Identity and Access Management - PowerPoint PPT Presentation

1 / 36

About This Presentation

Title:

Identity and Access Management

Description:

Solutions Microsoft ILM CA eTrust Admin Sun IM The Results! User provisioning can be automated Password resets can be delegated to the helpdesk And the big one: ... – PowerPoint PPT presentation

Number of Views:120

Avg rating:3.0/5.0

Slides: 37

Provided by: LahiriR

Category:

more less

Transcript and Presenter's Notes

Title: Identity and Access Management

1
Identity and Access Management

Dustin Puryear
Sr. Consultant, Puryear IT, LLC
dustin_at_puryear-it.com
http//www.puryear-it.com/

2
Objectives

Find a common background for discussing IAM
Discuss problems and opportunities in the field
Introduce terminology
Highlight a possible future direction

3
Session Agenda

Todays Problems
Making It All Better
Now What?
Viva La Resistance!
Puryear IT

4
This Presentation

This presentation was written with
audit/compliance in mind.
Contact dustin_at_puryear-it.com to have Dustin
Puryear present this topic to your organization
or company.

5
Todays Problems
6
Who am I? Who are you?

Networks use multiple identity systems
The Internet is no better
Users get confused with all of these IDs
Management and audit has difficulty keeping track
of all these IDs
The bad guys are quite happy

7
So many IDs!
8
Multiple Contexts
9
Trends

Regulation and Compliance
SOX, HIPAA, GLB
Increasing Threats
Identity theft
Exposure of confidential info
Maintenance Costs
The average employee needs access to 16
applications
Companies spend an estimated 20-30 user/year for
password resets

10
The Real Impact
End-users Too many IDs Too many passwords Must wait for access to applications
Administrators Too many IDs Too many end-user requests Difficult or unreliable ways to syncs all the accounts
Audit/Compliance Orphaned accounts Limited or no audit capability Where are the audit trails?
11
Making It All Better
12
Identity and Access Management
13
The Benefits of IAM

Save money
Improve operational efficiency
Reduce time to deliver applications and services
Enhance security
Enhance regulatory compliance
Give more power to audit

14
Lets Define IAM Terms

Authentication (AuthN)
Verify that a person is who they claim to be
This is where multi-factor authentication comes
into play
Identification and authentication are related but
not the same
Authorization (AuthZ)
Deciding what resources can be accessed/used by a
user
Accounting
Charges you for what you do

15
IAM is a Foundation
Identity Management Account Provisioning Deprovisioning Synchronisation
Administration User Management Password Management Workflow Delegation Audit and Reporting
Access Management AuthN AuthZ
16
Now What?
17
Implement IAM!

Start Slow!
Define your Single Source of Truth (SSOT)
Unfortunately, there may be more than one, if
that makes sense..
Implement the big wins
User provisioning to Active Directory
Password resets

18
But How?

SSOT
Work with your team, IT, and management to
determine the true source of user information
User Provisioning to AD
Its already happening!
Solutions
Microsoft ILM
CA eTrust Admin
Sun IM

19
The Results!

User provisioning can be automated
Password resets can be delegated to the helpdesk
And the big one
You can now audit both the user provisioning and
password resets

20
The Next Step

Extend User Provisioning
To PeopleSoft
Lawson
Oracle
Custom/in-house applications
Begin consolidating user directories
Can you point some or all of your applications at
AD or LDAP?

21
Authorization

This is the hard one!
Applications define their AuthZ rules differently
Try to consolidate to an AD/LDAP authz landscape
Tackle this one application at a time!

22
The Power is Yours

You can now audit/review
Who has what accounts?
Why do they have those accounts?
Who approved those accounts?
Are there any orphaned accounts?
Who has access to what?
For how long have they had that access?

23
And there is more..

You can control access to your web-enabled
applications using a Web Access Manager (WAM)
Dont forget about SSO!
What about federated identities and your partners
and suppliers?

24
Viva La Resistance!
25
IT Resistence

Sometimes IT resist a formalized IAM process
because
We are too busy
We cant afford it
We dont want to give up control!

26
We are Too Busy

This is a common response
IT is too busy..
Because they are resetting passwords all day
Working too hard to create accounts
Learning too late that orphaned accounts are
being misused/attacked

27
We Cant Afford It

There are small and big solutions to this problem
If you are an AD-only shop with minimal
applications, then you can start small
Larger enterprises have no choice, they cant
afford not to!

28
We Dont Want to Give Up Control!

This is usually the root of the disagreement.
They are responsible for IT
They dont want problems in IAM to reflect poorly
on them
They are used to the control, even if its not
necessary

29
A Compromise

Take control without giving up control!
A middle-ground
IAM solutions can be used to explore user
directories/databases
Reports can be generated
IT can still do the provisioning itself

30
Summary
31
Summary

Its becoming impossible to manage all of these
accounts and rights by hand
You can automate controls
You can automate audit reports
You can control THE PROCESS!

32
Who We Are?

Puryear IT is THE IAM specialist in Louisiana
We help small and large companies, ranging from
100 users to well over 20,000 users
We are vendor-agnostic, and have worked with
everyone, including
Microsoft
CA
Sun

33
We Can Help IT to..