Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Pre-­Con  Ed:  Privileged  Identity  Governance:  
Are  You  Certifying  Privileged  User  Access?
Robert  Marti
SCX207E
S...
2 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
©  2017  CA.  All  rights  reserved.  All  trademarks...
3 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Abstract
Many  organizations  have  a  solution  to  ...
4 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Agenda
BUSINESS  CHALLENGES
INTRODUCING  PRIVILEGED  ...
5 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Privileged  Identity  and  Access  Are  
Most  Freque...
6 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
BIGGEST  CYBER  ATTACKS  
EXPLOIT  PRIVILEGED  ACCESS...
7 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Excessive  Access  Causes
Embarrassing  Fraud  Cases
...
8 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
77%
The  Reason  This  is  Happening:
Pattern  is  Re...
9 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
•HITECH
•GDPR
•FATCA
•FATCA
•PSD2
•HSPD
•HIPAA
•POPI
...
10 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
So  It  Is  Not  Just  a  Technology  Problem
It  Is...
11 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Challenges  to  the  Business
Issues  With  Legacy  ...
12 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Our  Privileged  Identity  Management  Solution
Leve...
‹#› #CAWORLD #NOBARRIERS COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED
Introducing  
CA  
Privileged  
Access  
Manager
§...
14 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Why  Is  Privileged  Access  Governance  
Needed?
Th...
‹#› #CAWORLD #NOBARRIERS COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED
Introducing  
CA  
Identity
Suite
§ Self-­service...
16 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
CA  Identity  Suite
Integration  With  CA  Privilege...
17 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
CA  Identity  Suite  &  CA  PAM  Integration  
Reque...
18 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
CA  Identity  Suite  &  CA  PAM  Integration
Request...
19 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
CA  Identity  Suite  &  CA  PAM  Integration
Evaluat...
20 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
CA  Identity  Suite  &  CA  PAM  Integration
Request...
21 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
CA  Identity  Suite  &  CA  PAM  Integration
Certify...
22 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
CA  Identity  Suite  and  CA  PAM  Integration
Revie...
23 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
OFFBOARDINGONBOARDING
PROVISIONING
SELF-­SERVICE
ACC...
24 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Case  Study
25 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
The  Business  Challenge:
Source  Code  Governance  ...
26 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
The  Solution:
CA  Identity  Governance
• All  acces...
27 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
The  Results:
Significant  Time  &  Cost  Savings
75...
28 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Recommended  Sessions
SESSION  # TITLE DATE/TIME
ABC...
29 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
The  Results:
A Closer  Look  at  the  Savings
0.00
...
30 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Must  See  Demos
Security  
Starts  
With  
Identity...
31 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Questions?
32 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Stay  connected  at  communities.ca.com
Thank  you.
33 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS
Security
For  more  information  on  Security,
pleas...
Nächste SlideShare
Wird geladen in …5
×

Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged User Access?

646 Aufrufe

Veröffentlicht am

Many organizations have a solution to control the actions of privileged users. But that’s not enough for a complete privileged user management solution—you must also govern access to make sure that only the correct users have elevated privileges, and that they have only the privileges that they need. In this session, you will get an in-depth understanding of how you can reduce your risk through this capability unique to CA.

For more information on Security, please visit: http://cainc.to/CAW17-­Security

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged User Access?

  1. 1. Pre-­Con  Ed:  Privileged  Identity  Governance:   Are  You  Certifying  Privileged  User  Access? Robert  Marti SCX207E SECURITY Product  Marketing CA  Technologies
  2. 2. 2 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS ©  2017  CA.  All  rights  reserved.  All  trademarks  referenced  herein  belong  to  their  respective  companies. The  content  provided  in  this CA  World  2017  presentation  is  intended  for  informational  purposes  only  and  does  not  form  any  type   of  warranty. The information  provided  by  a  CA  partner  and/or  CA  customer  has  not  been  reviewed  for  accuracy  by  CA.   For  Informational  Purposes  Only   Terms  of  This  Presentation
  3. 3. 3 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Abstract Many  organizations  have  a  solution  to  control  the  access  and  actions  of  privileged   users.  But  that’s  not  enough  for  a  complete  privileged  user  management  solution—you   must  also  govern  access  to  make  sure  that  only  the  correct  users  have  elevated   privileges,  and  that  they  have  only  the  privileges  that  they  need.  In  this  session,  you   will  get  an  in-­depth  understanding  of  how  you  can  reduce  your  risk  through  this   capability  unique  to  CA.   Robert  Marti CA  Technologies Product  Marketing,   Manager
  4. 4. 4 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Agenda BUSINESS  CHALLENGES INTRODUCING  PRIVILEGED  IDENTITY  GOVERNANCE SOLUTION  OVERVIEW USE  CASES SUCCESS  STORY 1 2 3 4 5
  5. 5. 5 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Privileged  Identity  and  Access  Are   Most  Frequently  Exploited  Attack  Vectors 71% of  users  say  they   have  access  to  data   they  shouldn’t.     80% of  IT  Professionals  say   their  company  does  not   enforce  least  privilege. 80% of  all  breaches  utilize   lost,  stolen,  or  weak   credentials. 60% of  all  malware  uses   privilege  escalation   or  stolen  credentials.    
  6. 6. 6 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS BIGGEST  CYBER  ATTACKS   EXPLOIT  PRIVILEGED  ACCESS Creating  An  Expanding  Radius  of  Data  Loss DROPBOX 68M Records   LINKEDIN 167M Records   YAHOO 500M Records   EQUIFAX 150M Records   TUMBLR 65M Records  
  7. 7. 7 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Excessive  Access  Causes Embarrassing  Fraud  Cases Loses  40G  of  source   code  for  core  products Adobe Discloses  personal  data   for  25M  customers AT&T  Call  Center Rogue  trader  aggregates   privileges  for  a  $7.8B  loss Société Général Excessive  Access CORRUPTS PRIVILEGED  Access CORRUPTS  ABSOLUTELY
  8. 8. 8 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS 77% The  Reason  This  is  Happening: Pattern  is  Repeatable 77%  attacks   Internal  Credentials   30% 28% Executives  & Administrators End-­users  with Excessive  privileges GAIN   ACCESS/EXPAND ELEVATE PRIVILEGE STEAL DATA   THE  KILL  CHAIN Identity  is  the  most   frequently  exploited   attack  vector
  9. 9. 9 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS •HITECH •GDPR •FATCA •FATCA •PSD2 •HSPD •HIPAA •POPI •201  CMR  17 •OAIC •CalOPPA •AADHAR •PCI  DSS •FFIEC Where  Companies  Have  Not  Self-­Regulated Others  Have  Imposed  Requirements THE  GLOBAL WEB  OF  PRIVACY   COMPLIANCE
  10. 10. 10 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS So  It  Is  Not  Just  a  Technology  Problem It  Is  a  Privileged  Governance  Problem Privileged  Access  Request Streamline  the  request,  audit  and   fulfillment  of  privileged  users. Certify  Privileged   Access Provide  audit  reporting  and   manager  attestation  of  user   access  to  privileged  accounts. De-­provision  Privileged   Access When  users  separate  from  the   company,  remove  or  disable  the   associated  privileged  accounts.     Remediate  Excessive  Access Take  workflow  driven  action  to   remove  excessive  access.
  11. 11. 11 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Challenges  to  the  Business Issues  With  Legacy  IAM  Solutions 64% of  enterprises   have no  IAM   monitoring  tools   AS  A  RESULT: LEGACY  IAM SOLUTIONS: Focused  on   protecting   on-­premise applications 72% of  enterprises   do  not  do   access  review  or   certification Were  highly   customizable and  required   specialists 62% of  enterprises   have no  access   request  process   in  place Had  significant   costs  to  deploy,   configure,  and   maintain
  12. 12. 12 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Our  Privileged  Identity  Management  Solution Leverages  a  Defense  in  Depth  Approach INTEGRATED OVERLAPPING CONTROLS  TO REDUCE  RISK Privileged Identity  Management   Reducing  audit  risk  and   achieving  least  privilege   Advanced   Authentication     Preventing  account   takeover  with  multifactor   credentials Threat  Analytics for  PAM Monitoring  privileged   activities  for  abnormal   usage/behaviors PAM  Server  Control     Locking  down  file   systems  and  server   resources   Privileged  Access   Manager Securing  privileged   access  and  preventing   lateral  motion    
  13. 13. ‹#› #CAWORLD #NOBARRIERS COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED Introducing   CA   Privileged   Access   Manager § Role-­based  and  fine-­grained  access  control   over  privileged  accounts § Privileged  user  credential  protection § Monitor,  audit  and  record  privileged  sessions § Multifactor  authentication,  single  sign-­on,  and   federation  support § Support  security  and  privacy  regulations   #CAWORLD #NOBARRIERS COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED Lower  Total  Cost of  Ownership Faster  Time   to  Value Hybrid  Environment Support Performance  at Scale
  14. 14. 14 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Why  Is  Privileged  Access  Governance   Needed? The  Situation  Today § Privileged  Access  Management  (PAM)  is  mostly  a  standalone solution  that  implements  critical  security  and  compliance  controls   managing  and  monitoring  use  of  sensitive  access. § In  most  cases,  it  is  separated from  the  corporate  Identity  Management.   The  Outcome § Lack  of  overall  visibility  to  “who  has  access  to  what.” § Missing  approval  and  auditing  information  for  “why  access  was  granted.” § Inability  to  enforce  consistent  identity  policies  such  as  Segregation  Of  Duties. § No  risk  analysis  for  overall  user  access. § Fragmented  compliance  with  regulatory  requirements  (examples:  ISO27002  sections   8.1.2  “ownership  of  assets”  and  9.2.5  “review  of  access  rights”).
  15. 15. ‹#› #CAWORLD #NOBARRIERS COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED Introducing   CA   Identity Suite § Self-­service  identity  portal § Business-­friendly  entitlements  catalog § Proactive  analytics § Deployment  Xpress § Audit  and  compliance  streamlining   Privileged  Identity Compliance Privileged  Identity Lifecycle  Management Improved  Privileged Access  Security COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED
  16. 16. 16 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS CA  Identity  Suite Integration  With  CA  Privileged  Access  Manager How  it  integrates § Provides  “out-­of-­the-­box”  connector  for  CA   PAM What  is  does § Manages  PAM  Accounts  and  their  assignments   to  Roles,  Groups,  &  Devices  (provisioning  and   de-­provisioning) § Supports  for  local  and  LDAP/AD  accounts § Supports  for  granular  assignment  including   start/end  dates,  scoping  and  policies  
  17. 17. 17 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS CA  Identity  Suite  &  CA  PAM  Integration   Requesting  Privileged  Access What  it  does § Easy-­to-­use  “shopping  cart”  experience  for   requesting  PAM  permissions § Workflow  approvals  for  submitted  requests § Risk  analysis  of  a  combined  privileged  and   non-­privileged  access § Segregation  of  duties  compliance  check § Automated  provisioning  fulfillment  
  18. 18. 18 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS CA  Identity  Suite  &  CA  PAM  Integration Requesting  Access  to  Privileged  Account
  19. 19. 19 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS CA  Identity  Suite  &  CA  PAM  Integration Evaluating  Risk  Associated  With  Requested  Account
  20. 20. 20 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS CA  Identity  Suite  &  CA  PAM  Integration Requesting  Access  to  Privileged  Account
  21. 21. 21 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS CA  Identity  Suite  &  CA  PAM  Integration Certifying  Privileged  Access CA  PAM  Account   certification Update  HR   reports Mitigate   access  risk What  It  Does § Automated  collection  of  access  permissions   via  CA  Identity  Suite  connector § Provides  “out-­of-­the-­box”  user  and  access   certification  processes  for  CA  PAM § Easily  identifies  users  with  excessive  access § Enriches  experience  with  last  login  and   usage  logs § Automated  removal  of  access  permissions   that  are  rejected  by  approvers
  22. 22. 22 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS CA  Identity  Suite  and  CA  PAM  Integration Reviewing  and  Certifying  Privileged  Access
  23. 23. 23 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS OFFBOARDINGONBOARDING PROVISIONING SELF-­SERVICE ACCESS  REQUESTS RISK  ANALYSIS DEPROVISIONING Privileged  Identity  Governance Summary  of  Capabilities CERTIFICATION FULL PRIVILEGED IDENTITY LIFECYCLE MANAGEMENT
  24. 24. 24 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Case  Study
  25. 25. 25 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS The  Business  Challenge: Source  Code  Governance  at  CA  Technologies 3,000  engineers are  using   over  12  major  source  code   management  tools. Access  audits were  a  drain   on  people  and  money. Compliance  audits took   more  than 20,000  employee   hours. OUR  GOAL: Govern  access  to   source  code  and   improve  productivity   and  the  overall  user   experience OUR  CHALLENGE: Manual  process  that   was  extremely  costly
  26. 26. 26 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS The  Solution: CA  Identity  Governance • All  access  reviews  are  now   performed  via  automation. • Incorrect  access  is  quickly remediated.   • IP  controls  are  much  easier to   execute,  and… • Frequent  Engineering  personnel   changes  can  be  handled  quickly while  still  enforcing  strong  security   over  the  source  code. CA  Identity   GovernanceEngineers (>3,000) Manager Certifies Access Auditor Validates Certification Source  Code Repositories (>5,000) Requests access Access granted CA  Identity  Governance  validates  access  rights  to  nearly  5,000   source  code  repositories  across  all  source  management  tools.
  27. 27. 27 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS The  Results: Significant  Time  &  Cost  Savings 75% 75%  reduction in  audit  time  via   automated  data   collection  for   compliance  audits 90% 90%  drop in  administrative   overhead Engineers  love the  new   world-­class  source  code   management  ecosystem Orphan  source  code  access quickly  identified  and  removed Saved  thousands  of  hours of  employee  time  thanks   to  automated  certification
  28. 28. 28 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Recommended  Sessions SESSION  # TITLE DATE/TIME ABC123DE   Magna  consectet at  lor ipustie modolore 11/16/2016  at  10:00  am FGH456IJ Magna  consectet at  lor ipustie modolore 11/17/2016  at  11:00  am FGH456IJ Magna  consectet at  lor ipustie modolore 11/18/2016  at  12:00  pm
  29. 29. 29 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS The  Results: A Closer  Look  at  the  Savings 0.00 2.00 4.00 6.00 8.00 10.00 12.00 14.00 16.00 FY14 FY15 FY16 FY17 PERSON    YEARS Savings  in  Source  Code  Attestation
  30. 30. 30 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Must  See  Demos Security   Starts   With   Identity Security  Content Area Demo   Name Name Location Control   High  Value Access Manage   Your   Software   Risk Let’s  Talk   Upgrades Deliver Frictionless Access Security  Content Area Security  Content Area Security  Content Area Security  Content Area
  31. 31. 31 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Questions?
  32. 32. 32 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Stay  connected  at  communities.ca.com Thank  you.
  33. 33. 33 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Security For  more  information  on  Security, please  visit:  http://cainc.to/CAW17-­Security

×