Identity and Access Management - PowerPoint PPT Presentation

1 / 36
About This Presentation
Title:

Identity and Access Management

Description:

Solutions Microsoft ILM CA eTrust Admin Sun IM The Results! User provisioning can be automated Password resets can be delegated to the helpdesk And the big one: ... – PowerPoint PPT presentation

Number of Views:123
Avg rating:3.0/5.0
Slides: 37
Provided by: LahiriR
Category:

less

Transcript and Presenter's Notes

Title: Identity and Access Management


1
Identity and Access Management
  • Dustin Puryear
  • Sr. Consultant, Puryear IT, LLC
  • dustin_at_puryear-it.com
  • http//www.puryear-it.com/

2
Objectives
  • Find a common background for discussing IAM
  • Discuss problems and opportunities in the field
  • Introduce terminology
  • Highlight a possible future direction

3
Session Agenda
  • Todays Problems
  • Making It All Better
  • Now What?
  • Viva La Resistance!
  • Puryear IT

4
This Presentation
  • This presentation was written with
    audit/compliance in mind.
  • Contact dustin_at_puryear-it.com to have Dustin
    Puryear present this topic to your organization
    or company.

5
Todays Problems
6
Who am I? Who are you?
  • Networks use multiple identity systems
  • The Internet is no better
  • Users get confused with all of these IDs
  • Management and audit has difficulty keeping track
    of all these IDs
  • The bad guys are quite happy

7
So many IDs!
8
Multiple Contexts
9
Trends
  • Regulation and Compliance
  • SOX, HIPAA, GLB
  • Increasing Threats
  • Identity theft
  • Exposure of confidential info
  • Maintenance Costs
  • The average employee needs access to 16
    applications
  • Companies spend an estimated 20-30 user/year for
    password resets

10
The Real Impact
End-users Too many IDs Too many passwords Must wait for access to applications
Administrators Too many IDs Too many end-user requests Difficult or unreliable ways to syncs all the accounts
Audit/Compliance Orphaned accounts Limited or no audit capability Where are the audit trails?
11
Making It All Better
12
Identity and Access Management
13
The Benefits of IAM
  • Save money
  • Improve operational efficiency
  • Reduce time to deliver applications and services
  • Enhance security
  • Enhance regulatory compliance
  • Give more power to audit

14
Lets Define IAM Terms
  • Authentication (AuthN)
  • Verify that a person is who they claim to be
  • This is where multi-factor authentication comes
    into play
  • Identification and authentication are related but
    not the same
  • Authorization (AuthZ)
  • Deciding what resources can be accessed/used by a
    user
  • Accounting
  • Charges you for what you do

15
IAM is a Foundation
Identity Management Account Provisioning Deprovisioning Synchronisation
Administration User Management Password Management Workflow Delegation Audit and Reporting
Access Management AuthN AuthZ
16
Now What?
17
Implement IAM!
  • Start Slow!
  • Define your Single Source of Truth (SSOT)
  • Unfortunately, there may be more than one, if
    that makes sense..
  • Implement the big wins
  • User provisioning to Active Directory
  • Password resets

18
But How?
  • SSOT
  • Work with your team, IT, and management to
    determine the true source of user information
  • User Provisioning to AD
  • Its already happening!
  • Solutions
  • Microsoft ILM
  • CA eTrust Admin
  • Sun IM

19
The Results!
  • User provisioning can be automated
  • Password resets can be delegated to the helpdesk
  • And the big one
  • You can now audit both the user provisioning and
    password resets

20
The Next Step
  • Extend User Provisioning
  • To PeopleSoft
  • Lawson
  • Oracle
  • Custom/in-house applications
  • Begin consolidating user directories
  • Can you point some or all of your applications at
    AD or LDAP?

21
Authorization
  • This is the hard one!
  • Applications define their AuthZ rules differently
  • Try to consolidate to an AD/LDAP authz landscape
  • Tackle this one application at a time!

22
The Power is Yours
  • You can now audit/review
  • Who has what accounts?
  • Why do they have those accounts?
  • Who approved those accounts?
  • Are there any orphaned accounts?
  • Who has access to what?
  • For how long have they had that access?

23
And there is more..
  • You can control access to your web-enabled
    applications using a Web Access Manager (WAM)
  • Dont forget about SSO!
  • What about federated identities and your partners
    and suppliers?

24
Viva La Resistance!
25
IT Resistence
  • Sometimes IT resist a formalized IAM process
    because
  • We are too busy
  • We cant afford it
  • We dont want to give up control!

26
We are Too Busy
  • This is a common response
  • IT is too busy..
  • Because they are resetting passwords all day
  • Working too hard to create accounts
  • Learning too late that orphaned accounts are
    being misused/attacked

27
We Cant Afford It
  • There are small and big solutions to this problem
  • If you are an AD-only shop with minimal
    applications, then you can start small
  • Larger enterprises have no choice, they cant
    afford not to!

28
We Dont Want to Give Up Control!
  • This is usually the root of the disagreement.
  • They are responsible for IT
  • They dont want problems in IAM to reflect poorly
    on them
  • They are used to the control, even if its not
    necessary

29
A Compromise
  • Take control without giving up control!
  • A middle-ground
  • IAM solutions can be used to explore user
    directories/databases
  • Reports can be generated
  • IT can still do the provisioning itself

30
Summary
31
Summary
  • Its becoming impossible to manage all of these
    accounts and rights by hand
  • You can automate controls
  • You can automate audit reports
  • You can control THE PROCESS!

32
Who We Are?
  • Puryear IT is THE IAM specialist in Louisiana
  • We help small and large companies, ranging from
    100 users to well over 20,000 users
  • We are vendor-agnostic, and have worked with
    everyone, including
  • Microsoft
  • CA
  • Sun

33
We Can Help IT to..
  • Help you tackle your IAM needs
  • Integrate Linux, UNIX, and J2EE into Active
    Directory
  • Build out AAA solutions
  • Deploy Microsoft ILM, Sun IM, Novell IM, and CA
    IM
  • Deploy small and large solutions

34
We Can Help Audit/Compliance to..
  • Build an automated user account and access rights
    tracking solution
  • Log changes to user accounts and access rights
  • Ensure passwords are changed as policies and
    regulations require
  • Help you communicate your needs to IT
  • Automate your manual tasks

35
Doing IAM Right
  • Puryear uses a methodical approach to
  • Identify organization pain points
  • Identify organization audit requirements
  • Work with IT and audit to prioritize needs
  • Develop an initial pilot deployment
  • Roll out the final solution
  • Help you manage and extend the solution

36
  • Dustin Puryear
  • Sr. Consultant, Puryear IT, LLC
  • dustin_at_puryear-it.com
  • http//www.puryear-it.com/
Write a Comment
User Comments (0)
About PowerShow.com