This document discusses common flaws in identity management and how to avoid them. It identifies three main flaws: 1) failing to properly de-provision employee access when they leave, 2) lacking centralized identity management across platforms, and 3) having no secure method of delegating privileges. To address these flaws, the document recommends tightly integrating identity management with HR, leveraging centralized directory services, reducing the number of administrators and more tightly controlling privileges, and automating workflows. It also provides two case studies of companies that implemented identity management solutions to help streamline administration, improve security and compliance, and reduce costs and vulnerabilities.

1. Flaws in Identity Management and How to Avoid Them Haf Saba Senior Solutions Specialist, NetIQ, Asia-Pacific July 2010

2. Security in Identity Management Flaws IAM as an enabler Case Studies Agenda

3. Security as it relates to Identity Management 3

4. The Issue: Remove the employee, but neglect their access and equipment Need to Integrate with Human Resources Tight integration ensures faster response Automated workflows are the safest approach Must ensure best practices are followed: Remove access If access is maintained, monitor closely Ensure all accounts are dealt with Watch for shared accounts Be prepared to raise level of activity monitoring Flaw #1 - Employee De-provisioning 4

5. The Issue: Too many independent platforms with their own unique access Flaw #2 – Lack of Centralised Identity Management Leverage Active Directory 5

7. Reduce inconsistency

8. Reduce vulnerabilities

9. Consolidate access controls at the directory service

10. Consistent security and configuration policies

12. Excessive numbers of Admins remains a common audit finding Records stolen are via credentials that were: Default Shared Stolen Flaw #3 - No Secure Privilege DelegationToo many admins, too little control 8 “Out of date and/or excessive privileged and access control rights for users are viewed as having the most financial impact on organisations.” – IDC Insider Risk Management August 2009

13. Centralised IAM in the Real World COMPLIANCE Audit & Report IncreaseControl Active Directory ESX Detect & Resolve Incidents Mac Unix Linux Windows Decrease Workload

14. Company Snapshot Growing company Manage thousands of servers in over 2900 locations Face many compliance mandates Key Challenges Consolidate vendors & securely administer Active Directory Too many vendors providing point solutions Had problems with integrity of their billing (per user) High turnover in their admin positions NetIQ identifies the need Achieve and maintain regulatory compliance Streamline administration while enforcing security controls Quickly perform forensics analysis when a problem occurs “Minimize self-inflicted wounds” Case Study #1Managed IT Service Provider for Fortune 1000 Companies

15. Company Snapshot Focus on defense, homeland security and other markets 73,000 employees globally COMPLEX environment (70 domain controllers in the U.S alone, 700 GPOs, 23 AD Sites, 105k Computer Objects, 80k user accounts, 25k Groups and 100 Administrators) Key Challenges Lower costs of administering and securing Active Directory and Group Policy Improve Security and Compliance of the AD and Group Policy environments NetIQ identifies the need Achieve efficiencies through delegation and automation Improve security by reducing privileges and controlling Group Policy management Meet compliance through auditing and reporting Case Study #2Technology and Innovation Government Contractor

16. Abuse and misuse of privilege is a risk Reduce risk by securely managing the identity Automate provisioning and de-provisioning Consolidate identity management Reduce unnecessary administrative privilege Integrate identity management and security Stop by our booth for more information! Summary 12

17. Thank You! For information on NetIQ’s Identity Management solutions visit www.netiq.com