National ICT & Identity Strategy Managing Illegal Citizens & Identity Fraud 2016
Building an Effective Identity Management Strategy
-
Upload
netiq -
Category
Technology
-
view
1.162 -
download
1
description
Transcript of Building an Effective Identity Management Strategy
![Page 1: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/1.jpg)
Building an Effective Identity Management
Strategy
A Dark Reading Webcast A Dark Reading Webcast
Sponsored bySponsored by
![Page 2: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/2.jpg)
Today’s PresentersToday’s Presenters
Erik Sherman
Moderator
Adrian Lane
Analyst & CTO
Securosis
Rick Wagner
Director
Product Management
Identity and Access Governance
NetIQ
![Page 3: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/3.jpg)
PresentsPresents
Building an IAM Management Strategy
Building an IAM Management Strategy
Adrian Lane
![Page 4: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/4.jpg)
Objectivity DisclaimerObjectivity Disclaimer
This is a sponsored webcast, but all of the content is developed
independently and represents Securosis objective research
positions.
For more information about our Totally Transparent Research
process, visit:
https://securosis.com/about/totally-transparent-research
This is a sponsored webcast, but all of the content is developed
independently and represents Securosis objective research
positions.
For more information about our Totally Transparent Research
process, visit:
https://securosis.com/about/totally-transparent-research
![Page 5: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/5.jpg)
OutlineOutline• IAM in context
• Trends and Issues
• Deployment Strategies
• Key Questions & Recommendations
• IAM in context
• Trends and Issues
• Deployment Strategies
• Key Questions & Recommendations
![Page 6: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/6.jpg)
When IAM was easierWhen IAM was easier
![Page 7: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/7.jpg)
ProliferationProliferation
Identity & Access Management
![Page 8: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/8.jpg)
Do more with less…Do more with less…
![Page 9: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/9.jpg)
The Cloud…The Cloud…
![Page 10: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/10.jpg)
…has many faces……has many faces…
![Page 11: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/11.jpg)
…and many characteristics…and many characteristics
![Page 12: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/12.jpg)
And let’s not forget mobile identity…
And let’s not forget mobile identity…
![Page 13: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/13.jpg)
What’s changed?What’s changed?
• External cloud services forever alters IAM – forces changes
• Both customers & employees using internal & external resources
• Constant pressure to do more with less has IT ops looking for streamlined solutions
• These changes make it very difficult to manage identity & authorization across the enterprise
• External cloud services forever alters IAM – forces changes
• Both customers & employees using internal & external resources
• Constant pressure to do more with less has IT ops looking for streamlined solutions
• These changes make it very difficult to manage identity & authorization across the enterprise
![Page 14: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/14.jpg)
Which is another way to say you have more
to do, in a more complex environment,
so you’d better automate!
Which is another way to say you have more
to do, in a more complex environment,
so you’d better automate!
![Page 15: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/15.jpg)
Exactly OppositeExactly Opposite
• Need to distribute policy decisions & enforcement
• Need to centralize management
• Need to distribute policy decisions & enforcement
• Need to centralize management
![Page 16: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/16.jpg)
Terms and DefinitionsTerms and Definitions
![Page 17: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/17.jpg)
ConceptsConcepts
![Page 18: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/18.jpg)
Federation and IdentityFederation and Identity
![Page 19: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/19.jpg)
Authorization and Access Management
Authorization and Access Management
Policy Decision
Point
(PDP)
Determines the Rules
Policy Decision
Point
(PDP)
Determines the Rules
Policy
Enforcement Point
(PEP)
Enforces the Rules
Policy
Enforcement Point
(PEP)
Enforces the Rules
![Page 20: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/20.jpg)
What is your
strategy?
What is your
strategy?
![Page 21: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/21.jpg)
Deployment StrategiesDeployment Strategies
• Replication Model
• Federation Model
• Emerging Hybrids
• Replication Model
• Federation Model
• Emerging Hybrids
![Page 22: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/22.jpg)
Replication & SynchronizationReplication & Synchronization
In-house
Remote
Web Services HR
Partner Services Off-site BackupDocument Management
Financial Systems
Directory Services
![Page 23: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/23.jpg)
Federation Federation
In-house
Remote
Internal User
Software as a Service
Un-approved userApproved User
Directory Services
Federation
Extensions
![Page 24: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/24.jpg)
HybridsHybrids
In-house
Web Services HR
Identity As A Service
SAML
IaaS Provider
Financial Systems
Directory Services
Federation
Extensions
SPML
XACML
SCIM
Vendor API
Cloud
![Page 25: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/25.jpg)
InterfacesInterfaces
Service Providers
Identity / Attribute Providers
Central BrokerProxy or Repository
Service Providers
Identity / Attribute Providers
![Page 26: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/26.jpg)
Quick Word on IAM StandardsQuick Word on IAM Standards
![Page 27: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/27.jpg)
Key Identity Management Questions
Key Identity Management Questions
• How do we manage user accounts across multiple internal/external apps?
• Do we replicate directory services?
• How do we deal with cloud provider identity management & interfaces?
• How do we link internal & external functions?
• How do we manage user accounts across multiple internal/external apps?
• Do we replicate directory services?
• How do we deal with cloud provider identity management & interfaces?
• How do we link internal & external functions?
![Page 28: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/28.jpg)
Key Access Management Questions
Key Access Management Questions• How do we integrate with internal apps? Cloud
apps? Mobile apps?
• How do we enforce policy?
• Do we have granular controls?
• Where do authorization maps reside?
• Who initiates authorization requests?
• How do we integrate with internal apps? Cloud apps? Mobile apps?
• How do we enforce policy?
• Do we have granular controls?
• Where do authorization maps reside?
• Who initiates authorization requests?
![Page 29: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/29.jpg)
ProvisioningProvisioning
Courtesy of Axiomatics
![Page 30: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/30.jpg)
Key Provisioning QuestionsKey Provisioning Questions
• User registration & identity propagation
• Account revocation
• Identity Management
• De-provisioning
• Auditing
• User registration & identity propagation
• Account revocation
• Identity Management
• De-provisioning
• Auditing
![Page 31: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/31.jpg)
RecommendationsRecommendations• Centralized management framework
• Leverage models that work for cloud and local
• No one ‘right’ strategy for all customers
• Select model that maximizes automation
• Understand that management and storage is likely shared responsibility
• Centralized management framework
• Leverage models that work for cloud and local
• No one ‘right’ strategy for all customers
• Select model that maximizes automation
• Understand that management and storage is likely shared responsibility
![Page 32: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/32.jpg)
IAM RecommendationsIAM Recommendations
• Use Federated Identity to authenticate locally and authorize remotely
• Define authoritative sources for policies – often HR instead of standard directory services
• Determine if providers supports roles and attributes
• Use Federated Identity to authenticate locally and authorize remotely
• Define authoritative sources for policies – often HR instead of standard directory services
• Determine if providers supports roles and attributes
![Page 34: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/34.jpg)
Building an IAM Management StrategyUsing NetIQ Identity & Access Governance Products
Rick Wagner
Director, Product Management
![Page 35: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/35.jpg)
© 2012 NetIQ Corporation. All rights reserved.36
Elements of Identity
- Who/What are you?- Name, location, etc.
- Roles/Privilege- Title, Manager, etc.
- Relationship to business- Employee, Contractor, etc.
Key Elements of “Access” – the VerbRight People, Right Access, Right Time, Right Business Purpose
![Page 36: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/36.jpg)
© 2012 NetIQ Corporation. All rights reserved.37
Access is a Relationship
- Applications
- Systems
- Data
- Resources
- Physical Facilities
Key Elements of “Access” – the VerbRight People, Right Access, Right Time, Right Business Purpose
![Page 37: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/37.jpg)
© 2012 NetIQ Corporation. All rights reserved.38
Key Elements of “Access” – the VerbRight People, Right Access, Right Time, Right Business Purpose
Access Utilization
-Is activity aligned to roles and policy
-Orphans, dormant access and entitlement creep
-Privileged access control
-Distinguish attacker from insider activity
![Page 38: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/38.jpg)
© 2012 NetIQ Corporation. All rights reserved.39
Right Access Requires Proper ContextWhat, Where, Why and When add critical value to the Who
Who has access to what?
Where is the access originating
from?
When was the access granted?
Is the access appropriate?
What is being
accessed?
Why was the access granted?
![Page 39: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/39.jpg)
© 2012 NetIQ Corporation. All rights reserved.40
Flexible Manageable
What is “Right” Varies By OrganizationMoving at the speed of business vs. mitigating business risks
![Page 40: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/40.jpg)
© 2012 NetIQ Corporation. All rights reserved.41
What Are Your Priorities and Needs?Modular, Integrated Solutions – Start Where Your Need is Greatest
FlexibilityManageability
Key Capabilities To Deliver Business Centric Access
Access Fulfillment
Access Authorization
Access Monitoring
Access Certification Access Request
Access Administration
Single Sign-on User Authentication
Authorization Enforcement
Dashboards, Risks & Trends
Security & Activity Intelligence
Forensic Analytics & Reporting
Delegated Administration
Privileged Access
Management
Log Management Reporting
![Page 41: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/41.jpg)
© 2012 NetIQ Corporation. All rights reserved.42
Identity Management Market
Identity Management / User ProvisioningIdentity Management / User Provisioning
Access GovernanceAccess Governance
Driven by IT
Driven by the business
• Improve operational efficiency• Automated on boarding / off boarding• User management / self-service
• Security and Compliance• Automated policy enforcement• Reporting
2002 2004 2006 2008 2010 2012 2014
• Improved user interface• Simplified interface for non-IT business users• Quick time to value – aggregation vs. integration
• Access certification to achieve compliance objectives• Immediate business need
Identity Administration
andGovernance
![Page 42: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/42.jpg)
© 2012 NetIQ Corporation. All rights reserved.43
Identity Administration & Governance2012 2013 2014 2015 2016
Industry leading provisioning•Manual•Semi-automated•Fully automated
Access governance•Access certification•Access request•Role management•Risk monitoring
On-demand Anomaly Detection•Continuous compliance•Dynamic transparency
Identity Intelligence•Information you need, when you need it to make better business decisions
Identity Administration & Governance
Identity Administration & Governance
![Page 43: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/43.jpg)
© 2012 NetIQ Corporation. All rights reserved.44
The Evolving Marketplace
Identity Intelligence and Business Visibility
![Page 44: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/44.jpg)
© 2012 NetIQ Corporation. All rights reserved.45
Identity Intelligence
36036000 View View of Identity of Identity
and and AccessAccess
![Page 45: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/45.jpg)
© 2012 NetIQ Corporation. All rights reserved.46
Nearly 7,000 Customers
![Page 46: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/46.jpg)
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
Copyright © 2013 NetIQ Corporation. All rights reserved.
ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other countries.
![Page 47: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/47.jpg)
Q&AQ&A
Erik Sherman
Moderator
Adrian Lane
Analyst & CTO
Securosis
Rick Wagner
Director
Product Management
Identity and Access Governance
NetIQ
![Page 48: Building an Effective Identity Management Strategy](https://reader034.fdocuments.in/reader034/viewer/2022052505/55565c08d8b42a144c8b46a4/html5/thumbnails/48.jpg)
© 2012 NetIQ Corporation. All rights reserved.49
Learn More at www.netiq.com
• Access informative white papers:
– “Navigate the Future of Identity and Access Management,” by Eve Maler, Forrester Research
– http://bit.ly/SPXWKI
– “Identity and Access Governance – Bringing IT and Business Together,” NetIQ
– http://bit.ly/VFWPv6
• Continue the conversation!
– Twitter.com/NetIQ
– Linkedin.com/company/NetIQ
49