1 / 19

Identity and Access Management

Identity and Access Management. Decision, Analysis and Resolution (DAR) for an enterprise wide identity and access management program for Arizona Department of Education Objective evaluation of multiple identity and access management systems that are being used in the industry November 10, 2011.

karston
Télécharger la présentation

Identity and Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity and Access Management Decision, Analysis and Resolution (DAR) for an enterprise wide identity and access management program for Arizona Department of Education Objective evaluation of multiple identity and access management systems that are being used in the industry November 10, 2011

  2. ADE Needs • Situation • Open audit findings related to user access security (Common Logon) • Highly manual and often inconsistent process for user provisioning • The burden of complexity on IT, which must manage identities across heterogeneous systems • High help-desk costs associated with password resets and support.

  3. Identity Challenges • Loss of end-user productivity because users cannot manage the routine aspects of their own identity and access • Lengthy development time for identity management customization because existing developer interfaces require specialized knowledge • Security gaps and risk to the business due to noncompliance with internal and external regulations

  4. Maintenance Challenges • Managing identities across systems • Costly • Time-consuming • Costs and time grows exponentially as • Number and types of users increase • Number of services and systems grow • Complexity of systems and applications increase • Regulatory demands increase

  5. Proposed Solution Secure Remote Access Well-managed Identity SSO and Federation    Provide well-managed, common identity infrastructure Enable interoperable access across networks Authentication and authorization Built on Active Directory

  6. Evaluation Approach The team established guidelines to determine which issues should be subjected to a formal evaluation process, then applied a formal evaluation process to these findings • establishing the criteria for evaluating alternatives • identifying alternative solutions • selecting methods for evaluating alternatives • evaluating the alternative solutions using established criteria and methods • selecting recommended solutions from the alternatives based on the evaluation criteria

  7. System Criteria Evaluation criteria provided the basis for evaluating alternative solutions. The criteria was ranked so the highest ranked criteria exerted the most influence on the evaluation. • Ability to integrate with current user base on Active Directory • Flexibility and long-term support • Ease of deployment

  8. Identity and Access Management tools • Three identity access management tools were shortlisted to evaluate ADE needs • Microsoft Forefront Identity Manager (FIM) 2010 • Computer Associates Identity Manager (CAIM) • Oracle Identity Manager (OIM) 11g

  9. Gartner Report • Gartner Research Report: 2010 magic Quadrant for User Provisioning • Leaders • Oracle • CA Technologies • Challengers • Microsoft

  10. Deployment • Microsoft FIM is an Identity Management system based on existing Microsoft software platform. It is a comprehensive solution for managing identities, credentials, and identity-based access policies across heterogeneous environments. • Computer Associates Identity Manager provides out-of-the-box connectors for Active Directory. • Oracle Identity Manager 11g is a highly flexible and scalable system built on Java EE architecture. It leverages Oracle Metadata Services (MDS) for a reduction in customizations and provides a simplified development, configuration and deployment.

  11. Integration with Active Directory • FIM offers a fully integrated BI solution for operational analytics and dashboard • CAIM core competency is to integrate with Active Directory • OIM supports LDAP identity repository and web services exist for Active Directory integration

  12. Flexibility • FIM has an advantage of leveraging the Microsoft stack of products • CAIM is easily integrated with Microsoft products • OIM is built on open architecture to integrate with existing software and middleware

  13. Road map • FIM upgrades versions every 3.5-4 years, with service packs between releases • CAIM does not have a clear road map for upgrades or long-term strategy • OIM upgrades versions every 3-5 years, with service pack between releases

  14. Cost • FIM is the least expensive at $ 4,319 server license cost with unlimited external users • CA Technologies proposed a suite of products to be implemented over 2 years • $ 52.25 per user license costs based on 4,000 users for $209,000 total • CA installation costs of $ 624,000 (recommended) • $ 41,800 Annual maintenance starting year 3 • Oracle IM suite is a total licensing cost of $326,600 • Internal User license $ 95 each (minimum of 2,000) • External User license $ 12 each (minimum of 5,000) • Processor licensing - $ 85,800 each (2 required)

  15. Maintenance • All the Enterprise Resource Planning (ERP) systems have an annual software maintenance fees in the range of 18-25% of its original software costs • Annual maintenance covers software updates as well as new version releases • Maintenance is included in the forecast for next seven to ten years of a typical software life cycle

  16. Resolution • FIM is the best option for ADE. It has a defined road map as well as excellent interface to the Microsoft software platform. It is the most cost effective product. • CAIM has fewer features and is the most basic system reviewed. • OIM is a strong product, but not as easily integrated into a Microsoft based environment. The overall licensing, support, and integration cost for Oracle make this the most expensive product reviewed.

  17. Weighted Criteria Matrix

  18. FIM Solution • Key Benefits • Empowers people to accomplish self-service identity tasks • Delivers agility through automation, self-service, and extensibility • Increases security with management across identities, credentials, and resources • Introduces "codeless provisioning“, allowing changes to be rapidly implemented without reprogramming solutions

  19. Recommendation Base on the Assessment Matrix, Microsoft FIM is the recommended solution for ADE Identity and Access Management solution. • Microsoft FIM would provide the core applications needed as well as strong interface into the other Microsoft products currently used in the Department. The overall licensing and implementation costs are also the lowest. • CAIM would more easily fit into our environment, but it has fewer features at a significantly higher cost that the other products. • Oracle IM would provide a suitable core application, but would require significant integration for network services and have high impact to the current environment. The Department does not have the resource skill set and a new team would need to be engaged for deployment and on-going support.

More Related