RSA Identity Management & Governance (Aveksa)

RSA Identity Management & Governance (Aveksa) 1

RSA IAM Enabling trusted interactions between identities and information Access Platform Authentication Federation/SSO Employees/Partners/Customers Identity Intelligence Governance Platform Compliance Identity Lifecycle Provisioning Applications/Data/Resources 2

RSA s Governance Platform Purpose-Built for Governance Lowest Cost of Ownership Fastest Time to Value Compliance Access Platform Reduce Compliance Efforts Employees/Partners/Customers Improve Authentication Compliance Effectiveness Identity Intelligence Applications Federation/SSO and Data Resources Identity Lifecycle Automate Joiner, Mover, Leavers Access Request with policy enforcement Provisioning Simple architecture streamlines deployment Business-driven provisioning Applications/Data/Resources Governance Platform Compliance Supervisor Reviews App Owner Reviews Data Ownership Reviews Segregation of Duties Policies Data Compliance Policies Governance Platform Compliance Identity Lifecycle Identity Lifecycle Provisioning Joiner, Mover, Leaver Access Request Portal Policy-Based Change Management Password Management Provisioning Task Notification Service Desk Integration Automated Provisioning 3

RSA s Identity Intelligence Identity Intelligence User Context and Activity Accounts Access & Entitlements Platform Rich User Context Business Roles Authentication Risk Analytics Authentication Federation/SSO Policies Unified view of Business Context One Brain for Better Access Decisions Complete Picture of User Access Rights, Job Employees/Partners/Customers Roles, Business Attributes Role Management Governance Platform Simplify Access Reviews and Compliance Policies Identity Intelligence Achieve Role-based Access Identity Control Lifecycle Connection to Business-level Provisioning Goals Corporate and Application Risk Integration with Security Ecosystem Enforce and Validate Authentication Policies Leverage Context for Better Threat Analysis Applications/Data/Resources and Triage 4

RSA Takes a Business Driven Approach to IAM Shift Decision Making and Accountability to the Business Governed by Info Security constraints Centralized Identity & Business Context One Brain for intelligence and operational efficiency Process-Driven Discrete, Measurable, Efficient Business Processes Policy-Based Automation Automated Policy Enforcement 5

A Business Process Perspective IT Security Information Security Line of Business Enable the Business: Ownership & Accountability Business Processes Ensure Compliance and Manage Risk Audit, Risk & Compliance Enterprise, Mobile & Cloud Applications and Data, DLP, SIEM, GRC 6

Customer Case Study 7

Overview & Business Drivers Profile Fortune 100 Investment and Retirement Planning Services: $500B USD under management 11,000 Users, 900 Managers 130 Critical Applications (Audited, High-Risk) IAM Program Shortcomings No Unified Visibility of Access Across Applications Manual and Inefficient Access Review processes Inefficient and Error-Prone Paper-Based Access Request Process Poor Business User Experience Inability to Define and Enforce Access Policies 12,000+ Orphan Accounts Unowned and Unmanaged Result : Audit Findings and Unhappy Line-of-Business 8

IAM Project Focus Compliance User Context and Activity Accounts & Entitlements Rich User Context Business Roles Risk Analytics Authentication Policies Identity Intelligence Supervisor Reviews App Owner Reviews Data Ownership Reviews Segregation of Duties Policies Data Compliance Policies Identity Lifecycle Joiner, Mover, Leaver Access Request Portal Policy-Based Change Management Password Management Provisioning Task Notification Service Desk Integration Automated Provisioning Governance Platform 9

IAM Project Overview Audit Findings Manual Access Review Process Poor Controls Around Access Request & Provisioning Uncontrolled Direct Access to Application Databases Deployed RSA Aveksa Solution Collaboration with Line-of-Business was Key to Success New Access Reviews Supervisor, Application Owner, Platform Owner New Access Request Portal Simple Web-Based UI Enforcement of Policies and Approval Processes 10

Before and After: Access Reviews 11

Supervisor Access Reviews: Before RSA Applications Security Administrators Database Administrators Run Reports Run DB Extracts Manual import & reconciliation Desktop Database Collection Managers Delegate to Admin or team Emailed to Reviewers! Reminders & Harassment Manual creation of spreadsheets Review Review Results & Change Requests Manual Logging of Results App Owner & System Administrators Manual Ticket Creation and Change Validation Execution of Changes in Systems Remediation Duration: 36 weeks 12

Supervisor Access Reviews: With RSA Collection Applications Scheduled & Automated Entitlement Collection Centralized IAM System Managers perform reviews directly Review Results & Change Requests Results automatically stored in centralized DB Web-Based UI! Automated Reminders App Owner & System Administrators Automated validation of change completion Manual Ticket Creation Automated System Reviews Initiated Execution of Changes in Systems Review Remediation Duration: 9 weeks 13

Before and After: Access Request 14

Access Request: Before RSA Access Request End Users User Fills Out Entitlements Access Request Form (Word Document) Manual Approval Request Email to LOB Manager Manual Approval Request Email to Business Process Owner Approval Flow! Manual Reminder & Harassment Help Desk Administrators Provisioning Provisioning Request Email Sent to Help Desk Manual Ticket Creation Manual Provisioning Duration: ~ 10 days 15

Access Request: With RSA Access Request End Users User Submits Access Request Web-Based UI Approval Notification Emailed to LOB Manager Approval Request Emailed To Business Process Owner Approval Flow! Automated Reminders Web-Based Approval UI Help Desk Administrators Provisioning Provisioning Request Email Sent to Help Desk Manual Ticket Creation Manual Provisioning Duration: 3 Days 16

Benefits Realized Improved Business and IT Efficiency Elimination of Audit Exceptions Earned Trust of Business Managers and Audit Group Metric Before After Improvement Time to complete User Entitlement Reviews 36 weeks 9 weeks 75% FTEs to manage Review Process 5 FTEs 2.5 during; 1 off-cycle 50%+ Orphan accounts 12,000+ 0 100% SoD Rules Defined & Enforced 0 150+ Unified Access Request Portal No Yes Automated Routing to Correct Approvers No Yes Application Owner Reviews No Yes Validation of Access Changes No Yes 17

Why RSA Aveksa? Architectural Superiority Purpose-Built for Identity Management & Governance Scalability and Performance Lowest TCO and Fastest Time-To-Value Configuration vs. Customization Business-Logic Driven not IT-provisioning Driven Completeness of Solution Integrated IAM Platform: Governance, Authentication, Intelligence Unified management of on-premise and cloud, Apps and Data 18

Q&A 19

Thank You 20

RSA s Platform Architecture Business Agility App Access Portal Operational Efficiency Access Lifecycle Policy Lifecycle Resource Lifecycle Reduced Risk Provisioning Remediation Monitoring Compliance Assurance Audit and Review Exception Handling Risk Analytics Business- Friendly UI Authentication / SSO Process Orchestration Integrated Workflow Identity, Resource, Policy Business Logic for Policy-based Governance Security Integration Fabric Collection Provisioning Events Data Query Integration Logic Directory Systems HR Systems On-premise Applications Data Shared Files Cloud Applications SIEM DLP GRC 21

Aveksa Functionality by Module Compliance Manager Role Manager Self-Service Access Request Automated, Agentless Collection User Access Certification Group Reviews Configurable Workflow Controls Automation (Rules) Reporting and Dashboards SaaS Version Available Role Mining and Design Role Life Cycle Management Role Synchronization Flexible, Hierarchical Role Model Role Membership and Entitlement Policies Business Friendly Access Request Self-Service Attribute and Policy Based Form Generation Proactive Policy Enforcement Orchestration Across Provisioning Endpoints SaaS Version Available Data Access Governance Provisioning and Fulfillment Single Sign On Access Governance for Unstructured Data File Shares and SharePoint Data Ownership Identification Data Access Reviews DLP Integration Automated User Access Changes Password Management Attribute Synchronization Configuration-Based Connector Development Integration with Existing Provisioning and Ticketing Systems Cloud-Based Service Desktop and Tablet Application Launchpad Pre-built SSO integration with over 2,700 SaaS applications. Multi-factor authentication and one-time password support. Integrated with Governance and Provisioning 22