Weitere ähnliche Inhalte Mehr von Hitachi ID Systems, Inc. (20) Kürzlich hochgeladen (20) An Overview of Business Drivers and Technology Solutions1. 1 Introduction to Identity Management
Managing the User Lifecycle
Across On-Premises and
Cloud-Hosted Applications
An overview of business drivers and technology solutions.
2 Identity and Access Needs are Ever-Changing
Digital identities require constant Complexity creates delay and reliability
administration to reflect business changes: problems:
• Who? (Types of users): • Productivity:
Employees, contractors, vendors, Slow onboarding, change fulfillment.
partners, customers. • Cost:
• Why? (Business events): Many FTEs needed to implement security
Hire, move, change job function, changes.
terminate. • Security:
• What? (Change types:) Unreliable access termination,
Create/move/disable/delete user, update inappropriate user entitlements. Enforce
identity data and entitlements, reset SoD policies.
passwords. • Accountability:
• Where? (Applications:) Who has access to what? How/when did
AD, Exchange, Notes, ERP, Linux/Unix, they get it?
database, mainframe, physical assets.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 1
2. Slide Presentation
3 IAM in Silos
In most organizations, many processes affect many applications.
This many-to-many relationship creates complexity:
4 Identity and Access Problems
For users For IT support
• How to request a change? • Onboarding, deactivation across many
• Who must approve the change? apps is challenging.
• When will the change be completed? • More apps all the time!
• Too many passwords. • What data is trustworthy and what is
• Too many login prompts. obsolete?
• Not notified of new-hires/terminations on
time.
• Hard to interpret end user requests.
• Who can request, who should authorize
changes?
• What entitlements are appropriate for
each user?
• The problems increase as scope grows
from internal to external.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 2
3. Slide Presentation
5 Identity and Access Problems (continued)
For Security / risk / audit For Developers
• Orphan, dormant accounts. • Need temporary access (e.g., prod
• Too many people with privileged access. migration).
• Static admin, service passwords a • Half the code in every new app is the
security risk. same:
• Weak password, password-reset
processes. – Identify.
• Inappropriate, outdated entitlements. – Authenticate.
• Who owns ID X on system Y? – Authorize.
• Who approved entitlement W on system – Audit.
Z? – Manage the above.
• Limited/unreliable audit logs in apps. • Mistakes in this infrastructure create
security holes.
6 Externalize IAM From Application Silos
• The problem with IAM is complexity, due to silos.
• The obvious solution is to extract IAM functions from system and application silos.
• A shared infrastructure for managing users, their authentication factors and their security
entitlements is the answer.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 3
4. Slide Presentation
7 Integrated IAM Processes
Business Processes IT Processes
Hire Retire Resign Finish Contract New Application Retire Application
Transfer Fire Start Contract Password Expiry Password Reset
Identity Management System
Users
Passwords
Operating Directory Application Database E-mail ERP Legacy Mainframe Groups
System System App
Attributes
Systems and Applications
8 Business Drivers for IAM
Security / controls. • Reliable deactivation.
• Strong authentication.
• Appropriate security entitlements.
Regulatory • PCI-DSS, SOX, HIPAA, EU Privacy Directive, etc.
compliance. • Audit user access rights.
IT support costs. • Help desk call volume.
• Time/effort to manage access rights.
Service / SLA. • Faster onboarding.
• Simpler request / approvals process.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 4
5. Slide Presentation
9 IAM Strengthens Security
• Reliable and prompt global access termination.
• Reliable, global answers to "Who has What?"
• Access change audit trails.
• Sound authentication prior to password resets.
• Security policy enforcement: strong passwords, regular password changes, change authorization
processes, SoD enforcement, new user standards, etc.
• Regulatory compliance: HIPAA, Sarbanes-Oxley, 21CFR11, etc.
10 Cost Savings and Productivity
Cost Item Before After Savings
Help desk cost of 10,000 x 3 x $25 10,000 x .6 x $13 = $672,000 / year
password resets: = $750,000 / year = $78,000 / year
New hire lost 10,000 x 10% x 10 x 10,000 x 10% x 1 x = $1.8M / year
productivity $400 x 50% $400 x 50%
= $2M / year = $200,000 / year
Access change 10,000 x 2 x 2 x 10,000 x 2 x 1 x = $800,000 / year
lost productivity $400 x 10% $400 x 10%
= $1.6M / year = $800,000 / year
Password Resets New Users Access Changes
Users: 10,000 Staff turnover: 10% Days to change 2
access:
Password resets / 3 Days to setup 10
user / year: a new user: Security changes 2 / year
per user:
Cost per help 25 Value of user $400 / day
desk call: productivity: Productivity of 90%
users waiting for
Productivity of 50%
changed access:
users waiting for
new access:
© 2011 Hitachi ID Systems, Inc. All rights reserved. 5
6. Slide Presentation
11 Elements of IAM
Identity and access Privileged
management solutions Telephone Password User
Password Management Provisioning Identity
may incorporate many Reset Synchronization
Enterprise
components, from Role
Single
Management
multiple vendors: Signon
Resource
Password Access
Management Requests
Access
ID Certification
Reconciliation
Web System of
Single Record
Signon
Federation Directory
Strong Virtual
Authentication Directory
Hitachi ID Systems
Partners
12 Summary
• The problem with managing identities, security entitlements, passwords and related data is a
business, not a technology problem:
– Too many business events, which impact
– Too many systems and applications.
• Technology solutions are available to address these problems:
– Password synchronization and reset
– Automated user provisioning and deactivation.
– Identity synchronization.
– Enforcement of policies using segregation-of-duties and roles.
– Periodic access review and cleanup (certification).
– Various kinds of single signon.
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: PRCS:pres
www.Hitachi-ID.com Date: March 22, 2011