Weitere ähnliche Inhalte
Ähnlich wie NetIQ sessie Boudewijn van Lith
Ähnlich wie NetIQ sessie Boudewijn van Lith (20)
Kürzlich hochgeladen (20)
NetIQ sessie Boudewijn van Lith
- 1. Identity & Access Governance
Mitigate Risk, Ensure Compliance, Empower User Access
- 2. Agenda
• Identity and Access Governance
‒ Industry trends
• Identity Manager
‒ Markt, ontwikkelingen en opportunities
• Access Governance
‒ Architecture
‒ Product Overview
‒ Technical Details
2 © 2011 NetIQ Corporation. All rights reserved.
- 3. Identity Management
Automatiseren
CIO, CSO, Compliance Mgr, Auditor Voorbeeld
Identity Lifecycle Management
LoB Manager •Koppelen bron-systemen o.a. SAP HR
•Opzetten Identiteiten register – central
view
•Provisioning naar basis systemen
Automation
Direct Management
• Identity Management
• User Provisioning
• Access Management
• Single Sign On
Systemen waar veel gebruikers in bestaan
3 © 2011 NetIQ Corporation. All rights reserved.
- 4. Access Governance
Toezichthouders
CSO, Compliance Mgr, Auditor
LoB Manager Beheren en valideren
van autorisaties
Periodieke controle
• Inlezen en analyse van toegang (risico)
• Rapportages
• Valideren van autorisaties (certificering)
• Verbeter akties inititeren
Meest risicovolle applicaties en systemen
4 © 2011 NetIQ Corporation. All rights reserved.
- 5. Future State
User Provisioning and Access Governance markets are converging
User Provisioning (IDM 4)
Demanding
business-centric
user interfaces
Next Generation Identity and Access
Governance “Business Interface – Trusted
Fulfillment”
Demanding
better
Provisioning
Access Governance (AGS)
5 © 2011 NetIQ Corporation. All rights reserved.
- 6. Real-time inzicht in gebruik
Monitoring
CSO, Compliance Mgr, Auditor
LoB Manager
Monitoring
Real-time Activity Detection
• Security Event Management
• Log Management
• Access Monitoring
Applications, Databases, Infrastructure
6 © 2011 NetIQ Corporation. All rights reserved.
- 9. Identity Manager
HR administratie Overige administratie
Bron systemen
SAP HR Handmatig directe invoer
of systeem
Gebruikers GUI
IdM Integration Modules zelf service, zelf
registratie etc.
Centraal ID User Application
Identity Manager
register
Identiteiten, regels, Gedelegeerd beheer
rollen, beleid etc. gegevens distributie
Id services: zelf Basis rapportage en
service, workflow etc monitoring Rapportages
IdM Integration Modules
Informatie systemen
Windows Exchange FIle system Microsoft Eigen Fysieke Overige
netwerk Mail Home SQL applicaties beveiliging
Active Directory Directories
9 © 2011 NetIQ Corporation. All rights reserved.
- 10. Klanten
Province Noord-Brabant
Red Spider
ROC
10 © 2011 NetIQ Corporation. All rights reserved.
- 12. IdM 4 IdM 4
Standard A.E.
12 © 2011 NetIQ Corporation. All rights reserved.
- 13. IdM 4 IdM 4
Standard Adv
13 © 2011 NetIQ Corporation. All rights reserved.
- 14. Nieuwste versie IdM
• Identity Manager 4.02 – juli / aug
‒ Minor upgrade / refresh components
‒ Ondersteuning voor RedHat Enterprise Server
‒ Updates on reports, performance, drivers, AD passwords
policy, digital signatures.... etc
14 © 2011 NetIQ Corporation. All rights reserved.
- 15. Upsell
• IdM 4 Advanced Edition
‒ roles based provisioning
‒ Reporting etc
• Access Manager 3.2 (mei)
• Sentinel LogManager
• Identity tracking for Idm ( * NIEUW *)
• Access Governance
Toegang partners
Cloud Toezichthouders
eol risico inzicht
sharepoint
BYOD Toegang klanten
15 © 2011 NetIQ Corporation. All rights reserved.
- 18. Agenda
• Identity and Access Governance
‒ The what and why
‒ Key Functions
‒ Convergence
• Access Governance Suite 6
‒ Architecture
‒ Product Overview
‒ Technical Details
18 © 2011 NetIQ Corporation. All rights reserved.
- 19. Why Does the Business Care?
Regulations Agility Business Continuity
Confidentiality
Insider
Audits Protect I.P.
Threats Governance
User Demands
Identity Compliance
Theft Risk
Management
Data protection
19 © 2011 NetIQ Corporation. All rights reserved.
- 20. What does the Business want?
• Business intelligence and user experience
• Business process management
• Business policy enforcement and risk management
Access Access Role Risk
Request Certification Management Modeling
Business
Enablement Lifecycle Policy BPM/ Audit &
Event Mgmt Definition Workflow Reporting
Flexible Automated
Help Desk Manual
Fulfillment Provisioning
20 © 2011 NetIQ Corporation. All rights reserved.
- 22. Effective Governance of Access
Key Functions
Discover Certify Model
Discovery and collection of • Enterprise-wide collection and
user access data organization of millions of IT
entitlements and role
memberships
• Translation of IT terminology
into business-relevant terms
●
For example:
RACF 54-RS93
is translated to
Pay Invoice
22 © 2011 NetIQ Corporation. All rights reserved.
- 23. Effective Governance of Access
Key Functions
Discover Certify Model
• Business reviewers review and
Discovery and collection of certify access of users they are
user access data responsible for
• Automated notifications
Application of policy
analytics for decision • Business-relevant presentation
support
• Enforce fulfillment policy
Regular review and • All actions are logged for audit
certification of user access purposes
23 © 2011 NetIQ Corporation. All rights reserved.
- 24. Effective Governance of Access
Key Functions
Discover Certify Model
Discovery and collection of • Approved change requests
user access data are automatically fed to IT
systems to make the
changes, including
Application of policy
analytics for decision ●
User Provisioning
support
●
Helpdesk/ Service
Request Mgmt
Regular review and
certification of user access • All change actions are
logged for audit purposes
Orchestration of automated
controls for remediation
24 © 2011 NetIQ Corporation. All rights reserved.
- 25. Effective Governance of Access
Requires a Dynamic, Ongoing
Process
Regular Review
and Certification
Analytics for of User Access
Decision Support
Change
Management for
User Access
Discovery and
Collection of User
Access Information
Orchestration of
Controls to Remediate
Role Design and Inappropriate Access
Maintenance
25 © 2011 NetIQ Corporation. All rights reserved.
- 27. Current State
IT and Business focused solutions led to two market
segments within Identity Management
Driven by IT
User Provisioning
Driven by the
Access Governance Business
27 © 2011 NetIQ Corporation. All rights reserved.
- 28. Future State
User Provisioning and Access Governance markets are converging
User Provisioning (IDM 4)
Demanding
business-centric
user interfaces
Next Generation Identity and Access
Governance “Business Interface – Trusted
Fulfillment”
Demanding
better
Provisioning
Access Governance (AGS)
28 © 2011 NetIQ Corporation. All rights reserved.
- 29. Questions
29 © 2011 NetIQ Corporation. All rights reserved.
- 30. Worldwide Headquarters +1 713.548.1700 (Worldwide)
1233 West Loop South 888.323.6768 (Toll-free)
Suite 810 info@netiq.com http://community.netiq.com
Houston, TX 77027 USA NetIQ.com
30 © 2011 NetIQ Corporation. All rights reserved.
- 32. This document could include technical inaccuracies or typographical errors. Changes are
periodically made to the information herein. These changes may be incorporated in new
editions of this document. NetIQ Corporation may make improvements in or changes to the
software described in this document at any time.
Copyright © 2011 NetIQ Corporation. All rights reserved.
ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the
cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration
Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy
Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit,
PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite,
Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ
Corporation or its subsidiaries in the United States.