SlideShare a Scribd company logo

Sa202 Sn

C
cipriano1

Identity and Access Management

1 of 38
Download to read offline
Meeting the Provisioning Needs of Both IT and Business Users at Vanguard Security Management SA202SN
Abstract > Vanguard, one of the world's largest investment management companies, needs to provision timely access to all of their employees. However, like many organizations, their IT and business users have distinct provisioning needs. This access must be granted quickly to enable the business, but audited and removed as soon as possible to , p protect customers' confidential data. Senior Manager at Vanguard, Phil Taddeo, will share their experiences for implementing CA Identity Manager. Robyn Fisher, officer of Business Access Management, will share an executive perspective on identity management, including the success metrics that help gain corporate support. 2 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Biography > Philip Taddeo Sr. Manager, Business Access Management, Security and Contingency Services, Planning and Development Division. ! 16 Year Vanguard veteran holding various leadership positions in multiple business lines. ! Responsible for supporting the provisioning needs of Vanguard internal users and the systems which provision them. ! Supported Vanguard’s various role based access control solutions for the past 8 years. ! Involved in deploying and supporting CA Identity Manager at Vanguard from 2004 to current. > Robyn Fisher Principal, Business Access Management, Security and Contingency Services, Planning and Development Division. ! 20+ year background in IT operations management. ! Responsible for all business access to data at Vanguard. 3 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Agenda > Company Overview > Differentiation of Business vs. IT Users > Provisioning Challenges > M Managing your IT U i Users > Value of Metrics in this process > Questions 4 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Vanguard Company Overview > Founded in 1975 and headquartered in Valley Forge, PA. > Vanguard’s mission is to is to help clients reach their financial goals by being the world's highest-value provider of investment products and services. > World’s largest pure no load mutual fund company and World s no-load the second largest fund firm in the U.S. > Offer a wide array of financial products to individuals, institutions and financial advisors. > As of 12/31/2007 we managed approximately 1.3 trillion dollars in U.S. Mutual Funds. > Approximately 12,000 U.S. based crewmembers. 5 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Technical Deployment Overview > Utilize CA Identity Manager to provision access > All crew have access to CA Identity Manager self-service front end > We role and rule base all platform entitlements for our crew. We manage fine grain entitlements for: – ACF2 – AD – CA Access – DB2 – Sybase Control – Unix / Linux – Oracle – Siebel – Kerberos – MS SQL – Lotus Notes – AS400 – UPO > CA Identity Manager manages over 350,000 accounts 6 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Technical Deployment Overview > Platforms (endpoints) Endpoint managed in strong Active Directory synchronization DB2 > System of Record Kerberos ! PeopleSoft HR MS-SQL ! Nightly feed of any OS400 changes to Oracle demographics Sybase ! Configurable fields UNIX/LINUX that warrant access ACF2 changes – Department – Job Code 7 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Business User Characteristics > What are common characteristics of business users? ! Limited number of accounts, usually 4-7 accounts ! Static level of access based on business need ! Generally access data and resources through applications ! Do not have direct access to enterprise data stores ! For compliance reasons systems they use usually have segregation of duties and controls coded within the application 8 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Example Business User Common Business User (Customer Service) • Fully automated rule driven role based access based on HR feed • 4 accounts created Recordkeeping / Trading LAN Account E-Mail CRM System System Account • Domain user access • Customer service role • Customer service role • Company intranet access • Access company • Lookup account • Shared drive access profile • Process trade • Look at company • Modify account options contacts 9 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Example IT User • Some access automated Common IT Support • Ad-hoc requested access User • Also has standard LAN and e-mail access • Little application level access • Has significant number Data Center1 Data Center 2 of accounts across many Requires Server-1 Server-2 platforms Server Server-3 Server-4 Access Requires Hardware R R R R Access Database Database Database 1 2 3 Database Requires 4 Database Access 10 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
IT User Characteristics > What are common characteristics of IT users? ! Large number of accounts ranging from 100 to over a 1000 ! Dynamic need to access highly sensitive data and functions ! Need access to production and development resources ! Have little application level access ! Require direct access to enterprise data stores ! Require access quickly to support critical system outages 11 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Pre-Implementation Environment > What security looked like prior to our CA Identity Manager implementation 1. Managers rarely knew what roles to request for new employees. 2. Turnover could result in loss of knowledge of security requirements. it i t 3. Security was sometimes requested after an employee started within a department. 4. Since inappropriate roles might have been assigned, maintenance was frequent and roles were redundant. 5. Security related help desk calls for user access were many. 12 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Audit and Control Considerations > Common control themes for logical access to systems and data 1. Requests for new or modified access must be documented and authorized by management prior to production activation. 2. Logical access is removed in a timely fashion, upon HR notification and/or system availability events. 3. Appropriateness of users with access to sensitive data. 4. Appropriateness of users with access to perform system administrative functions. 13 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Business Operations Considerations > Common themes of IT user security provisioning 1. Administration of access must be timely especially during system troubleshooting events. 2. Access to production resources, data and systems, must be restricted and tightly controlled. g y 3. “Don’t grant anything unless I authorize it”. 4. Sometimes people outside of production support may require production access, but not full time. 5. I know we are technical but… I really don’t understand security. 14 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Project Goals > Provide the IT users with a self-provisioning system using intuitive naming conventions. > Establish easy to understand access guidelines. > Certify user access to the platform level. > C Create reusable roles f all types of user access bl l for ll f to reduce security maintenance activities. > Apply rules in order to provision access automatically whenever possible. > Reduce overall access of IT personnel to production data and systems without impacting operations. 15 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Project Timeline Phase I Phase II Phase III 2006 2007-2008 2009- X " Install CA Identity " Communications to " Extend CA Identity Manager to enhance Business Manager to additional current capabilities " Rollout users into new systems and connectors " Role Design in roles (implementation administered manually cooperation with of role design) business 16 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
The Solution People Process Technology In order to achieve the desired reduction in Audit findings/observations and increase efficiency and client satisfaction, three key areas needed to be addressed. Focus on one area, without the other two will not result in the desired outcomes. 17 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
People - Communications Training All levels of management will actively participate in security awareness and “ I know what to do and will change perform the necessary steps to my behavior” Behavior “Secure the Organization”. All levels of management be committed “ I am committed to to “Secure the Organization”. participating” Commitment Two-way communication All levels of management must understand the on-boarding, transfer and off-boarding “ I understand the Understanding processes and the security message” implications of each process. All levels of management must be aware of their open “ I hear the Audit observations. In message” Awareness addition, they need to One-way know the applications communication and level of access used by their crew. 18 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
People – Engagement of Key Personnel > Engaged employees from all levels of the IT organization to develop role content and access guidelines. ! Production Access Steering Committee – officers and senior managers from IT and Internal Audit. ! Production Access Core Team – managers, auditors and support level personnel. ! Departmental Change Agents – management and non- management subject matter experts. > Work from the above teams reported to the IT Risk Council. > Overall program progress reported to senior executive levels throughout the organization. 19 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Process - Establish Simple Guidelines Goal: IT crewmembers have the proper access to perform their job functions while reasonably limiting access to the production environment. Require prod access averaging at least 3 out of 5 days every A week to perform their primary duties Read access unless associated to an Administrative Privilege B such as Root access on Unix Application level access for IT Personnel must adhere to C Guideline A Note: Exceptions will require both sub-division senior management & IT Security Office approval. 20 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Blending Process with Technology • All roles below use the same children role and policies underneath the parent role. • Each parent role has a different scoping and approval chain. Access Type Reason to Have How Quick is Duration of Who Who Access Access Authorizes Administers Granted Use Access Permanent You meet the IT NA – users 24 x7 IT Divisional Self service Full Time production access who have this Designee Access guidelines access carry it full time On-Demand You do not have <15 minutes 24 hours IT Divisional Production CRISIS full time access Designee Support Access and need to Managers support a system issue On-Demand You need to Within 24 24 hours Requestors Self service Temporary perform a non- hours of manager and Production critical function submission IT Divisional Access that the production Designee support group cannot do for you. (i.e. research) 21 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Blending Process with Technology: On-Demand Crisis Access 22 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Blending Process with Technology: On-Demand Temporary Access 23 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Process: New Role Methodologies • Role content was defined by the IT business areas • Role diagrams were turned over Sr. Developer Role Diagram the IT business areas • Management knows what will Department 1124 automatically happen and what they need to request Retail IT Senior Dept = 1124 and job code = 1741 Developer (developer) Vanguard.com Vanguard.com Vanguard.com DB2 Auth ACF2 Unix Retail IT Share Performance Developement Developement Group Deveolpment Development Drives region Region 1 Region 2 Performance 1 Access Mid-Tier C risisR R ETA IL U N IX VTS H A R D Vanguard.com Production TOKEN Production M id-Tier Support 24 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Technology: Identity Manager End Product This task is available to all IT crew to request full time and temporary access through a standard self- service workflow lf i kfl Role descriptions are easily understandable 25 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Technology: Identity Manager End Product This task is available only to production support managers within a particular ithi ti l sub-division. This task is scoped so that the production support managers can only administer their sub divisions crisis access roles. 26 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Technology: End Product – UPO Initiated Workflow Form Crisis and temporary roles will both initiate UPO initiated workflow forms. 27 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
End Results > IT crew have a majority of their access Day 1 when starting their job without their managers needing to request it. > IT managers understand the access their crew have. > All access is approved by managers and the respective pp y g p data stewards prior to assignment. > IT can evidence authorizations to various auditors. > Access is removed from users in a timely fashion. > Full time access to production data and systems can be dramatically reduced, yet be available in a timely fashion for production support event and development projects. 28 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Considerations > If CA Identity Manager is unavailable for IT Divisional Administrators and Availability Managers. You need to have a solid plan B. > High availability design of your CA Identity Manager infrastructure is a must. > CA Identity Manager must sustain its performance as you increase the number of crew, roles, and end points. Build your solution with scalability in mind. 29 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Helpful Hints for Planning > Set realistic expectations of deliverables for senior management. > Communicate, train, and communicate again. > Aggressive timeframes often are good on paper but unrealistic – plan than add 33% to y p your timelines. > Define users access to least privilege. Less is easier to maintain and better for audit controls. > Managing all platforms is very difficult and time consuming – decide carefully before automating. > Heavy customization is time consuming, costly and difficult to maintain – offset it by process change. 30 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Value of Metrics Robyn Fisher
Dashboards Drive Change > Dashboards/metrics are a standard communication tool used by Vanguard management in accordance with our 6 Sigma philosophy. > Metrics focus on tracking IT's access to production data. > Compliance support requires reports to facilitate recertification processes that validate only authorized crew have production access. > Our metrics lend themselves to a friendly atmosphere of competitiveness across peer organizations. 32 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Divisional Level Reports IT Division Production Access 45% 39% 40% 37% 35% 30% Users % of IT U 25% 20% 15% 10% 5% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% Jul-08 Aug-08 Sep-08 Oct-08 Nov-08 Dec-08 Jan-09 Feb-09 Mar-09 Apr-09 May-09 Jun-09 Jul-2008 Aug-2008 Sep-2008 Oct-2008 Nov-2008 Dec-2008 Jan-2009 Feb-2009 Mar-2009 Apr-2009 May-2009 Jun-2009 %of Prod Access 37% 39% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 33 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Departmental Examples % Full Time Production Access By Department August 2008 120% 100% 100% 100% 96% 96% 90% 83% 81% 79% 80% 60% 48% 37% 40% 29% 20% 20% 1% 0% Dept A Dept B Dept C Dept D Dept E Dept F Dept G Dept H Dept I Dept J Dept K Dept L Dept M %of Prod Access 48% 96% 100% 81% 1% 79% 96% 100% 29% 37% 90% 83% 20% IT Avg 39% 39% 39% 39% 39% 39% 39% 39% 39% 39% 39% 39% 39% 34 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Departmental Detail Examples 35 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Q&A
Related Sessions SESSION # TITLE Date / Time SA103SN CA Identity Manager Product Update 11/18/2008 and Roadmap Discussion at 2:45 p.m. SA711SN How to Deploy Identity Management 11/19/2008 on a Fi d B d t Fixed Budget at 8 30 a.m. t 8:30 SG112SN Balancing Timely Provisioning with 11/19/2008 Security Requirements in a Changing at 2:45 p.m. Environment 37 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
Please Complete a Session Evaluation Form > The number for this session is SA202SN > After completing your session evaluation form, place it in the basket at the back of the room ! Please left-justify the session number 38 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.

Recommended

Thomas_Rock_Resume_50B
Thomas_Rock_Resume_50BThomas_Rock_Resume_50B
Thomas_Rock_Resume_50BThomas Rock
 
JDE & Peoplesoft 3 _ Sumedh Vipradas _ Reduce Invoice Processing Costs and Cy...
JDE & Peoplesoft 3 _ Sumedh Vipradas _ Reduce Invoice Processing Costs and Cy...JDE & Peoplesoft 3 _ Sumedh Vipradas _ Reduce Invoice Processing Costs and Cy...
JDE & Peoplesoft 3 _ Sumedh Vipradas _ Reduce Invoice Processing Costs and Cy...InSync2011
 
Ram
RamRam
RamRambabu M
 
Business Intelligence and Pentaho Services - OpenSistemas
Business Intelligence and Pentaho Services - OpenSistemasBusiness Intelligence and Pentaho Services - OpenSistemas
Business Intelligence and Pentaho Services - OpenSistemasOpenSistemas
 
HR HelpDesk: Uniquely Designed to Serve HR
HR HelpDesk: Uniquely Designed to Serve HRHR HelpDesk: Uniquely Designed to Serve HR
HR HelpDesk: Uniquely Designed to Serve HRLBi Software
 
What’s New in SharePoint 2013 for IT Pros
What’s New in SharePoint 2013 for IT ProsWhat’s New in SharePoint 2013 for IT Pros
What’s New in SharePoint 2013 for IT ProsSPC Adriatics
 
Ramesh_CV_4_Years_Experience
Ramesh_CV_4_Years_ExperienceRamesh_CV_4_Years_Experience
Ramesh_CV_4_Years_ExperienceRamesh Thadivada
 
RajaSubramanian Resume
RajaSubramanian ResumeRajaSubramanian Resume
RajaSubramanian ResumeRaja Subramanian
 

Recommended

Thomas_Rock_Resume_50B
Thomas_Rock_Resume_50BThomas_Rock_Resume_50B
Thomas_Rock_Resume_50BThomas Rock
 
JDE & Peoplesoft 3 _ Sumedh Vipradas _ Reduce Invoice Processing Costs and Cy...
JDE & Peoplesoft 3 _ Sumedh Vipradas _ Reduce Invoice Processing Costs and Cy...JDE & Peoplesoft 3 _ Sumedh Vipradas _ Reduce Invoice Processing Costs and Cy...
JDE & Peoplesoft 3 _ Sumedh Vipradas _ Reduce Invoice Processing Costs and Cy...InSync2011
 
Ram
RamRam
RamRambabu M
 
Business Intelligence and Pentaho Services - OpenSistemas
Business Intelligence and Pentaho Services - OpenSistemasBusiness Intelligence and Pentaho Services - OpenSistemas
Business Intelligence and Pentaho Services - OpenSistemasOpenSistemas
 
HR HelpDesk: Uniquely Designed to Serve HR
HR HelpDesk: Uniquely Designed to Serve HRHR HelpDesk: Uniquely Designed to Serve HR
HR HelpDesk: Uniquely Designed to Serve HRLBi Software
 
What’s New in SharePoint 2013 for IT Pros
What’s New in SharePoint 2013 for IT ProsWhat’s New in SharePoint 2013 for IT Pros
What’s New in SharePoint 2013 for IT ProsSPC Adriatics
 
Ramesh_CV_4_Years_Experience
Ramesh_CV_4_Years_ExperienceRamesh_CV_4_Years_Experience
Ramesh_CV_4_Years_ExperienceRamesh Thadivada
 
RajaSubramanian Resume
RajaSubramanian ResumeRajaSubramanian Resume
RajaSubramanian ResumeRaja Subramanian
 
Integrated Services for Web Applications
Integrated Services for Web ApplicationsIntegrated Services for Web Applications
Integrated Services for Web ApplicationsSaltmarch Media
 
Hayat resume 1
Hayat resume 1Hayat resume 1
Hayat resume 1Hayat Azizi
 
BI FirstBank
BI FirstBank BI FirstBank
BI FirstBank Actuate Corporation
 
Managed Services Seminar Presentation
Managed Services Seminar PresentationManaged Services Seminar Presentation
Managed Services Seminar Presentationgerrymark
 
Informix NoSQL & Hybrid SQL detailed deep dive
Informix NoSQL & Hybrid SQL detailed deep diveInformix NoSQL & Hybrid SQL detailed deep dive
Informix NoSQL & Hybrid SQL detailed deep diveKeshav Murthy
 
Using IBM DataPower for rapid security and application integration with an op...
Using IBM DataPower for rapid security and application integration with an op...Using IBM DataPower for rapid security and application integration with an op...
Using IBM DataPower for rapid security and application integration with an op...Gennadiy Civil
 
Integrating oracle cloud and existing applications final sg
Integrating oracle cloud and existing applications final sgIntegrating oracle cloud and existing applications final sg
Integrating oracle cloud and existing applications final sgKen Ng
 
JD Edwards & Peoplesoft 3 _ Melita Skurray _ Integrating PeopleSoft HRMS.pdf
JD Edwards & Peoplesoft 3 _ Melita Skurray _ Integrating PeopleSoft HRMS.pdfJD Edwards & Peoplesoft 3 _ Melita Skurray _ Integrating PeopleSoft HRMS.pdf
JD Edwards & Peoplesoft 3 _ Melita Skurray _ Integrating PeopleSoft HRMS.pdfInSync2011
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ KiranKiran Kumar
 
Bp102 a ray of sunshine through the cloud -mwlug
Bp102 a ray of sunshine through the cloud -mwlugBp102 a ray of sunshine through the cloud -mwlug
Bp102 a ray of sunshine through the cloud -mwlugSharon James
 
Informix SQL & NoSQL -- for Chat with the labs on 4/22
Informix SQL & NoSQL -- for Chat with the labs on 4/22Informix SQL & NoSQL -- for Chat with the labs on 4/22
Informix SQL & NoSQL -- for Chat with the labs on 4/22Keshav Murthy
 
Software architecture & design patterns for MS CRM Developers
Software architecture & design patterns for MS CRM Developers Software architecture & design patterns for MS CRM Developers
Software architecture & design patterns for MS CRM Developers sebedatalabs
 
Neeti resume 1
Neeti resume 1Neeti resume 1
Neeti resume 1Neeti pratap
 
Synergy Fact Sheets
Synergy Fact SheetsSynergy Fact Sheets
Synergy Fact Sheetsmaddiegilligan
 
14 guendert pres
14 guendert pres14 guendert pres
14 guendert presRodrigo Campos
 
Oip Detailed Presentation Customer Viewable Scope4mation Slide Share Vers...
Oip Detailed Presentation Customer Viewable Scope4mation Slide Share Vers...Oip Detailed Presentation Customer Viewable Scope4mation Slide Share Vers...
Oip Detailed Presentation Customer Viewable Scope4mation Slide Share Vers...joostale2
 
Oip Detailed Presentation Slideshare
Oip Detailed Presentation SlideshareOip Detailed Presentation Slideshare
Oip Detailed Presentation Slidesharehubertpol
 
Who will guard the guards
Who will guard the guardsWho will guard the guards
Who will guard the guardsNetwork Intelligence India
 
1588487811-chp-11-c-enterprise-application-integration.ppt
1588487811-chp-11-c-enterprise-application-integration.ppt1588487811-chp-11-c-enterprise-application-integration.ppt
1588487811-chp-11-c-enterprise-application-integration.pptKalsoomTahir2
 
--Enterprise-Application-Integration.ppt
--Enterprise-Application-Integration.ppt--Enterprise-Application-Integration.ppt
--Enterprise-Application-Integration.ppteddielyndacanay0
 
Oracle - Document Life - 6apr2012
Oracle - Document Life - 6apr2012Oracle - Document Life - 6apr2012
Oracle - Document Life - 6apr2012Agora Group
 
Initial Kautilya Brochure Doc
Initial Kautilya Brochure DocInitial Kautilya Brochure Doc
Initial Kautilya Brochure DocSaket Rai
 

More Related Content

What's hot

Integrated Services for Web Applications
Integrated Services for Web ApplicationsIntegrated Services for Web Applications
Integrated Services for Web ApplicationsSaltmarch Media
 
Managed Services Seminar Presentation
Managed Services Seminar PresentationManaged Services Seminar Presentation
Managed Services Seminar Presentationgerrymark
 
Informix NoSQL & Hybrid SQL detailed deep dive
Informix NoSQL & Hybrid SQL detailed deep diveInformix NoSQL & Hybrid SQL detailed deep dive
Informix NoSQL & Hybrid SQL detailed deep diveKeshav Murthy
 
Using IBM DataPower for rapid security and application integration with an op...
Using IBM DataPower for rapid security and application integration with an op...Using IBM DataPower for rapid security and application integration with an op...
Using IBM DataPower for rapid security and application integration with an op...Gennadiy Civil
 
Integrating oracle cloud and existing applications final sg
Integrating oracle cloud and existing applications final sgIntegrating oracle cloud and existing applications final sg
Integrating oracle cloud and existing applications final sgKen Ng
 
JD Edwards & Peoplesoft 3 _ Melita Skurray _ Integrating PeopleSoft HRMS.pdf
JD Edwards & Peoplesoft 3 _ Melita Skurray _ Integrating PeopleSoft HRMS.pdfJD Edwards & Peoplesoft 3 _ Melita Skurray _ Integrating PeopleSoft HRMS.pdf
JD Edwards & Peoplesoft 3 _ Melita Skurray _ Integrating PeopleSoft HRMS.pdfInSync2011
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ KiranKiran Kumar
 
Bp102 a ray of sunshine through the cloud -mwlug
Bp102 a ray of sunshine through the cloud -mwlugBp102 a ray of sunshine through the cloud -mwlug
Bp102 a ray of sunshine through the cloud -mwlugSharon James
 
Informix SQL & NoSQL -- for Chat with the labs on 4/22
Informix SQL & NoSQL -- for Chat with the labs on 4/22Informix SQL & NoSQL -- for Chat with the labs on 4/22
Informix SQL & NoSQL -- for Chat with the labs on 4/22Keshav Murthy
 
Software architecture & design patterns for MS CRM Developers
Software architecture & design patterns for MS CRM Developers Software architecture & design patterns for MS CRM Developers
Software architecture & design patterns for MS CRM Developers sebedatalabs
 
Oip Detailed Presentation Customer Viewable Scope4mation Slide Share Vers...
Oip Detailed Presentation Customer Viewable Scope4mation Slide Share Vers...Oip Detailed Presentation Customer Viewable Scope4mation Slide Share Vers...
Oip Detailed Presentation Customer Viewable Scope4mation Slide Share Vers...joostale2
 
Oip Detailed Presentation Slideshare
Oip Detailed Presentation SlideshareOip Detailed Presentation Slideshare
Oip Detailed Presentation Slidesharehubertpol
 

What's hot (17)

Integrated Services for Web Applications
Integrated Services for Web ApplicationsIntegrated Services for Web Applications
Integrated Services for Web Applications
 
Hayat resume 1
Hayat resume 1Hayat resume 1
Hayat resume 1
 
BI FirstBank
BI FirstBank BI FirstBank
BI FirstBank
 
Managed Services Seminar Presentation
Managed Services Seminar PresentationManaged Services Seminar Presentation
Managed Services Seminar Presentation
 
Informix NoSQL & Hybrid SQL detailed deep dive
Informix NoSQL & Hybrid SQL detailed deep diveInformix NoSQL & Hybrid SQL detailed deep dive
Informix NoSQL & Hybrid SQL detailed deep dive
 
Using IBM DataPower for rapid security and application integration with an op...
Using IBM DataPower for rapid security and application integration with an op...Using IBM DataPower for rapid security and application integration with an op...
Using IBM DataPower for rapid security and application integration with an op...
 
Integrating oracle cloud and existing applications final sg
Integrating oracle cloud and existing applications final sgIntegrating oracle cloud and existing applications final sg
Integrating oracle cloud and existing applications final sg
 
JD Edwards & Peoplesoft 3 _ Melita Skurray _ Integrating PeopleSoft HRMS.pdf
JD Edwards & Peoplesoft 3 _ Melita Skurray _ Integrating PeopleSoft HRMS.pdfJD Edwards & Peoplesoft 3 _ Melita Skurray _ Integrating PeopleSoft HRMS.pdf
JD Edwards & Peoplesoft 3 _ Melita Skurray _ Integrating PeopleSoft HRMS.pdf
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ Kiran
 
Bp102 a ray of sunshine through the cloud -mwlug
Bp102 a ray of sunshine through the cloud -mwlugBp102 a ray of sunshine through the cloud -mwlug
Bp102 a ray of sunshine through the cloud -mwlug
 
Informix SQL & NoSQL -- for Chat with the labs on 4/22
Informix SQL & NoSQL -- for Chat with the labs on 4/22Informix SQL & NoSQL -- for Chat with the labs on 4/22
Informix SQL & NoSQL -- for Chat with the labs on 4/22
 
Software architecture & design patterns for MS CRM Developers
Software architecture & design patterns for MS CRM Developers Software architecture & design patterns for MS CRM Developers
Software architecture & design patterns for MS CRM Developers
 
Neeti resume 1
Neeti resume 1Neeti resume 1
Neeti resume 1
 
Synergy Fact Sheets
Synergy Fact SheetsSynergy Fact Sheets
Synergy Fact Sheets
 
14 guendert pres
14 guendert pres14 guendert pres
14 guendert pres
 
Oip Detailed Presentation Customer Viewable Scope4mation Slide Share Vers...
Oip Detailed Presentation Customer Viewable Scope4mation Slide Share Vers...Oip Detailed Presentation Customer Viewable Scope4mation Slide Share Vers...
Oip Detailed Presentation Customer Viewable Scope4mation Slide Share Vers...
 
Oip Detailed Presentation Slideshare
Oip Detailed Presentation SlideshareOip Detailed Presentation Slideshare
Oip Detailed Presentation Slideshare
 

Similar to Sa202 Sn

1588487811-chp-11-c-enterprise-application-integration.ppt
1588487811-chp-11-c-enterprise-application-integration.ppt1588487811-chp-11-c-enterprise-application-integration.ppt
1588487811-chp-11-c-enterprise-application-integration.pptKalsoomTahir2
 
--Enterprise-Application-Integration.ppt
--Enterprise-Application-Integration.ppt--Enterprise-Application-Integration.ppt
--Enterprise-Application-Integration.ppteddielyndacanay0
 
Oracle - Document Life - 6apr2012
Oracle - Document Life - 6apr2012Oracle - Document Life - 6apr2012
Oracle - Document Life - 6apr2012Agora Group
 
Initial Kautilya Brochure Doc
Initial Kautilya Brochure DocInitial Kautilya Brochure Doc
Initial Kautilya Brochure DocSaket Rai
 
JDE & Peoplesoft 2 _ Sam Sampathnathan _ Best Practices for Managing Your JD ...
JDE & Peoplesoft 2 _ Sam Sampathnathan _ Best Practices for Managing Your JD ...JDE & Peoplesoft 2 _ Sam Sampathnathan _ Best Practices for Managing Your JD ...
JDE & Peoplesoft 2 _ Sam Sampathnathan _ Best Practices for Managing Your JD ...InSync2011
 
SharePoint Performance - Tales from the Field
SharePoint Performance - Tales from the FieldSharePoint Performance - Tales from the Field
SharePoint Performance - Tales from the FieldChris McNulty
 
Hitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Systems, Inc.
 
SharePoint SpeedMetal - Admin 101 SPSPhilly
SharePoint SpeedMetal - Admin 101 SPSPhillySharePoint SpeedMetal - Admin 101 SPSPhilly
SharePoint SpeedMetal - Admin 101 SPSPhillyChris McNulty
 
IT Discovery: Automated Global Assessment
IT Discovery: Automated Global AssessmentIT Discovery: Automated Global Assessment
IT Discovery: Automated Global AssessmentHaim Ben Zagmi
 
Toyota Financial Services Digital Transformation - Think 2019
Toyota Financial Services Digital Transformation - Think 2019Toyota Financial Services Digital Transformation - Think 2019
Toyota Financial Services Digital Transformation - Think 2019Slobodan Sipcic
 
The role of NoSQL in the Next Generation of Financial Informatics
The role of NoSQL in the Next Generation of Financial InformaticsThe role of NoSQL in the Next Generation of Financial Informatics
The role of NoSQL in the Next Generation of Financial InformaticsAerospike, Inc.
 
Service Oriented Architecture (SOA) [1/5] : Introduction to SOA
Service Oriented Architecture (SOA) [1/5] : Introduction to SOAService Oriented Architecture (SOA) [1/5] : Introduction to SOA
Service Oriented Architecture (SOA) [1/5] : Introduction to SOAIMC Institute
 
The Evolution of Customer License Management
The Evolution of Customer License ManagementThe Evolution of Customer License Management
The Evolution of Customer License ManagementFlexera
 
Ten tools for ten big data areas 01 informatica
Ten tools for ten big data areas 01 informatica Ten tools for ten big data areas 01 informatica
Ten tools for ten big data areas 01 informatica Will Du
 

Similar to Sa202 Sn (20)

Who will guard the guards
Who will guard the guardsWho will guard the guards
Who will guard the guards
 
1588487811-chp-11-c-enterprise-application-integration.ppt
1588487811-chp-11-c-enterprise-application-integration.ppt1588487811-chp-11-c-enterprise-application-integration.ppt
1588487811-chp-11-c-enterprise-application-integration.ppt
 
--Enterprise-Application-Integration.ppt
--Enterprise-Application-Integration.ppt--Enterprise-Application-Integration.ppt
--Enterprise-Application-Integration.ppt
 
Oracle - Document Life - 6apr2012
Oracle - Document Life - 6apr2012Oracle - Document Life - 6apr2012
Oracle - Document Life - 6apr2012
 
Initial Kautilya Brochure Doc
Initial Kautilya Brochure DocInitial Kautilya Brochure Doc
Initial Kautilya Brochure Doc
 
JDE & Peoplesoft 2 _ Sam Sampathnathan _ Best Practices for Managing Your JD ...
JDE & Peoplesoft 2 _ Sam Sampathnathan _ Best Practices for Managing Your JD ...JDE & Peoplesoft 2 _ Sam Sampathnathan _ Best Practices for Managing Your JD ...
JDE & Peoplesoft 2 _ Sam Sampathnathan _ Best Practices for Managing Your JD ...
 
Enterprise Enabler- Presentation
Enterprise Enabler- PresentationEnterprise Enabler- Presentation
Enterprise Enabler- Presentation
 
SharePoint Performance - Tales from the Field
SharePoint Performance - Tales from the FieldSharePoint Performance - Tales from the Field
SharePoint Performance - Tales from the Field
 
DEEPAK SHARMA
DEEPAK SHARMADEEPAK SHARMA
DEEPAK SHARMA
 
Oracle Fusion Application
Oracle Fusion ApplicationOracle Fusion Application
Oracle Fusion Application
 
Human Resources & IT: A Marriage Made in Heaven?
Human Resources & IT: A Marriage Made in Heaven?Human Resources & IT: A Marriage Made in Heaven?
Human Resources & IT: A Marriage Made in Heaven?
 
Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threats
 
Hitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX Compliance
 
SharePoint SpeedMetal - Admin 101 SPSPhilly
SharePoint SpeedMetal - Admin 101 SPSPhillySharePoint SpeedMetal - Admin 101 SPSPhilly
SharePoint SpeedMetal - Admin 101 SPSPhilly
 
IT Discovery: Automated Global Assessment
IT Discovery: Automated Global AssessmentIT Discovery: Automated Global Assessment
IT Discovery: Automated Global Assessment
 
Toyota Financial Services Digital Transformation - Think 2019
Toyota Financial Services Digital Transformation - Think 2019Toyota Financial Services Digital Transformation - Think 2019
Toyota Financial Services Digital Transformation - Think 2019
 
The role of NoSQL in the Next Generation of Financial Informatics
The role of NoSQL in the Next Generation of Financial InformaticsThe role of NoSQL in the Next Generation of Financial Informatics
The role of NoSQL in the Next Generation of Financial Informatics
 
Service Oriented Architecture (SOA) [1/5] : Introduction to SOA
Service Oriented Architecture (SOA) [1/5] : Introduction to SOAService Oriented Architecture (SOA) [1/5] : Introduction to SOA
Service Oriented Architecture (SOA) [1/5] : Introduction to SOA
 
The Evolution of Customer License Management
The Evolution of Customer License ManagementThe Evolution of Customer License Management
The Evolution of Customer License Management
 
Ten tools for ten big data areas 01 informatica
Ten tools for ten big data areas 01 informatica Ten tools for ten big data areas 01 informatica
Ten tools for ten big data areas 01 informatica
 

Sa202 Sn

  • 1. Meeting the Provisioning Needs of Both IT and Business Users at Vanguard Security Management SA202SN
  • 2. Abstract > Vanguard, one of the world's largest investment management companies, needs to provision timely access to all of their employees. However, like many organizations, their IT and business users have distinct provisioning needs. This access must be granted quickly to enable the business, but audited and removed as soon as possible to , p protect customers' confidential data. Senior Manager at Vanguard, Phil Taddeo, will share their experiences for implementing CA Identity Manager. Robyn Fisher, officer of Business Access Management, will share an executive perspective on identity management, including the success metrics that help gain corporate support. 2 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 3. Biography > Philip Taddeo Sr. Manager, Business Access Management, Security and Contingency Services, Planning and Development Division. ! 16 Year Vanguard veteran holding various leadership positions in multiple business lines. ! Responsible for supporting the provisioning needs of Vanguard internal users and the systems which provision them. ! Supported Vanguard’s various role based access control solutions for the past 8 years. ! Involved in deploying and supporting CA Identity Manager at Vanguard from 2004 to current. > Robyn Fisher Principal, Business Access Management, Security and Contingency Services, Planning and Development Division. ! 20+ year background in IT operations management. ! Responsible for all business access to data at Vanguard. 3 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 4. Agenda > Company Overview > Differentiation of Business vs. IT Users > Provisioning Challenges > M Managing your IT U i Users > Value of Metrics in this process > Questions 4 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 5. Vanguard Company Overview > Founded in 1975 and headquartered in Valley Forge, PA. > Vanguard’s mission is to is to help clients reach their financial goals by being the world's highest-value provider of investment products and services. > World’s largest pure no load mutual fund company and World s no-load the second largest fund firm in the U.S. > Offer a wide array of financial products to individuals, institutions and financial advisors. > As of 12/31/2007 we managed approximately 1.3 trillion dollars in U.S. Mutual Funds. > Approximately 12,000 U.S. based crewmembers. 5 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 6. Technical Deployment Overview > Utilize CA Identity Manager to provision access > All crew have access to CA Identity Manager self-service front end > We role and rule base all platform entitlements for our crew. We manage fine grain entitlements for: – ACF2 – AD – CA Access – DB2 – Sybase Control – Unix / Linux – Oracle – Siebel – Kerberos – MS SQL – Lotus Notes – AS400 – UPO > CA Identity Manager manages over 350,000 accounts 6 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 7. Technical Deployment Overview > Platforms (endpoints) Endpoint managed in strong Active Directory synchronization DB2 > System of Record Kerberos ! PeopleSoft HR MS-SQL ! Nightly feed of any OS400 changes to Oracle demographics Sybase ! Configurable fields UNIX/LINUX that warrant access ACF2 changes – Department – Job Code 7 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 8. Business User Characteristics > What are common characteristics of business users? ! Limited number of accounts, usually 4-7 accounts ! Static level of access based on business need ! Generally access data and resources through applications ! Do not have direct access to enterprise data stores ! For compliance reasons systems they use usually have segregation of duties and controls coded within the application 8 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 9. Example Business User Common Business User (Customer Service) • Fully automated rule driven role based access based on HR feed • 4 accounts created Recordkeeping / Trading LAN Account E-Mail CRM System System Account • Domain user access • Customer service role • Customer service role • Company intranet access • Access company • Lookup account • Shared drive access profile • Process trade • Look at company • Modify account options contacts 9 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 10. Example IT User • Some access automated Common IT Support • Ad-hoc requested access User • Also has standard LAN and e-mail access • Little application level access • Has significant number Data Center1 Data Center 2 of accounts across many Requires Server-1 Server-2 platforms Server Server-3 Server-4 Access Requires Hardware R R R R Access Database Database Database 1 2 3 Database Requires 4 Database Access 10 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 11. IT User Characteristics > What are common characteristics of IT users? ! Large number of accounts ranging from 100 to over a 1000 ! Dynamic need to access highly sensitive data and functions ! Need access to production and development resources ! Have little application level access ! Require direct access to enterprise data stores ! Require access quickly to support critical system outages 11 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 12. Pre-Implementation Environment > What security looked like prior to our CA Identity Manager implementation 1. Managers rarely knew what roles to request for new employees. 2. Turnover could result in loss of knowledge of security requirements. it i t 3. Security was sometimes requested after an employee started within a department. 4. Since inappropriate roles might have been assigned, maintenance was frequent and roles were redundant. 5. Security related help desk calls for user access were many. 12 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 13. Audit and Control Considerations > Common control themes for logical access to systems and data 1. Requests for new or modified access must be documented and authorized by management prior to production activation. 2. Logical access is removed in a timely fashion, upon HR notification and/or system availability events. 3. Appropriateness of users with access to sensitive data. 4. Appropriateness of users with access to perform system administrative functions. 13 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 14. Business Operations Considerations > Common themes of IT user security provisioning 1. Administration of access must be timely especially during system troubleshooting events. 2. Access to production resources, data and systems, must be restricted and tightly controlled. g y 3. “Don’t grant anything unless I authorize it”. 4. Sometimes people outside of production support may require production access, but not full time. 5. I know we are technical but… I really don’t understand security. 14 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 15. Project Goals > Provide the IT users with a self-provisioning system using intuitive naming conventions. > Establish easy to understand access guidelines. > Certify user access to the platform level. > C Create reusable roles f all types of user access bl l for ll f to reduce security maintenance activities. > Apply rules in order to provision access automatically whenever possible. > Reduce overall access of IT personnel to production data and systems without impacting operations. 15 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 16. Project Timeline Phase I Phase II Phase III 2006 2007-2008 2009- X " Install CA Identity " Communications to " Extend CA Identity Manager to enhance Business Manager to additional current capabilities " Rollout users into new systems and connectors " Role Design in roles (implementation administered manually cooperation with of role design) business 16 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 17. The Solution People Process Technology In order to achieve the desired reduction in Audit findings/observations and increase efficiency and client satisfaction, three key areas needed to be addressed. Focus on one area, without the other two will not result in the desired outcomes. 17 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 18. People - Communications Training All levels of management will actively participate in security awareness and “ I know what to do and will change perform the necessary steps to my behavior” Behavior “Secure the Organization”. All levels of management be committed “ I am committed to to “Secure the Organization”. participating” Commitment Two-way communication All levels of management must understand the on-boarding, transfer and off-boarding “ I understand the Understanding processes and the security message” implications of each process. All levels of management must be aware of their open “ I hear the Audit observations. In message” Awareness addition, they need to One-way know the applications communication and level of access used by their crew. 18 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 19. People – Engagement of Key Personnel > Engaged employees from all levels of the IT organization to develop role content and access guidelines. ! Production Access Steering Committee – officers and senior managers from IT and Internal Audit. ! Production Access Core Team – managers, auditors and support level personnel. ! Departmental Change Agents – management and non- management subject matter experts. > Work from the above teams reported to the IT Risk Council. > Overall program progress reported to senior executive levels throughout the organization. 19 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 20. Process - Establish Simple Guidelines Goal: IT crewmembers have the proper access to perform their job functions while reasonably limiting access to the production environment. Require prod access averaging at least 3 out of 5 days every A week to perform their primary duties Read access unless associated to an Administrative Privilege B such as Root access on Unix Application level access for IT Personnel must adhere to C Guideline A Note: Exceptions will require both sub-division senior management & IT Security Office approval. 20 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 21. Blending Process with Technology • All roles below use the same children role and policies underneath the parent role. • Each parent role has a different scoping and approval chain. Access Type Reason to Have How Quick is Duration of Who Who Access Access Authorizes Administers Granted Use Access Permanent You meet the IT NA – users 24 x7 IT Divisional Self service Full Time production access who have this Designee Access guidelines access carry it full time On-Demand You do not have <15 minutes 24 hours IT Divisional Production CRISIS full time access Designee Support Access and need to Managers support a system issue On-Demand You need to Within 24 24 hours Requestors Self service Temporary perform a non- hours of manager and Production critical function submission IT Divisional Access that the production Designee support group cannot do for you. (i.e. research) 21 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 22. Blending Process with Technology: On-Demand Crisis Access 22 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 23. Blending Process with Technology: On-Demand Temporary Access 23 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 24. Process: New Role Methodologies • Role content was defined by the IT business areas • Role diagrams were turned over Sr. Developer Role Diagram the IT business areas • Management knows what will Department 1124 automatically happen and what they need to request Retail IT Senior Dept = 1124 and job code = 1741 Developer (developer) Vanguard.com Vanguard.com Vanguard.com DB2 Auth ACF2 Unix Retail IT Share Performance Developement Developement Group Deveolpment Development Drives region Region 1 Region 2 Performance 1 Access Mid-Tier C risisR R ETA IL U N IX VTS H A R D Vanguard.com Production TOKEN Production M id-Tier Support 24 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 25. Technology: Identity Manager End Product This task is available to all IT crew to request full time and temporary access through a standard self- service workflow lf i kfl Role descriptions are easily understandable 25 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 26. Technology: Identity Manager End Product This task is available only to production support managers within a particular ithi ti l sub-division. This task is scoped so that the production support managers can only administer their sub divisions crisis access roles. 26 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 27. Technology: End Product – UPO Initiated Workflow Form Crisis and temporary roles will both initiate UPO initiated workflow forms. 27 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 28. End Results > IT crew have a majority of their access Day 1 when starting their job without their managers needing to request it. > IT managers understand the access their crew have. > All access is approved by managers and the respective pp y g p data stewards prior to assignment. > IT can evidence authorizations to various auditors. > Access is removed from users in a timely fashion. > Full time access to production data and systems can be dramatically reduced, yet be available in a timely fashion for production support event and development projects. 28 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 29. Considerations > If CA Identity Manager is unavailable for IT Divisional Administrators and Availability Managers. You need to have a solid plan B. > High availability design of your CA Identity Manager infrastructure is a must. > CA Identity Manager must sustain its performance as you increase the number of crew, roles, and end points. Build your solution with scalability in mind. 29 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 30. Helpful Hints for Planning > Set realistic expectations of deliverables for senior management. > Communicate, train, and communicate again. > Aggressive timeframes often are good on paper but unrealistic – plan than add 33% to y p your timelines. > Define users access to least privilege. Less is easier to maintain and better for audit controls. > Managing all platforms is very difficult and time consuming – decide carefully before automating. > Heavy customization is time consuming, costly and difficult to maintain – offset it by process change. 30 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 32. Dashboards Drive Change > Dashboards/metrics are a standard communication tool used by Vanguard management in accordance with our 6 Sigma philosophy. > Metrics focus on tracking IT's access to production data. > Compliance support requires reports to facilitate recertification processes that validate only authorized crew have production access. > Our metrics lend themselves to a friendly atmosphere of competitiveness across peer organizations. 32 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 33. Divisional Level Reports IT Division Production Access 45% 39% 40% 37% 35% 30% Users % of IT U 25% 20% 15% 10% 5% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% Jul-08 Aug-08 Sep-08 Oct-08 Nov-08 Dec-08 Jan-09 Feb-09 Mar-09 Apr-09 May-09 Jun-09 Jul-2008 Aug-2008 Sep-2008 Oct-2008 Nov-2008 Dec-2008 Jan-2009 Feb-2009 Mar-2009 Apr-2009 May-2009 Jun-2009 %of Prod Access 37% 39% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 33 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 34. Departmental Examples % Full Time Production Access By Department August 2008 120% 100% 100% 100% 96% 96% 90% 83% 81% 79% 80% 60% 48% 37% 40% 29% 20% 20% 1% 0% Dept A Dept B Dept C Dept D Dept E Dept F Dept G Dept H Dept I Dept J Dept K Dept L Dept M %of Prod Access 48% 96% 100% 81% 1% 79% 96% 100% 29% 37% 90% 83% 20% IT Avg 39% 39% 39% 39% 39% 39% 39% 39% 39% 39% 39% 39% 39% 34 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 35. Departmental Detail Examples 35 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 36. Q&A
  • 37. Related Sessions SESSION # TITLE Date / Time SA103SN CA Identity Manager Product Update 11/18/2008 and Roadmap Discussion at 2:45 p.m. SA711SN How to Deploy Identity Management 11/19/2008 on a Fi d B d t Fixed Budget at 8 30 a.m. t 8:30 SG112SN Balancing Timely Provisioning with 11/19/2008 Security Requirements in a Changing at 2:45 p.m. Environment 37 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.
  • 38. Please Complete a Session Evaluation Form > The number for this session is SA202SN > After completing your session evaluation form, place it in the basket at the back of the room ! Please left-justify the session number 38 November 16-20, 2008 Copyright © 2008 CA. All rights reserved.