SlideShare uma empresa Scribd logo

Id m what-why-how presentationv2.0

John Bernhard
John Bernhard
Tecnologia
1 de 28
Baixar para ler offline
Identity Management The What, Why and How? Airline Company Presenting: John Bernhard Enterprise Architect/Director – Bernhard Enterprise Architectures Pty Ltd Dated: May 18 , 2007
Identity Management Did you know? IT cost x dollars per year to maintain name and passwords There has been a x number of security breaches per year Significant Fraud instances per year Cost and time for audits New N application, however a simple set up of user access appears t li ti h i l t f to cost and takes significant resources and very complex Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 2
Identity Management Thesis Identity management (IdM) is a pervasive and federated infrastructure that transforms business relationships by managing access for the proper entities to the proper resources, both for the enterprise and our customers The goal of an IdM service foundation is to consistently enforce business and security policies, regardless of network entry point by employees, contractors, business partners, and customers. Enterprises need to map their IdM strategy and align it with their business goals Identity management (IdM) gives Airline Company a competitive advantage Identity management (IdM) enables Airline Company agile infrastructure Should be a service to the whole enterprise/internet extension Idm is not a single product – it is everywhere in the organisation today Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 3
Identity Management Agenda WHAT – What is IdM? Introduction What is Identity Management Key Concepts and Principles Overview current state of IdM within Airline Company Conceptual Architecture – Current State WHY – Rationale, Drivers and Benefits Business & Technical perspective B i T h i l ti IdM Case study HOW – IdM Services Architecture Conceptual Architecture - Provisioning Conceptual Architecture – Access Management Compliancy (SOX 404, COBIT and ITIL) Programme of Work - Identity Service Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 4
Identity Management WHAT – What is IdM? What is Identity Management? y g A set of processes, and a supporting infrastructure, for the creation, maintenance, and use of digital identities Involves both technology and process Involves managing unique IDs, attributes, credentials, entitlements Must enable enterprises to create manageable lifecycles Must scale from internally facing systems to externally facing applications and processes Goal state: Identity Service, infrastructure and authoritative sources, clean integration across people, process, and technology Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 5
Identity Management WHAT – Wh t i IdM? What is The IdM process: managing the identity lifecycle p g g y y Registration / • Today IdM is fragmented creation • Applications, databases, OSs lack a scalable, Propagation holistic means of managing identity, credentials, policy across boundaries • Overlapping repositories, inconsistent policy frameworks, process discontinuities Accounts and • Error prone, creates security loopholes, expensive Accounts and to manageg policies li i • policies The focus on business process, Web services, and networked applications has put identity on the front burner • This is currently managed in the current structure Termination on a individual application & infrastructure basis • Infrastructure requirements Maintenance / • Extend reach and range management • Increase scalability, lower costs • Balance centralized, distributed management via loose coupling Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 6
Identity Management WHAT – What is IdM? Beyond directory: IdM requires integrated infrastructure y y q g These technologies represent the major lifecycle management processes involved with IdM. In addition, audit surrounds these services for accountability and control y IdM technologies Identity management services Directory services Directory Provisioning services Services Authentication services Web-based access management services Authorisation services Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 7
Identity Management WHAT – Wh t i IdM? What is Burton Group’s View of IdM Evolution p Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 8
Identity Management WHAT – What is IdM? Directory services are the first step toward IdM for Airline Company y p p y Directory services support the other IdM and federated technologies through: Repository services for policies, authentication credentials, roles, groups and rules Information integration, mapping and referral between the IdM applications and the enterprise “repositories of record” Provides standardised LDAP authentication for applications Provides general purpose storage for IdM applications Use virtual directory technology to provide a federated identity data service Once the directory services are in place, other IdM policies and technologies can be implemented depending on the business justification required Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 9
Identity Management WHAT – What is IdM? • Process integration is just as important as the technology Identity-based company access business applications Advanced business infrastructure business process integration Meta Directory services Basic business LDAP Messag- PBX / CTI Security Manage- Object Web infrastructure Data- bases directories d ecto es ing g VoIP o / /PKI ment e t se ces services services Enabling technology network/basic network infrastructure (network, servers, routers, OS, transport services) Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 10
Identity Management WHAT – What is IdM? Key Concepts and Principles y p p The IdM Service Components Architecture providing an infrastructure that supports the key Identity services. Reconciliation / Audit / Compliancy Provisioning P i i i Workflow Authentication, Authorization and Auditing Federation Synchronization S h i ti Delegation Secure Self Service Password Management A scalable, re-useable integrated set of business processes supported by the IdM infrastructure. Develop an IdM Service foundation of all IdM related elements Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 11
Identity Management WHAT – Wh t i IdM? What is Current state with IdM within Airline Company? Talk about current state State current issues and problems Problems: Help desk, password reset Provisioning, de-provisioning not really happening p Process complexityy Bullet points on current employee processes Bullet points on current customer/business partners registration Admin Overhead State current overhead in maintaining employee details State current overhead of aligning current customers details with the various applications Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 12
Identity Management WHAT – Wh t i IdM? What is Current state with IdM within Airline Company? Identity access not controlled No current governance or policies in place in relation to IdM Not well defined “coming on-board” business processes coming on board Security issues, “PCI non-compliancy PCI issue related to IdM Identity theft – related to Koru, Frequent Flyer Points & Travel card members Security Policy – Compliance verification Auditing: External Auditors State auditing issues specifically in relation to SOX 404 issues, Manual VS Automated Compliance problem: very difficult to audit who has access in terms of PCI SOX CCompliancy, Due diligence li D dili Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 13
Identity Management WHAT – What is IdM? Conceptual Architecture: Current State of Identity related Apps/Touch Points p y pp Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 14
Identity Management WHY – Rationale Drivers and Benefits Rationale, Business Drivers for Identity service * From an executive’s point of view, the most important business drivers to address via IdM include: i l d Regulatory Compliance Risk Management • Sarbanes-Oxley (SOX) • Reporting (Custom/Automated) • COBIT (ITIL Framework) • Terminations (Business Best Practices) • Policy-based compliance – Adhere to y p • PCI Policy • GAAP (third-party audit) • Audit management Business Need Cost Containment (Internal/External) • External users’ access Operational • Cost reduction/avoidance • Employee personalisation efficiency • Common architecture • Outsourcing • Productivity savings • New Products – Services (Time To Market) Operational Efficiency • Improved SLAs Need to tie i t B i N d t ti into Business Strategy St t • Enhanced user experience * Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 15
Identity Management WHY – Rationale, Drivers and Benefits IdM Infrastructure Benefits Improved User Experience Cost savings Hard-dollar Hard dollar savings • Improves employee efficiency • Helpdesk password resets easily measured • Strengthens customer retention • Avoids admin. duty duplication • Minimises errors • Eliminates redundant software and solutions • Clarifies business processes Soft-dollar savings • Improved user productivity • Avoids hidden administrative costs Security: Lifecycle Identity Administration Security: Policy • Partition identity mgmt. Enforcement • Eliminates dormant and orphan accounts • Ensures regulatory compliance • Facilitates auditing and accountability Competitive • Protects corporate info • Enables delegated and self-service advantage • Safeguards intellectual property account admin. t d i • Supports internal audits • Assures stronger authorisation based on info value/sensitivity Competitive Advantage • Enables risk and liability mgmt • Improves corp. image and employee relationships • Yields flexible IdM infrastructure • Facilitates mergers/divestments Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 16
Identity Management WHY – Rationale, Drivers and Benefits The Challenge g Today’s identity management systems are ad hocracies, built one application or system at a time Apps, databases, OSes lack a scalable, holistic means of managing identity, credentials, policy across boundaries ,p y Fragmented identity infrastructure: Overlapping repositories, inconsistent policy frameworks, process discontinuities Error prone, creates security loopholes, expensive to manage The disappearing perimeter has put identity on the front burner Infrastructure requirements: extend reach and range Increased scalability, lower costs Balance of centralised and distributed management Infrastructure must be delivered as a Service (Identity Service) and re-usable Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 17
Identity Management WHY – Rationale, Drivers and Benefits Risks Reduced risk of improper use of IT systems Reduce risk of privacy or other regulatory violations Substantial administration cost savings by reducing redundant security administration Accelerated time to market for new Products and Services to Customers (Targeted Audience) , reduced deployment costs Reduced cost of internal and external auditing Better B tt customer experience and increased retention t i di d t ti Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 18
Identity Management HOW – IdM Services Architecture Objectives j Define the role of identity management in the context of business requirements Develop an IdM Framework and guidelines Implement re-usable Identity services Develop and Implement company-wide role management company wide Document and streamline current and new identity related business processes To provide a single view of Employee, Contractor, Customer and Business Partner identity and entitlement Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 19
Identity Management HOW – IdM S i Services A hit t Architecture IdM Business Drivers IdM Benefits IdM Services Improves user Identity and policy Cost containment Administration experience (Quality of Experience [QoE]) Provides cost Directory services y Operational O i l efficiency savings Access Supports policy management Business need enforcement Remote access Regulatory Adds to competitive advantage Federation compliance Provides lifecycle Provisioning Risk management identity administration Portals/ Self-service One of the key tasks to understand is how to map the executive’s business drivers into the benefits of IdM services-and then to map them into technologies selected for deployment. As illustrated here, there are a lot of overlaps and disconnects that make the mapping difficult though not deployment here difficult, impossible. Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 20
Identity Management HOW – IdM Services Architecture Conceptual Architecture: Provisioning p g Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 21
Identity Management HOW – IdM S i Services A hit t Architecture Conceptual Architecture: Access Management p g Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 22
Identity Management HOW – IdM S i Services A hit t Architecture 7 of Top 10 Control Deficiencies focus on Secure Identity Management 1. Operating System (e.g. Unix) access controls supporting financial applications or Portal not secure 2. 2 Database (e.g. Oracle) access controls supporting financial applications (e.g. SAP (e g (e g SAP, Oracle, Peoplesoft, JDE) not secure 3. Development staff can run business transactions in production 4. Large number of users with access to “super user" transactions in production g p p 5. Terminated employees or departed consultants still have access 6. Posting periods not restricted within GL application 7. Custom programs, tables & interfaces are not secured 8. Unidentified or unresolved segregation of duties issues 9. Procedures for manual processes do not exist or are not followed 10. System documentation does not match actual process Source: Ken Vander Wal, Partner, National Quality Leader, E&YISACA Sarbanes Conference, 4/6/04 Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 23
Identity Management HOW – IdM Services Architecture Compliancy What is SOX (Sarbanes Oxley) Compliancy? Companies must regularly provide external auditors with proof of their compliance with laws and regulations. An example is the Sarbanes-Oxley (SOX) law, which applies to listed American companies and, generally, to non-US companies listed on a US Stock Exchange. h These laws and regulations may aim at preserving the integrity of financial data (case of SOX and the French Law on Financial Security). Generally, Generally compliance requires identifying risks defining control objectives in order to risks, tackle them, and deciding on control activities to attain these objectives. Finally, in view of these activities, it is necessary to prepare adequate tests to ensure that these processes exist, are applied and working effectively. These tests have two objectives. On the one hand, they are used to constantly improve the processes and to provide information to the management and external auditors. On the other hand, these tests will be used as evidence during certification to convince external auditors about the organisation’s compliance with laws and regulations. Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 24
Identity Management HOW – IdM Services Architecture Compliancy Why SOX (Sarbanes Oxley) Compliancy? In some organisations, a large part of the risk of non-conformity to those regulations is due to inadequate identity and access management. In fact, beyond the problem of identity theft, actions made possible by wrongly assigned rights are a major source of security breaches Therefore, an Identity and Access Management (IAM) solution can be significant help in the effort to comply with these laws and regulations. Moreover, such a solution can be t ee o t co p y t t ese a s a d egu at o s o eo e , suc so ut o ca used to simply upgrade a set of existing control procedures so as to simplify or adapt to organisational changes In addition to the functions it brings in, identity and access management must show evidence of its effectiveness. This evidence must be made available in writing and on demand to an auditor, for review and archiving Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 25
Identity Management HOW – IdM Services Architecture Compliancy SOX Reference Framework Section 404 of SOX does not specify which set of formal evaluation categories, known as “framework”, must be used in the assessment of controls over financial reporting. Specific IT control frameworks may be chosen by a company, as long as the company can convince its external auditor that its controls satisfy the requirements for effectiveness. A framework of IT control objectives that is often used in the context of SOX is the Control Objectives for information and related Technology – COBIT, issued by the IT Governance institute – ITGI (www.itgi.org ). SOX created the Public Company Accounting Oversight Board (PCAOB), a non-profit organisation, organisation to oversee auditors of public companies The PCAOB is charged with issuing companies. guidelines for auditors ion how to audit different aspects of reports, including the ones related to section 404. As long as the resulting controls satisfy the requirements set forth by the PCAOB’s auditing standard, companies can conceivably use IT control frameworks other than COBIT. Such frameworks can be the ones included in the IT Infrastructure Library – ITIL (www.itil.co.uk ) or ISO17799. Companies may also choose a proprietary control framework developed by consulting and audit firms. It is important that companies work closely with their external auditors, especially in the first rounds of SOX section 404 implementation and certification certification. Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 26
Identity Management HOW – IdM Services Architecture Compliancy ITIL Framework You can only maintain the ITIL Framework, once you have completed Identity Services Foundation to enable compliant ITIL operations support and Services Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 27
Identity Management HOW – IdM Services Architecture Programme of Work – Identity service 1) Agree on IdM Service strategy 2) Agree on Programme/Timeframe 3) Agree on First 12 months projects Project 1: Service Foundation – Reconciliation Process: 1 to 4 Months A. A Understanding the problem reconciliation of the main applications in relation to Employee Contractors problem, Employee, B. Understanding the problem, reconciliation of our main Customer/Business partner applications (in light of a drive to a single view of Customer) This will identify the accounts related to business Users, which in turn can be used once completed as input to Project 5 Project 2: Provisioning – Phase 1: 2 to 8 Months Project 3: Access Management – Phase 1: 3 to 9 Months Project 4: Active Directory clean-up / Re-design of AD 1 to 6 Months Project 5: Profile-Based System Access: Profile Based 6 to 9 Months Inception / Validate Approach Profile Discovery / HR Business Role Alignment Profile Lifecycle Management Governance Framework Development & Technology Road mapping 9 to 18 Months Note: Business Analyst need to be assigned to this project for defining the service elements from a business requirements perspective (IdM based BA) Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 28

Recomendados

Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsAlain Huet
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Systems, Inc.
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference ArchitectureHannu Kasanen
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
Identity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionIdentity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionAidy Tificate
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trainings
 

Recomendados

Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsAlain Huet
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Systems, Inc.
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference ArchitectureHannu Kasanen
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
Identity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionIdentity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionAidy Tificate
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trainings
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT Center
 
Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Microsoft Norge AS
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
Cloud computing identity management summary
Cloud computing identity management summaryCloud computing identity management summary
Cloud computing identity management summaryBrandon Dunlap
 
IBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Sverige
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trinings
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
Identity Management: What Solution is Right for You?
Identity Management: What Solution is Right for You?Identity Management: What Solution is Right for You?
Identity Management: What Solution is Right for You?C/D/H Technology Consultants
 
IdM FinalVer
IdM FinalVerIdM FinalVer
IdM FinalVerKiril Anastasov
 
The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM MaturityJerod Brennen
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Systems, Inc.
 
ITIL - IAM (Access Management)
ITIL - IAM (Access Management)ITIL - IAM (Access Management)
ITIL - IAM (Access Management)Josep Bardallo
 
Experiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceExperiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceEduserv Foundation
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementGovernment Technology Exhibition and Conference
 
CIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCloudIDSummit
 
SAP Identity Management Overview
SAP Identity Management OverviewSAP Identity Management Overview
SAP Identity Management OverviewSAP Technology
 
Sailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewSailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewITJobZone.biz
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - finalOracleIDM
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineNovell
 
Rethink IT. Reinvent Business. - Dharanibalan Gurunathan
Rethink IT. Reinvent Business. - Dharanibalan GurunathanRethink IT. Reinvent Business. - Dharanibalan Gurunathan
Rethink IT. Reinvent Business. - Dharanibalan GurunathanJyothi Satyanathan
 
IDBI Intech Limited
IDBI Intech LimitedIDBI Intech Limited
IDBI Intech LimitedIDBI Intech
 

Mais conteúdo relacionado

Mais procurados

Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT Center
 
Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Microsoft Norge AS
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
Cloud computing identity management summary
Cloud computing identity management summaryCloud computing identity management summary
Cloud computing identity management summaryBrandon Dunlap
 
IBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Sverige
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trinings
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
Identity Management: What Solution is Right for You?
Identity Management: What Solution is Right for You?Identity Management: What Solution is Right for You?
Identity Management: What Solution is Right for You?C/D/H Technology Consultants
 
The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM MaturityJerod Brennen
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Systems, Inc.
 
ITIL - IAM (Access Management)
ITIL - IAM (Access Management)ITIL - IAM (Access Management)
ITIL - IAM (Access Management)Josep Bardallo
 
Experiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceExperiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceEduserv Foundation
 
CIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCloudIDSummit
 
SAP Identity Management Overview
SAP Identity Management OverviewSAP Identity Management Overview
SAP Identity Management OverviewSAP Technology
 
Sailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewSailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewITJobZone.biz
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - finalOracleIDM
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineNovell
 

Mais procurados (20)

Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
 
Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
Cloud computing identity management summary
Cloud computing identity management summaryCloud computing identity management summary
Cloud computing identity management summary
 
IBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Security Identity & Access Manager
IBM Security Identity & Access Manager
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
 
Identity Management: What Solution is Right for You?
Identity Management: What Solution is Right for You?Identity Management: What Solution is Right for You?
Identity Management: What Solution is Right for You?
 
IdM FinalVer
IdM FinalVerIdM FinalVer
IdM FinalVer
 
The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM Maturity
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
 
ITIL - IAM (Access Management)
ITIL - IAM (Access Management)ITIL - IAM (Access Management)
ITIL - IAM (Access Management)
 
Experiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceExperiences in federated access control for UK e-Science
Experiences in federated access control for UK e-Science
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
 
CIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSO
 
SAP Identity Management Overview
SAP Identity Management OverviewSAP Identity Management Overview
SAP Identity Management Overview
 
Sailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewSailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overview
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - final
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product Line
 

Semelhante a Id m what-why-how presentationv2.0

Rethink IT. Reinvent Business. - Dharanibalan Gurunathan
Rethink IT. Reinvent Business. - Dharanibalan GurunathanRethink IT. Reinvent Business. - Dharanibalan Gurunathan
Rethink IT. Reinvent Business. - Dharanibalan GurunathanJyothi Satyanathan
 
IDBI Intech Limited
IDBI Intech LimitedIDBI Intech Limited
IDBI Intech LimitedIDBI Intech
 
Ajay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging timesAjay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging timesGlobal Business Events
 
Irish Government Cloud Strategy Perspective
Irish Government Cloud Strategy PerspectiveIrish Government Cloud Strategy Perspective
Irish Government Cloud Strategy PerspectiveGar Mac Críosta
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...SilverStormSolutions
 
IDBI Intech - RBI Working Group Consulting
IDBI Intech - RBI Working Group ConsultingIDBI Intech - RBI Working Group Consulting
IDBI Intech - RBI Working Group ConsultingIDBI Intech
 
Britton final 112607
Britton final 112607Britton final 112607
Britton final 112607Referendo Org
 
Future Focus Infotech
Future Focus InfotechFuture Focus Infotech
Future Focus InfotechLyf Ffi
 
BiSL introduction ENG
BiSL introduction ENGBiSL introduction ENG
BiSL introduction ENGVosmeer
 
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking
 
Girnar Soft Profile April 2011
Girnar Soft Profile April 2011Girnar Soft Profile April 2011
Girnar Soft Profile April 2011Girnarsoft Pvt Ltd
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 

Semelhante a Id m what-why-how presentationv2.0 (20)

Rethink IT. Reinvent Business. - Dharanibalan Gurunathan
Rethink IT. Reinvent Business. - Dharanibalan GurunathanRethink IT. Reinvent Business. - Dharanibalan Gurunathan
Rethink IT. Reinvent Business. - Dharanibalan Gurunathan
 
IDBI Intech Limited
IDBI Intech LimitedIDBI Intech Limited
IDBI Intech Limited
 
Ajay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging timesAjay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging times
 
Irish Government Cloud Strategy Perspective
Irish Government Cloud Strategy PerspectiveIrish Government Cloud Strategy Perspective
Irish Government Cloud Strategy Perspective
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
 
IDBI Intech - RBI Working Group Consulting
IDBI Intech - RBI Working Group ConsultingIDBI Intech - RBI Working Group Consulting
IDBI Intech - RBI Working Group Consulting
 
Britton final 112607
Britton final 112607Britton final 112607
Britton final 112607
 
Bill Limond - The Independent CIO
Bill Limond - The Independent CIOBill Limond - The Independent CIO
Bill Limond - The Independent CIO
 
Future Focus Infotech
Future Focus InfotechFuture Focus Infotech
Future Focus Infotech
 
Bpo Risk Management
Bpo Risk ManagementBpo Risk Management
Bpo Risk Management
 
BiSL Introduction Eng 2010
BiSL Introduction Eng 2010BiSL Introduction Eng 2010
BiSL Introduction Eng 2010
 
BiSL introduction ENG
BiSL introduction ENGBiSL introduction ENG
BiSL introduction ENG
 
FFI PPT
FFI PPT FFI PPT
FFI PPT
 
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance Requirements
 
Girnar Soft Profile April 2011
Girnar Soft Profile April 2011Girnar Soft Profile April 2011
Girnar Soft Profile April 2011
 
Process Innovation for 2012
Process Innovation for 2012Process Innovation for 2012
Process Innovation for 2012
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
 
Hawaii OIMT presentation
Hawaii OIMT presentationHawaii OIMT presentation
Hawaii OIMT presentation
 
Cloud Auditing
Cloud AuditingCloud Auditing
Cloud Auditing
 

Último

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 

Último (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 

Id m what-why-how presentationv2.0

  • 1. Identity Management The What, Why and How? Airline Company Presenting: John Bernhard Enterprise Architect/Director – Bernhard Enterprise Architectures Pty Ltd Dated: May 18 , 2007
  • 2. Identity Management Did you know? IT cost x dollars per year to maintain name and passwords There has been a x number of security breaches per year Significant Fraud instances per year Cost and time for audits New N application, however a simple set up of user access appears t li ti h i l t f to cost and takes significant resources and very complex Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 2
  • 3. Identity Management Thesis Identity management (IdM) is a pervasive and federated infrastructure that transforms business relationships by managing access for the proper entities to the proper resources, both for the enterprise and our customers The goal of an IdM service foundation is to consistently enforce business and security policies, regardless of network entry point by employees, contractors, business partners, and customers. Enterprises need to map their IdM strategy and align it with their business goals Identity management (IdM) gives Airline Company a competitive advantage Identity management (IdM) enables Airline Company agile infrastructure Should be a service to the whole enterprise/internet extension Idm is not a single product – it is everywhere in the organisation today Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 3
  • 4. Identity Management Agenda WHAT – What is IdM? Introduction What is Identity Management Key Concepts and Principles Overview current state of IdM within Airline Company Conceptual Architecture – Current State WHY – Rationale, Drivers and Benefits Business & Technical perspective B i T h i l ti IdM Case study HOW – IdM Services Architecture Conceptual Architecture - Provisioning Conceptual Architecture – Access Management Compliancy (SOX 404, COBIT and ITIL) Programme of Work - Identity Service Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 4
  • 5. Identity Management WHAT – What is IdM? What is Identity Management? y g A set of processes, and a supporting infrastructure, for the creation, maintenance, and use of digital identities Involves both technology and process Involves managing unique IDs, attributes, credentials, entitlements Must enable enterprises to create manageable lifecycles Must scale from internally facing systems to externally facing applications and processes Goal state: Identity Service, infrastructure and authoritative sources, clean integration across people, process, and technology Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 5
  • 6. Identity Management WHAT – Wh t i IdM? What is The IdM process: managing the identity lifecycle p g g y y Registration / • Today IdM is fragmented creation • Applications, databases, OSs lack a scalable, Propagation holistic means of managing identity, credentials, policy across boundaries • Overlapping repositories, inconsistent policy frameworks, process discontinuities Accounts and • Error prone, creates security loopholes, expensive Accounts and to manageg policies li i • policies The focus on business process, Web services, and networked applications has put identity on the front burner • This is currently managed in the current structure Termination on a individual application & infrastructure basis • Infrastructure requirements Maintenance / • Extend reach and range management • Increase scalability, lower costs • Balance centralized, distributed management via loose coupling Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 6
  • 7. Identity Management WHAT – What is IdM? Beyond directory: IdM requires integrated infrastructure y y q g These technologies represent the major lifecycle management processes involved with IdM. In addition, audit surrounds these services for accountability and control y IdM technologies Identity management services Directory services Directory Provisioning services Services Authentication services Web-based access management services Authorisation services Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 7
  • 8. Identity Management WHAT – Wh t i IdM? What is Burton Group’s View of IdM Evolution p Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 8
  • 9. Identity Management WHAT – What is IdM? Directory services are the first step toward IdM for Airline Company y p p y Directory services support the other IdM and federated technologies through: Repository services for policies, authentication credentials, roles, groups and rules Information integration, mapping and referral between the IdM applications and the enterprise “repositories of record” Provides standardised LDAP authentication for applications Provides general purpose storage for IdM applications Use virtual directory technology to provide a federated identity data service Once the directory services are in place, other IdM policies and technologies can be implemented depending on the business justification required Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 9
  • 10. Identity Management WHAT – What is IdM? • Process integration is just as important as the technology Identity-based company access business applications Advanced business infrastructure business process integration Meta Directory services Basic business LDAP Messag- PBX / CTI Security Manage- Object Web infrastructure Data- bases directories d ecto es ing g VoIP o / /PKI ment e t se ces services services Enabling technology network/basic network infrastructure (network, servers, routers, OS, transport services) Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 10
  • 11. Identity Management WHAT – What is IdM? Key Concepts and Principles y p p The IdM Service Components Architecture providing an infrastructure that supports the key Identity services. Reconciliation / Audit / Compliancy Provisioning P i i i Workflow Authentication, Authorization and Auditing Federation Synchronization S h i ti Delegation Secure Self Service Password Management A scalable, re-useable integrated set of business processes supported by the IdM infrastructure. Develop an IdM Service foundation of all IdM related elements Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 11
  • 12. Identity Management WHAT – Wh t i IdM? What is Current state with IdM within Airline Company? Talk about current state State current issues and problems Problems: Help desk, password reset Provisioning, de-provisioning not really happening p Process complexityy Bullet points on current employee processes Bullet points on current customer/business partners registration Admin Overhead State current overhead in maintaining employee details State current overhead of aligning current customers details with the various applications Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 12
  • 13. Identity Management WHAT – Wh t i IdM? What is Current state with IdM within Airline Company? Identity access not controlled No current governance or policies in place in relation to IdM Not well defined “coming on-board” business processes coming on board Security issues, “PCI non-compliancy PCI issue related to IdM Identity theft – related to Koru, Frequent Flyer Points & Travel card members Security Policy – Compliance verification Auditing: External Auditors State auditing issues specifically in relation to SOX 404 issues, Manual VS Automated Compliance problem: very difficult to audit who has access in terms of PCI SOX CCompliancy, Due diligence li D dili Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 13
  • 14. Identity Management WHAT – What is IdM? Conceptual Architecture: Current State of Identity related Apps/Touch Points p y pp Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 14
  • 15. Identity Management WHY – Rationale Drivers and Benefits Rationale, Business Drivers for Identity service * From an executive’s point of view, the most important business drivers to address via IdM include: i l d Regulatory Compliance Risk Management • Sarbanes-Oxley (SOX) • Reporting (Custom/Automated) • COBIT (ITIL Framework) • Terminations (Business Best Practices) • Policy-based compliance – Adhere to y p • PCI Policy • GAAP (third-party audit) • Audit management Business Need Cost Containment (Internal/External) • External users’ access Operational • Cost reduction/avoidance • Employee personalisation efficiency • Common architecture • Outsourcing • Productivity savings • New Products – Services (Time To Market) Operational Efficiency • Improved SLAs Need to tie i t B i N d t ti into Business Strategy St t • Enhanced user experience * Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 15
  • 16. Identity Management WHY – Rationale, Drivers and Benefits IdM Infrastructure Benefits Improved User Experience Cost savings Hard-dollar Hard dollar savings • Improves employee efficiency • Helpdesk password resets easily measured • Strengthens customer retention • Avoids admin. duty duplication • Minimises errors • Eliminates redundant software and solutions • Clarifies business processes Soft-dollar savings • Improved user productivity • Avoids hidden administrative costs Security: Lifecycle Identity Administration Security: Policy • Partition identity mgmt. Enforcement • Eliminates dormant and orphan accounts • Ensures regulatory compliance • Facilitates auditing and accountability Competitive • Protects corporate info • Enables delegated and self-service advantage • Safeguards intellectual property account admin. t d i • Supports internal audits • Assures stronger authorisation based on info value/sensitivity Competitive Advantage • Enables risk and liability mgmt • Improves corp. image and employee relationships • Yields flexible IdM infrastructure • Facilitates mergers/divestments Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 16
  • 17. Identity Management WHY – Rationale, Drivers and Benefits The Challenge g Today’s identity management systems are ad hocracies, built one application or system at a time Apps, databases, OSes lack a scalable, holistic means of managing identity, credentials, policy across boundaries ,p y Fragmented identity infrastructure: Overlapping repositories, inconsistent policy frameworks, process discontinuities Error prone, creates security loopholes, expensive to manage The disappearing perimeter has put identity on the front burner Infrastructure requirements: extend reach and range Increased scalability, lower costs Balance of centralised and distributed management Infrastructure must be delivered as a Service (Identity Service) and re-usable Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 17
  • 18. Identity Management WHY – Rationale, Drivers and Benefits Risks Reduced risk of improper use of IT systems Reduce risk of privacy or other regulatory violations Substantial administration cost savings by reducing redundant security administration Accelerated time to market for new Products and Services to Customers (Targeted Audience) , reduced deployment costs Reduced cost of internal and external auditing Better B tt customer experience and increased retention t i di d t ti Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 18
  • 19. Identity Management HOW – IdM Services Architecture Objectives j Define the role of identity management in the context of business requirements Develop an IdM Framework and guidelines Implement re-usable Identity services Develop and Implement company-wide role management company wide Document and streamline current and new identity related business processes To provide a single view of Employee, Contractor, Customer and Business Partner identity and entitlement Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 19
  • 20. Identity Management HOW – IdM S i Services A hit t Architecture IdM Business Drivers IdM Benefits IdM Services Improves user Identity and policy Cost containment Administration experience (Quality of Experience [QoE]) Provides cost Directory services y Operational O i l efficiency savings Access Supports policy management Business need enforcement Remote access Regulatory Adds to competitive advantage Federation compliance Provides lifecycle Provisioning Risk management identity administration Portals/ Self-service One of the key tasks to understand is how to map the executive’s business drivers into the benefits of IdM services-and then to map them into technologies selected for deployment. As illustrated here, there are a lot of overlaps and disconnects that make the mapping difficult though not deployment here difficult, impossible. Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 20
  • 21. Identity Management HOW – IdM Services Architecture Conceptual Architecture: Provisioning p g Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 21
  • 22. Identity Management HOW – IdM S i Services A hit t Architecture Conceptual Architecture: Access Management p g Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 22
  • 23. Identity Management HOW – IdM S i Services A hit t Architecture 7 of Top 10 Control Deficiencies focus on Secure Identity Management 1. Operating System (e.g. Unix) access controls supporting financial applications or Portal not secure 2. 2 Database (e.g. Oracle) access controls supporting financial applications (e.g. SAP (e g (e g SAP, Oracle, Peoplesoft, JDE) not secure 3. Development staff can run business transactions in production 4. Large number of users with access to “super user" transactions in production g p p 5. Terminated employees or departed consultants still have access 6. Posting periods not restricted within GL application 7. Custom programs, tables & interfaces are not secured 8. Unidentified or unresolved segregation of duties issues 9. Procedures for manual processes do not exist or are not followed 10. System documentation does not match actual process Source: Ken Vander Wal, Partner, National Quality Leader, E&YISACA Sarbanes Conference, 4/6/04 Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 23
  • 24. Identity Management HOW – IdM Services Architecture Compliancy What is SOX (Sarbanes Oxley) Compliancy? Companies must regularly provide external auditors with proof of their compliance with laws and regulations. An example is the Sarbanes-Oxley (SOX) law, which applies to listed American companies and, generally, to non-US companies listed on a US Stock Exchange. h These laws and regulations may aim at preserving the integrity of financial data (case of SOX and the French Law on Financial Security). Generally, Generally compliance requires identifying risks defining control objectives in order to risks, tackle them, and deciding on control activities to attain these objectives. Finally, in view of these activities, it is necessary to prepare adequate tests to ensure that these processes exist, are applied and working effectively. These tests have two objectives. On the one hand, they are used to constantly improve the processes and to provide information to the management and external auditors. On the other hand, these tests will be used as evidence during certification to convince external auditors about the organisation’s compliance with laws and regulations. Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 24
  • 25. Identity Management HOW – IdM Services Architecture Compliancy Why SOX (Sarbanes Oxley) Compliancy? In some organisations, a large part of the risk of non-conformity to those regulations is due to inadequate identity and access management. In fact, beyond the problem of identity theft, actions made possible by wrongly assigned rights are a major source of security breaches Therefore, an Identity and Access Management (IAM) solution can be significant help in the effort to comply with these laws and regulations. Moreover, such a solution can be t ee o t co p y t t ese a s a d egu at o s o eo e , suc so ut o ca used to simply upgrade a set of existing control procedures so as to simplify or adapt to organisational changes In addition to the functions it brings in, identity and access management must show evidence of its effectiveness. This evidence must be made available in writing and on demand to an auditor, for review and archiving Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 25
  • 26. Identity Management HOW – IdM Services Architecture Compliancy SOX Reference Framework Section 404 of SOX does not specify which set of formal evaluation categories, known as “framework”, must be used in the assessment of controls over financial reporting. Specific IT control frameworks may be chosen by a company, as long as the company can convince its external auditor that its controls satisfy the requirements for effectiveness. A framework of IT control objectives that is often used in the context of SOX is the Control Objectives for information and related Technology – COBIT, issued by the IT Governance institute – ITGI (www.itgi.org ). SOX created the Public Company Accounting Oversight Board (PCAOB), a non-profit organisation, organisation to oversee auditors of public companies The PCAOB is charged with issuing companies. guidelines for auditors ion how to audit different aspects of reports, including the ones related to section 404. As long as the resulting controls satisfy the requirements set forth by the PCAOB’s auditing standard, companies can conceivably use IT control frameworks other than COBIT. Such frameworks can be the ones included in the IT Infrastructure Library – ITIL (www.itil.co.uk ) or ISO17799. Companies may also choose a proprietary control framework developed by consulting and audit firms. It is important that companies work closely with their external auditors, especially in the first rounds of SOX section 404 implementation and certification certification. Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 26
  • 27. Identity Management HOW – IdM Services Architecture Compliancy ITIL Framework You can only maintain the ITIL Framework, once you have completed Identity Services Foundation to enable compliant ITIL operations support and Services Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 27
  • 28. Identity Management HOW – IdM Services Architecture Programme of Work – Identity service 1) Agree on IdM Service strategy 2) Agree on Programme/Timeframe 3) Agree on First 12 months projects Project 1: Service Foundation – Reconciliation Process: 1 to 4 Months A. A Understanding the problem reconciliation of the main applications in relation to Employee Contractors problem, Employee, B. Understanding the problem, reconciliation of our main Customer/Business partner applications (in light of a drive to a single view of Customer) This will identify the accounts related to business Users, which in turn can be used once completed as input to Project 5 Project 2: Provisioning – Phase 1: 2 to 8 Months Project 3: Access Management – Phase 1: 3 to 9 Months Project 4: Active Directory clean-up / Re-design of AD 1 to 6 Months Project 5: Profile-Based System Access: Profile Based 6 to 9 Months Inception / Validate Approach Profile Discovery / HR Business Role Alignment Profile Lifecycle Management Governance Framework Development & Technology Road mapping 9 to 18 Months Note: Business Analyst need to be assigned to this project for defining the service elements from a business requirements perspective (IdM based BA) Date: May 18 BEA Pty Ltd - IdM : The What, Why and How? Page: 28