1 Dell World 2014

Identity and Access Management

MT26 Identity management as a service

Jackson Shaw, Senior Director of Product Management, November, 2014

Dell World 2014

2 Dell World 2014

IAM challenges in the real world

• For many growing organizations, access control needs have grown beyond their staff’s ability to efficiently and securely enforce them

• More applications are moving to the cloud

• With the “jack-of-all-trades” approach to IAM, efficiency, security and compliance inevitably suffer. The smaller the IT staff, the more broadly their skill set is required to spread.

• The further the line-of-business moves away from provisioning, governance and access management, the more likely it is that their “real world” of IAM is a mess.

• The skills, time, and tools needed to execute enterprise provisioning and governance are not there

• The possibility of a big capital investment to address these problems isn’t realistic

Dell World 2014

When does a SaaS offering make sense?

4 Dell World 2014

Dell One Identity as a Service

• Addresses your most pressing security, provisioning/de-provisioning, access control, governance and compliance needs as an operational expense not a capital investment.

• Delivered through a partnership with Simeio, an end-to-end IAM services and solutions provider, leveraging Simeio’s Identity as a Service expertise and DirectAxs cloud computing platform

• Technology • Sales • Marketing • Branding

• Hosting • Integration/customization • Support

5 Dell World 2014

Three modules available

Dell One Identity as a Service

For Provisioning For Governance For Access Control

• Enterprise provisioning

• Access request portal

• Business-driven access decisions

• Unified workflow and policy

• Self-service password resets

• Reporting

• Attestation/recertification

• Separation of duties

• Role management

• Role-based access control

• Compliance reporting

• Web SSO

• Just-in-time cloud provisioning

• Access control for web apps

• Self-service password resets

• Reporting on WAM rights and activity

6 Dell World 2014

How it works

7 Dell World 2014

Provisioning use cases Use Cases Description

Identity Origination

External user self registration Integration with HR/Authoritative source User created in IAM solution

Self Service & Password Management

• User sets password & challenge response questions • User forgets password and is able to reset password to all

provisioned applications • Help desk is able to reset password for user based on

shared secret

Access Request Catalogue Application access request process 2 Level approval Workflow

Provisioning & Deprovisioning

Creates, modifies and deletes accounts on applications and infrastructure following the completion of workflow

Supports on-premises and SAAS applications Provisions based on roles defined by customer

Reporting Out of the box “who has access to what reports” Custom reports based on requirements

8 Dell World 2014

Provisioning and attestation/recertification

9 Dell World 2014

Attestation

10 Dell World 2014

Self Service Request

11 Dell World 2014

Self-service password reset

12 Dell World 2014

Governance use cases Use Cases Description

Identity Seeding Integration with HR/Authoritative source User created in IAM solution

Application & Entitlement Synch

• Integration with applications through connector or flat file synch • Load account and entitlements and correlate to users • Define risk level for entitlements

Risk Based Access Certification

User – Manager access certification Risk based view Ability for reviewer to certify/revoke access Mark accounts for termination

Segregation of Duties Define segregation of duty policies Enforce SOD compliant provisioning Run detective SOD checks

Role Mining Role mining using top down and bottom up attributes

Reporting Out of the box “who has access to what reports” Custom reports based on requirements

13 Dell World 2014

Organization Dashboard

14 Dell World 2014

IT Shop Dashboard

15 Dell World 2014

Identity Audit

16 Dell World 2014

Auditing

17 Dell World 2014

Access control use cases Use Cases Description

Identity Seeding Integration with HR/Authoritative source User created in IAM solution

AD/LDAP Integration • Integration with On Premise Authentication Directory

Self Service & Password Management

• User sets password & challenge response questions • User forgets password and is able to reset password to all

provisioned applications • Help desk is able to reset password for user based on shared secret

Web Single Sign On & Federation

Integrations with On Premise and SAAS Applications for providing Single Sign On

Support for SAML, Form Fill, LDAP, Kerberos Authentication mechanisms

Reporting Out of the box “who has access to what reports” Out of the box “Who accessed what reports” Custom reports based on requirements

18 Dell World 2014

Web single sign-on, federation and access control

19 Dell World 2014

Create new application for Web SSO

Dell World 2014

Benefits of a SaaS delivery approach

21 Dell World 2014

Why Identity as a Service (SaaS) make sense

• Operational vs. capital expenditures • With the subscription model for SaaS, the payment for IAM services moves from a capital

expenditure to an operational expense. Approvals and accounting for operational spending is often faster and smoother than capital investments.

• Solution management and maintenance • No need for an organization to manage on-premises software. Critical tasks such as software

patches, updates, and more fall to the service provider, not your IT team.

• Staff expertise • Burden on IT staff to learn and become experts on new software is dramatically reduced. In

fact, with IAMaaS, IT can be entirely removed from some tasks, such as provisioning, access management, and governance.

• Near-immediate deployment • Most SaaS options can be deployed quickly, delivering value in a fraction of the time of their

on-premises counterparts

22 Dell World 2014

Why chose Dell One Identity as a Service? • Built to help organizations move from the tactical to the

strategic and agility-enabling ideal of governance

• Place visibility and control required of IAM in the hands of those that know “why” things should happen (line-of-business personnel) not simply those that know “how” to make them happen (IT)

• Designed with simplicity in mind. Modules are simple to deploy and use, but also decrease the overall complexity

• Modular and integrated, so you can start where needed and build from there. There’s no need for a heavy investment in an underlying technology framework, or extensive customization to make solutions work together

23 Dell World 2014

Validation • By the end of 2017, 20% of IAM purchases will use the IDaaS delivery model, up from less than 10%

in 2014.

• Gartner, “Magic Quadrant for IDaaS,” June 2, 2014, Gregg Kreizman

• The average user must access 27 different applications to do his or her job, and has an average of six enterprise-issued passwords. The same survey concluded that, on average, it takes more than a day and a half to provision a new user, and more than half a day to de-provision a user.

• Aberdeen Group

• “We recognize Dell’s leadership when it comes to delivering a comprehensive IAM solution, and we are pleased to partner with an industry leader to offer a full-featured Identity as a Service solution to organizations that typically struggle to address IAM needs. The Simeio Business-Ready IAM Cloud delivered via the industry's first and only Identity Intelligence Center, provides our clients with a higher level of security and reliability.”

• Hemen Vimadalal, Simeio Solutions, CEO

Dell World 2014

Thank you.

25 Dell World 2014

Provisioning module

26 Dell World 2014

Governance module

27 Dell World 2014

Access control module

DEFENDER

DELL INTERCEPTOR

Primary

ON PREMISE ENTERPRISE

APPLICATIONS

ACTIVE DIRECTORY

Oracle

EBS

MAINFRAME

SAP

DB NODE 1 DB NODE 2

DELL

INTERCEPTOR

Disaster Recovery

Customer Data Centre

SECURED VPN TUNNELS

Cloud

SAAS

APPS

SAM

L

DELL IDaaS

ACCESS CONTROL

SERVICE

CAM PM

DATABASE

CLUSTER

(Load

Balancer)

Want to learn more about Dell’s identity protection solutions?

Learn more via email. Start here.

Sign me up!