Transcription
The Unique Alternative to the Big Four Identity and Access Management
Identity and Access Management PresentationAgenda IntroductionsIdentity and Access Management (I&AM) OverviewBenefits of I&AMI&AM Best PracticesI&AM Market PlaceClosing Remarks2
Identity and Access Management PresentationIntroductions Crowe Kevin Wang, Manager kwang@crowechizek.com Solutions Experience Directory Infrastructure (Microsoft, SUN, Novell)Identity Management (Oracle, SUN, Novell)Web Access Management (CA, SUN)Virtual Directory (Radiant Logic)3
Identity and Access Management PresentationAgenda IntroductionsIdentity and Access Management (I&AM) OverviewBenefits of I&AMI&AM Best PracticesI&AM Market PlaceClosing Remarks4
Identity and Access Management PresentationWhat is Identity Management ructuretioOnnboardIdM manages an identity’s lifecycle through a combination ofprocesses, organizational structure, and enabling technologies.TechnologyTechnology5
Identity and Access Management PresentationWhat is Access Management (AM)?AM primarily focuses on Authentication and Authorization.AuthenticationAny combination of the following 3factors will be considered as StrongAuthentication: What you know Password Passphrase What you are Iris Fingerprint What you have Token SmartcardAuthorization2 primary forms of Authorization: Coarse-Grain High-level andoverarchingentitlements Create, Read,Update, Modify Fine-Grain Detailed andexplicit entitlements Based on factorssuch as time, dept,role and location6
Identity and Access Management PresentationUniting Identity and Access ManagementIdentity and Access Management are tightly coupled bythe governance and consumption of identity sPhysicalAssetsSingle Sign cesSelf eratedIdentitiesID sIdentity MgmtRole ationExternal PartnersCustomersReconciliation7
Identity and Access Management PresentationTypical IT Architecture Multiple IdentityStores (5) MultipleAdministrationPoints (4) Redundantdatasynchronizationand replication Users mustauthenticate toeachapplication8
Identity and Access Management PresentationI&AM Architecture Single IdentityStore Ability topresent multipledata views SingleAdministrationPoint Reducedreplication andsynchronization Single Sign-On9
Identity and Access Management PresentationAgenda IntroductionsIdentity and Access Management (I&AM) OverviewBenefits of I&AMI&AM Best PracticesI&AM Market PlaceClosing Remarks10
Identity and Access Management PresentationCurrent Challenges with I&AMThe following are excerpts from a recent InformationWeek1article: ―64% of respondents say they have deployed an identity andaccess management system (IAM)‖ ―Almost 60% of respondents say their companies are unable toeffectively focus IAM controls on areas of the greatestbusiness risk‖ ―58% of companies studied still rely on manual controls toaudit and control user access to critical enterprise systems anddata resources, leaving networks open to privacy breaches,failed audits, and potential fraud or misuse of data‖ ―51% take a reactive approach to security issues‖1 tml?articleID 19780052611
Identity and Access Management PresentationIdentity Management Drivers Regulatory Compliance SOX GLBA HIPAA Efficiencies Productivity Loss Excessive Administration points Cost Savings Password resets Centralized reporting/attestation Security Rogue users (de-provision accounts)12
Identity and Access Management PresentationCost of I&AM Over Time Higher initial cost ofimplementing anddeploying an I&AMsolution compared tomaintaining existingprocesses and tools However, over a period oftime: Maintaining existingtools for managingidentities willincrease in costs The deployment ofI&AM will reducecosts13
Identity and Access Management PresentationBurton Group – Current Customer Demands (IdM)14
Identity and Access Management PresentationAgenda IntroductionsIdentity and Access Management (I&AM) OverviewBenefits of I&AMI&AM Best PracticesI&AM Market PlaceClosing Remarks15
Identity and Access Management PresentationI&AM – Myth vs RealityMythThe first step in an I&AM Program is to select a technology anddesign the solution.RealityAlthough this approach is common, so too is the outcome.Programs that do not begin with a comprehensive completestrategy often are over budget and behind schedule.MoralUnderstand business drivers, current state, future vision andrequirements. Then perform a PoC to select the righttechnology.16
Identity and Access Management PresentationI&AM – Myth vs RealityMythIdentity Management can do everything, including making youcoffee.RealityIdentity Management vendors all tout the capabilities and easeof their products. Unfortunately, after buying the product andthe implementation begins, the organization finds out all thefunctionalities are custom developed.MoralAn organization must accurately define use cases andrequirements. Ask the vendor to do a PoC and document howall the functionalities were accomplished. Get in writing, what isout-of-the-box and what is custom developed.17
Identity and Access Management PresentationI&AM – Myth vs RealityMyth―We’ve already completed a strategy.‖RealityA complete strategy incorporates people, process andtechnology components and documents several keydeliverables for the business. A strategy includes—at aminimum—a thorough current state analysis, future state vision,gap analysis, and I&AM roadmap.MoralAn organization must accurately capture all the businessdrivers, current state, future state vision and gaps to documenta roadmap. This strategy phase and deliverables areinstrumental in building consensus from C-Level sponsors.18
Identity and Access Management PresentationI&AM – Myth vs RealityMythInvolvement outside of IT is unnecessary.RealityIdentity Management requirements come from the business.HR involvement is crucial to a successful solution thataddresses internal employees, for example. Also, training andcommunication to the business is necessary for any I&AMsolution to be accepted by users.MoralCommunicate and involve all business areas beforeimplementing an I&AM solution. There should be arepresentative from each business area to form a SteeringCommittee for the I&AM project and support from C-Levelexecutives.19
Identity and Access Management PresentationI&AM Solution ApproachA sound I&AM solution approach and design willreduce implementation risks and overall costs. Start with defining a solution roadmap and release scheduleBegin consolidating identity data sourcesNormalize and clean-up identity dataEvaluate organizational data and roles for access privilegesand approval routing Design efficient request and approval processes Implement a technology that will accommodate the data,organization and processes with the most out-of-the-boxfunctionalities20
Identity and Access Management PresentationI&AM Strategy FrameworkAssessDefine business driver,organizational support and visionSolutionDesign solution architecture andselect technology componentsRoadmapDevelop solution roadmap withrelease scheduleActivitiesActivitiesActivities Document businessdrivers and issuesUnderstand current stateof the organization’ssecurity environmentDefine the future vision forthe organizationAnalyze and buildorganizational awarenessand support for the project Define solutionrequirementsDevelop a solutionarchitecture to solvebusiness issuesApplication prioritizationDefine the various solutioncomponentsVendor analysis andproof-of-concepts Define scope and timelinefor the solutionDetermine a releasescheduleDetermine resourceallocationResultsResultsResults Set of defined businessdriversGap AnalysisDefined set ofstakeholders and projectsponsorOrganizational supportanalysis Documented businessand technicalrequirementsSolution BluePrint andArchitectureTechnology Selection Documented Roadmapwith release schedule,timeline and scopeEstimated number andtypes of resourcesneeded for each release21
Identity and Access Management PresentationFunctionality vs Identity PopulationThere needs to be a balance between the complexity of functionalityreleases and the deployment of the releases to an organization’sidentity population.22
Identity and Access Management PresentationI&AM Project Success FactorsI&AM solutions are very complex and contain many movingparts. Understanding the following elements will increase thesuccess of an I&AM deployment: Executive Sponsorship (C-Level Execs) and Steering Committee Established Strategy and Roadmap Project Management (Managers w/Communication and TechnicalSkills) Skilled and Experienced Implementation Team Selecting the Right Technology Vendor Data Cleanup Getting a Quick Win Having Multiple Technical Environments (DEV, QA, STG, PROD) TEST, TEST, TEST23
Identity and Access Management PresentationAgenda IntroductionsIdentity and Access Management (I&AM) OverviewBenefits of I&AMI&AM Best PracticesI&AM Market PlaceClosing Remarks24
Identity and Access Management PresentationTechnology Adoption LifecycleMapping of I&AM technologies to the Technology Adoption Lifecyclebell curve.Identity RepositoryUser ProvisioningMeta-DirectoriesVirtual DirectoriesDirectories(authentication)Role ManagementPassword ManagementFederationEntitlementManagementWeb SSODirectories(white pages)Identity AuditInnovators2.5%EarlyAdopters13.5%Early Majority34%Late Majority34%LateAdopters16%25
Identity and Access Management PresentationMagic Quadrant for Web Access Management, 52046.html26
Identity and Access Management PresentationMagic Quadrant for User Provisioning, le/150475.html27
Identity and Access Management PresentationBurton Group – Provisioning Market Segments28
Identity and Access Management PresentationFuture of I&AM Faster adoption of I&AM solutions due to WebServices and SOA Role Based Access Control integration withProvisioning technologies Federation Consolidated suite of I&AM products Easier to implement and configure Componentization of I&AM functionalities via SPML,SAML, XACML and DSML29
Identity and Access Management PresentationAgenda IntroductionsIdentity and Access Management (I&AM) OverviewBenefits of I&AMI&AM Best PracticesI&AM Market PlaceClosing Remarks30
Identity and Access Management PresentationThe Bottom Line for IdM Implementations What Identity Management IS/SHOULD BE: A strategic initiative Process intensive 75% Focused on Process and Organization (25%Technology) Supported from the top (i.e. executive buy-in) Enterprise facing What Identity Management IS NOT/SHOULD NOT BE: A technology only solution Tactical in nature Isolated to IT31
Identity and Access Management PresentationQuestions32
11 Identity and Access Management Presentation Current Challenges with I&AM ―64% of respondents say they have deployed an identity and access management system (IAM)‖ ―Almost 60% of respondents say their companies are unable to effectively focus IAM controls on areas of the greatest business risk‖
