RSA Via Lifecycle and Governance 101 Getting Started with a Solid Foundation
Early Identity and Access Management Early IAM was all about Provisioning IT tools to solve an IT productivity problem Meet SLA s to the business
JULY 30, 2002
Seemingly Simple Questions Who has access to what? How did they receive it? How confident are you that people have only appropriate access? Are you compliant with internal and external security guidelines? How do you currently onboard new employees? Contractors? Other users? How much time and effort do you spend provisioning user access? How do you manage the complete identity lifecycle? What if you could easily answer these questions?
Current Challenges Audit, Risk & Compliance Increased Compliance & Threat Requirements Line of Business Business Efficiency & Agility Demands Information Security Team Increasing Complexity & Scale of Infrastructure Applications Cloud & Mobile IT Infrastructure Data
IAM 2.0 Access Governance Accesovrnance Apps Plus One View of All Access Business Managers VIA Perform Access Reviews File Share Directories HR Systems DB Security Team VIA Enforce Access Policies Systems Cloud Audit Team VIA Obtain Access Forensics Apps All Company Resources Centralized and Automated Key Governance Processes IAM Team VIA Simple GUI Administration
Two Primary Drivers Driver: Secure Access Driver: Achieve Compliance Multi-factor Auth Single-Sign On Federation Via Access Entitlements Via Governance Roles Policies Fulfillment Certifications Governance Reviews Authorization Request Via Lifecycle Collections
Question: What is the largest driver of an Identity and Access Management Solution in your Organization? Increase Visibility and Control of User Access Reduce Cost of Identity and Access Management Reduce Risk Caused by Inappropriate User Access Improve Audit Readiness and Continuous Compliance Enable Business Users to make Access Decisions Results
RSA Via The Smart Identity Solution that protects from endpoint to cloud Via relies on context, not just static rules And adapts to constantly changing environments Via Access Via Governance Via is business-driven so informed decisions keep it in lock-step as the business evolves Via enables comprehensive visibility across traditional silos, providing greater insight into how users and information interact Via Lifecycle Via delivers consumer levels of usability Making lives easier for end users while enabling the business
RSA Takes a Business-Driven Approach to Lifecycle & Governance RSA Via Lifecycle and Governance Built on RSA s Market-Leading Identity Management and Governance (IMG) platform Platform Benefits Shift Decision Making and Accountability to the Business Centralized Identity & Business Context Business Process-Driven Policy-Based Automation
A Phased Approach Visibility & Certification Policy Management Access Request Role & Group Management Account & Entitlement Collection Segregation of Duties Access Request Portal Role Discovery & Definition Access Reviews Joiners, Movers, and Leavers Policy-Based Change Management Role Maintenance Data Visibility Compliance Controls Access Administration Group Analysis & Cleanup Provisioning Task Notification Service Desk Integration Automated Provisioning
A Business Process IT Security Perspective Audit, Risk & Compliance Ensure Compliance and Manage Risk Business Processes Enable the Business: Ownership & Accountability Line of Business Information Security Visibility and Control across Entire IT infrastructure Enterprise, Mobile & Cloud Applications and Data
Important News about RSA Via Lifecycle and Governance Rebranded from RSA Identity Management and Governance to RSA Via Lifecycle and Governance (RSA Via L&G) First New release with new branding Version 7.0 External Launch: July 22, 2015 Themes: Make it Easy, Visibility and Effectiveness, Performance and Scale, One RSA
Continued New Improvements - Visibility and Effectiveness Time to Value improvements in 7.0 - Unauthorized Change Detection - Rapid App Collector for App onboarding and configuration guides - Playbooks and Best Practices Guides - Online Context Sensitive Help - Enhanced Platform - High Availability and Disaster Recovery - Improved Performance and Scale
EMC IT A Real World Example
EMC IT EMC Data points 70,000 employees + contractors worldwide EMC ranks 128 in the Fortune 500 Reported revenues of $24.4 billion in 2014 Joe Dowling Director Identity Management EMC IT
Access Management Challenges No authoritative source of user access Multiple access request systems Approval group management not up to date Complex architecture - Identity Management Solution with other vendors Result : Audit Findings Unhappy Line-of-Business Productivity loss Manual recertification process for SAP ~300 Spreadsheets Months to complete
Project Considerations Objectives Reduce access recertification time Increase effectiveness of reviews Automated access collection and fulfillment Implementation Deployed RSA IMG platform Collected Identity data Collected ERP access entitlements Collected role approvers Configured access reviews Real time reporting Intuitive easy to use web interface
EMC Access Reviews: Now! Collection Applications Scheduled & Automated Entitlement Collection RSA IMG Managers perform reviews directly Web-Based UI! Automated Reminders Automated System Reviews Initiated Review Review Results & Change Requests Results automatically stored in centralized DB App Owner & System Administrators Automated validation of change completion Manual Ticket Creation Execution of Changes in Systems Remediation
Quick Wins Realized Remediated audit findings Reduction in time to complete User Access Reviews Improved reporting on orphaned accounts Auditor approved solution Established a single user access repository High approval rating from business users
Phased Implementation Next Steps Develop and establish mover process Continue to expand user access collection Develop Roles/ACLs based on job function Establish Role Lifecycle Management Establish automatic provisioning/deprovisioning of access
Lessons Learned Don t underestimate data quality issues Cross functional team dependencies Establish top down support Establish a decision matrix for application inclusion Choose a product that simplifies architecture and support Communicate, communicate, communicate
Questions?
Why RSA? Configuration, Not Customization Superior Architecture Fastest Time-to-Value Lowest TCO Enables Business Agility Business-Driven Centralized Identity Store Provisioning 2.0 RSA Identity Management and Governance Comprehensive Security Solution Integrated Part of RSA s Security Portfolio Cloud and Mobile Support Intelligence-Driven Security
Configuration, Not Customization Visibility & Certification Coding-Centric 70% Policy Management Configuration-Based Access Request Role & Group Management 70% of customers go live within 4 months Configuration eliminates need for complex coding Simple project phases Fastest Time-to-Value Configuration, not Coding Phased Projects SaaS and on-premise options Lowest TCO Less reliance on external consultants Self-sufficient IAM teams Enables Business Agility Quickly respond to new business demands Easily adapt to infrastructure and organizational changes
Superior Architecture Access Reviews Access Request & Approvals Business-Driven Streamlined business processes Separates business and integration logic Collections XMDB one brain Identities Accounts Entitlements Roles Policies Workflows Centralized Identity Store (XMDB) Rich identity context across all resources, users, and attributes Automated Manual Access Changes Provisioning Business logic Integration logic Provisioning 2.0 Fast and simple app onboarding Accelerate provisioning via automation Resources
Comprehensive Security Solution XMDB one brain Easily Integrate with Security Ecosystem Part of RSA s Leading Security Portfolio Connect to SIEM, GRC, Authentication, DLP and SSO Visibility Analysis Action Cloud and Mobile Support Seamless management of SaaS apps MyAccessLive: Identity-as-a-Service MyAccessMobile: Native Mobile App SIEM GRC Authentication DLP SSO Intelligence-Driven Security Visibility, Analysis, Action
Why Provisioning 2.0? Provisioning deployments have failed to reach the level of maturity that customers expect Provisioning technologies are arduous to deploy and require significant development efforts Gartner Provisioning 1.0 Difficult to Connect Applications Ineffective Solution Fails to Meet Today s Needs Provisioning 2.0 Rapid Application Onboarding Governance-Driven Meets Current and Future Needs
How RSA Delivers Provisioning 2.0 Rapid Application Onboarding Configuration, not customization Reduce onboarding effort by 75% Governance-Driven via Business Processes Ensure all users have appropriate access Simplifies the provisioning problem + Meets Current and Future Needs Leverage existing provisioning for added value Easily support cloud and mobile initiatives
An Integrated Approach to IAM Access Intelligence Existing Identity Infrastructure GRC ASOC Strong, contextsensitive authentication Via Access Via Governance Policies Roles Attributes Entitlements Reviews Provisioning Via Lifecycle Policies and Processes Access Request & Approval Workflows
Configuration, Not Customization Creating an Access Review for just a few groups SailPoint: Heavy Coding Required RSA IMG: Simple Configuration
Configuration, Not Customization Provisioning Connector Creation Sun IDM: Heavy Coding Required RSA IMG: Simple Configuration
PROGRAM SCOPE Which App and Data Resources? Which Business Processes? Provisioning: Replace or Augment? Collections Access Reviews Access Request Roles Policies Approvals XMDB one brain Change Validation Resources Manual Provisioning Automated
Challenge: Scale and Scope of Identity Information Controls Applications Directories File Shares SharePoint Databases 10,000 Users 100,000 Accounts 10M User Entitlements 1,000 Information Resources Each user has 10 accounts Each account has 100 entitlements Each application has 10-100+ entitlement types
RSA s IMG Platform Architecture Business Agility Operational Efficiency Reduced Risk Compliance Assurance Business- Friendly UI Process Orchestration Identities, Resources, Policies Integrated Workflow Business Logic for Policy-based Governance Security Integration Fabric Integration Logic Directory Systems HR Systems On-premise Applications Data Shared Files Cloud Applications SIEM DLP GRC