1. IDM/IAM
Identity & Access
Management
Tell me and I’ll forget
Sigal Russin ,
Show me and I may remember VP & Senior Analyst
Involve me and I’ll understand
2. Is it identity?
2
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
3. Identity and Access Management
Access Identity Directory
Control Administration Services
Strong Authentication Identity & Organization
& Authorization Lifecycle Virtualization
Risk Based Access Administration
Control Enterprise Role Mng Synchronization
Single Sign-On Provisioning &
Federation Reconciliation Storage
Web Services Security Compliance Automation
Audit & Compliance
Audit Data Attestation Fraud Detection Segregation of Duties Controls
Management
Service Levels Risk Analysis Forensics Configuration
Performance Automation
3
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
4. Where to start ?!
4
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
5. Explosion of IDs
# of Business Partners
Digital IDs Automation (B2B)
Company
(B2E)
Customers
(B2C)
Mobility
Internet
Client Server
Mainframe
Pre 1980’s 1980’s 1990’s 2000’s Time
5
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
6. “Identity Chaos”
Lots of users Multiple
and systems repositories
required to of identity
do business information;
Decentralized
Multiple user
management
IDs, multiple
, ad hoc data
passwords
sharing
6
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
7. IDM – Identity Management
7
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
8. 5 Core Elements of ID Management
Federated
Identity
8
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
9. 5 Core Elements of ID Management
9
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
10. 5 Core Elements of ID Management
10
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
11. What’s next…
11
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
12. Before Implementing Access Management
12
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
13. After Implementing Access Management
13
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
14. Trends Impacting IAM and privacy management sectors
Tactical identity
• IAM projects will generally be limited in scope and schedule to
help ensure success.
Identity assurance
• Demands for stronger authentication and more mature
identity provider infrastructures will raised.
• You need to know which providers you are trusting, why, and
for what.
Gartner, Egham, UK, January 31, 2012, Summit 2012, March 12-13, London
14
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
15. Trends Impacting IAM and privacy management sectors
The identity bridge
• A new architectural component is needed to manage the flow
of identity information between cooperating organizations.
• The edge of the organization is to look inward and outward
simultaneously.
Authorization
• It will grow more complex and more urgent due to continuing
regulatory pressure.
• Authorization will assume a place as a first-class business
function.
Gartner, Egham, UK, January 31, 2012, Summit 2012, March 12-13, London 15
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
16. Trends Impacting IAM and privacy management sectors
The sea of tokens
• The new tokens-and-transformers architecture is more
modular, more flexible and more loosely coupled.
Policy battles
• Privacy and identity theft are having a serious impact on
business operations and viability.
• The business community, law enforcement and national
security communities will continue to fight over identification,
privacy laws and regulations.
Gartner, Egham, UK, January 31, 2012, Summit 2012, March 12-13, London 16
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
17. Identity Management Market
Overlap without integration causes consternation and cost
Around 60 vendors in IDM
Directory Authentication
Password Management
Access Management
Provisioning
Meta-directory
Appliances
Virtual Directory
17
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
18. IAM's Biggest Concerns
HP Research Report, Security & Risk Management Survey Conducted by Coleman Parkes
Research, 2012
18
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
19. Be Aware - Most of IDM projects failed
• Allocating human resources for maintenance
1 IDM project
• Project Leaders: HR with cooperation of IT
2
• Support from organization's high management
3
• Sharing and training of all organization
4 departments
19
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
20. Most of IDM projects failed - Be Aware!
• Data Cleansing: job definitions include user
5 authorizations
• Mirroring to organization processes – workflows will
6 maximize ROI
• If you choose a product make sure about the integration
7 to all organization systems -Learn the product!
• Step by Step-integration special groups on AD with one
8 organizational system (SAP, billing, CRM etc.)
20
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
21. Market Overview
Vendor Access ProvN Passwd Meta AuthN
IBM
Novell
Oracle
CA
Microsoft
Netegrity
Oblix
RSA
Entrust
= Partner provided 21
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
22. Identity & Access Management
- Israeli Market Positioning 1Q10-11
Estimated Technology
Penetration
Using this
technolog
y
27%
Evaluating
IDMIAM
Not using
Local Support
73% Player
Worldwide
IBM Leader
CA Prominent
Novell WAM Player
Oracle-Sun
SAP
Quest
BMC This analysis should be used with its
supporting documents
Microsoft Velo (OS)
Market Presence
22
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
23. 2012 World Leaders in Cloud Identity Management
Market Presence
Forrester Survey
23
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
24. Centralize
Security
Maintain
Enforce
Control
Audit
Over Data
Policies
Assets
IDM
Benefits
Automate
Enhance
Auditing
Visibility
Procedures
Detect
Security,
Regulatory
24
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
25. 2013 Will Change Enterprise IDM
The rise of stateless identity
ID standards
Dissolving internal/external
boundaries
Identity assurance
“It’s tough to pull your
head up from the static
world of on-premises user
management to the more
dynamic world.”
2013 Planning Guide: Identity and Privacy, by Ian Glazer
25
Sigal Russin’s work Copyright 2012 @STKI Do not remove November 14, 2012graphic or portion of graphic
By UCStrategies Staff source or attribution from any
26. Recommendations
Organization should translate the business world into project
specification process
Do not try to fit the IDM system to your organization
Before starting – define SOW -> Consider alternatives->
POC for business process
Organization limits – try to start IDM inside the
organization
Matching expectations of project initiators, users and
decision makers
Marketing the project to show the meanings and painful
problems
26
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
27. Recommendations
Small steps such as Gradual connection to organization systems,
initial provisioning, role based access control etc.
Standardization- you don’t need to update the system all
the time
Organization password policy can take a part on IDM
project – SSO on the last stage
Workflows- pay attention for duplication or conflict in
organizational identities
Organizational Tree - reflect the organizational structure in
HR and IT
Each department has a manager (referant) who responsible for
management permissions to the same department 27
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
28. Thank You!
Scan Me To Your Contacts:
28
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic