1 / 32

Identity and Access Management

Identity and Access Management . Patrick Hunter . EMEA IDAM Team Lead. 7 th February 2012. Creating simple, effective and lasting IDAM solutions. To explain the major differences between Africa and Europe – Let me illustrate. Africa. Europe (England). But.

conor
Télécharger la présentation

Identity and Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity and Access Management Patrick Hunter EMEA IDAM Team Lead 7th February 2012 Creating simple, effective and lasting IDAM solutions

  2. To explain the major differences between Africa and Europe – Let me illustrate...

  3. Africa

  4. Europe (England)

  5. But... • The problems with Identities remain the same

  6. Quest One Identity Solutions Telling the Quest One Story

  7. Internal and external threats Increased risk of internal breach Orphaned accounts Too many have access to privileged accounts Users have too much access Fact: On average, a typical enterprise end-user has 6 enterprise-issued passwords. Source - Aberdeen Group research Fact: 48 percent of respondents rated the odds of experiencing a compliance risk within the next 18 months as “high” or “very high. Source – State of Compliance 2011, PWC Fact: 96% of breaches were avoidable through simple or intermediate controls. Source - 2011 Data Breach Investigations Report, Verizon RISK Team with cooperation from the US Secret Service and the Dutch High Tech Crime Unit The Challenges Security Complexity Compliance • Too many separate user stores • Anomalous activity goes unnoticed • Managing user access rights is resource-intensive • Number of regulations continue to grow • New requirements add more administrative tasks • Proving compliance is labor-intensive • Reviewing activity logs only during audits is often too late

  8. What Quest One Delivers Improve visibility into who has access to business critical information, automate provisioning and enforce access controls. Centrally manage privileged accounts and provide granular control of administrator access. Simplify the environment and user experience with centralized account management. Audit what the users are doing with the access they have been granted. Access Governance Privileged Account Management Identity Administration User Activity Monitoring

  9. Quest One Customer Examples Access Governance User Activity Monitoring Identity Administration Privileged Account Management

  10. The Quest One Advantage Access Governance Privileged Account Management Solution Simplicity Rapid Time-to-Value simple Identity Administration Business-Driven User Activity Monitoring Broad Portfolio that is Modular & Integrated Granular Access Controls

  11. Access Governance • Manage Access to Business Critical Information • Access Request and Certification • Fine Grained Application Security • Data Access Management • Role Engineering • Automated Provisioning Access Governance

  12. Privileged Account Management • Understand and Control Administrator Activity • Granular Delegation • Enforce Separation of Duty • Enterprise Password Vault • Session Management • Keystroke Logging Privileged Account Management

  13. Identity Administration • Simplify Account Management • Directory Consolidation • AD Administration • Virtual Directory Services • Single Sign-on • Strong Authentication Identity Administration

  14. User Activity Monitoring • Audit User Activity • Granular AD Auditing • Permissions Reporting • Log Management • Event Alerting • Crisis Resolution User Activity Monitoring

  15. Complete Identity & Access Management Manage Access to Business Critical Information Understand &Control Administrator Activity Access Governance Privileged Account Management Privileged Account Management AccessGovernance Simplify Account Management Audit User Activity User Activity Monitoring Identity Administration

  16. Easier accountability and greater transparency throughout your business! We simplify identity and access management.

  17. A closer look at the building blocks!

  18. Challenges • Who runs IAM? Who should run it? • Audits are time consuming and expensive • You can’t trust everyone (even your administrators) • An IAM solution should: • Reduce risks • Reduce the cost of audit • Empower the business • IAM should benefit both IT and the Business

  19. Quest One is…. • Simpler • Broad portfolio • Modular & integrated • Rapid time-to-value • Use existing investments • Business driven

  20. Where It Affects The Real World… Improve visibility into who has access to business critical information, automate provisioning and enforce access controls. Audit what the users are doing with the access they have been granted. Simplify the environment and user experience with centralized account management. Centrally manage privileged accounts and provide granular control of administrator access. Access Governance User Activity Monitoring Privileged Account Management Identity Administration

  21. Complete Identity & Access Management Manage Access to Business Critical Information Audit User Activity User Activity Monitoring Access Governance Privileged Account Management AccessGovernance Simplify Account Management Understand &Control Administrator Activity Privileged Account Management Identity Administration

  22. Use Cases

  23. Use Case: Access Entitlement Review, Attestation, & Recertification We need to understand who has access to what across our environment. And, we need to involve the business managers, but they need to understand what the access entitlements actually mean. Topics: • Discovery of entitlements, orphaned data, & unstructured data • Attestation/recertification at the business level • Eliminate “blind” attestation • Visibility of all entitlements an employee or group has and how they got them

  24. Use Case: Closed Loop Compliance We need to establish a continuous process to make sure we stay on top of compliance. We need to show our auditors that every person has only the access they need to do their jobs, and nothing more. Topics • Applies to users and administrators • Clear, easy to understand dashboard displays • Establish regular scheduled attestations to occur going forward • Automation and control of high-impact tasks • Easy and complete attestation / recertification • Policy enforcement – execute / remediate / take action when necessary to complete fulfillment

  25. Closed Loop Compliance with Discover/Compile Review/Interpret Resulting Action Automated Access Governance Cycle Customer Database 1001011000101101 Certify/Attest

  26. Use Case: Privileged Account Management Centrally manage privileged accounts and provide granular control and complete visibility of administrator access Topics: • Policy-based enterprise-wide • Tightly controlled release and audit of shared credentials • Least-privilege access – across systems • Session audit / keystroke logging

  27. Who knows what? Can you be sure?

  28. How strong is a strong password?

  29. Best Practices for Identity • Strong password policy • Procedure enforcement • Privileged Account Management • Multi-factor authentication • User-to-shared account linking • Identity management solutions • Audited Automation • Moving processes – account history (SoD) • Tamper resistant audit trail

  30. Use Case: Automate Administrative Tasks We need to automate common administrative tasks and reduce the burden on IT without adding complexity, or maintaining our reliance on inconsistent practices and disparate tools. Topics • Active Directory account, password and group creation, and modification • Single sign-on • Self-service password resets • Reducing complexity – “Get to One”

More Related