Identity & Access Management



Similar documents
Data Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin.

SCADA Protocols and Security

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

Certified Identity and Access Manager (CIAM) Overview & Curriculum

Identity & Access Management in the Cloud: Fewer passwords, more productivity

The Top 5 Federated Single Sign-On Scenarios

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

Top Eight Identity & Access Management Challenges with SaaS Applications. Okta White Paper

Speeding Office 365 Implementation Using Identity-as-a-Service

managing SSO with shared credentials

Guideline on Implementing Cloud Identity and Access Management

RSA Identity Management & Governance (Aveksa)

Identity Governance Evolution

NCSU SSO. Case Study

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Take Control of Identities & Data Loss. Vipul Kumra

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

How to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment

A HIGH-LEVEL GUIDE TO EFFECTIVE IDENTITY MANAGEMENT IN THE CLOUD

2013 AWS Worldwide Public Sector Summit Washington, D.C.

CA Technologies Strategy and Vision for Cloud Identity and Access Management

Automated User Provisioning

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta Inc. 301 Brannan Street San Francisco, CA 94107

Centrify Cloud Connector Deployment Guide

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Increase the Security of Your Box Account With Single Sign-On

How to ensure control and security when moving to SaaS/cloud applications

How can Identity and Access Management help me to improve compliance and drive business performance?

Aurora Hosted Services Hosted AD, Identity Management & ADFS

How To Achieve Pca Compliance With Redhat Enterprise Linux

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Security of Cloud Computing for the Power Grid

The Jamcracker Enterprise CSB AppStore Unifying Cloud Services Delivery and Management for Enterprise IT

Business and Process Requirements Business Requirements mapped to downstream Process Requirements. IAM UC Davis

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Delivering value to the business with IAM

Identity and Access Management. An Introduction to IAM

identity management in Linux and UNIX environments

People-Focused Access Management. Software Consulting Support Services

Web Applications Access Control Single Sign On

Cordys Business Operations Platform

White Paper. Getting ahead in the cloud. the need for better identity and access controls

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

How To Manage A Cloud System

Logica Sweden provides secure and compliant cloud services with CA IdentityMinder TM

Google Apps Deployment Guide

White Paper. Simplify SSL Certificate Management Across the Enterprise

> Solution Overview COGNIZANT CLOUD STEPS TRANSFORMATION FRAMEWORK THE PATH TO GROWTH

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Executive Summary P 1. ActivIdentity

Provisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

Service Definition Document

THE BLUENOSE SECURITY FRAMEWORK

Identity and Access Management for the Cloud What You Need to Know About Managing Access to Your Clouds

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013

Domain 12: Guidance for Identity & Access Management V2.1

Azure Active Directory

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

The agile Cloud Brokerage approach. An innovative, business aligned and mature IT services delivery model!

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

Securing the Cloud through Comprehensive Identity Management Solution

Identity and Access Management Policy

White. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013

Secure Cloud Computing

Hybrid Cloud Identity and Access Management Challenges

Leveraging the Private Cloud for Competitive Advantage

Shared Services Canada (SSC)

How To Manage Security On A Networked Computer System

Technical Proposition. Security

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Identity and Access Management PI-1 Demo. December 2, 2014 Tuesday 10:00 A.M. 6 Story Street

Identity & access management solution IDM365 for the Pharma & Life Science

Transcription:

TY TI EN ID WHITE PAPER ON Identity & Access Management Prepared by Mohammed Samiuddin www.itmr.ac.in

Contents INTRODUCTION... 2 IDENTITY AND ACCESS MANAGEMENT FRAMEWORK... 3 AUTHENTICATION... 3 AUTHORISATION... 3 USER MANAGEMENT... 4 CENTRAL USER REPOSITORY... 4 IDENTITY AND ACCESS MANAGEMENT IN CLOUD... 5 BEST PRACTICES IN IDENTITY AND ACCESS MANAGEMENT... 6 LIMITATIONS OF IDENTITY AND ACCESS MANAGEMENT... 7 CONCLUSION... 7 ABOUT THE AUTHOR... 8 REFERENCE... 8 ABOUT... 8

Introduction To meet the challenges of today s world, organisations increase their business agility in secure environment and also invest huge sum in their IT infrastructure. The biggest challenge in information security is Identity and Access Management (IAM). In the recent years, IAM has emerged as the critical foundation for realising the business benefits in terms of cost savings, management control, and operational efficiency. Access to the information are scattered across the internal and external applications systems; thus, it is the responsibility of the organisation to manage them effectively. IAM is the security discipline that authorises users to access corporate systems and information. It helps prevent fraudulent access and use of data that could potentially impact the business, its partners, or its customers. Any organisation that has less effective IAM is highly prone to security risks. TY TI EN ID 2

Identity and Access Management Framework The main objective of IAM is to provide the right people with the right information at the right time. For the IAM framework to function properly, organisations must ensure correctness of the data. IAM components can be classified into four major categories: Authentication, Authorisation, User Management, and Central User Repository (Enterprise Directory). Authentication Authentication is the process of evaluating access credentials provided by the user. All the users need to be validated; users can be a person or an application. Authentication usually comprises of authentication management and session management. In this process, every user is authenticated and a session is created. User and the application interact through these sessions until the user logs off or the session is terminated due to time out. Authentication has become easier over the past few years, since more operating systems and applications now support technologies such as Active Directory (AD), LDAP, and Single Sign On / federation. Currently, organisations insist on Strong Authentication, which refers to multi-factor authentication or authentication protected by cryptographic means. However, authenticating users in manageable and trustworthy manner has become a challenge with the evolution of new technologies like cloud computing. Authorisation Authorisation is the process of mapping the actions that a user is allowed to take in terms of access to services or processing steps. Therefore, authorisation is the module that determines whether a user is permitted to access a particular resource. Authorisation must be flexible enough to provide both general and precise access to resources. For example, general access allows all employees have access to a particular application, whereas precise access only allows employees in a specific department to perform a certain operation in an application between the hours of 9 AM and 5 PM. Users should map logically to roles, such as database administrator, helpdesk operator, or application user within the context of an organisation or application. Authorisation presents a larger issue than authentication because, most applications are not leveraging directory services. Rather, they have their own built-in authorisation systems. 3

Identity and Access Management Framework User Management User Management is an authentication feature that provides administrators with the ability to identify and control the state of users logged into the application. This module comprises of user management, password management, and user/group provisioning. User management functionalities include identity creation, propagation, and maintenance of user identity and privileges. The key benefit of User Management is visibility into active user sessions. This can be useful for identifying the general login status of users or for making real-time decisions such as immediately logging off a user. Selfservice is another key benefit within user management, one such is the selfpassword reset which significantly alleviates the help desk workload to handle password reset requests. Central User Repository Central User Repository holds all the user identity information. Responsibilities of Central User Repository include, delivering identity information to other services and verifying credentials submitted by the users. Disparate identity data from different user repositories of applications and systems can be handled by Meta-Directory and Virtual Directory. Meta-Directory synchronises data from one or more external data sources into a single repository, providing an aggregate set of identity data. On the other hand, Virtual Directory delivers a unified LDAP view of consolidated identity information. 4

Identity and Access Management in Cloud The Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS), (SPI) cloud delivery models call for IT departments and the Cloud Service Provider (CSP) to jointly extend the organisation s IAM practices, processes, and procedures to cloud services in ways that are scalable, effective, and efficient for both the provider and its customers. One of the major challenges for organisations adopting cloud computing services is the secure and timely management of on-boarding (provisioning) and off-boarding (de-provisioning) of users in the cloud. In addition to this, organisation tends to move their existing systems to cloud. One of the vital requirements while utilising cloud is authenticating users in manageable and trustworthy manner. The access control requirements in SPI (SaaS, PaaS, and IaaS) environments include establishing trusted user profile and policy information, which is used to control access within the cloud service. For organisations that rely on cloud, it is important to understand how identity management can enable compliance with internal or regulatory requirements. Well-designed identity management can ensure that information about accounts, access grants, and segregation of duty enforcement at cloud providers, can all be pulled together to satisfy an organisation s audit and compliance reporting requirements. 5

Best Practices in Identity and Access Management To follow the hybrid nature of current technologies, organisations are forced to develop strategies in managing user identities and access to IT resources. The key task is managing access to applications and organisation data from different locations and devices without compromising on security. Ÿ Wide range of users access various applications and managing the users requires more effort. A robust IAM system ensures the software applications are updated as necessary and eliminates the requirement of manual intervention for provisioning and de-provisioning of users. Ÿ Accessing various applications and pages from different devices has become a necessity in the current world. Most of the applications require credentials to access, and remembering passwords is a challenge. IAM reduces the effort required by providing Single Sign On facility. Ÿ Using the advanced technologies, users are allowed to access applications remotely from different devices using different browsers. IAM takes the responsibility of handling access requests from disparate browsers without compromising on security. Ÿ A successful cloud infrastructure hosting must allow for integration of applications and frequent changes Ÿ Using cloud-based applications allows to pay for usage, in such cases, the IT departments are not able to trace the consumption levels. An Enterprise IAM solution must provide detailed reports on utilisation of resources Ÿ Efforts required in managing the reconciliation tasks should be avoided by automating the processes 6

Limitations of Identity and Access Management Complexity: Large organisations face challenges in identifying the job roles of employees and mapping them to appropriate level of access. For example: Two different resources with same designation may be performing different tasks and mapping them to applications for which they require access is not so easy. Role-based identity is highly complex and difficult to manage. Underestimating the need for IAM: Many business leaders underestimate the need of identity and access management. Organisations adoption to identity and access management requires a lot of effort. Conclusion Business demands and regulatory compliance require organisations to take a comprehensive approach to identity and access management. Implementation of IAM depends not only on the organisation IT team, but also on the management. In today s world, market changes rapidly. Therefore, it is the need for the organisation to implement a better IAM strategy - one that aligns with specific business needs without significantly increasing costs or risk. The implementation of IAM is a difficult project; however, it cannot be put at the bottom of the list due to resource or financial constraint. IAM will be effectively implemented only when organisations realise nothing is of higher priority than protecting the sensitive data. As IT organisations look to fully implement IAM while being pressured to manage expenses and head count, a hosted IAM solution will be the right choice. This is where cloud can be a valuable idea for an organisation. Hosted or In-house, an effective IAM is always a boon for organisations. 7

About the Author Mohammed Samiuddin spearheads the branding aspects & managing client relationships of. His passion includes speaking on cyber security threats, data security practices and new technological areas. Reference http://www.karingroup.com/eng/about/what_is_identity.pdf http://blogs.rsa.com/adaptive-iam-on-the-front-lines-of-cyber-security/ http://www.incommon.org/docs/iamonline/234-iam-online.pdf http://www.verizonenterprise.com/resources/whitepapers/wp_identity-andaccess-mgmt-imperative_en_xg.pdf http://www.okta.com/pdf/okta_whitepaper_top_8.pdf https://identacor.com/blog/best-practices-to-implement-safer-identity-andaccess-management/ http://www.csoonline.com/article/23279/federated-identity/three-idmanagement-challenges.html About Institute of Technology, Management and Research (), a division of Mamta Trust, is a premier institute that provides world class professional training programs for the corporates and academic sector. 's motto 'yogah karmasu kausalam' means 'Yoga is excellence in action' and is the foundation of its vision to evolve into a "CENTRE OF EMINENCE" to offer cutting edge vocational skills and mold professionals to become business and technical domain experts. 's professional and corporate training programs include several cutting edge to help working professionals acquire domain expertise and meet the current and emerging challenges in the IT world. Our flagship training program on Cyber security has (PDCIL) Professional Diploma in Cyber Investigations and Laws is a top of the class cyber security program in the country that trains top officials in the Police departments, Indian and International Banks, Military, Legal fraternity, Fortune Global companies and Blue Chip India IT companies. also offers research programs on Cyber Security (network security monitoring and access products), in association with Secure IQ, a leading provider of network security software products with headquarters in Fairfax, Virginia, USA and operations and development in Chennai, India. Institute of Technology Management & Research (Division of Mamta Trust) 2/85, Mugaliwakkam Road, Mugaliwakkam, Chennai - 6 25, Tamil Nadu, INDIA. Admin Office: HTC Towers, No.4, GST Road, Guindy, Chennai 6 32, Tamil Nadu, INDIA. Phone: +9 44 4345 35 / +9 44 4345 3349 Contact for More Information: training@htcitmr.ac.in 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information