Identity-aware Infrastructure 2018...SailPoint at a Glance World’s largest, dedicated IAM vendor...
Transcript of Identity-aware Infrastructure 2018...SailPoint at a Glance World’s largest, dedicated IAM vendor...
-
Identity-aware InfrastructureIdentity at the Center of Security, Compliance & IT Operations
Darran Rolls, CTO & CISO
-
SailPoint at a Glance
World’s largest, dedicated IAM vendor• Based in Austin Texas, USA• Operations in 15 countries• 300 Partners worldwide• Customers in every vertical
The leader in identity governance
-
Identity Governance market leadership
GartnerMagic Quadrant for IGA, 2017
ForresterWave for IMG, 2016
KuppingerCole Report, Leadership Compass, 2017
-
Evolution #1Delegate
Administration
Generation #2Automated
Provisioning
20041998 2018
Generation #3Identity
Governance
20 Years of Identity Management Evolution
-
Evolution #1Delegate
Administration
Generation #2Automated
Provisioning
20041998 2018
Generation #3Identity
Governance
20 Years of Identity Management Evolution
ü Business user focused
ü Full lifecycle
ü Embedded controls
ü Securing & managing
all access
-
Copyright © SailPoint Technologies, Inc. 2017. All rights reserved.
Securing & Managing Access
-
Securing & Managing Access
People Access Data
Unstructured
Structured
ApplicationPeople
Applications
Devices
Authentication
Bio-Metric
WebBased
SAMLBased
PasswordBased
PKIBased
OAuthBased
Authorization
ApplicationSpecific
AttributeBased
SystemDefined
VaultedCreds
GroupBased
RoleBased
-
Identity & Access Governance
People Access Data
Bio-Metric
WebBased
SAMLBased
PasswordBased
PKIBased
OAuthBased
ApplicationSpecific
AttributeBased
SystemDefined
VaultedCreds
GroupBased
RoleBased
Who has Access to What and Why…
-
Identity & Access Governance
People Access Data
Bio-Metric
WebBased
SAMLBased
PasswordBased
PKIBased
OAuthBased
ApplicationSpecific
AttributeBased
SystemDefined
VaultedCreds
GroupBased
RoleBased
Automation, Delegation and Self-service
-
Identity & Access Governance
People Access Data
Bio-Metric
WebBased
SAMLBased
PasswordBased
PKIBased
OAuthBased
ApplicationSpecific
AttributeBased
SystemDefined
VaultedCreds
GroupBased
RoleBased
Visibility & Control = Identity Governance
-
Identity
Governance
Program Objectives
-
NIST 800-53 Control Groups
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
-
Identity Governance Program Objectives
Enabling efficient & accurate user access
Protecting access to applications and data
Staying compliant amidst mounting regulations
Cloud and on-premise applications and data…
IncreasedProductivity
Lower Security Risk
SustainableCompliance
-
Objective #1: Increased Productivity
• Joiner MOVER & leaver controls…
• Fine-grained access control…
• Delegated administration…
• End-user self-service…
IncreasedProductivity
-
Objective #2: Lower Security Risk
• Understanding access risk…
• Password management…
• File & access governance…
• De-provisioning & security response…
Lower Security Risk
-
Objective #3: Sustainable Compliance
• Access reviews…
• Detective and preventive policy controls…
• Data ownership & responsibility…
• Reporting & analytics…
SustainableCompliance
-
Identity-aware Infrastructure
-
Copyright © SailPoint Technologies, Inc. 2017. All rights reserved.
-
Understanding Key Relationships
DataEntitlementAccountIdentity
Darran Rolls
Group=Accounting
\\Shares\HR(read)
\\Shares\Corp(read write)
Group=Users \\Shares\doc3(read)
RACF1232123
SYSDBA
Data Profile1
Data Profile2
SYSOPER Data Profile3
Identity Account Entitlement Data
-
SIEM & DLP
Applications & Infrastructure
Mobile DeviceManagement
Identity-enabled Infrastructure
Integrated ResponsiveEcosystem
DataGovernance
User Behavior Analysis
PrivilegedUser Mgmt.
GRC
IT ServiceManagement
Shared Context& Actions
Security Infrastructure Identity Governance & AdministrationOperations Infrastructure
-
EndpointManagement
Access Management
Privileged Account Mgmt.
SIEM
Systems Management
Service Management
GRC
Enterprise Mobility Management
User Behavior Analysis
SailPoint Open Identity Platform
-
23