1 / 39

Monitoring User Access Inside Your Enterprise: Bridging identity and security

Monitoring User Access Inside Your Enterprise: Bridging identity and security. Richard Whitehead Director of Product Marketing RWhitehead@novell.com. Wes Heaps Product Marketing Manager wheaps@netiq.com June 11, 2012. Simple Sales Model. Solution Development. Proposal. Agreement.

mikasi
Télécharger la présentation

Monitoring User Access Inside Your Enterprise: Bridging identity and security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Monitoring User Access Inside Your Enterprise:Bridging identity and security Richard Whitehead Director of Product Marketing RWhitehead@novell.com Wes Heaps Product Marketing Manager wheaps@netiq.com June 11, 2012

  2. Simple Sales Model SolutionDevelopment Proposal Agreement Identificationand Alignment OpportunityCreation NeedsAnalysis Enabling You to Succeed at Every Gate within the Process Access to Power How to have the right business conversations Solution Picture Mapping a NetIQ solution to exactly address a business pain or priority How to Close Successful Negotiating Win the Deal, without giving away the Crown Jewels! How to Open Doors Use Reference Stories and pre-call research to craft a winning Business Development approach Situational Fluency How to arm yourself with the right knowledge to talk at any level with confidence Finding What You Need, When You Need It How to locate and use the right Enablement content at the right time

  3. Situational Fluency Successful conversations with existing and potential customers are founded on your ability to show understanding of the world they live in, the business issues they face, and the ability to speak their language. This enablement session reviews how to conduct conversations about monitoring and controlling what people are doing with their access. 15% of Business Leaders indicate that conversations they have with sales reps are of value to them. How valuable are your conversations?

  4. Preparing to Understand Your CustomerUnderstand them, Don’t just know them • Who are they? What do they do? • Size, industry, history, recent press, financial info, etc. • Key players, regulatory environment, business drivers • Why should you take the time to do this? • Identify the drivers, you identify the budget • Expand your contact strategy of who to talk to • Helps you tailor your conversation to the customer – talk about what is important to them • Differentiates you from your competitors – people don’t take the time to do this

  5. The Key Business Drivers

  6. The Big PictureIt’s a dangerous world out there The risks and challenges of computing across multiple environments have never been greater. Increasing pressure to be compliant to internal business policies or regulatory requirements. Publicized data breaches and internal fraud are irreparably damaging enterprises’ reputations.

  7. Every Organization is DifferentExtended Enterprise Presents Challenges In Three Dimensions 90% of businesses plan on growing their use of the cloud Use of personal devices for work will double this year 75% of enterprises say B2B access is strategic Forrester Research, Inc. “Navigate The Future Of Identity And Access Management” - Eve Maler, March 22. 2012

  8. Change makes Control difficult Everyone’s gone mobile Breaches increasing, regulations escalating The cloud is here Budgets are shrinking

  9. Can organizations vigilantly monitor and control access? Can accessbe monitored for suspicious activity? Who is accessing what, how are they accessing it, and is that access appropriate? Everyone’s gone mobile Attacks are increasing Can accessbe economically controlled and still keep up with regulatory pressures? Can access be easily monitored without unduly increasing complexity? Budgets are shrinking The cloud is here

  10. Evidence says enterprises aren’t monitoring user activity . . . • 48% of data breaches committed by insiders with access (Verizon Risk Team Data Breach Investigation Report) • WikiLeaks published extremely confidential U.S. government documents obtained from a disgruntled employee who had access to the information for 14 hours a day, seven days a week for more than eight months • Over 50% of survey respondents report doing nothing to secure B2B integration (SummaTG B2B Survey) • Internal fraud expected to rise over the next few years and account for 5% or more of financial companies’ revenues. (Aite Report)

  11. Why do organizations struggle with user activity monitoring?

  12. Why customers typically struggle… • Complexity makes the cost go through the roof • Difficulty making business policy into enforceable IT policies • No easy way to tie together existing infrastructure investments • Unclear on who actually owns the problem Ultimately, the headache of complexity overcomes the perceived risk NO VALUE!

  13. Opening Doors:Finding Opportunities

  14. Change and Complexity What is causing customers to need user activity monitoring? Everyone’s gone mobile • Work is an activity – not a place, BYOD The cloud is here • SaaS applications, anything as a service Regulations are ever changing • More Government and Industry oversight Attacks are increasing – inside and outside • Business and systems are more complex than ever Budgets are shrinking • Business is more involved in IT, looking for transparency

  15. Working with customers like you… • Public Insurance Institution – Based in Europe, 500 employees, revenues over €180 M. • Business Challenge: Become compliant with new governmental regulations (MaRisk VA) on risk management. Needs Solution Results • Provided the ability to monitor and record what users are accessing what systems, and revoke access if behavior was suspicious. • Company can demonstrate compliance with IT security and risk management legislation, and reduce risks of insider data breaches through user activity monitoring. • Become compliant with upcoming regulations or face fines and lose the ability to do business. • Reduce risks by abuse of access or insider activity. • Provide a full audit trail of user access activity.

  16. Working with customers like you… • Large Governmental Organization –approx. 35,000 employees and over 9 million users • Challenge: Prevent fraud and inappropriate use of resources. Needs Solution Results • A simple solution that integrated identity with user activity monitoring, allowing for automated responses according to security policies. • 100% ROI within one year • Provable regulatory compliance • Prevented security breaches • Ability to see what users and employees are doing with their access • Take immediate action in case of suspicious behaviors to reduce fraud and data loss.

  17. Accessing Power:Who Am I Selling To?

  18. The Sweet Spot for Identity Tracking Existing NetIQ Identity Manager customer Highly regulated industry or entity: finance, banking, healthcare, or government. New mandates or regulations about controlling user access,or recent news about data breach or insider activity in similar industry

  19. Secures Systems Manages access (and possibly identities) Writes/enforces policies and practices Works with implementing compliance Manages Identity/User Provisioning Provisions users to systems/resources Controls access according to identity Writes/enforces policies and practices Target Customer Business Owner (Influencer) IT Director (Security) IT Director (Identity) (Sponsor)

  20. Accessing PowerDiscovering the right person (decision maker) • Who is responsible for enforcing regulations or demonstrating compliance to auditors? • Who writes and enforces the system or network security policies? • Who would be held responsible if an employee or trusted partner abused access to sensitive information?

  21. Solution Picture:Mapping Value to Customer Pain

  22. Every Organization is DifferentExtended Enterprise Presents Challenges In Three Dimensions Forrester Research, Inc. “Navigate The Future Of Identity And Access Management” - Eve Maler, March 22. 2012

  23. What if I told you that you could have a simple solution that easily monitors and controls what people are doing with their access, would you be interested?

  24. User Activity MonitoringRequires Proper Context - What, Where, Why, When, and Who What was being done with the access? Who has access to what? When did the access happen? Where is the access originating from? Why is the access suspicious or non-suspicious? Is the access appropriate to your policy?

  25. User Activity MonitoringRequires the proper balance Organizational needs must be in balance Flexibility Control • Business Needs • Increase revenue • Grow their market • Develop strategic relationships • Maintain compliance • Control costs • IT Resources and Assets • Proper resource allocation • Delivers business value • Doesn’t add to complexity

  26. RolePlay Setup • Mid-sized international financial company, headquarters in Brisbane • 5,000 employees worldwide • Key offices in 5 countries with varying regulations Scenario • I know the IT Admin for IDM (Robert) but I need to find the right person to talk to • Upcoming regulations in various countries will probably add complexity to IT’s world • News of a recent insider breach cost a large bank (Bankus Global) millions of dollars in losses, not to mention potential fines.

  27. Role Play Applications Some CRM being done with cloud apps through Salesforce.com Increasing number of partners and external users need access to financial systems Smart phone access becoming more strategic to the field Users Devices

  28. Summary

  29. Customers are stretched…and it’s tough to keep up Forrester Research, Inc. “Navigate The Future Of Identity And Access Management” - Eve Maler, March 22. 2012

  30. But there is a solution… Organizational needs can be in balance Flexibility Control • Business Needs • Increase revenue • Grow their market • Develop strategic relationships • Maintain compliance • Control costs • IT Resources and Assets • Proper resource allocation • Delivers business value • Doesn’t add to complexity

  31. Follow Simple Sales Model

  32. Sell NetIQ Who is NetIQ? • NetIQ is a global software company focused on Identity, Security, Governance, and IT Operations Management solutions. Why is NetIQ the provider of choice? • Customers and partners choose NetIQ to achieve business value from their IT systems because NetIQ consistently delivers the expected customer outcome with a focused, customer centered approach. What’s special about NetIQ? • NetIQsolutions integrate seamlessly with existing infrastructures and employ a holistic, service foundation, which allows IT professionals to intelligently manage their business services. Excellent technology, exceptional customer service, and ease of doing business

  33. Terms You May Hear • UAM • User Activity Monitoring • SIEM (or SIM) • Security Information and Event Management. • IDM • Identity Management or Identity Manager • Various regulations in your customer’s industry. • SOX, HIPAA, GLBA, BASEL, MiFIDD, etc.

  34. What products make up this solution? User Activity Monitoring Identity Manager (pre-requisite for Identity Tracking) Identity Tracking for Identity Manager (allows UAM in key systems that NetIQ Identity Manager provisions.) Sentinel (allows for monitoring in applications, systems, and devices across the enterprise, whether or not IDM provisions to them.)

  35. Enablement Offerings

  36. Providing Further Context to the Conversation • Identity and Access Management Curriculum • IAM Sales Essentials video • IAM ChalkTalks • Conversation Cards • Webcast recording • New Sales Essentials: • Available mid-June • NetIQ U • Provo: June 11-13 • Amsterdam: June 18-20

  37. Questions?

More Related