SlideShare uma empresa Scribd logo

Crossideas Segregation of Duty Approach

M
Marco Venuti
TecnologiaNegócios
1 de 33
CrossIdeas     IDEAS  for  Iden4ty  &    Access  Governance     Our  Unique  SOD  (Segrega/on  of  Du/es)  approach   crossideas.com  
Company  overview   •  CrossIdeas is a leading innovator in Identity & Access Governance Solutions, enabling organizations to achieve their Compliance, Audit and Risk Management goals •  CrossIdeas is the result of the MBO of Engiweb Security – originally founded in 2001 – from the Engineering Group, one the largest SI in Europe. •  CrossIdeas is the only vendor in the market to offer Access Governance and Entitlement Management on a single platform •  90 customers in Energy, Banking, Manufacturing, Public administration and Law Enforcement •  Key clients are ENEL (Energy), Piaggio (Manufacturing), Italian Tax Enforcement Police (Govt), Italian Health Care Ministry, Regione Veneto, Ministry of Internal Affairs crossideas.com  
IDEAS  Capabili4es   •  IDEAS  addresses  all  areas  of   Audit  and   Access   Compliance   Iden4ty  &  Access  Governance   Repor:ng   Cer:fica:on   and  Risk   Intelligence   •  IDEAS  is  “IAM  agnos4c”,   integra4ng  with  your  exis4ng   Iden4ty  Management  layer   Authoriza:on   Workflow   Role   Life  Cycle   Segrega:on  of   Du:es   •  IDEAS  offers  En4tlement  Server   Management   capability  as  part  of  the  IAG   Role  Mining   En:tlement   Compliance   Management   Control  for  SAP   plaGorm  (unique  in  the  market)   Compliant  User  Provisioning   Processing   Applica:on   SOA   SPML   Connec/vity   Connectors   Integra:on   crossideas.com  
IDEAS  Segrega:on  of  Du:es:  Key  Strengths   •  Both detection and prevention of SoD conflicts •  Centralized SoD policies enforced across the whole enterprise •  Real-time SoD checks for all new authorizations •  Automatic assignment of compensating controls •  Business-oriented SoD model simplifies administration •  Platform-independent model supports heterogeneous environments •  Native support for SAP roles and authorization objects •  Data-domain concept reduces false-positive SoD conflicts •  “Dry-run” feature tests changes to SoD policies before deploying to production crossideas.com  
IDEAS  covers  SOD  as  part  of  the  full  Access  Lifecycle   Access  Governance   Iden/ty     Segrega:on   of  Du:es   Intelligence   Iden:ty   SAP   Risk   Compliance   Repor:ng  &   Access   Dashboards   Cer:fica:on   Roles   En:tlements   IDEAS  Core   Access   Iden:ty   Policies   Events   Role   Audit   Life-­‐Cycle   Access   Request   Role  Mining   Workflow   Compliant     En:tlement   Server   User  Provisioning   En/tlement  Management   crossideas.com  
IDEAS  SOD:  demo  agenda   Business-oriented SoD model SoD Detection Compensating Controls Real-time SoD Prevention SoD Domains reduce false positives SoD “Dry-Run” tests changes to SoD rules Summary crossideas.com  
Business-­‐Oriented  SoD  Model   Business-oriented SoD model is easily managed by business specialists. • Business processes broken down into “activities” • SoD rules define conflicts Purchase Order Creation Purchase  Order  Crea:on   among these activities Purchase  Order  Approval   Purchase Order Approval Receive  Supplier  Shipment   Verify  Supplier  Shipment   Example: Purchase Order Creation conflicts with Purchase Order Approval and 2 other activities. crossideas.com  
Business-­‐Oriented  SoD  Model   Business and IT aspects of Process Process the SoD rules can be Process Business managed independently: 1 Specialists                                                              Activity                       Activity             • Business specialists define Activity 2 ! processes and conflicting Ac/vity   Activity IT activities. 3 Specialists Permission Permission • IT specialists map activities to Permission technical permissions. Applica4on   Applica4on   ü This reduces management overhead and improves scalability. crossideas.com  
SoD  Demo  –  Ac4vi4es  and  Conflicts   Associate   conflic4ng   ac4vi4es   Conflic4ng   ac4vi4es   Navigate activity hierarchy – select activity to inspect it. Business specialists manage this part. crossideas.com  
SoD  Demo  –  Ac4vi4es  and  Permissions   Associate   profiles   Associated   permissions   IT specialists manage this part. crossideas.com  
Segrega4on  of  Du4es  –  Demo  Agenda   ü Business-oriented SoD model SoD Detection Compensating Controls Real-time SoD Prevention SoD Domains reduce false positives SoD “Dry-Run” tests changes to SoD rules Summary crossideas.com  
SoD  Demo  –  SoD  Detec4on   5  different  SoD    analyses,   typically  run  nightly,  or  on   demand   A full scan of users and roles detects existing SoD risks. crossideas.com  
SoD  Demo  –  SoD  Detec4on   SoD  conflict  details   for  a  specific  user     Users  with  SoD  conflicts   listed  here.   Full details of detected SoD conflicts facilitate analysis and remediation. crossideas.com  
Segrega4on  of  Du4es  –  Demo  Agenda   ü Business-oriented SoD model ü SoD Detection Compensating Controls Real-time SoD Prevention SoD Domains reduce false positives SoD “Dry-Run” tests changes to SoD rules Summary crossideas.com  
SoD  Demo  –  Compensa4ng  Controls   A pair of conflicting activities can have one or more associated “compensating controls”. •  The compensating control allows the conflicting activities to be safely assigned to a user. •  IDEAS SoD automatically requires that at least one of the compensating controls be assigned. crossideas.com  
SoD  Demo  –  Defining  a  Compensa4ng  Control   Pre-define compensating controls, such as periodic reviews, or automated or manual checks. crossideas.com  
SoD  Demo  –  Associa4ng  a  Compensa4ng  Control   List  of  suitable   compensa4ng   controls   Add  more  suitable   compensa4ng   controls  here   Select  conflic4ng   ac4vity   Select  ac4vity   Associate one or more suitable compensating controls with each pair of conflicting activities. crossideas.com  
Segrega4on  of  Du4es  –  Demo  Agenda   ü Business-oriented SoD model ü SoD Detection ü Compensating Controls Real-time SoD Prevention SoD Domains reduce false positives SoD “Dry-Run” tests changes to SoD rules Summary crossideas.com  
SoD  Demo  –  Real-­‐4me  SoD  Preven4on   IDEAS automatically identifies SoD conflicts in real- time when they arise in access request workflow: • Displays the conflict details • Automatically proposes appropriate compensating controls according to the conflict or risk level • Workflow for escalation and compensation is very flexible and configurable. crossideas.com  
SoD  Demo  –  Workflow  Example   We will demo real-time SoD prevention using this workflow example: Informal   Request   Risk  Analysis   Approval   Request   formaliza4on   User or Application Risk Business Manager Manager Officer Process Owner •  User  or  Manager   •  Applica4on   •  If  there  is  a   •  Business  process   enters  request  in   Manager   conflict,  Risk   owner  approves   free  text   translates  the   Officer  reviews   or  denies  the   request  into   the  authoriza4on   request   •  No  technical   and  assigns  a     specific  roles   knowledge   risk-­‐mi4ga4ng   required   •  SoD  detec:on   control   here   crossideas.com  
SoD  Demo  –  Informal  Access  Request   UI  skinnable  with   company  branding   Role-­‐based  menu   Enter “informal” access request here in free-text. User or Manager makes an access request in simple text – not technical application Self-­‐service  func4ons   knowledge required. crossideas.com  
SoD  Demo  –  Informal  Access  Request   SoD conflict is detected as soon as the access request is formalized. Conflict  details  here   crossideas.com  
SoD  Demo  –  Risk  Analysis   SoD conflict escalated to Risk Officer for analysis and compensation. Select  Compensa4ng   Control   Approve  SoD  conflict   with  compensa4ng   control.   crossideas.com  
Segrega4on  of  Du4es  –  Demo  Agenda   ü Business-oriented SoD model ü SoD Detection ü Compensating Controls ü Real-time SoD Prevention SoD Domains reduce false positives SoD “Dry-Run” tests changes to SoD rules Summary crossideas.com  
SoD  Demo  –  SoD  Domains     Without the SoD Domain concept, this example SoD Domains would generate a false positive SoD conflict: separate Create purchase order ⊗ Approve purchase order independent business units: Order office Approve generator materials order • SoD conflicts do not cross domains. Corporate Services Operations Domain • SoD Domains Domain No conflict! reduce false positive SoD conflicts. SoD conflicts require follow-up analysis by a person, so too many false- positive results are time-consuming and wasteful. If false-positives are too common, then the system cannot be considered reliable. crossideas.com  
SoD  Demo  –  SoD  Domains   Domains are easy to define because they typically correspond to groups of applications. These  are  the  defined   domains.   A  domain  is  defined  as   a  set  of  applica4ons   that  manage  the  data   in  the  domain.   crossideas.com  
SoD  Demo  –  SoD  Domains   This is the domain SoD conflicts are always within a single domain. crossideas.com  
Segrega4on  of  Du4es  –  Demo  Agenda   ü Business-oriented SoD model ü SoD Detection ü Compensating Controls ü Real-time SoD Prevention ü SoD Domains reduce false positives results SoD “Dry-Run” tests changes to SoD rules Summary crossideas.com  
SoD  Demo  –  “Dry-­‐Run”  Tests  Changes  to  SoD  Rules   SoD “dry-run” tests changes to SoD policies before deploying to production: • Multiple SoD environments can be created or copied to test alternative sets of SoD rules • After dry-run testing, changes can be promoted to production crossideas.com  
SoD  Demo  –  “Dry-­‐Run”  with  SoD  Environments   Promote  environment   Create  new   to  produc4on   environment   Copy  environment   Specify  which  parts  of  the   environment  to  copy   Create as many SoD environments as required to test alternate SoD rule sets. At any time, an environment can be switched into or out of production, so deployment and fallback are predictable. crossideas.com  
Segrega4on  of  Du4es  –  Demo  Agenda   ü Business-oriented SoD model ü SoD Detection ü Compensating Controls ü Real-time SoD Prevention ü SoD Domains reduce false positives ü SoD “Dry-Run” tests changes to SoD rules Summary crossideas.com  
IDEAS  SoD:  Value  and  Benefits   •  Reduce the risk of fraud, conflicts of interest and human error in business processes •  Detect and remediate existing SoD conflicts, including SAP •  Prevent new SoD conflicts before they arise •  Consolidate SoD controls under business oversight •  Assure a transparent and auditable authorization process •  Promote a clean separation between business-oriented access policies and technical administration •  Promote best-practice processes in change management for SoD rules crossideas.com  
Any  IDEAS?     For  more  informa4on   Andrea.rossi@crossideas.com   +39  335  1435578     crossideas.com  

Recomendados

Strategies for Reducing Access Controls Risk
Strategies for Reducing Access Controls RiskStrategies for Reducing Access Controls Risk
Strategies for Reducing Access Controls Risk
Artur Alves
 
Gordon baisley - eircom - Introducing the EDM role with www.softtest.ie
Gordon baisley - eircom - Introducing the EDM role with www.softtest.ieGordon baisley - eircom - Introducing the EDM role with www.softtest.ie
Gordon baisley - eircom - Introducing the EDM role with www.softtest.ie
David O'Dowd
 
Aras ALM Workshop for PLM Configuration Management
Aras ALM Workshop for PLM Configuration ManagementAras ALM Workshop for PLM Configuration Management
Aras ALM Workshop for PLM Configuration Management
Aras
 
What's New in Novell Identity Manager 4.0
What's New in Novell Identity Manager 4.0What's New in Novell Identity Manager 4.0
What's New in Novell Identity Manager 4.0
Novell
 
Radovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsRadovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A Pitfalls
SOA Symposium
 
Hypothesis Based Testing: Power + Speed.
Hypothesis Based Testing: Power + Speed.Hypothesis Based Testing: Power + Speed.
Hypothesis Based Testing: Power + Speed.
STAG Software Private Limited
 
Omnikron Services 2009
Omnikron Services 2009Omnikron Services 2009
Omnikron Services 2009
Robin Borough
 
Identity and Request Management Using Novell Identity Manager: Identity Manag...
Identity and Request Management Using Novell Identity Manager: Identity Manag...Identity and Request Management Using Novell Identity Manager: Identity Manag...
Identity and Request Management Using Novell Identity Manager: Identity Manag...
Novell
 

Recomendados

Strategies for Reducing Access Controls Risk
Strategies for Reducing Access Controls RiskStrategies for Reducing Access Controls Risk
Strategies for Reducing Access Controls Risk
Artur Alves
 
Gordon baisley - eircom - Introducing the EDM role with www.softtest.ie
Gordon baisley - eircom - Introducing the EDM role with www.softtest.ieGordon baisley - eircom - Introducing the EDM role with www.softtest.ie
Gordon baisley - eircom - Introducing the EDM role with www.softtest.ie
David O'Dowd
 
Aras ALM Workshop for PLM Configuration Management
Aras ALM Workshop for PLM Configuration ManagementAras ALM Workshop for PLM Configuration Management
Aras ALM Workshop for PLM Configuration Management
Aras
 
What's New in Novell Identity Manager 4.0
What's New in Novell Identity Manager 4.0What's New in Novell Identity Manager 4.0
What's New in Novell Identity Manager 4.0
Novell
 
Radovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsRadovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A Pitfalls
SOA Symposium
 
Hypothesis Based Testing: Power + Speed.
Hypothesis Based Testing: Power + Speed.Hypothesis Based Testing: Power + Speed.
Hypothesis Based Testing: Power + Speed.
STAG Software Private Limited
 
Omnikron Services 2009
Omnikron Services 2009Omnikron Services 2009
Omnikron Services 2009
Robin Borough
 
Identity and Request Management Using Novell Identity Manager: Identity Manag...
Identity and Request Management Using Novell Identity Manager: Identity Manag...Identity and Request Management Using Novell Identity Manager: Identity Manag...
Identity and Request Management Using Novell Identity Manager: Identity Manag...
Novell
 
Aras Vision and Roadmap with Aras Innovator PLM Software
Aras Vision and Roadmap with Aras Innovator PLM SoftwareAras Vision and Roadmap with Aras Innovator PLM Software
Aras Vision and Roadmap with Aras Innovator PLM Software
Aras
 
9sept2009 iiruc
9sept2009 iiruc9sept2009 iiruc
9sept2009 iiruc
Agora Group
 
Anthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureAnthony Carrato S O A Business Architecture
Anthony Carrato S O A Business Architecture
SOA Symposium
 
Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm
Sandro Pereira
 
It Risk Advisory Brochure
It Risk Advisory BrochureIt Risk Advisory Brochure
It Risk Advisory Brochure
Rahul Bhan (CA, CIA, MBA)
 
It Risk Advisory Brochure
It Risk Advisory BrochureIt Risk Advisory Brochure
It Risk Advisory Brochure
Rahul Bhan (CA, CIA, MBA)
 
EW Consultants Services
EW Consultants ServicesEW Consultants Services
EW Consultants Services
EW Consultants India
 
Thomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsThomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design Patterns
SOA Symposium
 
It risk advisory brochure 2013
It risk advisory brochure 2013It risk advisory brochure 2013
It risk advisory brochure 2013
Rahul Bhan (CA, CIA, MBA)
 
Mit Enterprise Forum 0309 Final
Mit Enterprise Forum 0309 FinalMit Enterprise Forum 0309 Final
Mit Enterprise Forum 0309 Final
Anush Kumar
 
Open Air Corporate Overview
Open Air Corporate OverviewOpen Air Corporate Overview
Open Air Corporate Overview
Martin Powell
 
Soa con8642 pdf_8642_0001
Soa con8642 pdf_8642_0001Soa con8642 pdf_8642_0001
Soa con8642 pdf_8642_0001
jucaab
 
Introduction to axl & trax
Introduction to axl & traxIntroduction to axl & trax
Introduction to axl & trax
samszaf
 
Soa cloud con8968_pdf_8968_0001
Soa cloud con8968_pdf_8968_0001Soa cloud con8968_pdf_8968_0001
Soa cloud con8968_pdf_8968_0001
jucaab
 
Novell Access Governance Suite
Novell Access Governance SuiteNovell Access Governance Suite
Novell Access Governance Suite
Novell
 
Advance controls 2013
Advance controls 2013Advance controls 2013
Advance controls 2013
Zeeshan Khan
 
Sun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationSun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformation
OracleIDM
 
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010
Oracle BH
 
Solution Manager Roadmaps
Solution Manager RoadmapsSolution Manager Roadmaps
Solution Manager Roadmaps
Tony de Thomasis
 
Intro to Aras PLM Software Solutions
Intro to Aras PLM Software SolutionsIntro to Aras PLM Software Solutions
Intro to Aras PLM Software Solutions
Aras
 
Fusion app func_con8722_pdf_8722_0001
Fusion app func_con8722_pdf_8722_0001Fusion app func_con8722_pdf_8722_0001
Fusion app func_con8722_pdf_8722_0001
jucaab
 
Dev ops intro
Dev ops introDev ops intro
Dev ops intro
Lilian Schaffer
 

Mais conteúdo relacionado

Mais procurados

Aras Vision and Roadmap with Aras Innovator PLM Software
Aras Vision and Roadmap with Aras Innovator PLM SoftwareAras Vision and Roadmap with Aras Innovator PLM Software
Aras Vision and Roadmap with Aras Innovator PLM Software
Aras
 
Anthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureAnthony Carrato S O A Business Architecture
Anthony Carrato S O A Business Architecture
SOA Symposium
 
Thomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsThomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design Patterns
SOA Symposium
 
Open Air Corporate Overview
Open Air Corporate OverviewOpen Air Corporate Overview
Open Air Corporate Overview
Martin Powell
 
Soa con8642 pdf_8642_0001
Soa con8642 pdf_8642_0001Soa con8642 pdf_8642_0001
Soa con8642 pdf_8642_0001
jucaab
 
Soa cloud con8968_pdf_8968_0001
Soa cloud con8968_pdf_8968_0001Soa cloud con8968_pdf_8968_0001
Soa cloud con8968_pdf_8968_0001
jucaab
 
Novell Access Governance Suite
Novell Access Governance SuiteNovell Access Governance Suite
Novell Access Governance Suite
Novell
 
Advance controls 2013
Advance controls 2013Advance controls 2013
Advance controls 2013
Zeeshan Khan
 

Mais procurados (16)

Aras Vision and Roadmap with Aras Innovator PLM Software
Aras Vision and Roadmap with Aras Innovator PLM SoftwareAras Vision and Roadmap with Aras Innovator PLM Software
Aras Vision and Roadmap with Aras Innovator PLM Software
 
9sept2009 iiruc
9sept2009 iiruc9sept2009 iiruc
9sept2009 iiruc
 
Anthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureAnthony Carrato S O A Business Architecture
Anthony Carrato S O A Business Architecture
 
Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm
 
It Risk Advisory Brochure
It Risk Advisory BrochureIt Risk Advisory Brochure
It Risk Advisory Brochure
 
It Risk Advisory Brochure
It Risk Advisory BrochureIt Risk Advisory Brochure
It Risk Advisory Brochure
 
EW Consultants Services
EW Consultants ServicesEW Consultants Services
EW Consultants Services
 
Thomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsThomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design Patterns
 
It risk advisory brochure 2013
It risk advisory brochure 2013It risk advisory brochure 2013
It risk advisory brochure 2013
 
Mit Enterprise Forum 0309 Final
Mit Enterprise Forum 0309 FinalMit Enterprise Forum 0309 Final
Mit Enterprise Forum 0309 Final
 
Open Air Corporate Overview
Open Air Corporate OverviewOpen Air Corporate Overview
Open Air Corporate Overview
 
Soa con8642 pdf_8642_0001
Soa con8642 pdf_8642_0001Soa con8642 pdf_8642_0001
Soa con8642 pdf_8642_0001
 
Introduction to axl & trax
Introduction to axl & traxIntroduction to axl & trax
Introduction to axl & trax
 
Soa cloud con8968_pdf_8968_0001
Soa cloud con8968_pdf_8968_0001Soa cloud con8968_pdf_8968_0001
Soa cloud con8968_pdf_8968_0001
 
Novell Access Governance Suite
Novell Access Governance SuiteNovell Access Governance Suite
Novell Access Governance Suite
 
Advance controls 2013
Advance controls 2013Advance controls 2013
Advance controls 2013
 

Semelhante a Crossideas Segregation of Duty Approach

Sun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationSun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformation
OracleIDM
 
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010
Oracle BH
 
Intro to Aras PLM Software Solutions
Intro to Aras PLM Software SolutionsIntro to Aras PLM Software Solutions
Intro to Aras PLM Software Solutions
Aras
 
Fusion app func_con8722_pdf_8722_0001
Fusion app func_con8722_pdf_8722_0001Fusion app func_con8722_pdf_8722_0001
Fusion app func_con8722_pdf_8722_0001
jucaab
 
Aras Innovator PLM Deployment Methodology
Aras Innovator PLM Deployment MethodologyAras Innovator PLM Deployment Methodology
Aras Innovator PLM Deployment Methodology
Aras
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Prolifics
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1
OracleIDM
 
Aras PLM Roadmap
Aras PLM RoadmapAras PLM Roadmap
Aras PLM Roadmap
Aras
 
Requirements Management Office - Strata
Requirements Management Office - Strata Requirements Management Office - Strata
Requirements Management Office - Strata
IIBA UK Chapter
 
OW2 Petals Dragon SOA Linuxtag09
OW2 Petals Dragon SOA Linuxtag09OW2 Petals Dragon SOA Linuxtag09
OW2 Petals Dragon SOA Linuxtag09
Catherine Nuel
 
Asset information management an it perspective b mick arc 2008
Asset information management an it perspective b mick arc 2008Asset information management an it perspective b mick arc 2008
Asset information management an it perspective b mick arc 2008
ARC Advisory Group
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
NetIQ
 
Pre-Integrated SSO for Software-as-a-Service & Enterprise Applications
Pre-Integrated SSO for Software-as-a-Service & Enterprise ApplicationsPre-Integrated SSO for Software-as-a-Service & Enterprise Applications
Pre-Integrated SSO for Software-as-a-Service & Enterprise Applications
white paper
 
Agile Framework
Agile FrameworkAgile Framework
Agile Framework
Subbuiyer
 

Semelhante a Crossideas Segregation of Duty Approach (20)

Sun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationSun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformation
 
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010
 
Solution Manager Roadmaps
Solution Manager RoadmapsSolution Manager Roadmaps
Solution Manager Roadmaps
 
Intro to Aras PLM Software Solutions
Intro to Aras PLM Software SolutionsIntro to Aras PLM Software Solutions
Intro to Aras PLM Software Solutions
 
Fusion app func_con8722_pdf_8722_0001
Fusion app func_con8722_pdf_8722_0001Fusion app func_con8722_pdf_8722_0001
Fusion app func_con8722_pdf_8722_0001
 
Dev ops intro
Dev ops introDev ops intro
Dev ops intro
 
Freenet project ralf_sigmund_opitz_activiti_days_2012
Freenet project ralf_sigmund_opitz_activiti_days_2012Freenet project ralf_sigmund_opitz_activiti_days_2012
Freenet project ralf_sigmund_opitz_activiti_days_2012
 
Aras Innovator PLM Deployment Methodology
Aras Innovator PLM Deployment MethodologyAras Innovator PLM Deployment Methodology
Aras Innovator PLM Deployment Methodology
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
 
Collaborative Lifecycle Managmenent - an Introduction
Collaborative Lifecycle Managmenent - an IntroductionCollaborative Lifecycle Managmenent - an Introduction
Collaborative Lifecycle Managmenent - an Introduction
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1
 
Aras PLM Roadmap
Aras PLM RoadmapAras PLM Roadmap
Aras PLM Roadmap
 
Requirements Management Office - Strata
Requirements Management Office - Strata Requirements Management Office - Strata
Requirements Management Office - Strata
 
OW2 Petals Dragon SOA Linuxtag09
OW2 Petals Dragon SOA Linuxtag09OW2 Petals Dragon SOA Linuxtag09
OW2 Petals Dragon SOA Linuxtag09
 
Introduction to SOA & its Open Source Framework
Introduction to SOA & its Open Source FrameworkIntroduction to SOA & its Open Source Framework
Introduction to SOA & its Open Source Framework
 
Asset information management an it perspective b mick arc 2008
Asset information management an it perspective b mick arc 2008Asset information management an it perspective b mick arc 2008
Asset information management an it perspective b mick arc 2008
 
Java CAPS
Java CAPSJava CAPS
Java CAPS
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
 
Pre-Integrated SSO for Software-as-a-Service & Enterprise Applications
Pre-Integrated SSO for Software-as-a-Service & Enterprise ApplicationsPre-Integrated SSO for Software-as-a-Service & Enterprise Applications
Pre-Integrated SSO for Software-as-a-Service & Enterprise Applications
 
Agile Framework
Agile FrameworkAgile Framework
Agile Framework
 

Último

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Crossideas Segregation of Duty Approach

  • 1. CrossIdeas     IDEAS  for  Iden4ty  &    Access  Governance     Our  Unique  SOD  (Segrega/on  of  Du/es)  approach   crossideas.com  
  • 2. Company  overview   •  CrossIdeas is a leading innovator in Identity & Access Governance Solutions, enabling organizations to achieve their Compliance, Audit and Risk Management goals •  CrossIdeas is the result of the MBO of Engiweb Security – originally founded in 2001 – from the Engineering Group, one the largest SI in Europe. •  CrossIdeas is the only vendor in the market to offer Access Governance and Entitlement Management on a single platform •  90 customers in Energy, Banking, Manufacturing, Public administration and Law Enforcement •  Key clients are ENEL (Energy), Piaggio (Manufacturing), Italian Tax Enforcement Police (Govt), Italian Health Care Ministry, Regione Veneto, Ministry of Internal Affairs crossideas.com  
  • 3. IDEAS  Capabili4es   •  IDEAS  addresses  all  areas  of   Audit  and   Access   Compliance   Iden4ty  &  Access  Governance   Repor:ng   Cer:fica:on   and  Risk   Intelligence   •  IDEAS  is  “IAM  agnos4c”,   integra4ng  with  your  exis4ng   Iden4ty  Management  layer   Authoriza:on   Workflow   Role   Life  Cycle   Segrega:on  of   Du:es   •  IDEAS  offers  En4tlement  Server   Management   capability  as  part  of  the  IAG   Role  Mining   En:tlement   Compliance   Management   Control  for  SAP   plaGorm  (unique  in  the  market)   Compliant  User  Provisioning   Processing   Applica:on   SOA   SPML   Connec/vity   Connectors   Integra:on   crossideas.com  
  • 4. IDEAS  Segrega:on  of  Du:es:  Key  Strengths   •  Both detection and prevention of SoD conflicts •  Centralized SoD policies enforced across the whole enterprise •  Real-time SoD checks for all new authorizations •  Automatic assignment of compensating controls •  Business-oriented SoD model simplifies administration •  Platform-independent model supports heterogeneous environments •  Native support for SAP roles and authorization objects •  Data-domain concept reduces false-positive SoD conflicts •  “Dry-run” feature tests changes to SoD policies before deploying to production crossideas.com  
  • 5. IDEAS  covers  SOD  as  part  of  the  full  Access  Lifecycle   Access  Governance   Iden/ty     Segrega:on   of  Du:es   Intelligence   Iden:ty   SAP   Risk   Compliance   Repor:ng  &   Access   Dashboards   Cer:fica:on   Roles   En:tlements   IDEAS  Core   Access   Iden:ty   Policies   Events   Role   Audit   Life-­‐Cycle   Access   Request   Role  Mining   Workflow   Compliant     En:tlement   Server   User  Provisioning   En/tlement  Management   crossideas.com  
  • 6. IDEAS  SOD:  demo  agenda   Business-oriented SoD model SoD Detection Compensating Controls Real-time SoD Prevention SoD Domains reduce false positives SoD “Dry-Run” tests changes to SoD rules Summary crossideas.com  
  • 7. Business-­‐Oriented  SoD  Model   Business-oriented SoD model is easily managed by business specialists. • Business processes broken down into “activities” • SoD rules define conflicts Purchase Order Creation Purchase  Order  Crea:on   among these activities Purchase  Order  Approval   Purchase Order Approval Receive  Supplier  Shipment   Verify  Supplier  Shipment   Example: Purchase Order Creation conflicts with Purchase Order Approval and 2 other activities. crossideas.com  
  • 8. Business-­‐Oriented  SoD  Model   Business and IT aspects of Process Process the SoD rules can be Process Business managed independently: 1 Specialists                                                              Activity                       Activity             • Business specialists define Activity 2 ! processes and conflicting Ac/vity   Activity IT activities. 3 Specialists Permission Permission • IT specialists map activities to Permission technical permissions. Applica4on   Applica4on   ü This reduces management overhead and improves scalability. crossideas.com  
  • 9. SoD  Demo  –  Ac4vi4es  and  Conflicts   Associate   conflic4ng   ac4vi4es   Conflic4ng   ac4vi4es   Navigate activity hierarchy – select activity to inspect it. Business specialists manage this part. crossideas.com  
  • 10. SoD  Demo  –  Ac4vi4es  and  Permissions   Associate   profiles   Associated   permissions   IT specialists manage this part. crossideas.com  
  • 11. Segrega4on  of  Du4es  –  Demo  Agenda   ü Business-oriented SoD model SoD Detection Compensating Controls Real-time SoD Prevention SoD Domains reduce false positives SoD “Dry-Run” tests changes to SoD rules Summary crossideas.com  
  • 12. SoD  Demo  –  SoD  Detec4on   5  different  SoD    analyses,   typically  run  nightly,  or  on   demand   A full scan of users and roles detects existing SoD risks. crossideas.com  
  • 13. SoD  Demo  –  SoD  Detec4on   SoD  conflict  details   for  a  specific  user     Users  with  SoD  conflicts   listed  here.   Full details of detected SoD conflicts facilitate analysis and remediation. crossideas.com  
  • 14. Segrega4on  of  Du4es  –  Demo  Agenda   ü Business-oriented SoD model ü SoD Detection Compensating Controls Real-time SoD Prevention SoD Domains reduce false positives SoD “Dry-Run” tests changes to SoD rules Summary crossideas.com  
  • 15. SoD  Demo  –  Compensa4ng  Controls   A pair of conflicting activities can have one or more associated “compensating controls”. •  The compensating control allows the conflicting activities to be safely assigned to a user. •  IDEAS SoD automatically requires that at least one of the compensating controls be assigned. crossideas.com  
  • 16. SoD  Demo  –  Defining  a  Compensa4ng  Control   Pre-define compensating controls, such as periodic reviews, or automated or manual checks. crossideas.com  
  • 17. SoD  Demo  –  Associa4ng  a  Compensa4ng  Control   List  of  suitable   compensa4ng   controls   Add  more  suitable   compensa4ng   controls  here   Select  conflic4ng   ac4vity   Select  ac4vity   Associate one or more suitable compensating controls with each pair of conflicting activities. crossideas.com  
  • 18. Segrega4on  of  Du4es  –  Demo  Agenda   ü Business-oriented SoD model ü SoD Detection ü Compensating Controls Real-time SoD Prevention SoD Domains reduce false positives SoD “Dry-Run” tests changes to SoD rules Summary crossideas.com  
  • 19. SoD  Demo  –  Real-­‐4me  SoD  Preven4on   IDEAS automatically identifies SoD conflicts in real- time when they arise in access request workflow: • Displays the conflict details • Automatically proposes appropriate compensating controls according to the conflict or risk level • Workflow for escalation and compensation is very flexible and configurable. crossideas.com  
  • 20. SoD  Demo  –  Workflow  Example   We will demo real-time SoD prevention using this workflow example: Informal   Request   Risk  Analysis   Approval   Request   formaliza4on   User or Application Risk Business Manager Manager Officer Process Owner •  User  or  Manager   •  Applica4on   •  If  there  is  a   •  Business  process   enters  request  in   Manager   conflict,  Risk   owner  approves   free  text   translates  the   Officer  reviews   or  denies  the   request  into   the  authoriza4on   request   •  No  technical   and  assigns  a     specific  roles   knowledge   risk-­‐mi4ga4ng   required   •  SoD  detec:on   control   here   crossideas.com  
  • 21. SoD  Demo  –  Informal  Access  Request   UI  skinnable  with   company  branding   Role-­‐based  menu   Enter “informal” access request here in free-text. User or Manager makes an access request in simple text – not technical application Self-­‐service  func4ons   knowledge required. crossideas.com  
  • 22. SoD  Demo  –  Informal  Access  Request   SoD conflict is detected as soon as the access request is formalized. Conflict  details  here   crossideas.com  
  • 23. SoD  Demo  –  Risk  Analysis   SoD conflict escalated to Risk Officer for analysis and compensation. Select  Compensa4ng   Control   Approve  SoD  conflict   with  compensa4ng   control.   crossideas.com  
  • 24. Segrega4on  of  Du4es  –  Demo  Agenda   ü Business-oriented SoD model ü SoD Detection ü Compensating Controls ü Real-time SoD Prevention SoD Domains reduce false positives SoD “Dry-Run” tests changes to SoD rules Summary crossideas.com  
  • 25. SoD  Demo  –  SoD  Domains     Without the SoD Domain concept, this example SoD Domains would generate a false positive SoD conflict: separate Create purchase order ⊗ Approve purchase order independent business units: Order office Approve generator materials order • SoD conflicts do not cross domains. Corporate Services Operations Domain • SoD Domains Domain No conflict! reduce false positive SoD conflicts. SoD conflicts require follow-up analysis by a person, so too many false- positive results are time-consuming and wasteful. If false-positives are too common, then the system cannot be considered reliable. crossideas.com  
  • 26. SoD  Demo  –  SoD  Domains   Domains are easy to define because they typically correspond to groups of applications. These  are  the  defined   domains.   A  domain  is  defined  as   a  set  of  applica4ons   that  manage  the  data   in  the  domain.   crossideas.com  
  • 27. SoD  Demo  –  SoD  Domains   This is the domain SoD conflicts are always within a single domain. crossideas.com  
  • 28. Segrega4on  of  Du4es  –  Demo  Agenda   ü Business-oriented SoD model ü SoD Detection ü Compensating Controls ü Real-time SoD Prevention ü SoD Domains reduce false positives results SoD “Dry-Run” tests changes to SoD rules Summary crossideas.com  
  • 29. SoD  Demo  –  “Dry-­‐Run”  Tests  Changes  to  SoD  Rules   SoD “dry-run” tests changes to SoD policies before deploying to production: • Multiple SoD environments can be created or copied to test alternative sets of SoD rules • After dry-run testing, changes can be promoted to production crossideas.com  
  • 30. SoD  Demo  –  “Dry-­‐Run”  with  SoD  Environments   Promote  environment   Create  new   to  produc4on   environment   Copy  environment   Specify  which  parts  of  the   environment  to  copy   Create as many SoD environments as required to test alternate SoD rule sets. At any time, an environment can be switched into or out of production, so deployment and fallback are predictable. crossideas.com  
  • 31. Segrega4on  of  Du4es  –  Demo  Agenda   ü Business-oriented SoD model ü SoD Detection ü Compensating Controls ü Real-time SoD Prevention ü SoD Domains reduce false positives ü SoD “Dry-Run” tests changes to SoD rules Summary crossideas.com  
  • 32. IDEAS  SoD:  Value  and  Benefits   •  Reduce the risk of fraud, conflicts of interest and human error in business processes •  Detect and remediate existing SoD conflicts, including SAP •  Prevent new SoD conflicts before they arise •  Consolidate SoD controls under business oversight •  Assure a transparent and auditable authorization process •  Promote a clean separation between business-oriented access policies and technical administration •  Promote best-practice processes in change management for SoD rules crossideas.com  
  • 33. Any  IDEAS?     For  more  informa4on   Andrea.rossi@crossideas.com   +39  335  1435578     crossideas.com