1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Similar documents
1 Introduction to Identity Management. 2 Identity and Access Needs are Ever-Changing

Regulatory Compliance Using Identity Management

Service Offering: Outsourced IdM Administrator Service

Integrating Hitachi ID Suite with WebSSO Systems

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

Password Management Before User Provisioning

The Unique Alternative to the Big Four. Identity and Access Management

RSA Identity Management & Governance (Aveksa)

Approaches to Enterprise Identity Management: Best of Breed vs. Suites

1 The intersection of IAM and the cloud

Best Practices for Identity Management Projects

Identity Governance Evolution

Identity and Access Management Point of View

Self-Service Active Directory Group Management

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

User Provisioning Best Practices

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

RSA Identity and Access Management 2014

Enterprise Identity Management Reference Architecture

The Return on Investment (ROI) for Forefront Identity Manager

Speeding Office 365 Implementation Using Identity-as-a-Service

Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, :00 AM

Self-Service, Anywhere

<Insert Picture Here> Oracle Identity And Access Management

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

Establishing A Multi-Factor Authentication Solution. Report to the Joint Legislative Oversight Committee on Information Technology

Identity Management Basics. OWASP May 9, The OWASP Foundation. Derek Browne, CISSP, ISSAP

When millions need access: Identity management in an increasingly connected world

Extending Identity and Access Management

Certified Identity and Access Manager (CIAM) Overview & Curriculum

Advanced Configuration Steps

Quest One Identity Solution. Simplifying Identity and Access Management

Take Control of Identities & Data Loss. Vipul Kumra

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

OracleAS Identity Management Solving Real World Problems

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

It s 2014 Do you Know where Your digital Identity is? Rapid Compliance with Governance Driven IAM. Toby Emden Vice President Strategy and Practices

Hitachi ID Password Manager Frequently Asked Questions for Help Desk Managers

Automated User Provisioning

Identity & Access Management Case Study & Lessons Learned. Prepared by Tariq Jan

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT

Identity and Access Management: The Promise and the Payoff

How can Identity and Access Management help me to improve compliance and drive business performance?

Identity Management. Presented by Richard Brown. November November MILCIS IdM

Hitachi ID Password Manager Telephony Integration

Centrify Cloud Connector Deployment Guide

Oracle Reference Architecture and Oracle Cloud

PROTECT YOUR WORLD. Identity Management Solutions and Services

Business-Driven, Compliant Identity Management

Foundation ACTIVE DIRECTORY AND MICROSOFT EXCHANGE PROVISIONING FOR HEALTHCARE PROVIDERS HEALTHCARE: A UNIQUELY COMPLEX ENVIRONMENT

The Top 5 Federated Single Sign-On Scenarios

Role Based Identity and Access Management Basic Infrastructure for New Citizen Services and Lean Internal Administration

Kenneth Hee Director, Business Development Security & Identity Management. Oracle Identity Management 11g R2 Securing The New Digital Experience

Provide access control with innovative solutions from IBM.

Made for MSPs by an MSP

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?

Cloud Computing. Mike Bourgeois Platform as a Service Point of View September 17, 2015

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

Aurora Hosted Services Hosted AD, Identity Management & ADFS

NC Identity Management (NCID)

Enterprise Management Solutions Protection Profiles

IBM Tivoli Identity Manager

Identity Relationship and Access Management for the Extended Enterprise

Identity & Access Management Gliding Flight. Paolo Ottolino PMP CISSP ISSAP CISA CISM OPST ITIL

Identity & access management solution IDM365 for the Pharma & Life Science

Identity and Access Management

1 Hitachi ID Suite. 2 Agenda. 3 Corporate. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

STRONGER AUTHENTICATION for CA SiteMinder

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management

P-Synch by M-Tech Information Technology, Inc. ID-Synch by M-Tech Information Technology, Inc.

Authentication: Password Madness

CA point of view: Content-Aware Identity & Access Management

<Insert Picture Here> Integrating your On-Premise Applications with Cloud Applications

Stephen Hess. Jim Livingston. Program Name. IAM Executive Sponsors. Identity & Access Management Program Charter Dated 3 Jun 15

The Benefits of an Industry Standard Platform for Enterprise Sign-On

Identity Management Overview. Bill Nelson Vice President of Professional Services

(A) User Convenience. Password Express Benefits. Increase user convenience and productivity

NCSU SSO. Case Study

Apache Syncope OpenSource IdM

ADSelfService Plus Client Software Installation Guide

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

Oracle Process Cloud Service Rapidly Automate & Manage Process Applications

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

C21 Introduction to User Access

Microsoft Enterprise Mobility Suite

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Transcription:

1 Building an Identity Management Business Case Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Justifying investment in identity management automation. 2 Agenda Business challenges due to managing identities, authentication factors and entitlements. Identity and access management (IAM) overview. IAM value proposition. Supporting metrics. Effective IAM projects. 3 Business Challenges 2015 Hitachi ID Systems, Inc. All rights reserved. 1

3.1 The User Lifecycle At a high level, the user lifecycle is essentially the same in all organizations and across all platforms. 3.2 IAM in Silos In most organizations, many processes affect many applications. This many-to-many relationship creates complexity: 2015 Hitachi ID Systems, Inc. All rights reserved. 2

3.3 Identity and Access Problems For users How to request a change? Who must approve the change? When will the change be completed? Too many passwords. Too many login prompts. For IT support Onboarding, deactivation across many apps is challenging. More apps all the time! What data is trustworthy and what is obsolete? Not notified of new-hires/terminations on time. Hard to interpret end user requests. Who can request, who should authorize changes? What entitlements are appropriate for each user? The problems increase as scope grows from internal to external. 3.4 Identity and Access Problems (continued) For Security / risk / audit Orphan, dormant accounts. Too many people with privileged access. Static admin, service passwords a security risk. Weak password, password-reset processes. Inappropriate, outdated entitlements. Who owns ID X on system Y? Who approved entitlement W on system Z? Limited/unreliable audit logs in apps. For Developers Need temporary access (e.g., prod migration). Half the code in every new app is the same: Identify. Authenticate. Authorize. Audit. Manage the above. Mistakes in this infrastructure create security holes. 2015 Hitachi ID Systems, Inc. All rights reserved. 3

3.5 Business Drivers for IAM Security / controls. Regulatory compliance. IT support costs. Service / SLA. Reliable deactivation. Strong authentication. Appropriate security entitlements. PCI-DSS, SOX, HIPAA, EU Privacy Directive, etc. Audit user access rights. Help desk call volume. Time/effort to manage access rights. Faster onboarding. Simpler request / approvals process. Reduce burden of too many login prompts and passwords. 3.6 IAM is Linked to Regulations Many regulations, in many jurisdictions, call for internal controls: This implies effective AAA: Authentication, Authorization and Audit. Every system already has AAA. The weakness is bad user/access data. The missing link is business process: Appropriate access rights. Timely access termination. Effective authentication. Identity and access management process and technology are needed to bridge the gap between business requirements and AAA infrastructure. 4 IAM Overview 2015 Hitachi ID Systems, Inc. All rights reserved. 4

Slide Presentation 4.1 Identity and access management Identity and access management is software to automate processes to securely and efficiently manage identities, entitlements and credentials: Processes: Policies: Data synchronization. Self-service requests. Authorization workflows. Manual and automated fulfillment. Connectors: Login ID assignment. Approvals workflow. Segregation of duties. Visibility, privacy. Applications. Databases. Operating systems. Directories. 4.2 Integrated IAM Processes Business processes Hire IT processes Retire Transfer Resign Fire Finish contract Start contract New application Retire application Password expiry Password reset Identity and Access Management System Operating systems Directory Application Database E-mail system ERP Legacy app Mainframe Systems and applications with users, passwords, groups, attributes 2015 Hitachi ID Systems, Inc. All rights reserved. 5

4.3 Connecting Users to Applications Identity and access management can be thought of as middleware for pulling security administration out of application silos. Users Hitachi ID Suite Target Systems Business processes User Objects Related Objects Employees, contractors, customers, and partners Synchronization / Propagation Request / Authorization Delegated Administration Consolidated Reporting Attributes Passwords Privileges Home Directories Mail Boxes PKI Certs. 5 IAM Value Proposition 5.1 IAM Benefits Identity and access management systems help organizations lower IT operating cost, improve user productivity and strengthen security: Security / compliance: IT cost: User service: Reliable, prompt and comprehensive deactivation. Policy enforcement: segregation of duties, role-based access. Simplify entitlement audit and cleanup. Consistently strong authentication. Reduce help desk, security admin workload and head count. Simplify, streamline audits. Simplify change management. Improve SLA new hire, new access. Fewer passwords to remember, enter. 2015 Hitachi ID Systems, Inc. All rights reserved. 6

5.2 Building a Business Case An investment in identity and access management processes and infrastructure is normally supported by cost savings, improved productivity and stronger security: Cost savings Productivity Security Reassign staff out of the help desk or user administration group. Help new users start work sooner and eliminate delays experienced by users who have problems or need changes. Any business case should be supported by metrics: Current state. Desired outcome. Clean up entitlements, enforce security policies and create audit logs. Comply with SOX, GLB, HIPAA, etc. 6 Supporting Metrics 6.1 Metrics: Password Management Cost savings Productivity Security Number of password problem help desk calls per month? Cost and duration of each call? Peak staffing to support post-weekend call volumes? Time spent by users before, during and after a typical password problem? Value of wasted user time? How does the help desk authenticate callers? Current vs. desired password policy on sensitive systems? Popularity of password "sticky notes?" Example targets: Reduce password help desk calls by 75%. Reduce total help desk calls by 25%. Reduce passwords per user to 2. 2015 Hitachi ID Systems, Inc. All rights reserved. 7

6.2 Metrics: IAM Cost savings Productivity Security Number of user add / change / deactivate operations per month? Cost and duration of each operation? Number of access security admin staff? Number of different forms used to request new / changed access? Average time spent by users making requests (find the form, fill it out, send it to the right people, etc.)? IT SLA to fulfill valid, authorized requests? SLA to terminate access for ex-employees? Ex-contractors? Example targets: Reduce onboarding time from 3 days to 3 hours. Reduce admin FTEs from 6 to 2. Terminate access within 1 hour of departure. 6.3 Metrics: Access Certification Cost savings Cost of user access audits? Cost of excess software licenses? Security Number of login accounts vs. number of real users? Security or regulatory exposure due to inappropriate entitlements? Total number of entitlements on integrated systems. Average number of entitlements per user. 2015 Hitachi ID Systems, Inc. All rights reserved. 8

6.4 Metrics: Privileged Access Management Cost savings Productivity Security Person days to change passwords on all privileged accounts. Annual cost for production migrations because developers cannot be granted temporary access. Number of admin password changes per month. Number of emergency admin access events per month. Number of privileged accounts per platform and total. Number of systems per shared privileged account. Time to deactivate terminated system administrators. Time to determine what systems a departed administrator accessed before leaving. Example targets: Time to deactivate administrator: 5 minutes. All admin passwords changed daily. 7 Effective IAM Projects 2015 Hitachi ID Systems, Inc. All rights reserved. 9

7.1 IAM Project Cost License and maintenance for components: Directory. Meta-directory. Identity administration and access governance. Password management. Web, enterprise single signon (SSO). Implementation services: Discovery, design. Installation, configuration. Testing, troubleshooting, user acceptance, pilot. User rollout. Incentives, user education and awareness. Servers Hardware. Operating system license. Rack space. Support services. Ongoing costs: System health monitoring. Adding features, integrations. User education, awareness. Ownership and coordination. 7.2 Minimizing Deployment Cost License model Included tech. Time savers Efficient platform Simple $/user includes: All features: Requests. Approvals. Automation. Certification. Password/PIN mgmt. Reports. All connectors. Unlimited servers. Auto-discovery. DB replication. Multi-master, active-active. 110+ connectors. Manual fulfillment. Proxy server. Included web portal, request forms. Reference implementation. Policy-driven workflow. Self-service ID mapping. Native code (EXE). Stored procs. No J2EE or Sharepoint app server. No separate products for workflow, reports, analytics, governance. Works with existing directory. 2015 Hitachi ID Systems, Inc. All rights reserved. 10

7.3 Change Management: The Human Factor Identity and access management can be political: There are many stake-holders: application owners, security administrators, the help desk, audit, network operations, etc. It s hard to get groups of people to agree on anything. Executive sponsorship is essential to drive consensus. The user community must be involved: Needs analysis. Usability. User training and awareness. Incentives and dis-incentives. This is more about business process than technology: How does your organization onboard new hires? manage change? terminate? Business logic must capture authorization, login ID allocation, etc. 7.4 Getting an IAM Project Started Build a business case. Get management sponsorship and a budget. Discovery phase, capture detailed requirements. Assemble a project team: security system administration user support etc. Try before you buy: Demos, POCs, pilots. Install the software, roll to production. Enroll users, if/as required. 500, 1401-1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@hitachi-id.com www.hitachi-id.com Date: December 14, 2015 File: PRCS:pres

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information