IBM Security solution provides a comprehensive portfolio of security products and services including identity and access management, data security, application security, infrastructure security, security intelligence and analytics. The IBM Security Framework describes security issues from a business perspective and provides a product-agnostic view of security based on standards and principles. The IBM Security Blueprint maps the framework to IBM's security capabilities, offerings, platforms and components to provide integrated security solutions.

1. IBM Security solution
En arkitektonisk vy av en ledande
och dynamisk IT-säkerhetsportfölj
IBM Security Solutions
Sven-Erik Vestergaard
Nordic Security Architect
svest@dk.ibm.com

2. Agenda
•
• IBM Trends
• IBM Framework and Blueprint
• Mapping architecture to real life
• Summary

3. Trends impacting Identity and Access
IBM
H C R U6
IBM

4. IBM Security Framework
IBM Security: Improving service,
managing risk and reducing cost
of Security without compromise
–15,000 researchers, developers and
SMEs on security initiatives
–3,000+ security & risk management
patents
–40+ years of proven success
securing the zSeries environment
–Already managing more than 7B
security events per day for clients
–IBM Security Framework, Security
Blueprint
Security acquisitions:
DASCOM
4

5. IBM’s Approach
IBM Security IBM Security IBM Capabilities
Framework Blueprint & Offerings
Business View Technical View Solution Architecture View
Foundational Security Common Security
Security Domains Platforms Components Configurations
Mgmt Services Infrastructure features
Issues & Drivers Standards & principles Technologies and Practices
Describes security issues Describes a product agnostic Catalogs of integrated products,
from a business view of security, based on services and solutions
perspective. client experience and common
standards and principles
Client External Best Practices / RedBooks / Solution Product
Guidance /
Briefings White Papers, standards /
RedGuides Architectures Documentation
industry frameworks

6. The IBM Security Blueprint “Component Level”

7. Foundational security controls closed loop

8. People and Identity

10. Delivering Policy Driven Identity and Access Governance
Applications
Entitlement
Application Roles
People
IAM Governance
using Policy
Business
Roles Users Management
Data
Unstructured Data
Structured Data
Monitoring
User activity monitoring and conformance to policy and regulations
Visibility of user identities, their roles and entitlements to applications and data
Control of role definition and user’s assignment to roles and entitlements – governance and
enforcement
Automation of user provisioning, access recertification and policy distribution

11. Controls have to be applied within a Business context
• Policy driven governance
• Context aware access control
• Identity aware
• content aware
• transaction aware
• Business driven IAM Governance
• Empower people, enable collaboration
• Business personas factored into lifecycle
• Enable users, administrators, line of business owners
and application owners
• Security rendered as a service
• integration with business applications
• Interoperability through open standards
11

12. Improve security and compliance readiness through automated
security policy enforcement, audit, and reporting
30% or more of all Accounts
accounts are ‘orphans’ jcd0895
Gartner Group jdoe03
Sarah_s4
Business
nbody Applications
John C. Doe
1
Authoritative
Identity Source TIM Trusted Eliminate orphan
(Human Resources, Identity accounts
Customer Master, etc.) Store
Sarah K. Smith ackerh05
3
Audit Reports 2 doej Cisco
Secure
Compare local smiths17 ACS
privileges to policy
Tivoli Identity
Manager
Policies and
Approvals Flag/Alert/Correct/Suspend

13. IBM has the standard components and solutions
supporting NemID - login in Denmark
Tivoli Federated
Identity Manager
Customer, Employee,
Partner etc. Validating Tivoli Access
Login via
Manager
3.part (example login with
Nem-login) Idp Control of Business
access right systems
and creation MOSS/Portal
of user etc
Direct login Validating context
via customers identities
CBT
Customers solution
DanID digital IBM standard
signature component
3. part (evt. IBM)

14. Role Management
• User:
– the entity requesting access to a resource
– Ex: John Smith, AppXYZ
• Resource:
– Ex: app, data base, table, etc.
• Entitlement: Mgr Soc Job
– a permission to access a particular resource
– Ex: open table, read record, write record
• Business role:
– a logical collection of users performing a
App1 App2 App3
similar business function
– Ex: Mgr, Soc, Job
• Application role:
– a logical collection of entitlements needed to Entitlements
perform a particular task
14

15. Example
Classification based access control policies
Swedish [City]
Policy Definition:
All documents classified as ‘Daily Treatment
Lokal [Hospital]
Daily treatment Records’ are accessible to the Duty Doctors.
records
Svensson [Patient]
Application Role Resource
EHR [EHR]
Classification
Action
Duty Doctor
Imagine:
Tivoli Security Policy Manager:
Each admitted patient is assigned to a doctor
who has access to all his health-records and Classification based policies help enforcing access
control policies on document stored across multiple
treatment records. Duty Doctors can treat the folders.
patient while they are on official duty for that
day. They need access ‘Daily Treatment
Records’ to treat the patient. If only there was a
mechanism which automatically grants and
revokes access to ‘daily treatment records’
these duty doctors!

16. IBM SIEM methodology converts audit logs from various
sources to an easy to understand language, reducing
management and increasing insight
Windows zOS AIX Oracle SAP ISS Firewall 1 Exchange IIS TAMe
Translate logs to “Common format”
“W7”
7 W’s of Investigation
Who did What type of action on What?
When did they do it and Where,
From Where and Where To?
View this data via a graphical enterprise compliance dashboard
Reduce the need for skilled staff
Ensure you see the complete audit trail
Produce reports auditors can understand

17. IBM Security Pattern
Desktop/Client Security Policy
Connection Repository
HTTP (incl. SOAP/
HTTP) Connection Identity Repository
Admin User
Web Services (Person & Account)
Connection User Self-
Admin.
service Identity
Tivoli Identity Manager (TIM) Synchronisation
Workflow & Lifecycle
Tivoli Access Manager for e-business (TAMeb) Entitlement Policy Identity HR
Store System
Tivoli Federated Identity Manager (TFIM) Auditor
Provisioning Engine
Management Domain
Tivoli Security Policy Manager (TSPM)
Tivoli Access Manager for Enterprise Single Signon (TAM E-SSO) SSO WS Fed Web
Policy Policy SSO Policy
Tivoli Compliance Insight Manager (TCIM) Mgmt Mgmt Conf. Mgmt
Admin(s)
Policy
Enforce
Web
App
Web
Consumer
App
Web
Internet App
Other Employee/
FedSSO Apps Staff
A&A FedSSO
A&A
WS ESB
Business
Gateway (SOA) Windows
Windows
Windows
Apps
Policy Apps
Apps
Identity
Enforce Mapping Enterprise
Dir
Audit Log Consolidation
Audit Policy Compliance Reporting
Auditor Auditor

18. These capabilities provide you with end-to-end IAM governance
Planning
Modeling
Business driven planning Process integration
Role management/modeling/mining
offering (planned)
Policy driven
governance;
Identity Access and Entitlements
Management
Process
User lifecycle integration Policy driven Entitlements
Privileged Identity Mgmt Data and application entitlements
Role management
Tivoli Access Manager
Tivoli Identity Manager (TIM) Tivoli Security Policy Manager
Privileged Identity - for SOA,
Compliance and monitoring
Management - for Application Entitlements
Compliance reports
User activity monitoring
Tivoli Security Information and Event Manager

19. Our strategy?: Be comprehensive
Professional Services
Security Governance, Risk and Security Information and Event
GRC
GRC Compliance Management (SIEM) & Log Management
Managed Services
Products Identity & Access
Identity Management Access Management
Management
Cloud Delivered
Data Loss Prevention Data Entitlement
Data Security Management
Encryption & Key
Lifecycle Management Messaging Security
E-mail
Database Monitoring
Security Data Masking
& Protection
Application Web Application
Application Security
Vulnerability Scanning Firewall
Access & Entitlement
Web / URL Filtering SOA Security
Management
Infrastructure Vulnerability Virtual System
Endpoint Protection
Security Assessment Security
Threat Security Event Managed Intrusion Prevention
Analysis Management Mobility Svcs System
Firewall, IDS/IPS Mainframe Security Audit, Security Configuration
MFS Management Admin & Compliance & Patch Management
Physical Security

20. IBM has a unique perspective on security
Trusted Advisor Security Company Solution Provider The Company
Helping customers A leading provider of A leading provider of 400,000 employees
to build smarter cities, software and services software and hardware across 130 countries with
smarter grids, new data across a vast array of solutions around private data to protect.
centers, trusted passport security product and the world.
systems and more. services segments.
IBM Security Solutions in 2011
20