Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA

1. Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA

2. Identity & Access Management The explosion of Digital IDs

3. Regulation and Compliance: SOX, HIPAA, GLB, Basel II, 21 CFR Part 1 - $15.5 billion spent in 2005 on compliance Business Automation and Integration: One half of all enterprises have SOA under development, Web services spending growing 45% Increasing Threat Landscape: Identity theft costs banks and credit card issuers $1.2 billion in 1 yr $250 billion lost in 2004 from exposure of confidential info Maintenance Costs Dominate IT Budget: On average employees access 16 apps and systems, Companies spend $20-30 per user/yr for PW resets Identity & Access Management Trends impacting identity Internet was built so that communications are anonymous: • In-house networks use multiple, often mutually-incompatible, proprietary identity systems. • Users are incapable of handling multiple identities. • Criminals love to exploit this mess! AMR Research 2006

4. Identity & Access Management Multiple contexts

5. Identity & Access Management Environment Complexity Lots of users and systems required to do business: • Multiple repositories of identity information; Multiple user IDs, multiple passwords • Decentralized management, ad hoc data sharing

6. Identity & Access Management Pain points

7. Identity & Access Management The concept of Identity Management Management of identity: • Provisioning/De-provisioning of accounts • Workflow automation • Delegated administration • Password Synchronization • Self-Service Password Reset Directory Service: • Identity Repository (directory services for administration of user account attributes) • Meta-data Replication/Synchronization Can include Access Control (I&AM): • Policy based access control • Enterprise/Legacy Single Sign On (SSO) • Web Single Sign On (SSO) • Reduced Sign On What is an Identity System? A system (processes, rules, applications, and services) that coordinates identity information held in disparate and scattered data sources.

8. Identity & Access Management What is Identity Management ? IDM CORE • Employee info entered in HR • Accounts provisioned to enterprise systems & applications • Non-digital resources assigned and/or initiated New UsersJoin Company Delegation Workflow Role management Rule & Policy Enforcement Reports Audit • Employee status updated in HR • Account disabled & removed • Non-digital resources retrieved and/or cancelled Users DepartCompany • Job/role/status changes • Password changes and resets • Personal profile information changes • Additional requests for account access or non-digital resources Change Events &User Support

9. Identity & Access Management What is Identity Management ? USER OU HRMS VISION ROLE ACCOUNT PROFILES - GROUPS SW Inventory RESOURCE GROUPS of RESOURCES

10. IAM components Identity Management(Administration) Access Management(Real-Time Enforcement) COMPL I ANCE AUD I T Administer Authenticate Authorize Alarm/ Alerting Authentication Infrastructure Enterprise Reduced Sign-On Identity Admin User Management NAC Account Provisioning Metadirectory Accounting (ITSM) Role Matrix Management Enterprise Access Management Federated Identity Management Physical Resources Applications Databases Directories SecuritySystems Operating Systems

11. Il nostroapproccioMetodologico TSFTen-Steps Framework Organizzativo Tecnologico

12. Save money and improve operational efficiency New ways of working Improved time to deliver applications and service Improved time to market Regulatory Compliance and Audit Enhance Security Closer Supplier, Customer, Partner and Employee relationships Identity & Access Management Benefits of IAM Short term Long term

13. Grazie Giacomo Aimasso g.aimasso@exoservice.it