PIV Card based Identity Assurance in Sun Ray and IDM environment
IDENTITY ACCESS MANAGEMENT – PHASE 0 – IDM REPLACEMENT December 5, 2013.
-
Upload
abraham-richard -
Category
Documents
-
view
216 -
download
3
Transcript of IDENTITY ACCESS MANAGEMENT – PHASE 0 – IDM REPLACEMENT December 5, 2013.
IDENTITY ACCESS MANAGEMENT – PHASE 0 – IDM REPLACEMENT
December 5, 2013
Executive Summary
• Identity Access Management (IAM)* solution will be end-of-life in Dec 2013– Current solution deployed in 2004
– Oracle has sunset the solution in favor of its own product – no upgrade path available
• Significant risk associated with having a production IDM solution that is not supported by the vendor– External facing for key functions such as password resets
– Critical platform for security & compliance
• Solution replacement is required to stay on supported and secure technology
2
*Lighthouse Waveset Identity Manager, formally Sun and then Oracle
Business Problem:
3
Proposed Solution
Financial Summary -Phase 0
4
Project Costs Funding by Fiscal Year (Project Costs)Software/ Hardware: $575,000 FY13 $94,581
Assessment: $94,581 FY14 $449,656
Internal Labor: $381,824 FY15 $1,262,147
External Labor $754,979 TOTAL $1,806,384
Misc./Other: $0TOTAL $1,806,384
Depreciation: $1,521,659
Ongoing costs: $700,300
Expense 16%, Capital 84%
NOTE: Maintenance costs for the software are will remain relatively flat (i.e. what is paid today for IDM is similar).
5
Benefits• Cost Reduction / Avoidance
Avoidance of enhancements on end of life solution, throwaway customizations – required if project is delayed (~$1.3M annually)
Enhancements become less expensive, as software is more easily configured (vs. customized)
Decreased costs for integration with other applications (for provisioning)- not custom connectors for every deployment
• Risk Mitigation IDM is critical to the business – user management, password resets etc for ANY
person accessing a major SPE system – current supported SW is mandatory Prevents and protects against security and vulnerability findings such as
• Java and other technology versions
• External facing issues requiring remediation of critical vulnerabilities in 1-3 calendar days
6
Competitive Analysis
• The most popular IAM solutions other corporations have chosen are:– SailPoint– Oracle– CA– NetIQ– Microsoft
• Recent studios implemented the following: Paramount Pictures –Microsoft and Disney -CA
• Other SailPoint customers: RBS, BNP Paribas, Fidelity, Wellpoint, Bank of America, JP Morgan Chase, MGM Resorts, Cardinal Health, Adobe, ING DIRECT, Sallie Mae, OfficeMax, Exxon Mobil, UBS, UPS, Travelers, New York Life
7
Timeline- Phase 0
Nov ’13 Dec‘13 Jan’14 Feb ’14
March ’14
April ’14
May ’14
June ’14
July ’14
Aug ’14
Sept ’14
Oct ’14
Nov ’14
Dec ’14
FY2015FY2014
Project GreenlightProject Kickoff
Greenlight Prep
Planning /Blueprint
Solution Architecture & Design
Implementation
Hypercare
8
SailPoint IdentityIQ (IIQ) has been chosen as the replacement for the current IDM Lighthouse Waveset Identity Manager existing solution.
The IIQ Base Product includes the following:• Identity Governance Platform – Identity Warehouse (aggregation and
correlation engine); Generally available connectors to support 3rd party software applications, databases and platforms; Role Modeler; Policy Catalog; Risk Analyzer
• Identity Intelligence – Dashboards, Reporting, Advanced Analytics• Unlimited instances for development, test, and high availability
environments as needed to support the production instanceIn addition, the following IIQ Modules are add-on Modules to the Base Product and are in scope for Phase 0:• IdentityIQ Lifecycle Manager Module- Self-service Access Request and
Password Management, Automated Lifecycle Event Management, Process Assembler and Preventive Policy Enforcement
• IdentityIQ Provisioning Engine Module -SailPoint’s generally available provisioning connectors for processing changes to user access within 3rd party software applications, databases, and platforms
• IdentityIQ Service Desk Integration Module (for ServiceNow)- Generate help desk tickets automatically from IdentityIQ to ServiceNow
Proposed Solution