Deep Identity Solution Overview - CC 14Apr2016

7/26/2019 Deep Identity Solution Overview - CC 14Apr2016

1/66

Deep Identity - Solution OverviChrister Cruz | Sales Consulting Manager


2/66

Agenda:

Industry Trends & Challenges

Business Challenges

Solution Overview

Business Benefits of Implemen

Solutions First Look @ New V5 User

Competitive Differentiator


3/66

Market Trends:

1. Growing Market Security Awareness

2. Regulatory Pressure


4/66

WHERE IT SECURITY BUDGET

Advanced Persistent T

Endpoint Security & M

Network Security Email Security

Mobile Security

..

Trend #1: Increased IT

Spending & Focus on

the wrong risks

BUDGET 2013/2014

Medium & Large

Enterprises

REALITY CH

94% against servers

66% of sensitive data

96% Non-compliance

5% Privilege Misuse

32% of Hacking invologin credentials


5/66

Trend #2: Employees and

contractors are the most cited

source of vulnerabilities

85%


6/66

Trend #3:

The use and amount of

data in enterprises has

increased exponentially


7/66

Top spending priorities over the next 12

months

Key findings from The Global State of

Information Security Survey 2015


8/66

Business Challenges


9/66

Identity and Access Management Challenges

How to request a change? Who must approve the change?

When will the change be completed?

Too many passwords.

Too many login prompts.

For USERS


10/66


Onboarding, deactivation, transfer across many apps is challeng More apps all the time!

What data is trustworthy and what is obsolete?

Not notified of new-hires/terminations on time.

Hard to interpret end user requests.

Who can request, who should authorize changes? What entitlements are appropriate for each user?

The problems increase as scope grows from internal to external.

Complexity of Managing User Profiles across various/siloed appl

For IT Operations


11/66


Need temporary access (e.g. prod migration). Half the code in every new app is the same:

Identify.

Authenticate.

Authorize.

Audit.

Manage the above.

Mistakes in this infrastructure create security holes.

For Developers..


12/66


Orphan, dormant accounts. Too many people with privileged access.

Static admin, service passwords a security risk.

Weak password, password-reset processes.

Inappropriate, outdated entitlements.

Who owns ID X on system Y?

Who approved entitlement W on system Z?

Limited/unreliable audit logs in apps.

For Security, Risk, and Audit..


13/66

Business Drivers


14/66

Business Drivers for IAM

Security andControls

Reliabledeactivation.

StrongAuthentication.

Appropriatesecurity

entitlements

RegulatoryCompliance

BSP 808, PDPA,BSP IdentityTheft Memo,

PCI-DSS, SOX,HIPAA, EUPrivacy

Directive, etc. Audit User

Access Rights

IT Support Costs

Helpdesk CallVolume

Time/Effort tomanage accessrights.

Service /

Faster OnBoarding

SimplerRequest /Approvalprocess

Reduce bof too malogin proand pass


15/66

Business Drivers for IAM

Appropriate access rights. Timely access termination. Effective authentication.


16/66

How do we get started?


17/66

Getting an IAM Project started.

Build a business case. Get management sponsorship and a budget.

Discovery phase, capture detailed requirements.

Assemble a project team:

security

system administration user support

etc.

Try before you buy: Demos, POCs, Live Demo.

IAM Solution Discovery and Roadmap Discussion.

Plan of attack.value based selling


18/66

Identity and Data Governance


19/66

Identity and Access Management 101

Identity Managementprocess for managing the entire life cycle of

digital identities, including the profiles ofpeople, systems, and services

Access Managementis the process of regulating access to information

assets by providing a policy-based control of who

can use a specific system based on anindividual's role and the current role's permissions and

restrictions

IAM

Provisioning

Report and AudReconcile

De-Provision


20/66

Goal of Identity and Access Management


21/66

IT Security Basics

Employee

Partners

Customers

Suppliers

Anyone

Cloud Applications

On-premise Applications

Databases

Folders

Cloud Storage

Portals

Whos who , Whats What & Who has access to What

ACCESS ACCESS

ENTITLEMENT CATALOG


22/66

Who is Deep Identity?


23/66


A niche IT Security Technology vendor based and 100% owned i

Comprehensive and completely automated solutions for Identity aGovernance solution.

Offer a comprehensive and unique solutions built based on layerto address Identity Governance & Administration, and UnstructureGovernance

Part of Temasek Group, subsidiary of Trusted Source Pte Ltd.

Identity Governance. Optimized.


24/66



25/66

Our Customers in Singapore


26/66

Analyst View

Gartner in its Dec 2013 MQ report says Deep

Identity remains the only IGA product vendor

Gartner has identified that is headquartered inthe Asia/Pacific region.

Kuppingercole in the Aprisays that The Innovators

contains only one vendor

They are rather innovativerespect to some Identity Pfeatures.

/


27/66

Access Control/Governance for SAP Environm

INNOVATION LEADER


28/66

Accreditation @ IDA

What this mean to Deep Identity:

Green lane - The Government procurement process has bestreamlined to allow accredited companies to be consideredGovernment agencies.

Increase the visibility of accredited companies

Match government lead demand with innovative supply.

http://www.ida.gov.sg/Collaboration-and-Initiatives/Initiatives/Store/Accreditation-IDA


29/66

Solution Overview

Wh t ff t d


30/66

What we offer today

Comprehensive Identity & Data Governance

Solution:

Identity Audit & Compliance Manager

Identity Manager

Data Governance Manager

Privilege Identity Manager



31/66

Identity Audit & Compliance ManagerDeep IACM

Comprehensive Layered Approach to address Identity

& Access Governance Automatic Detection & Notification of Violation

User & Role Attestation

Compliance Management

Workflow

Risk Scoring Reporting & Analytics

Three Phased Attestation


32/66

Three Phased Attestation

Comprehensive attestation (User & Role Access Certificapproach, IACM provides capability to implement 3 phasattestation process as below:

Self-service Attestation

Attestation by Manager/Group/Department

Attestation by Endpoint Systems

Enables organization to implement review of user accesstructural manner and with complete coverage and visib

Side-Benefits


33/66

Side Benefits.

Security aspect is one thing.

Types of Reports:

Last Login

Last Password Change

How many functions / modules they are using?



34/66

Identity Audit & Compliance ManagerDeep IACM

Comprehensive Layered Approach to address Identity &

Access Governance Automatic Detection & Notification of Violation

User & Role Attestation


Workflow

Risk Scoring

Reporting & Analytics



35/66


IACM provides out-of -the box policy templates for enterprises to pcompliance check. Such checks include:

Separation of duties (SoD) Within a particular systems and across system User Compliance & Sensitive Access Password Compliance Unauthorized user/groups assignments

Risk scoring includes the ability to automatically assign risk

typicmedium and high.

Complex risk scoring is based on user role assignment, user behacompliance violations.

Compliance Lifecycle


36/66

Compliance Lifecycle



37/66

Across All

SAP Modules

& Environment

Across SAP

& third party

Applications

Compliance ManagementIntegrated SoD & GRC Solutions

Support

Cloud-based

Applications

Identity Manager


38/66

y g

Deep IM

Provisioning / de-provisioning, transfer

Password Management Access Request Management

Data Synchronization/Replication

Self-service:

Registration Profile Administration

Password Reset/Account Unlock

Self-service Attestation

Identity Manager


39/66

Identity Portal for iOS and Android Phones

Identity Manager


40/66

Identity Portal for iOS and Android Phones



41/66

Deep DGM

Data discovery and profiling Identify in-active, orphan, duplicate, & sensitive files

Data Access Request Management Create folder (and assign users to folder)

Attestation for Data Access

Analytics & Dashboard



42/66

Architecture

Privilege Identity Manager


43/66

Deep PIM

Privilege Access Request

Privilege Command Manager (UNIX)

Secure Desktop Connection Manager

Session Recording & Logging

Video Logging

Keystroke Logging

Privilege Identity ManagerD PIM


44/66

Deep PIM


45/66

Architecture

Solution Architecture


46/66

VM / Deployment Architecture


47/66

p y

Security Architecture


48/66

y


49/66

Business Benefits

Positioning (Use Case)


50/66

g ( )

Business Problem:

Customers current system setup cant offer an unified user identity management for different target sneed to do the management such as user creation, checking, password reset, and generating reportsindividually in different systems. Its time consuming, and affecting the operational efficiency.

Challenges:User management provision and reconciliation are independent for different target systems and applic

time consuming for the unified user management.Provide the visibility of the current and existing user profiles.

Provide a centralized repository of users being provisioned upon.Compliance reporting functionality cant generate compliance-driven reports.

Business Benefits:


51/66

Deep Identity understands the current tedious, and labour-intensive manual process for prprovisioning of employees - which are time-consuming, costly and can be prone to error.

These manual processes generally result in loss of productivity, lack of audit trail, and cou

security risk to our customer.

Key Focus Areas Benefits

User Provisioning and Attestation Have centralized and automated application which will perform the provireview tasks, thus simplifies user administration and provides security fo

User Tracking Have centralized application which will be able to present current and ex

respective access to different target systems.

Compliance Reports Have a tool which will be able to generate compliance-driven reports, mreporting needs. Comply with SoD and GRC regulations.

User Management (Privilege) and Access Have a centralized repository which will store all users information to offor systems with this centralized user repository as the basis of authoriza

We are here to help..


52/66

Establish realistic and achievable business value expectations

IAM program (Business Requirements and Business CaseDevelopment)

1. The risk and compliance driven business case.

2. The operational effectiveness or cost savings driven business case.

3. The business enablement driven business case.

We are here to help..


53/66

Strategic Approach to crafting an IAM Business Case

Current state assessment; capability maturity; IAM maturity modeassessment report

Summary of Benefits (High Level)


54/66

EnhancedSecurity

Systematic clean-up of unauthorizedaccounts

Enforcement ofSegregation ofDuties policies,

within and acrossapplications

Enhanced UserExperience

Self-service webportal to view selfaccess rights,request for a newaccess right, createa new group, etc.

Email notificationswhenever there isany actionsrequired

IncreasedProductivity

Default systemaccess to be givento new joiners onDay One

Reducedturnaround time

to provision newaccess uponrequest

ImproveEfficienc

Staff spenditime on admroutines(estimated$60,000 softsavings per y


55/66

Competition & Differentiator

Know your Competition


56/66

Big Boys Cloud Players

IBM

CA Technologies

Novell

Oracle

Dell

Okta

ForgeRock

Niche Players

Sailpoint

Aveksa

Courion

CrossIdeas

Data Governance Player

Varonis

Stealthbits

Compliance/GRC Player

SAP GRC

Archer

Competitive Differentiator


57/66

Value Add/Differentiator

Features and functionality against leaders in the market

Total Cost of Ownerships


58/66

TCO and

Investment Value over

3-5 Years

Professional

Services

Software License

Hardware

Value for Money


59/66

V5 First Look & Roadmap

Product Roadmap


60/66

Integrated Identity, Access & Data Governance Suite (V5)

IdentityGovernance& Administration

AccessManagement

Data Governance

Identity Audit &Compliance

Manager

IdentityManager

PrivilegeIdentityManager

WebSingle

Sign-On

XACML/ABACEntitlementServer

Deep IdentityTACACS+

DataGovernance

Manager

DataCrawler


61/66

Connectors Roadmap

DI Connectors


62/66

OS DBData storage

devices Mail/collab systems ERP PortalsCLOUD/Third Party

IntegrationDIRECTORIES Cloud Appli

AD

AD Cloud Sync

Password Filter

Generic LDAP

V2&V3

Win

Unix

Telnet/SSH

IBM

AS/400IBM Z/OS

FTP

Exchg Server

LNS Domino

Google Usr

Mgmt.

MS SQL

Oracle

My SQL

DB App Table

SharePoint IBM WebSphere

MQ

Web Services/API

SPML

SCIM

Windows

EMC

SharePoint

Server

SAP Usr Mgmt

SAP EP

Oracle

eBusiness Suit

Office 36

Google U

Mgmt

Salesforce

Mgmt.

Oracle

PeopleSoft Usr

Mgmt.

1. AD

2. LNS

3. SAP EP

4. SAP User Management

5. SAP HRMS

6. Windows

7. Unix

8. MS SQL

9. Oracle 11g/12c

10. Exchange server

11. ERP > Oracle eBusiness Suit

12. ERP> Oracle people soft user management

13. HRMS > Oracle PeopleSoft

14. HRMS > Oracle eBusiness suit user management


63/66

Summary

Integrated Identity & Data Governance Solutio


64/66

Complete

- Supports both On-Premiseand Cloud App and Infra

- Internet of Things (IoT)

Automated & I

- End-to-end A- OOB Integra

Lightweight

- Most Lightweight Solution & Lower TCO

- Agentless

Call to Action.


65/66

Technical Deep-Dive with Pre-Sales Team Product Positioning / Licensing / Support

Nominate Accounts


66/66

THANK YOU!

Deep Identity Solution Overview - CC 14Apr2016

Documents

Transcript of Deep Identity Solution Overview - CC 14Apr2016