The 7 Tenets of IAM Putting Identity Management at the Center of Security Darran Rolls, Chief Technology Officer
About SailPoint Magic Quadrant Leader, Gartner 2016 550+ Customers and Growing 95% Customer Satisfaction & Retention World s LARGEST Independent Identity & Access Management Vendor 40% International Business
Challenges that drive IAM Identity at the center of security How to take a governance-based approach Seven tenets of successful IAM infrastructure
Increasingly Complex Environment Business Partners Contractors IT STAFF EMPLOYEES Suppliers Customers HR Systems Directory Mainframe SaaS & Cloud Infrastructure Apps Devices
Ongoing Identity & Access Challenges Complex Data Access Over Entitled Users Complex effective access Unknown data classification Accumulated right & privileges Potentially toxic combinations Rogue Accounts Data Assets Privileged Access Fake accounts used for attack Undetected access and activity Users with keys to kingdom Poor visibility & accountability
RIGHT PEOPLE? RIGHT ACCESS? RIGHT DATA?
Appropriate use?
SECURITY PARADIGMS ARE SHIFTING FROM NETWORK-CENTRIC
TO USER-CENTRIC
User-Centric Approach to Security On-Premises Infrastructure SaaS & Cloud Apps BYOD Devices Authentication Systems People Accounts Relationships Governance Infrastructure as a Service Unstructured Data Corp Applications Platform as a Service
Taking a Governance-based Approach Who Does? INVENTORY & COMPLIANCE Who Should? POLICY & AUTOMATION Who Did? MONITORING & AUDIT CERTIFICATION & ANALYTICS ROLES, POLICIES & PROVISIONING ACTIVITY COLLECTION, REVIEW & ALERTING
Tenets of Successful IAM 1 2 3 4 5 6 7 Comprehensive Approach User Experience Identity Context Access Lifecycle Risk-based Controls Connectivity Consistency
IAM TENET 1: Comprehensive Approach Role Management Password Management Identity Analytics Compliance Controls IAM Platform Data Governance Single Sign-on Access Request
IAM TENET 2: User Experience
IAM TENET 3: Identity Context Identity Account Entitlement Data \\Shares\HR (read) ActiveDirectory darran@sailpoint.com Group=Accounting \\Shares\Corp (read write) Group=Users \\Shares\doc3 (read) Darran Rolls Data Profile1 SYSDBA RACF 1232123 Data Profile2 SYSOPER Data Profile3
IAM TENET 3: Identity Context Operations Infrastructure Identity Governance & Administration Security Infrastructure GRC Data Governance IT Service Management Mobile Device Management Identity Integrated Context Responsive @ Center Ecosystem Privileged User Mgmt. SIEM & DLP Applications & Infrastructure User Behavior Analysis
IAM TENET 4: Access Lifecycle Role Management HR: Joiners Movers Leavers AUDIT: Password Management Compliance Controls Automation Models Control Models Role Models GOVERNANCE MODELS Data Models Identity Analytics Data Governance BIZ USER: User Self-service IT : Compliance & Audit Single Sign-on Risk Models Access Request Automation & Controls
Impact IAM TENET 5: Risk-based Controls Low Risk Profile Medium Risk Profile High Risk Profile Identity Credit Risk Score Score Scope
IAM TENET 6: Connectivity Compliance Controls Password Management Access Request Role Management Identity Analytics Data Access Governance Identity & Access Management Identity & Access Management Identity & Provisioning Access Broker Management Integration Module Integration Module Integration Module Connector Framework Mobile Device Mgmt. Platform Service Mgmt. Platform 3 rd Party Provisioning Platform
IAM TENET 7: Consistency Self-service Automation Controls Governance Structured & Unstructured Data & Access Convenience Automation Controls Cloud / SaaS / Mobile Enterprise / On-prem
Tenets of Successful IAM 1 2 3 4 5 6 7 Comprehensive Approach User Experience Identity Context Access Lifecycle Risk-based Controls Connectivity Consistency
Thank you darran@sailpoint.com www.sailpoint.com