SlideShare uma empresa Scribd logo

IAM Role Management

Transferir como PPT, PDF
S
sgjense

Role management

TecnologiaNegócios
1 de 17
Identity and Access Management 10 Steps to Role-based Access Control Steve Jensen Senior Director and Chief Information Security Officer Blue Cross Blue Shield of Minnesota
Identity Lifecycle Management Business Requirements > The ability to request and review access in terminology understood by the business. > Speed up the on boarding process. > Role based access control
Complexity of IT Security Directories Systems and Servers Applications and Tools Databases Software as a Service Active Directory Mainframe SAP DB2 MeDecisions Novell E-Directory z/Linux Lotus Notes IMS Salesforce.com Lotus Notes Directory Unix STAR Oracle Vurv SAP Employee Directory Microsoft Focus SQL Centreq 10+ 600+ 300+ 100+ 20+ Users  Groups  Permissions Resources
Terminology > Application Role – A functional role that a user plays when utilizing a business application or interfacing with an infrastructure component. – Specific to a single application – For example, roles for a HR recruiting application > Human resource recruiter > Human resource benefit’s specialist > Hiring Manager > Approver > Clerk > Enterprise Role – A combination of application roles that when combined, give a person the access required to do their job across all applications they access.
Our Solution: Identity Lifecycle Management Establish App. Role Management Establish Ent. Role Management Segregation of Duties Management Conduct Control Review New Request System New Request System Conduct Control Review Establish ID Warehouse
Step 1 – Create an identity warehouse > Leverage purchase by quick-win – password self- service functionality > Platform coverage should be a key purchasing decision > You will still need to build custom feeds – Legacy systems – Externally hosted systems – Proprietary security systems > Move to directory services whenever possible > Don’t just buy an IAM suite for “automated provisioning”. Focus on role management
Step 2 – Establish enterprise role management > Either design/build or purchase a role management product > Ensure product can meet business requirements > Include role management, role mining, and role attestation as bare-bones minimum requirements > Plenty of choices now on the market
Step 3 – Define application roles > Create application roles – Don’t attempt enterprise roles on day one – Don’t attempt to link roles to HR > Map one or more access groups into application roles. Leverage documentation, group comments, and group description fields > Add entitlements to provide flexibility > Combine like entitlements that have been applied on multiple platforms
Step 4 – Conduct online role attestation > Validate the assignments of application functionality to users > Must be in business terms – No acronyms – No technical terms – No security specific terms > Provide timely adjustments
Step 5 – Adjust request system > Change your request system to request via application roles instead of “IT technical lingo” > Immediate business value > Generate processes to keep role management in synch > Can show what access is in place, and they can add checks, or remove checks > My advice – do not make automated provisioning your goal just yet
Step 6 – Create enterprise roles > Go to each line of business with a plan > Assign role ownership – usually the manager > Allow for multiple enterprise roles per person > Advice – don’t try to align with HR job codes > KISS - Don’t focus on keeping roles to a minimum – you have role management software to deal with the complexity. > Adjust your role approval processes
Step 7 – Transparency - Conduct online role attestation > Validate the assignments of enterprise roles to users > Must be in business terms – No acronyms – No technical terms – No security specific terms > Provide drill-down capabilities to application roles
Step 8 - Adjust request system (again) > Change your request system to request a enterprise roles instead of application role > New request type – grant access of an enterprise role to an application role. > Tremendous business value > Generate processes to keep role management in synch > Again, show what access is in place, and they can add checks, or remove checks > Automation of provisioning is best done at this phase
Step 9 – Segregation of Duties Analysis > Solicit from internal audit > Solicit from risk management > Provide mutually exclusive application roles and do not allow a enterprise role to have both
Step 10 – Leverage and Measure > Apply role management from internal employees to address customers, suppliers, business partners, etc.
The transformation of access After STEP 1 (2007 - Obscure Technical Lingo) SA_ACCTRECCLK SAS_CML_GROUP_6 CARSVIEW … After STEP 3 (2008 - Application Roles) •Select Account (SAM) Accounts Receivable Clerk Access •Compliance Audit Review & Reporting System (CARS) - View Access •… After STEP 6 (2009 - Enterprise Roles) Select Account Receivable Clerk
Questions?

Recomendados

Software Developer in JAVA with 1 Year of Experience
Software Developer in JAVA with 1 Year of ExperienceSoftware Developer in JAVA with 1 Year of Experience
Software Developer in JAVA with 1 Year of Experience
Vijay Malusare
 
Requirements Engineering - Introduction
Requirements Engineering - IntroductionRequirements Engineering - Introduction
Requirements Engineering - Introduction
Birgit Penzenstadler
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
DataWorks Summit
 
Java EE Security API - JSR375: Getting Started
Java EE Security API - JSR375: Getting Started Java EE Security API - JSR375: Getting Started
Java EE Security API - JSR375: Getting Started
Rudy De Busscher
 
Postfix
PostfixPostfix
Postfix
Akila Jayarathna
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
Brian A. McHenry
 
Take a load off! Load testing your Oracle APEX or JDeveloper web applications
Take a load off! Load testing your Oracle APEX or JDeveloper web applicationsTake a load off! Load testing your Oracle APEX or JDeveloper web applications
Take a load off! Load testing your Oracle APEX or JDeveloper web applications
Sage Computing Services
 
Apache Knox - Hadoop Security Swiss Army Knife
Apache Knox - Hadoop Security Swiss Army KnifeApache Knox - Hadoop Security Swiss Army Knife
Apache Knox - Hadoop Security Swiss Army Knife
DataWorks Summit
 

Recomendados

Software Developer in JAVA with 1 Year of Experience
Software Developer in JAVA with 1 Year of ExperienceSoftware Developer in JAVA with 1 Year of Experience
Software Developer in JAVA with 1 Year of Experience
Vijay Malusare
 
Requirements Engineering - Introduction
Requirements Engineering - IntroductionRequirements Engineering - Introduction
Requirements Engineering - Introduction
Birgit Penzenstadler
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
DataWorks Summit
 
Java EE Security API - JSR375: Getting Started
Java EE Security API - JSR375: Getting Started Java EE Security API - JSR375: Getting Started
Java EE Security API - JSR375: Getting Started
Rudy De Busscher
 
Postfix
PostfixPostfix
Postfix
Akila Jayarathna
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
Brian A. McHenry
 
Take a load off! Load testing your Oracle APEX or JDeveloper web applications
Take a load off! Load testing your Oracle APEX or JDeveloper web applicationsTake a load off! Load testing your Oracle APEX or JDeveloper web applications
Take a load off! Load testing your Oracle APEX or JDeveloper web applications
Sage Computing Services
 
Apache Knox - Hadoop Security Swiss Army Knife
Apache Knox - Hadoop Security Swiss Army KnifeApache Knox - Hadoop Security Swiss Army Knife
Apache Knox - Hadoop Security Swiss Army Knife
DataWorks Summit
 
Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - Overview
Stephen Durrant
 
Bizweb Microservices Architecture
Bizweb Microservices ArchitectureBizweb Microservices Architecture
Bizweb Microservices Architecture
Khôi Nguyễn Minh
 
Deep Dive - OneDrive for business
Deep Dive - OneDrive for businessDeep Dive - OneDrive for business
Deep Dive - OneDrive for business
Satish Nagpal : Open for New Opportunity
 
Metadata Extraction and Content Transformation
Metadata Extraction and Content TransformationMetadata Extraction and Content Transformation
Metadata Extraction and Content Transformation
Alfresco Software
 
SharePoint Syntex 5 Practical Uses
SharePoint Syntex 5 Practical UsesSharePoint Syntex 5 Practical Uses
SharePoint Syntex 5 Practical Uses
Joel Oleson
 
Patterns of Evolutionary Architecture
Patterns of Evolutionary ArchitecturePatterns of Evolutionary Architecture
Patterns of Evolutionary Architecture
Shawn Button
 
SecDevOps - The Operationalisation of Security
SecDevOps - The Operationalisation of SecuritySecDevOps - The Operationalisation of Security
SecDevOps - The Operationalisation of Security
Dinis Cruz
 
Intelligently Collecting Data at the Edge - Intro to Apache MiNiFi
Intelligently Collecting Data at the Edge - Intro to Apache MiNiFiIntelligently Collecting Data at the Edge - Intro to Apache MiNiFi
Intelligently Collecting Data at the Edge - Intro to Apache MiNiFi
DataWorks Summit
 
The C10k Problem
The C10k ProblemThe C10k Problem
The C10k Problem
Subhadra Sundar Chakraborty
 
Asynchronous Processing with Outbox Pattern in .NET Core 3.0
Asynchronous Processing with Outbox Pattern in .NET Core 3.0Asynchronous Processing with Outbox Pattern in .NET Core 3.0
Asynchronous Processing with Outbox Pattern in .NET Core 3.0
Baris Ceviz
 
API and Big Data Solution Patterns
API and Big Data Solution Patterns API and Big Data Solution Patterns
API and Big Data Solution Patterns
WSO2
 
APEX Low Code
APEX Low CodeAPEX Low Code
APEX Low Code
DavidPeake15
 
Get Intelligent with Metabase
Get Intelligent with MetabaseGet Intelligent with Metabase
Get Intelligent with Metabase
Anant Corporation
 
Why HATEOAS
Why HATEOASWhy HATEOAS
Why HATEOAS
Lee Wayne
 
How Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudHow Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their Cloud
Torin Sandall
 
Testes em WebServices: Conceitos e Ferramentas
Testes em WebServices: Conceitos e FerramentasTestes em WebServices: Conceitos e Ferramentas
Testes em WebServices: Conceitos e Ferramentas
Júlio de Lima
 
KeePass: Základy, pokročilé využití a KeePass Enterprise (čtvrtek, 14.4.2022)
KeePass: Základy, pokročilé využití a KeePass Enterprise (čtvrtek, 14.4.2022)KeePass: Základy, pokročilé využití a KeePass Enterprise (čtvrtek, 14.4.2022)
KeePass: Základy, pokročilé využití a KeePass Enterprise (čtvrtek, 14.4.2022)
Michal ZOBEC
 
Hadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache KnoxHadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache Knox
Vinay Shukla
 
eBay Architecture
eBay Architecture eBay Architecture
eBay Architecture
Tony Ng
 
Ebook Central Submission Guide for Content Providers -- Revised, July 2020
Ebook Central Submission Guide for Content Providers -- Revised, July 2020Ebook Central Submission Guide for Content Providers -- Revised, July 2020
Ebook Central Submission Guide for Content Providers -- Revised, July 2020
Bowker
 
Transforming IT - ITaaS Onboarding
Transforming IT - ITaaS OnboardingTransforming IT - ITaaS Onboarding
Transforming IT - ITaaS Onboarding
Jerry Jermann
 
Surya_CV
Surya_CVSurya_CV
Surya_CV
Surya Pal
 

Mais conteúdo relacionado

Mais procurados

Intelligently Collecting Data at the Edge - Intro to Apache MiNiFi
Intelligently Collecting Data at the Edge - Intro to Apache MiNiFiIntelligently Collecting Data at the Edge - Intro to Apache MiNiFi
Intelligently Collecting Data at the Edge - Intro to Apache MiNiFi
DataWorks Summit
 
API and Big Data Solution Patterns
API and Big Data Solution Patterns API and Big Data Solution Patterns
API and Big Data Solution Patterns
WSO2
 
How Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudHow Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their Cloud
Torin Sandall
 
eBay Architecture
eBay Architecture eBay Architecture
eBay Architecture
Tony Ng
 

Mais procurados (20)

Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - Overview
 
Bizweb Microservices Architecture
Bizweb Microservices ArchitectureBizweb Microservices Architecture
Bizweb Microservices Architecture
 
Deep Dive - OneDrive for business
Deep Dive - OneDrive for businessDeep Dive - OneDrive for business
Deep Dive - OneDrive for business
 
Metadata Extraction and Content Transformation
Metadata Extraction and Content TransformationMetadata Extraction and Content Transformation
Metadata Extraction and Content Transformation
 
SharePoint Syntex 5 Practical Uses
SharePoint Syntex 5 Practical UsesSharePoint Syntex 5 Practical Uses
SharePoint Syntex 5 Practical Uses
 
Patterns of Evolutionary Architecture
Patterns of Evolutionary ArchitecturePatterns of Evolutionary Architecture
Patterns of Evolutionary Architecture
 
SecDevOps - The Operationalisation of Security
SecDevOps - The Operationalisation of SecuritySecDevOps - The Operationalisation of Security
SecDevOps - The Operationalisation of Security
 
Intelligently Collecting Data at the Edge - Intro to Apache MiNiFi
Intelligently Collecting Data at the Edge - Intro to Apache MiNiFiIntelligently Collecting Data at the Edge - Intro to Apache MiNiFi
Intelligently Collecting Data at the Edge - Intro to Apache MiNiFi
 
The C10k Problem
The C10k ProblemThe C10k Problem
The C10k Problem
 
Asynchronous Processing with Outbox Pattern in .NET Core 3.0
Asynchronous Processing with Outbox Pattern in .NET Core 3.0Asynchronous Processing with Outbox Pattern in .NET Core 3.0
Asynchronous Processing with Outbox Pattern in .NET Core 3.0
 
API and Big Data Solution Patterns
API and Big Data Solution Patterns API and Big Data Solution Patterns
API and Big Data Solution Patterns
 
APEX Low Code
APEX Low CodeAPEX Low Code
APEX Low Code
 
Get Intelligent with Metabase
Get Intelligent with MetabaseGet Intelligent with Metabase
Get Intelligent with Metabase
 
Why HATEOAS
Why HATEOASWhy HATEOAS
Why HATEOAS
 
How Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudHow Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their Cloud
 
Testes em WebServices: Conceitos e Ferramentas
Testes em WebServices: Conceitos e FerramentasTestes em WebServices: Conceitos e Ferramentas
Testes em WebServices: Conceitos e Ferramentas
 
KeePass: Základy, pokročilé využití a KeePass Enterprise (čtvrtek, 14.4.2022)
KeePass: Základy, pokročilé využití a KeePass Enterprise (čtvrtek, 14.4.2022)KeePass: Základy, pokročilé využití a KeePass Enterprise (čtvrtek, 14.4.2022)
KeePass: Základy, pokročilé využití a KeePass Enterprise (čtvrtek, 14.4.2022)
 
Hadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache KnoxHadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache Knox
 
eBay Architecture
eBay Architecture eBay Architecture
eBay Architecture
 
Ebook Central Submission Guide for Content Providers -- Revised, July 2020
Ebook Central Submission Guide for Content Providers -- Revised, July 2020Ebook Central Submission Guide for Content Providers -- Revised, July 2020
Ebook Central Submission Guide for Content Providers -- Revised, July 2020
 

Semelhante a IAM Role Management

Use Microsoft Flow Connectors to create a powerful business process app
Use Microsoft Flow Connectors to create a powerful business process appUse Microsoft Flow Connectors to create a powerful business process app
Use Microsoft Flow Connectors to create a powerful business process app
Markus Alt
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
Kellton Tech Solutions Ltd
 
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
PECB
 

Semelhante a IAM Role Management (20)

Transforming IT - ITaaS Onboarding
Transforming IT - ITaaS OnboardingTransforming IT - ITaaS Onboarding
Transforming IT - ITaaS Onboarding
 
Surya_CV
Surya_CVSurya_CV
Surya_CV
 
More
MoreMore
More
 
Use Microsoft Flow Connectors to create a powerful business process app
Use Microsoft Flow Connectors to create a powerful business process appUse Microsoft Flow Connectors to create a powerful business process app
Use Microsoft Flow Connectors to create a powerful business process app
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online training
 
An Standard ERP System- By Priyanka Chauhan
An Standard ERP System- By Priyanka ChauhanAn Standard ERP System- By Priyanka Chauhan
An Standard ERP System- By Priyanka Chauhan
 
User Maintenance Workflow Application
User Maintenance Workflow ApplicationUser Maintenance Workflow Application
User Maintenance Workflow Application
 
Managing Cloud identities in Hybrid Cloud | Sysfore
Managing Cloud identities in Hybrid Cloud | SysforeManaging Cloud identities in Hybrid Cloud | Sysfore
Managing Cloud identities in Hybrid Cloud | Sysfore
 
BA Resume
BA ResumeBA Resume
BA Resume
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
 
Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation
 
Senior Test Engineer
Senior Test EngineerSenior Test Engineer
Senior Test Engineer
 
shravan
shravanshravan
shravan
 
Kiran_CV
Kiran_CVKiran_CV
Kiran_CV
 
Day5 R3 Basis Security
Day5 R3 Basis SecurityDay5 R3 Basis Security
Day5 R3 Basis Security
 
MathumithaGnanasekaran_Resume(1)
MathumithaGnanasekaran_Resume(1)MathumithaGnanasekaran_Resume(1)
MathumithaGnanasekaran_Resume(1)
 
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
 
Resume
ResumeResume
Resume
 
User Manager
User ManagerUser Manager
User Manager
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Último (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

IAM Role Management

  • 1. Identity and Access Management 10 Steps to Role-based Access Control Steve Jensen Senior Director and Chief Information Security Officer Blue Cross Blue Shield of Minnesota
  • 2. Identity Lifecycle Management Business Requirements > The ability to request and review access in terminology understood by the business. > Speed up the on boarding process. > Role based access control
  • 3. Complexity of IT Security Directories Systems and Servers Applications and Tools Databases Software as a Service Active Directory Mainframe SAP DB2 MeDecisions Novell E-Directory z/Linux Lotus Notes IMS Salesforce.com Lotus Notes Directory Unix STAR Oracle Vurv SAP Employee Directory Microsoft Focus SQL Centreq 10+ 600+ 300+ 100+ 20+ Users  Groups  Permissions Resources
  • 4. Terminology > Application Role – A functional role that a user plays when utilizing a business application or interfacing with an infrastructure component. – Specific to a single application – For example, roles for a HR recruiting application > Human resource recruiter > Human resource benefit’s specialist > Hiring Manager > Approver > Clerk > Enterprise Role – A combination of application roles that when combined, give a person the access required to do their job across all applications they access.
  • 5. Our Solution: Identity Lifecycle Management Establish App. Role Management Establish Ent. Role Management Segregation of Duties Management Conduct Control Review New Request System New Request System Conduct Control Review Establish ID Warehouse
  • 6. Step 1 – Create an identity warehouse > Leverage purchase by quick-win – password self- service functionality > Platform coverage should be a key purchasing decision > You will still need to build custom feeds – Legacy systems – Externally hosted systems – Proprietary security systems > Move to directory services whenever possible > Don’t just buy an IAM suite for “automated provisioning”. Focus on role management
  • 7. Step 2 – Establish enterprise role management > Either design/build or purchase a role management product > Ensure product can meet business requirements > Include role management, role mining, and role attestation as bare-bones minimum requirements > Plenty of choices now on the market
  • 8. Step 3 – Define application roles > Create application roles – Don’t attempt enterprise roles on day one – Don’t attempt to link roles to HR > Map one or more access groups into application roles. Leverage documentation, group comments, and group description fields > Add entitlements to provide flexibility > Combine like entitlements that have been applied on multiple platforms
  • 9. Step 4 – Conduct online role attestation > Validate the assignments of application functionality to users > Must be in business terms – No acronyms – No technical terms – No security specific terms > Provide timely adjustments
  • 10. Step 5 – Adjust request system > Change your request system to request via application roles instead of “IT technical lingo” > Immediate business value > Generate processes to keep role management in synch > Can show what access is in place, and they can add checks, or remove checks > My advice – do not make automated provisioning your goal just yet
  • 11. Step 6 – Create enterprise roles > Go to each line of business with a plan > Assign role ownership – usually the manager > Allow for multiple enterprise roles per person > Advice – don’t try to align with HR job codes > KISS - Don’t focus on keeping roles to a minimum – you have role management software to deal with the complexity. > Adjust your role approval processes
  • 12. Step 7 – Transparency - Conduct online role attestation > Validate the assignments of enterprise roles to users > Must be in business terms – No acronyms – No technical terms – No security specific terms > Provide drill-down capabilities to application roles
  • 13. Step 8 - Adjust request system (again) > Change your request system to request a enterprise roles instead of application role > New request type – grant access of an enterprise role to an application role. > Tremendous business value > Generate processes to keep role management in synch > Again, show what access is in place, and they can add checks, or remove checks > Automation of provisioning is best done at this phase
  • 14. Step 9 – Segregation of Duties Analysis > Solicit from internal audit > Solicit from risk management > Provide mutually exclusive application roles and do not allow a enterprise role to have both
  • 15. Step 10 – Leverage and Measure > Apply role management from internal employees to address customers, suppliers, business partners, etc.
  • 16. The transformation of access After STEP 1 (2007 - Obscure Technical Lingo) SA_ACCTRECCLK SAS_CML_GROUP_6 CARSVIEW … After STEP 3 (2008 - Application Roles) •Select Account (SAM) Accounts Receivable Clerk Access •Compliance Audit Review & Reporting System (CARS) - View Access •… After STEP 6 (2009 - Enterprise Roles) Select Account Receivable Clerk