1 IAM Program Launch

Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications

Kickstart an IAM program with discovery of business and IT requirements

2 Agenda

• Who? Introductions.• Why? Business drivers.• What? Business processes.• Where? Integrated systems.• When? Priorities and timelines.• How? Best practices guidelines.

3 Introductions

3.1 Hitachi ID and Acme teams

Acme Hitachi ID

• name, resp• name, resp

• name, resp• name, resp

© 2018 Hitachi ID Systems, Inc. All rights reserved. 1

Slide Presentation

4 Business drivers

4.1 Examples

Security Cost Service

Audit, compliance, internalcontrols

Help desk, security admin Onboarding, changemanagement, authentication

• Complete, reliabledeactivation

• Excess, inappropriateentitlements

• Need to find, removeSoD violations

• Control access toprivileged IDs

• Stronger passwords,authentication

• Current rights, changehistory

• Password, lockout callvolumes.

• Workload to setup,change, tear downaccess.

• Frequency and cost ofaudits:

– What fraction ofadmin time is auditrelated?

• Automation replacesroutine work.

• Faster onboarding• Simpler change requests• Clear, fast approvals• Fewer passwords to

remember, type

5 Business processes

© 2018 Hitachi ID Systems, Inc. All rights reserved. 2

Slide Presentation

5.1 The user lifecycle

At a high level, the userlifecycle is essentiallythe same in allorganizations andacross all platforms.

© 2018 Hitachi ID Systems, Inc. All rights reserved. 3

Slide Presentation

5.2 Examples (part 1)

Onboard Change Support

• Employees• Contractors• Vendors• Customers• Partners• By business unit• By geography• New vs. rehire

• Identity info (name,address, etc.).

• Transfer

– Location.– Department.– Manager.

• Job function (role).• Current work changes

– Files/folders– Application logins.– Fine-grained

entitlements.

• Admin access

• Password, PIN problems• Recover HDD crypto

password• Locked out of VPN.• Access denied errors• At office vs. mobile.

5.3 Examples (part 2)

Deactivate Audit

• Building access.• Physical assets.• Network access.• Application logins.• Tombstone (rehire, audit).

• Current rights.• Change history.• Requests, approvals.• Policy violations:

– SoD– Orphan/dormant accts.– Excess/unneeded rights.– Consistently strong authentication.

• Admin activity.

6 Integrated systems

© 2018 Hitachi ID Systems, Inc. All rights reserved. 4

Slide Presentation

6.1 Examples

Integrate with enterprise apps – manual admin for smaller ones.

Primary login OS DB

• AD• LDAP• Exchange• Notes

• Windows• Unix/Linux.• OS400• OS390• Filesystem/homedir

• Oracle• MSSQL• DB2

App Network Other

• System of record (HR)?• SAP• Oracle EBS• PeopleSoft• Vertical• Custom

• VPN• Smart card• Token

• Building/badge• PC/installed image• Desk phone/VoIP• Mobile phone• Full disk encryption

7 Priorities and timelines

7.1 Incremental deployment

• Business processes change.• Infrastructure changes too (application and OS upgrades, etc.).• IAM systems link process to infrastructure• If deployment takes a long time, the delivered system will meet obsolete requirements (pointless).• Conclusion: deliver fast .• There are many possible deliverables.• Conclusion: deliver early and often .

© 2018 Hitachi ID Systems, Inc. All rights reserved. 5

Slide Presentation

7.2 Prioritize scope

IAM deployments have ever-growing scope:

• Which business processes?• Which integrations?• Which user communities?

Bu

sin

ess

pro

cess

:

Opera

tions:

Systems/applications:

Auto-create

Auto-disable

Synch

Request portal

Approvals

Access cert.

RBAC policy

SoD policy

Manual ful�llment

Manage creds

Processes:

Set password/PIN

Create/delete account

Join/leave group

Set attributes

Enable/disable acct.

Move/rename user (OU)

Create/manage homedir

Create/manage mailbox

Operations:

Client OS

Active Directory, LDAP

Unix/Linux

Exchange, Notes

Oracle, SAP ERP

VPN

RDBMS

Systems/applications

© 2018 Hitachi ID Systems, Inc. All rights reserved. 6

Slide Presentation

7.3 IAM Program Priorities Worksheet

© 2018 Hitachi ID Systems, Inc. All rights reserved. 7

Slide Presentation

8 Best practices guidelines

8.1 IAM program

Hitachi ID’s most successful customers establish an IAM program :

• Permanent staff allocation (technical + PM).• Develop + retain skills.• Deliver early and often:

– Features.– Integrations.– Policies.

Evolving business+ changing IT landscape= continuous investment.

8.2 IAM best practices

Scope Articulate objectives; manage scope creep.

Needs analysis Up front investment pays off.

Incremental Phased deployment, starting with simple deliverables.

Integrations Add several at a time to minimize disruption.

Methodology Consider formal PM tools, software development lifecycle.

Engage users Plan for user education, awareness and enrollment.

Pilot Always pilot the system before rolling out.

Measurement Identify metrics and track before and after data..

© 2018 Hitachi ID Systems, Inc. All rights reserved. 8

Slide Presentation

8.3 IAM project risks

Project Characteristics Risks

• Many stake-holders:

– Business units.– Infrastructure owners.

• Long timeline:

– Long list of functions.– Processes or integrations may be

complex.

• User impact:

– Training– Enrollment– Adoption

• Sponsors may lose interest, terminatefunding.

• Stake-holder disagreements createdelays.

• Changing requirements prevent detailed,up-front design.

• Complexity can overwhelm IT.

8.4 Mitigating risks

• Program, not project:

– This is not a new business function – just a better way to do it.– Changing processes and integrations plus complex deliverables mean that implementation will

never end.

• Deliver early and often:

– Increase visibility, credibility.– Deliverables should be backed by metrics.

• Executive sponsorship:

– Motivate stake-holders.– Resolve conflicts.– Engage all stake-holders early.

• Effective project management:

– Phased approach: design/implement/test/rollout - repeat.– Think software development lifecycle (SDLC).– Communicate success, next steps to all stake-holders.

9 Project charter

© 2018 Hitachi ID Systems, Inc. All rights reserved. 9

Slide Presentation

9.1 Rough outline

• Business drivers:

– Security– Cost– Service

• Priorities:

– Processes– Integrations– User communities

• Create an IAM program:

– Assign resources.– Budget.– Responsibilities

• Periodically update priorities

hitachi-id.com

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@hitachi-id.com

Date: 2018-02-26 | 2018-02-26 File: PRCS:pres