SlideShare ist ein Scribd-Unternehmen logo
1 von 27
Downloaden Sie, um offline zu lesen
A Pragmatic Solution For Identity & Access Management Hank Gruenberg, CISM, CRISC, PMP Information Security & IT Compliance Tokio Marine Management, Inc. [email_address]
This presentation is based on the paper “ A Pragmatic Solution for Identity and Access Management ” previously presented at various conferences. This paper is available on my LinkedIn page:  http://www.linkedin.com/in/hankgruenberg For more information, contact me at: [email_address] or USA: 917-626-8604 Hank Gruenberg, CISM, CRISC, PMP Information Security & IT Compliance Tokio Marine Management, Inc. New York, NY U.S.A.
Situation: Regulatory Compliance
Goals: Compliance & Security
Solution: Custom Application
Why is Access Management Difficult?
Managing 80+ Directories Varying Directory Formats Adding New Applications Aggressive Schedules Many Varying Directories Why Difficult…
Evolved Over Time Why Difficult… *A&A: Authentication & Authorization
Checking Entitlements Why Difficult…
How Goals Were Achieved Consider ‘Bottom Up’ Issues
Solved by… Guiding Principles Identity Management Scope
Paladin Methodology
Phase 1
Establish the Meta-Directory Phase 1 – Meta Directory… Key Point
Paladin’s  Meta Directory Phase 1 – Meta Directory… Key Point
What Paladin Isn’t Phase 1 – Meta Directory… Results No Impact On Applications
Establish objects and relationships  Phase 1 – Meta Directory…
Define Workflows Phase 1 – Workflows… Onboarding Recertification Governance: Request/Approve/Provision Termination: De-provisioning
Incorporate Data & User Interfaces Feed Phase 1 – Workflows… Downstream Account Administrator Resource Owner Manager Updates Employees Account IDs Work Order Add Non-Employees Provision / De-provision Accounts Approve Entitlement Key Point Request Entitlement Paladin Meta Directory Employee Roster Directory 1 Directory 1 Directory 1
Converting Existing Entitlements Phase 1 – Data Conversion…
Phase 2
Reconciling Directories Phase 2 – Reconciliation… ? Active Directory Match? Paladin Meta Directory Name App Acct ID Role Y Berra CIS BERRAY User Mantle CIS MM7 User Maris CIS RM9 User T Kubek CIS xyz448 User Customer Information System Match? Problem
Which Directories To Automate? Phase 2 – Reconciliation… *SSIS: SQL Server Integration Services
Automated Reconciliation Phase 2 – Reconciliation…
Semi-Automated Reconciliation Phase 2 – Reconciliation… Only Difference
Effectiveness & Adjustments Phase 2 – Metrics Fixed the process Conversion Issues Numbers are illustrative
Key Points

Weitere ähnliche Inhalte

Was ist angesagt?

Pragmatic Identity and Access Management: Secure Your Business without Breaki...
Pragmatic Identity and Access Management: Secure Your Business without Breaki...Pragmatic Identity and Access Management: Secure Your Business without Breaki...
Pragmatic Identity and Access Management: Secure Your Business without Breaki...Enterprise Management Associates
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum
 
Identity Management Over the Horizon: What’s New and What’s Next
Identity Management Over the Horizon: What’s New and What’s NextIdentity Management Over the Horizon: What’s New and What’s Next
Identity Management Over the Horizon: What’s New and What’s NextENow Software
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference ArchitectureHannu Kasanen
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trainings
 
Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0John Bernhard
 
What to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access ControlWhat to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access ControlSecureAuth
 
Mt26 identity management as a service
Mt26 identity management as a serviceMt26 identity management as a service
Mt26 identity management as a serviceDell World
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersAndrew Ames
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessForgeRock
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT Center
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarIdentity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarBrian Campbell
 

Was ist angesagt? (20)

Pragmatic Identity and Access Management: Secure Your Business without Breaki...
Pragmatic Identity and Access Management: Secure Your Business without Breaki...Pragmatic Identity and Access Management: Secure Your Business without Breaki...
Pragmatic Identity and Access Management: Secure Your Business without Breaki...
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access management
 
Identity Management Over the Horizon: What’s New and What’s Next
Identity Management Over the Horizon: What’s New and What’s NextIdentity Management Over the Horizon: What’s New and What’s Next
Identity Management Over the Horizon: What’s New and What’s Next
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference Architecture
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
 
Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0
 
What to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access ControlWhat to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access Control
 
Mt26 identity management as a service
Mt26 identity management as a serviceMt26 identity management as a service
Mt26 identity management as a service
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare Providers
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
 
IDM Reconciliation
IDM ReconciliationIDM Reconciliation
IDM Reconciliation
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarIdentity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations Seminar
 

Andere mochten auch

The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelSarah Moore
 
Identity and Access Management Reference Architecture for Cloud Computing
Identity and Access Management Reference Architecture for Cloud ComputingIdentity and Access Management Reference Architecture for Cloud Computing
Identity and Access Management Reference Architecture for Cloud ComputingJohn Bauer
 
Paysage de la sécurité de l'information
Paysage de la sécurité de l'informationPaysage de la sécurité de l'information
Paysage de la sécurité de l'informationAlain Huet
 
Ichec entrepr ah 2015
Ichec entrepr ah 2015Ichec entrepr ah 2015
Ichec entrepr ah 2015Alain Huet
 
Classification de l'information
Classification de l'informationClassification de l'information
Classification de l'informationAlain Huet
 
Governing Big Data : Principles and practices
Governing Big Data : Principles and practicesGoverning Big Data : Principles and practices
Governing Big Data : Principles and practicesPiyush Malik
 
Infosafe ah 2014 15
Infosafe ah 2014 15Infosafe ah 2014 15
Infosafe ah 2014 15Alain Huet
 
Free Project Management Templates for Microsoft SharePoint
Free Project Management Templates for Microsoft SharePointFree Project Management Templates for Microsoft SharePoint
Free Project Management Templates for Microsoft SharePointDavid J Rosenthal
 
Security enforcement of Microservices with API Management
Security enforcement of Microservices with API ManagementSecurity enforcement of Microservices with API Management
Security enforcement of Microservices with API ManagementCharles Moulliard
 
OpenDJ - An Introduction
OpenDJ - An IntroductionOpenDJ - An Introduction
OpenDJ - An IntroductionForgeRock
 
Intro to network Science
Intro to network ScienceIntro to network Science
Intro to network SciencePyData
 
Opendj - A LDAP Server for dummies
Opendj - A LDAP Server for dummiesOpendj - A LDAP Server for dummies
Opendj - A LDAP Server for dummiesClaudio Borges
 
Key Principles Of Data Mining
Key Principles Of Data MiningKey Principles Of Data Mining
Key Principles Of Data Miningtobiemuir
 
Analytics et Big Data, une histoire de cubes...
Analytics et Big Data, une histoire de cubes...Analytics et Big Data, une histoire de cubes...
Analytics et Big Data, une histoire de cubes...Mathias Kluba
 

Andere mochten auch (20)

The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity Model
 
Identity and Access Management Reference Architecture for Cloud Computing
Identity and Access Management Reference Architecture for Cloud ComputingIdentity and Access Management Reference Architecture for Cloud Computing
Identity and Access Management Reference Architecture for Cloud Computing
 
Paysage de la sécurité de l'information
Paysage de la sécurité de l'informationPaysage de la sécurité de l'information
Paysage de la sécurité de l'information
 
Ichec entrepr ah 2015
Ichec entrepr ah 2015Ichec entrepr ah 2015
Ichec entrepr ah 2015
 
Classification de l'information
Classification de l'informationClassification de l'information
Classification de l'information
 
SFS Parenting with Identity MS
SFS Parenting with Identity MSSFS Parenting with Identity MS
SFS Parenting with Identity MS
 
Governing Big Data : Principles and practices
Governing Big Data : Principles and practicesGoverning Big Data : Principles and practices
Governing Big Data : Principles and practices
 
Infosafe ah 2014 15
Infosafe ah 2014 15Infosafe ah 2014 15
Infosafe ah 2014 15
 
Free Project Management Templates for Microsoft SharePoint
Free Project Management Templates for Microsoft SharePointFree Project Management Templates for Microsoft SharePoint
Free Project Management Templates for Microsoft SharePoint
 
FAIR data overview
FAIR data overviewFAIR data overview
FAIR data overview
 
Preparing Data for Sharing: The FAIR Principles
Preparing Data for Sharing: The FAIR PrinciplesPreparing Data for Sharing: The FAIR Principles
Preparing Data for Sharing: The FAIR Principles
 
Security enforcement of Microservices with API Management
Security enforcement of Microservices with API ManagementSecurity enforcement of Microservices with API Management
Security enforcement of Microservices with API Management
 
OpenDJ - An Introduction
OpenDJ - An IntroductionOpenDJ - An Introduction
OpenDJ - An Introduction
 
Intro to network Science
Intro to network ScienceIntro to network Science
Intro to network Science
 
Opendj - A LDAP Server for dummies
Opendj - A LDAP Server for dummiesOpendj - A LDAP Server for dummies
Opendj - A LDAP Server for dummies
 
Key Principles Of Data Mining
Key Principles Of Data MiningKey Principles Of Data Mining
Key Principles Of Data Mining
 
Analytics et Big Data, une histoire de cubes...
Analytics et Big Data, une histoire de cubes...Analytics et Big Data, une histoire de cubes...
Analytics et Big Data, une histoire de cubes...
 
Network Science: Theory, Modeling and Applications
Network Science: Theory, Modeling and ApplicationsNetwork Science: Theory, Modeling and Applications
Network Science: Theory, Modeling and Applications
 
Big Data
Big DataBig Data
Big Data
 
Javantura v4 - Keycloak – instant login for your app - Marko Štrukelj
Javantura v4 - Keycloak – instant login for your app - Marko ŠtrukeljJavantura v4 - Keycloak – instant login for your app - Marko Štrukelj
Javantura v4 - Keycloak – instant login for your app - Marko Štrukelj
 

Ähnlich wie A Pragmatic Approach to Identity and Access Management

iConnect: Expertise Location at Deloitte
iConnect: Expertise Location at DeloitteiConnect: Expertise Location at Deloitte
iConnect: Expertise Location at DeloitteKM Chicago
 
CDI-MDMSummit.290213824
CDI-MDMSummit.290213824CDI-MDMSummit.290213824
CDI-MDMSummit.290213824ypai
 
Unleashing The Fossa Agile Leadership Summit 2009
Unleashing The Fossa   Agile Leadership Summit 2009Unleashing The Fossa   Agile Leadership Summit 2009
Unleashing The Fossa Agile Leadership Summit 2009Steve Greene
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementSBWebinars
 
Power of Flows and Prepare for Salesforce Admin Certification
Power of Flows and Prepare for Salesforce Admin CertificationPower of Flows and Prepare for Salesforce Admin Certification
Power of Flows and Prepare for Salesforce Admin CertificationNishant Singh Panwar
 
Iterative itsm implementation using TeamDynamix
Iterative itsm implementation using TeamDynamixIterative itsm implementation using TeamDynamix
Iterative itsm implementation using TeamDynamixHigherEdITMgt
 
Dreamforce - Chaining Approval Processes with Apex Code
Dreamforce - Chaining Approval Processes with Apex CodeDreamforce - Chaining Approval Processes with Apex Code
Dreamforce - Chaining Approval Processes with Apex Codescottsalesforce
 
Spca2014 holme end to end share point service delivery
Spca2014 holme   end to end share point service deliverySpca2014 holme   end to end share point service delivery
Spca2014 holme end to end share point service deliveryNCCOMMS
 
Profile_Bhagavathi_S
Profile_Bhagavathi_SProfile_Bhagavathi_S
Profile_Bhagavathi_SBhagavathi s
 
Madhukar_Eunny_BIDW_Consultant
Madhukar_Eunny_BIDW_ConsultantMadhukar_Eunny_BIDW_Consultant
Madhukar_Eunny_BIDW_Consultantmadhukar eunny
 
Satheesh.G_IDM
Satheesh.G_IDMSatheesh.G_IDM
Satheesh.G_IDMsatheesh64
 
Data warehouse 101-fundamentals-
Data warehouse 101-fundamentals-Data warehouse 101-fundamentals-
Data warehouse 101-fundamentals-AshishGuleria
 
Sreedhar CV_PKI - Certificate Management
Sreedhar CV_PKI - Certificate Management Sreedhar CV_PKI - Certificate Management
Sreedhar CV_PKI - Certificate Management Sreedhar Roddam
 

Ähnlich wie A Pragmatic Approach to Identity and Access Management (20)

iConnect: Expertise Location at Deloitte
iConnect: Expertise Location at DeloitteiConnect: Expertise Location at Deloitte
iConnect: Expertise Location at Deloitte
 
Hcm file-wp
Hcm file-wpHcm file-wp
Hcm file-wp
 
CDI-MDMSummit.290213824
CDI-MDMSummit.290213824CDI-MDMSummit.290213824
CDI-MDMSummit.290213824
 
Planisware cm jak_06a
Planisware cm jak_06aPlanisware cm jak_06a
Planisware cm jak_06a
 
Unleashing The Fossa Agile Leadership Summit 2009
Unleashing The Fossa   Agile Leadership Summit 2009Unleashing The Fossa   Agile Leadership Summit 2009
Unleashing The Fossa Agile Leadership Summit 2009
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity Management
 
Power of Flows and Prepare for Salesforce Admin Certification
Power of Flows and Prepare for Salesforce Admin CertificationPower of Flows and Prepare for Salesforce Admin Certification
Power of Flows and Prepare for Salesforce Admin Certification
 
Iterative itsm implementation using TeamDynamix
Iterative itsm implementation using TeamDynamixIterative itsm implementation using TeamDynamix
Iterative itsm implementation using TeamDynamix
 
Dreamforce - Chaining Approval Processes with Apex Code
Dreamforce - Chaining Approval Processes with Apex CodeDreamforce - Chaining Approval Processes with Apex Code
Dreamforce - Chaining Approval Processes with Apex Code
 
Rajiv Resume (1) (1)
Rajiv Resume (1) (1)Rajiv Resume (1) (1)
Rajiv Resume (1) (1)
 
Rajiv Resume (1) (1)
Rajiv Resume (1) (1)Rajiv Resume (1) (1)
Rajiv Resume (1) (1)
 
Rajiv Resume (1) (1)
Rajiv Resume (1) (1)Rajiv Resume (1) (1)
Rajiv Resume (1) (1)
 
Spca2014 holme end to end share point service delivery
Spca2014 holme   end to end share point service deliverySpca2014 holme   end to end share point service delivery
Spca2014 holme end to end share point service delivery
 
Profile_Bhagavathi_S
Profile_Bhagavathi_SProfile_Bhagavathi_S
Profile_Bhagavathi_S
 
Madhukar_Eunny_BIDW_Consultant
Madhukar_Eunny_BIDW_ConsultantMadhukar_Eunny_BIDW_Consultant
Madhukar_Eunny_BIDW_Consultant
 
Satheesh.G_IDM
Satheesh.G_IDMSatheesh.G_IDM
Satheesh.G_IDM
 
KHUSHBOO KAUL-CV
KHUSHBOO KAUL-CVKHUSHBOO KAUL-CV
KHUSHBOO KAUL-CV
 
Data warehouse 101-fundamentals-
Data warehouse 101-fundamentals-Data warehouse 101-fundamentals-
Data warehouse 101-fundamentals-
 
Balamurugan narayanan
Balamurugan narayananBalamurugan narayanan
Balamurugan narayanan
 
Sreedhar CV_PKI - Certificate Management
Sreedhar CV_PKI - Certificate Management Sreedhar CV_PKI - Certificate Management
Sreedhar CV_PKI - Certificate Management
 

A Pragmatic Approach to Identity and Access Management

Hinweis der Redaktion

  1. Negative Business Value: Miss something that adversely impacted the business (Resource, role, etc)
  2. Project Paladin
  3. IT has little control in aspects of access management for acquired products (structure, platform, etc) Application delivery schedules are aggressive and access management cannot be on the critical path Evolves over time – (used Windows and now have a Linux app) Varies by how entitlements are represented, maintained and other issues related to referential integrity – Do not underestimate issues concerning auto provisioning or dir synch How to manage dir synch over 50+ data stores on different platforms, etc., and growing
  4. Apps are concerned only with its own A&A requirements Different IDs were assigned to the same individual No authoritative source for non-employees Human resources was not concerned with A&A How to make terminations exhaustive and effective for all entitlements
  5. Enterprise requirements needs a ‘top-down’ approach the design Must also work ‘bottom-up’ since disparate directories already exist Understand the organization HR functions Resource to be managed Roles within resources Roles within departments Who are the requestors? ROs? UAs? What are the policy, regulatory and security requirements?
  6. Fixed deadline – How to meet it Fixed objectives Use automated processes where they can be easily implemented (i.e., minimum interfaces) An access management capability from the enterprise perspective Foundation for further automation
  7. Two phased approach New workflow with governance; meta-directory Reconciliations
  8. Incorporate people, resources, entitlements, roles, support personnel into workflows Define resource and roles Define role prototypes
  9. Drives all workflows Authoritative source for non-employees Contains the downstream directories’ account IDs Has the org chart for both employees and non-employees Employee data, as provided by HR Schedules recertification of people and entitlements Supports reconciliation using keys, not names
  10. What are the workflows? Request-Approval-Provision Termination-De-provisioning Recertify an employee Recertify a non-employee Recertify entitlements for a resource Requesting a new resource Reconciliation corrections Trigger recertifications
  11. HR Interface: Cannot provide new hires until after they start Provisional Employee process
  12. Do you have to? Avoid converting bad data Avoid converting non-employee entitlements
  13. Comparing the MD against each downstream directory
  14. Assume that not all downstream directories are easily accessible Prioritize the low-hanging fruit
  15. Define processes to run on a schedule to extract downstream data Determine the differences between the directories Generate corrections
  16. Define processes to run on a schedule to extract downstream data Determine the differences between the directories Generate corrections
  17. What is the trend of errors found Are the manual processes error-prone? Which user admins are not doing a satisfactory job? Or is it just a timing problem? Determine how the functions can be improved