1 / 36

Identity and Access Management

Identity and Access Management. Dustin Puryear Sr. Consultant, Puryear IT, LLC dustin@puryear-it.com http://www.puryear-it.com/. Objectives. Find a common background for discussing IAM Discuss problems and opportunities in the field Introduce terminology

maeko
Télécharger la présentation

Identity and Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity and Access Management Dustin Puryear Sr. Consultant, Puryear IT, LLC dustin@puryear-it.com http://www.puryear-it.com/

  2. Objectives • Find a common background for discussing IAM • Discuss problems and opportunities in the field • Introduce terminology • Highlight a possible future direction

  3. Session Agenda • Today’s Problems • Making It All Better • Now What? • Viva La Resistance! • Puryear IT

  4. This Presentation • This presentation was written with audit/compliance in mind. • Contact dustin@puryear-it.com to have Dustin Puryear present this topic to your organization or company.

  5. Today’s Problems

  6. Who am I? Who are you? • Networks use multiple identity systems • The Internet is no better • Users get confused with all of these IDs • Management and audit has difficulty keeping track of all these IDs • The bad guys are quite happy

  7. So many IDs!

  8. Multiple Contexts

  9. Trends • Regulation and Compliance • SOX, HIPAA, GLB • Increasing Threats • Identity theft • Exposure of confidential info • Maintenance Costs • The average employee needs access to 16 applications • Companies spend an estimated $20-30 user/year for password resets

  10. The Real Impact

  11. Making It All Better

  12. Identity and Access Management

  13. The Benefits of IAM • Save money • Improve operational efficiency • Reduce time to deliver applications and services • Enhance security • Enhance regulatory compliance • Give more power to audit

  14. Let’s Define IAM Terms • Authentication (AuthN) • Verify that a person is who they claim to be • This is where multi-factor authentication comes into play • Identification and authentication are related but not the same • Authorization (AuthZ) • Deciding what resources can be accessed/used by a user • Accounting • Charges you for what you do

  15. IAM is a Foundation

  16. Now What?

  17. Implement IAM! • Start Slow! • Define your Single Source of Truth (SSOT) • Unfortunately, there may be more than one, if that makes sense.. • Implement the “big wins” • User provisioning to Active Directory • Password resets

  18. But How? • SSOT • Work with your team, IT, and management to determine the true source of user information • User Provisioning to AD • It’s already happening! • Solutions • Microsoft ILM • CA eTrust Admin • Sun IM • …

  19. The Results! • User provisioning can be automated • Password resets can be delegated to the helpdesk • And the big one: • You can now audit both the user provisioning and password resets

  20. The Next Step • Extend User Provisioning • To PeopleSoft • Lawson • Oracle • Custom/in-house applications • Begin consolidating user directories • Can you point some or all of your applications at AD or LDAP?

  21. Authorization • This is the hard one! • Applications define their AuthZ rules differently • Try to consolidate to an AD/LDAP authz landscape • Tackle this one application at a time!

  22. The Power is Yours • You can now audit/review: • Who has what accounts? • Why do they have those accounts? • Who approved those accounts? • Are there any orphaned accounts? • Who has access to what? • For how long have they had that access?

  23. And there is more.. • You can control access to your web-enabled applications using a Web Access Manager (WAM) • Don’t forget about SSO! • What about federated identities and your partners and suppliers?

  24. Viva La Resistance!

  25. IT Resistence • Sometimes IT resist a formalized IAM process because: • “We are too busy” • “We can’t afford it” • “We don’t want to give up control!”

  26. “We are Too Busy” • This is a common response • IT is too busy.. • Because they are resetting passwords all day • Working too hard to create accounts • Learning too late that orphaned accounts are being misused/attacked

  27. “We Can’t Afford It” • There are small and big solutions to this problem • If you are an AD-only shop with minimal applications, then you can start small • Larger enterprises have no choice, they can’t afford not to!

  28. “We Don’t Want to Give Up Control!” • This is usually the root of the disagreement. • They are responsible for IT • They don’t want problems in IAM to reflect poorly on them • They are used to the control, even if it’s not necessary

  29. A Compromise • Take control without giving up control! • A middle-ground: • IAM solutions can be used to explore user directories/databases • Reports can be generated • IT can still do the provisioning itself

  30. Summary

  31. Summary • It’s becoming impossible to manage all of these accounts and rights by hand • You can automate controls • You can automate audit reports • You can control THE PROCESS!

  32. Who We Are? • Puryear IT is THE IAM specialist in Louisiana • We help small and large companies, ranging from 100 users to well over 20,000+ users • We are vendor-agnostic, and have worked with everyone, including: • Microsoft • CA • Sun

  33. We Can Help IT to.. • Help you tackle your IAM needs • Integrate Linux, UNIX, and J2EE into Active Directory • Build out AAA solutions • Deploy Microsoft ILM, Sun IM, Novell IM, and CA IM • Deploy small and large solutions

  34. We Can Help Audit/Compliance to.. • Build an automated user account and access rights tracking solution • Log changes to user accounts and access rights • Ensure passwords are changed as policies and regulations require • Help you communicate your needs to IT • Automate your manual tasks

  35. Doing IAM Right • Puryear uses a methodical approach to: • Identify organization pain points • Identify organization audit requirements • Work with IT and audit to prioritize needs • Develop an initial pilot deployment • Roll out the final solution • Help you manage and extend the solution

  36. Dustin Puryear Sr. Consultant, Puryear IT, LLC dustin@puryear-it.com http://www.puryear-it.com/

More Related