DevoxxFR 2024 Reproducible Builds with Apache Maven
Introduction and Applicability of Identity and Access Governance - Workshop for Clients 20111123 (English)
1. Workshop
Identity & Access Governance
Thomas van Vooren
23rd of November 2011
www.everett.nl
www.everett.nl
2. Agenda
▶ The emergence of IAG.
▶ What is Identity & Access Governance (IAG)?
▶ IAG versus Identity Management.
▶ Discussion:
§ Need and purpose;
§ Applicability;
§ Architecture.
2
3. Emergence of Identity & Access Governance (IAG)
▶ Compliance more predominant in IT spending:
§ Intrinsic motivation to reduce risk;
§ Protection of intellectual property (IP) and reducing access associated
risk;
§ Increased pressure from regulatory bodies and auditors;
§ Sarbanes-Oxley and others.
▶ Results in more focus on security and transparency: in control
and be able to demonstrate this.
▶ For this reason, other organisations are starting to add IAG
capabilities to their existing IAM environment:
§ Requirement for tools with specific capabilities (the right tool for the
job);
3
§ IAG tools have matured over the past few years.
4. What is Identity & Access Governance?
▶ By definition
§ The life cycle practice of governing the access request process and
related functions to ensure complete and timely access to required
IT resources (including data and information, structured and
unstructured) [Gartner 2011]
▶ By process (pdca cycle):
§ Define authorisations in line with policy and administer those;
§ Roll out resulting access rights to IT resources;
§ Check and report on policy versus practice?
§ Adjust authorisations and rights where necessary?
4
5. IAG versus Identity Management (IDM)
Identity & Access Governance Identity Management
▶ Main drivers: ▶ Main drivers:
§ Compliance; § Time to service;
§ Security; § Cost effectiveness;
§ Transparency. § Security.
▶ Capability focus: ▶ Capability focus:
§ Fine grained authorisation § Identity administration;
administration and § Course grained authorisation
management; management;
§ Monitoring and reporting; § Tight integration with limited
§ Loosely coupled but high volume applications;
integration for many (risk § IT centric
critical) applications;
§ Business centric
5
6. IAG versus IDM: capability overview
• Identity Administration
• Authorisation mining and
• Reporting (e.g. soll-ist) modelling
• Attestation and • Authorisation administration
certification and management
• Course grained
• Fine grained
Identity
• Automation
• Tight integration
• Loosely coupled
6
7. Summary
▶ End to end authorisation management for compliance requires
functionality additional to core IDM capabilities:
§ Authorisation administration and design support (e.g. role mining
and modeling);
§ Rich authorisation management (including support for fine grained
authorisations, segregation of duties);
§ Reporting (periodic attestation and audit reports).
▶ IAG tools include this functionality and on top of that:
§ Reduces the time to compliance (low treshold integration of
applications);
§ Provides a business centric environment.
7