payoff

Get more value from virtualisation

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

Remote Support: Key Metrics to drive Improvement in your Center

Governed Migration using Dell One Identity Manager

We needed more flexibility and one source of truth. At a glance. XMPro orchestrates grant management at. Catholic Education Commission NSW

Identity Relationship and Access Management for the Extended Enterprise

Identity Management with SAP NetWeaver IdM

Open Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0

Big Data, Big Risk, Big Rewards. Hussein Syed

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Key New Capabilities Complete, Open, Integrated. Oracle Identity Analytics 11g: Identity Intelligence and Governance

Simplify SSL Certificate Management Across the Enterprise

Enterprise Identity Management Reference Architecture

Intelligent Security Design, Development and Acquisition

Identity and Access Management (IAM) Roadmap DRAFT v2. North Carolina State University

The Principles of Audit Automation for Access Control

How to build an Identity Management System on Linux. Simo Sorce Principal Software Engineer Red Hat, Inc.

PRIME IDENTITY MANAGEMENT CORE

The Benefits of an Integrated Approach to Security in the Cloud

The Top 5 Federated Single Sign-On Scenarios

Business and Process Requirements Business Requirements mapped to downstream Process Requirements. IAM UC Davis

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

Arisant s Identity Management (IdM) for K-12 Education

The Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap

Identity Access Management Challenges and Best Practices

Identity, Credential, and Access Management. An information exchange For Information Security and Privacy Advisory Board

Softerra Adaxes Enterprise Directory Solution

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?

- Identity & Access Management

Identity Management Overview. Bill Nelson Vice President of Professional Services

Identity Management Basics. OWASP May 9, The OWASP Foundation. Derek Browne, CISSP, ISSAP

Providing Full Life-cycle Identity Management

CERN, Information Technology Department

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Technical Layer (Technical Interoperability) Information Layer (Information Interoperability. Business Layer (Business Process Interoperability)

Identity and Access Management Point of View

INTEGRATING THE TWO WORLDS OF PHYSICAL AND LOGICAL SECURITY

Identity and Access Management The road to sustained compliance

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

ConCERTO Secure Solutions for Converged Systems

Finance. Resources. Operations. Marketing. Workflow Hero s Line of Business. Conversation Guide.

API Architecture. for the Data Interoperability at OSU initiative

Aurora Hosted Services Hosted AD, Identity Management & ADFS

Streamlining Identity and Access Management through Unified Identity and Access Governance Solutions

SOA FOUNDATION DEFINITIONS

Government's Adoption of SOA and SOA Examples

Identity Access Management: Beyond Convenience

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014

ESKITP Manage IT service delivery performance metrics

Governance, Risk & Compliance for Public Sector

Transcription:

Identity Management Presented by Richard Brown

Who is Cogito? Who are we? Why listen to us? Started as an information protection company working on the ADO PKI Moved into IdM as natural progression to information integrity and security work. Hard to see linkage? IdM can be the point from which all other access protections are provisioned or derived. IdM systems with incorrect data are worse than useless. Keeping the information correct and relevant to organisational needs is key. We re an SI all about ensuring information and identity integrity

Overview What is Identity Management (IdM)? What does it do? Why do we need IdM? Challenges Benefits Approach Where is IdM headed?

What is IdM? Definition: Identity Management is a collection of processes an organisation uses to manage the security lifecycle of resources for it s entities.

What is IdM? An entity refers to an identifiable user of enterprise resources and can include: Individuals Devices Processes Applications Generally anything that can interact in a network computing environment.

What is IdM? An Entity can also include users from outside the organisation: Customers Web Services An Entity is not limited to a single user and can represent a group or role.

Correspond to Consist of What is IdM? An identity is the set of attributes that uniquely identify an entity. We distinguish between real and online identity (although they are linked) Pure identities are defined by a series of properties Entities Identities Attributes

What does it do? Identity management helps an organisation manage their: Entities Organisations Sub organisations Resources

Why do we need IdM? It allows an organisation to protect its data. It protects data by: Access and rights management to resources Policy enforcement (on accounts, entitlements, etc.) Avoiding errors and omissions Managing relationships between Identities (more on this later)

Why do we need IdM? An effective IdM suite can provide: Security: Segregation of duties Multiple approval workflows Auditing: Fraud detection Fault detection and rectification Metrics: Reporting Analytics

Why do we need IdM? Identity Management integrates existing services: HR Directory services (LDAP, AD, etc.) Certificate authorities Smart-card issuance Physical Access as well as Logical Access Automation: Batch processing of thousands of users at once Workflows for resource access authorisation, software licence distribution etc.

Challenges Complexity It can be difficult to see full benefits: Prior to implementation Reporting of additional benefit after implementation Integration challenges Data Extraction, Transformation, Load and Sync can be complex and time consuming But this simplifies automation: Spend 2 minutes once to save 1 every week going forward

Challenges Benefit vs Costs Hard to sell the need Complex backend benefits can be hard to sell to wider executive. Long term nature of benefit vs up front cost Large outlay prior to realising benefit Cost comes prior to implementation Project Definition to define benefits Planning to: realise as many outcomes as is possible. Avoid exacerbating existing issues.

Challenges Hard to quantifying all benefits Benefits often spread wide across the organisation Some benefits small on individual but large collectively are not able to be measured. Defined ROI cycles: measured in 1 st year but not 10 th Stakeholders Successful engagement of a large number of stakeholders (touches many solutions). Protection of turf.

Benefits Cost savings: Prevention of losses through fraud, error or omission Rationalisation of: Effort Management of disparate processes and systems Silo data manipulation and sync Silo error rectification Systems Reduced storage Software, Hardware and Licencing Allow for cheaper options in disparate system Whole systems or processes can be retired

Benefits Improved efficiencies through: Automation Reduced errors and omissions Streamlined secondary authorisation Reduced helpdesk calls Compliance: Audit and reporting capabilities improve compliance with security policies and regulations

Benefits Improved client experience through: Streamlined user interface with a single portal Simplified provisioning and de-provisioning of services Simplified access to applications Reduced training imposts

Benefits Most important non-cost benefit to Government is Information Protection: Privacy National Security Note: NIST indicated that companies could save approx. $142 per user per annum in support costs ($14.2 million per annum for 100,000 users)

Approach Project Approach Large project benefits One large procurement exercise, but leads to less flexibility later. Achievements delivered faster, but more upfront costs less ongoing costs, but does not grow with the organisation Project based approach delivers defined goals on defined timelines to indicate success or failure. Easier to tie payments to milestone achievements, but often leads to cost overruns for items not envisaged. Don t see all or most of the benefits until the end

Approach Program Approach Program of works controlled by an overarching roadmap Can be seen as harder to judge success, but just needs defined timelines of deliver like a project. Longer times to deliver full capability, but less upfront costs and some milestones delivered sooner Less chance of cost blowouts during implementation More able to handle unexpected events, or changes in an organisation s priorities. Does not assume a static environment. Grows as needed Can see failure earlier and at less cost

Where is IdM headed? How did we get here (reminder)? Identity Management Traditional IdM is about management of an identity within an enterprise Allows the bringing together of information about an identity from disparate systems to provide a holistic view Allows the distribution of these details to disparate systems Provides management of the lifecycle of an identity Initially IdM within the Enterprise was targeted at employees only but was later extended to include Contractors/Partners.

Where is IdM headed? How did we get here? Access Management (AM) or Identity and Access Management (IAM) The management of access to applications within the Enterprise Traditional AM was for Single (or Simplified) Sign On within the Enterprise Reducing the number of user names and password increased security reduced the burden on individuals to remember passwords Achieved a cost reduction on password resets etc AM was extended to include access to applications outside the Enterprise or between Enterprises (Federation).

Where is IdM Headed? What have I become? Identity Relationship Management (IRM) Growth of the internet and ever increasing connectivity of people and devices. IdM has grown to now encompass customers of the Enterprise The definition of Identity now extends to include devices. No longer about just managing the identity of people accessing services Enterprise now needs to gain an understanding of the relationship it has with identities.

Pillars of IRM IRM is a growing area within the arena of IdM. It moves Identity from being a technical capability to include a business focus It has two pillars: Business Technical

Pillars of IRM Business Consumers and Things over Employees Adaptable over Predictable Top Line over Operating Expense Velocity over Process

Pillars of IRM Technical: Internet Scale over Enterprise Scale Dynamic Intelligence over Static Intelligence Borderless over Perimeter Modular over Monolithic

The laws of relationships The Kantara Initiative is an open organisation setup to share issues across the identity community. Works towards solving technical and interoperability issues. Work currently being conducted to establish a Laws of Relationships akin to the existing Laws of Identity

The laws of relationships Currently a work in progress but provides the following: Axioms of Relationships: Scalable Number of actors, relationships and attributes Administration Actionable Need to authorise actions

The laws of relationships Types of relationships Immutable Immutable relationships between a product and manufacturer. Contextual Can t access a system from overseas Transferable Delegation (Watch keeper)

The laws of relationships Laws of Relationships: Provable Proving a relationship between parties Acknowledgeable Parties must acknowledge the relationship Revocable Revoking a relationship Constrainable Constraining the relationships

Military How does this relate in a military context: Post Sept 11 the need for increased interoperability, sharing and collaboration was realised. Still need to maintain control over information and access Provide Adaptive Access Management: know the relationship between user and device know when an identity is logging in from a different device/area/region and challenge for additional authentication Provide flexible services to meet operational tempo Rapidly allow access to information/systems/collaborative tools Remove that access when no longer required

Questions? Thanks for listening. Please stop by our booth for: further discussion a demonstration of some IdM technologies a demonstration of other information protection solutions

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information