SlideShare una empresa de Scribd logo

Developing an IAM Business Case

Hitachi ID Systems, Inc.
Hitachi ID Systems, Inc.

This document talks about: - Business challenges due to managing identities, authentication factors and entitlements. - Identity and access management (IAM) overview. - IAM value proposition. - Supporting metrics. - Effective IAM projects.

1 de 9
Descargar para leer sin conexión
1 Building an Identity Management Business Case Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Justifying investment in identity management automation. 2 Agenda • Business challenges due to managing identities, authentication factors and entitlements. • Identity and access management (IAM) overview. • IAM value proposition. • Supporting metrics. • Effective IAM projects. 3 Business Challenges © 2011 Hitachi ID Systems, Inc. All rights reserved. 1
Slide Presentation 3.1 The User Lifecycle At a high level, the user lifecycle is essentially the same in all organizations and across all platforms. 3.2 IAM in Silos In most organizations, many processes affect many applications. This many-to-many relationship creates complexity: © 2011 Hitachi ID Systems, Inc. All rights reserved. 2
Slide Presentation 3.3 Identity and Access Problems For users For IT support • How to request a change? • Onboarding, deactivation across many • Who must approve the change? apps is challenging. • When will the change be completed? • More apps all the time! • Too many passwords. • What data is trustworthy and what is • Too many login prompts. obsolete? • Not notified of new-hires/terminations on time. • Hard to interpret end user requests. • Who can request, who should authorize changes? • What entitlements are appropriate for each user? • The problems increase as scope grows from internal to external. 3.4 Identity and Access Problems (continued) For Security / risk / audit For Developers • Orphan, dormant accounts. • Need temporary access (e.g., prod • Too many people with privileged access. migration). • Static admin, service passwords a • Half the code in every new app is the security risk. same: • Weak password, password-reset processes. – Identify. • Inappropriate, outdated entitlements. – Authenticate. • Who owns ID X on system Y? – Authorize. • Who approved entitlement W on system – Audit. Z? – Manage the above. • Limited/unreliable audit logs in apps. • Mistakes in this infrastructure create security holes. 3.5 Business Drivers for IAM Security / controls. • Reliable deactivation. • Strong authentication. • Appropriate security entitlements. Regulatory • PCI-DSS, SOX, HIPAA, EU Privacy Directive, etc. compliance. • Audit user access rights. IT support costs. • Help desk call volume. • Time/effort to manage access rights. Service / SLA. • Faster onboarding. • Simpler request / approvals process. © 2011 Hitachi ID Systems, Inc. All rights reserved. 3
Slide Presentation 3.6 IAM is Linked to Regulations • Many regulations, in many jurisdictions, call for internal controls: – This implies effective AAA: Authentication, Authorization and Audit. • Every system already has AAA. – The weakness is bad user/access data. • The missing link is business process: – Appropriate access rights. – Timely access termination. – Effective authentication. • Identity and access management process and technology are needed to bridge the gap between business requirements and AAA infrastructure. 4 IAM Overview 4.1 Defining Identity and Access Management A shared platform and consistent processes for managing information about users: Identity: Who is this user? Authentication: How do systems authenticate this user? Entitlements: What can this user access? 4.2 Connecting Users to Applications Identity and access management can be thought of as middleware for pulling security administration out of application silos. Users Hitachi ID Management Suite Target Systems Business processes User Objects Related Objects Synchronization / Propagation Attributes Home Directories Request / Authorization Passwords Mail Boxes Delegated Administration Privileges PKI Certs. Employees, contractors, Consolidated Reporting customers, and partners 5 IAM Value Proposition © 2011 Hitachi ID Systems, Inc. All rights reserved. 4
Slide Presentation 5.1 IAM Benefits Identity and access management systems help organizations lower IT operating cost, improve user productivity and strengthen security: • Operating cost: – Fewer help desk calls for password and access problems. – Fewer administrators required to setup and tear down user access. – User security audits are faster and cheaper. • User productivity / service: – Faster onboarding. – Fewer passwords to remember and fewer password problems. • Security / regulatory compliance: – Reliable, prompt and comprehensive access termination. – Policy enforcement: segregation of duties, role-based access. – Simplify audit and cleanup of security entitlements. – Consistently strong authentication. 5.2 Building a Business Case An investment in identity and access management processes and infrastructure is normally supported by cost savings, improved productivity and stronger security: Cost savings Productivity Security Reassign staff out of the help Help new users start work Clean up entitlements, desk or user administration sooner and eliminate delays enforce security policies and group. experienced by users who create audit logs. Comply have problems or need with SOX, GLB, HIPAA, etc. changes. Any business case should be supported by metrics: • Current state. • Desired outcome. 6 Supporting Metrics © 2011 Hitachi ID Systems, Inc. All rights reserved. 5
Slide Presentation 6.1 Metrics: Password Management Cost savings Productivity Security • Number of password • Time spent by users • How does the help desk problem help desk calls before, during and after authenticate callers? per month? a typical password • Current vs. desired • Cost and duration of problem? password policy on each call? • Value of wasted user sensitive systems? • Peak staffing to support time? • Popularity of password post-weekend call "sticky notes?" volumes? Example targets: • Reduce password help desk calls by 75%. • Reduce total help desk calls by 25%. • Reduce passwords per user to 2. 6.2 Metrics: User Provisioning Cost savings Productivity Security • Number of user add / • Number of different • SLA to terminate change / deactivate forms used to request access for operations per month? new / changed access? ex-employees? • Cost and duration of • Average time spent by Ex-contractors? each operation? users making requests • Number of user (find the form, fill it out, administration staff? send it to the right people, etc.)? • IT SLA to fulfill valid, authorized requests? Example targets: • Reduce onboarding time from 3 days to 3 hours. • Reduce admin FTEs from 6 to 2. • Terminate access within 1 hour of departure. © 2011 Hitachi ID Systems, Inc. All rights reserved. 6
Slide Presentation 6.3 Metrics: Access Certification Cost savings Security • Cost of user access audits? • Number of login accounts vs. number of • Cost of excess software licenses? real users? • Security or regulatory exposure due to inappropriate entitlements? • Total number of entitlements on integrated systems. • Average number of entitlements per user. 6.4 Metrics: Privileged Access Management Cost savings Productivity Security • Person days to change • Number of admin • Number of privileged passwords on all password changes per accounts per platform privileged accounts. month. and total. • Annual cost for • Number of emergency • Number of systems per production migrations admin access events shared privileged because developers per month. account. cannot be granted • Time to deactivate temporary access. terminated system administrators. • Time to determine what systems a departed administrator accessed before leaving. Example targets: • Time to deactivate administrator: 5 minutes. • All admin passwords changed daily. 7 Effective IAM Projects © 2011 Hitachi ID Systems, Inc. All rights reserved. 7
Slide Presentation 7.1 IAM Project Cost License and maintenance for components: Implementation services: • Directory. • Discovery, design. • Meta-directory. • Installation, configuration. • User provisioning / workflow. • Testing, troubleshooting, user • Access certification / audit. acceptance, pilot. • Password management. • User rollout. • Web, enterprise single signon (SSO). • Incentives, user education and awareness. Servers Ongoing costs: • Hardware. • System health monitoring. • Operating system license. • Adding features, integrations. • Rack space. • User education, awareness. • Support services. • Ownership and coordination. 7.2 Minimizing Deployment Cost Technology drives lower deployment costs: • Auto-discovery. • Self-service login ID reconciliation. • More pre-built connectors. • Support for multi-tenant installation. • Functional across customer firewalls. • Avoids role engineering. • Dynamic workflow. • Full functionality without client software. • Easier to extend to custom applications/targets. © 2011 Hitachi ID Systems, Inc. All rights reserved. 8
Slide Presentation 7.3 Change Management: The Human Factor • Identity and access management can be political: – There are lots of stake-holders: application owners, security administrators, the help desk, audit, network operations, etc. – It’s hard to get lots of people to agree on anything. – Executive sponsorship is essential to drive consensus. • The user community must be involved: – Needs analysis. – Usability. – User training and awareness. – Incentives and dis-incentives. • This is more about business process than technology: – How does your organization onboard new hires? manage change? terminate? – Business logic must capture authorization, login ID allocation, etc. 7.4 Getting an IAM Project Started • Build a business case. • Get management sponsorship and a budget. • Discovery phase, capture detailed requirements. • Assemble a project team: – security – system administration – user support – etc. • Try before you buy: Demos, POCs, pilots. • Install the software, roll to production. • Enroll users, if/as required. 500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com File: PRCS:pres www.Hitachi-ID.com Date: March 22, 2011

Recomendados

ITIL - IAM (Access Management)
ITIL - IAM (Access Management)ITIL - IAM (Access Management)
ITIL - IAM (Access Management)Josep Bardallo
 
ITIL & CMMI for Services
ITIL & CMMI for ServicesITIL & CMMI for Services
ITIL & CMMI for ServicesNUS-ISS
 
Best Practices for Identity Management Projects
Best Practices for Identity Management ProjectsBest Practices for Identity Management Projects
Best Practices for Identity Management ProjectsHitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Maximizing Value
Maximizing ValueMaximizing Value
Maximizing ValueHitachi ID Systems, Inc.
 
Authentication Management
Authentication ManagementAuthentication Management
Authentication ManagementHitachi ID Systems, Inc.
 

Recomendados

ITIL - IAM (Access Management)
ITIL - IAM (Access Management)ITIL - IAM (Access Management)
ITIL - IAM (Access Management)Josep Bardallo
 
ITIL & CMMI for Services
ITIL & CMMI for ServicesITIL & CMMI for Services
ITIL & CMMI for ServicesNUS-ISS
 
Best Practices for Identity Management Projects
Best Practices for Identity Management ProjectsBest Practices for Identity Management Projects
Best Practices for Identity Management ProjectsHitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Maximizing Value
Maximizing ValueMaximizing Value
Maximizing ValueHitachi ID Systems, Inc.
 
Authentication Management
Authentication ManagementAuthentication Management
Authentication ManagementHitachi ID Systems, Inc.
 
Introduction to Identity Management
Introduction to Identity ManagementIntroduction to Identity Management
Introduction to Identity ManagementHitachi ID Systems, Inc.
 
Hitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Systems, Inc.
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Systems, Inc.
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Systems, Inc.
 
Identity and Access Lifecycle Automation
Identity and Access Lifecycle AutomationIdentity and Access Lifecycle Automation
Identity and Access Lifecycle AutomationHitachi ID Systems, Inc.
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business CaseHitachi ID Systems, Inc.
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access ManagementHitachi ID Systems, Inc.
 
Hitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Systems, Inc.
 
How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?Hitachi ID Systems, Inc.
 
Hitachi ID Privileged Access Manager
Hitachi ID Privileged Access ManagerHitachi ID Privileged Access Manager
Hitachi ID Privileged Access ManagerHitachi ID Systems, Inc.
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Hitachi ID Management Suite
Hitachi ID Management SuiteHitachi ID Management Suite
Hitachi ID Management SuiteHitachi ID Systems, Inc.
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Systems, Inc.
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Systems, Inc.
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Systems, Inc.
 
Hitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Systems, Inc.
 

Más contenido relacionado

Más de Hitachi ID Systems, Inc.

Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Systems, Inc.
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business CaseHitachi ID Systems, Inc.
 
How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?Hitachi ID Systems, Inc.
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Systems, Inc.
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Systems, Inc.
 

Más de Hitachi ID Systems, Inc. (20)

Introduction to Identity Management
Introduction to Identity ManagementIntroduction to Identity Management
Introduction to Identity Management
 
Hitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Access Certifier
Hitachi ID Access Certifier
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group Manager
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
 
Identity and Access Lifecycle Automation
Identity and Access Lifecycle AutomationIdentity and Access Lifecycle Automation
Identity and Access Lifecycle Automation
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business Case
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
 
Hitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Access Certifier
Hitachi ID Access Certifier
 
How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?
 
Hitachi ID Privileged Access Manager
Hitachi ID Privileged Access ManagerHitachi ID Privileged Access Manager
Hitachi ID Privileged Access Manager
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Hitachi ID Management Suite
Hitachi ID Management SuiteHitachi ID Management Suite
Hitachi ID Management Suite
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate Edition
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and Technology
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group Manager
 
Hitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Password Manager Brochure
Hitachi ID Password Manager Brochure
 

Developing an IAM Business Case

  • 1. 1 Building an Identity Management Business Case Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Justifying investment in identity management automation. 2 Agenda • Business challenges due to managing identities, authentication factors and entitlements. • Identity and access management (IAM) overview. • IAM value proposition. • Supporting metrics. • Effective IAM projects. 3 Business Challenges © 2011 Hitachi ID Systems, Inc. All rights reserved. 1
  • 2. Slide Presentation 3.1 The User Lifecycle At a high level, the user lifecycle is essentially the same in all organizations and across all platforms. 3.2 IAM in Silos In most organizations, many processes affect many applications. This many-to-many relationship creates complexity: © 2011 Hitachi ID Systems, Inc. All rights reserved. 2
  • 3. Slide Presentation 3.3 Identity and Access Problems For users For IT support • How to request a change? • Onboarding, deactivation across many • Who must approve the change? apps is challenging. • When will the change be completed? • More apps all the time! • Too many passwords. • What data is trustworthy and what is • Too many login prompts. obsolete? • Not notified of new-hires/terminations on time. • Hard to interpret end user requests. • Who can request, who should authorize changes? • What entitlements are appropriate for each user? • The problems increase as scope grows from internal to external. 3.4 Identity and Access Problems (continued) For Security / risk / audit For Developers • Orphan, dormant accounts. • Need temporary access (e.g., prod • Too many people with privileged access. migration). • Static admin, service passwords a • Half the code in every new app is the security risk. same: • Weak password, password-reset processes. – Identify. • Inappropriate, outdated entitlements. – Authenticate. • Who owns ID X on system Y? – Authorize. • Who approved entitlement W on system – Audit. Z? – Manage the above. • Limited/unreliable audit logs in apps. • Mistakes in this infrastructure create security holes. 3.5 Business Drivers for IAM Security / controls. • Reliable deactivation. • Strong authentication. • Appropriate security entitlements. Regulatory • PCI-DSS, SOX, HIPAA, EU Privacy Directive, etc. compliance. • Audit user access rights. IT support costs. • Help desk call volume. • Time/effort to manage access rights. Service / SLA. • Faster onboarding. • Simpler request / approvals process. © 2011 Hitachi ID Systems, Inc. All rights reserved. 3
  • 4. Slide Presentation 3.6 IAM is Linked to Regulations • Many regulations, in many jurisdictions, call for internal controls: – This implies effective AAA: Authentication, Authorization and Audit. • Every system already has AAA. – The weakness is bad user/access data. • The missing link is business process: – Appropriate access rights. – Timely access termination. – Effective authentication. • Identity and access management process and technology are needed to bridge the gap between business requirements and AAA infrastructure. 4 IAM Overview 4.1 Defining Identity and Access Management A shared platform and consistent processes for managing information about users: Identity: Who is this user? Authentication: How do systems authenticate this user? Entitlements: What can this user access? 4.2 Connecting Users to Applications Identity and access management can be thought of as middleware for pulling security administration out of application silos. Users Hitachi ID Management Suite Target Systems Business processes User Objects Related Objects Synchronization / Propagation Attributes Home Directories Request / Authorization Passwords Mail Boxes Delegated Administration Privileges PKI Certs. Employees, contractors, Consolidated Reporting customers, and partners 5 IAM Value Proposition © 2011 Hitachi ID Systems, Inc. All rights reserved. 4
  • 5. Slide Presentation 5.1 IAM Benefits Identity and access management systems help organizations lower IT operating cost, improve user productivity and strengthen security: • Operating cost: – Fewer help desk calls for password and access problems. – Fewer administrators required to setup and tear down user access. – User security audits are faster and cheaper. • User productivity / service: – Faster onboarding. – Fewer passwords to remember and fewer password problems. • Security / regulatory compliance: – Reliable, prompt and comprehensive access termination. – Policy enforcement: segregation of duties, role-based access. – Simplify audit and cleanup of security entitlements. – Consistently strong authentication. 5.2 Building a Business Case An investment in identity and access management processes and infrastructure is normally supported by cost savings, improved productivity and stronger security: Cost savings Productivity Security Reassign staff out of the help Help new users start work Clean up entitlements, desk or user administration sooner and eliminate delays enforce security policies and group. experienced by users who create audit logs. Comply have problems or need with SOX, GLB, HIPAA, etc. changes. Any business case should be supported by metrics: • Current state. • Desired outcome. 6 Supporting Metrics © 2011 Hitachi ID Systems, Inc. All rights reserved. 5
  • 6. Slide Presentation 6.1 Metrics: Password Management Cost savings Productivity Security • Number of password • Time spent by users • How does the help desk problem help desk calls before, during and after authenticate callers? per month? a typical password • Current vs. desired • Cost and duration of problem? password policy on each call? • Value of wasted user sensitive systems? • Peak staffing to support time? • Popularity of password post-weekend call "sticky notes?" volumes? Example targets: • Reduce password help desk calls by 75%. • Reduce total help desk calls by 25%. • Reduce passwords per user to 2. 6.2 Metrics: User Provisioning Cost savings Productivity Security • Number of user add / • Number of different • SLA to terminate change / deactivate forms used to request access for operations per month? new / changed access? ex-employees? • Cost and duration of • Average time spent by Ex-contractors? each operation? users making requests • Number of user (find the form, fill it out, administration staff? send it to the right people, etc.)? • IT SLA to fulfill valid, authorized requests? Example targets: • Reduce onboarding time from 3 days to 3 hours. • Reduce admin FTEs from 6 to 2. • Terminate access within 1 hour of departure. © 2011 Hitachi ID Systems, Inc. All rights reserved. 6
  • 7. Slide Presentation 6.3 Metrics: Access Certification Cost savings Security • Cost of user access audits? • Number of login accounts vs. number of • Cost of excess software licenses? real users? • Security or regulatory exposure due to inappropriate entitlements? • Total number of entitlements on integrated systems. • Average number of entitlements per user. 6.4 Metrics: Privileged Access Management Cost savings Productivity Security • Person days to change • Number of admin • Number of privileged passwords on all password changes per accounts per platform privileged accounts. month. and total. • Annual cost for • Number of emergency • Number of systems per production migrations admin access events shared privileged because developers per month. account. cannot be granted • Time to deactivate temporary access. terminated system administrators. • Time to determine what systems a departed administrator accessed before leaving. Example targets: • Time to deactivate administrator: 5 minutes. • All admin passwords changed daily. 7 Effective IAM Projects © 2011 Hitachi ID Systems, Inc. All rights reserved. 7
  • 8. Slide Presentation 7.1 IAM Project Cost License and maintenance for components: Implementation services: • Directory. • Discovery, design. • Meta-directory. • Installation, configuration. • User provisioning / workflow. • Testing, troubleshooting, user • Access certification / audit. acceptance, pilot. • Password management. • User rollout. • Web, enterprise single signon (SSO). • Incentives, user education and awareness. Servers Ongoing costs: • Hardware. • System health monitoring. • Operating system license. • Adding features, integrations. • Rack space. • User education, awareness. • Support services. • Ownership and coordination. 7.2 Minimizing Deployment Cost Technology drives lower deployment costs: • Auto-discovery. • Self-service login ID reconciliation. • More pre-built connectors. • Support for multi-tenant installation. • Functional across customer firewalls. • Avoids role engineering. • Dynamic workflow. • Full functionality without client software. • Easier to extend to custom applications/targets. © 2011 Hitachi ID Systems, Inc. All rights reserved. 8
  • 9. Slide Presentation 7.3 Change Management: The Human Factor • Identity and access management can be political: – There are lots of stake-holders: application owners, security administrators, the help desk, audit, network operations, etc. – It’s hard to get lots of people to agree on anything. – Executive sponsorship is essential to drive consensus. • The user community must be involved: – Needs analysis. – Usability. – User training and awareness. – Incentives and dis-incentives. • This is more about business process than technology: – How does your organization onboard new hires? manage change? terminate? – Business logic must capture authorization, login ID allocation, etc. 7.4 Getting an IAM Project Started • Build a business case. • Get management sponsorship and a budget. • Discovery phase, capture detailed requirements. • Assemble a project team: – security – system administration – user support – etc. • Try before you buy: Demos, POCs, pilots. • Install the software, roll to production. • Enroll users, if/as required. 500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com File: PRCS:pres www.Hitachi-ID.com Date: March 22, 2011