4. Identity Lifecycle Management
IdenQty Management
Provisioning kont i uprawnień uzytkowników
Zarządzanie uprawnieniami uzytkowników
Procesy workflow akceptacji wniosków
Zarządzanie zmianami w ramach procesu zarządzania tożsamością
Ide
t
en
nQ Zarządzanie uwierzytelnieniami użytkowników
em
ty M
ag
Usługi Self-‐Service
an
ana
M
le
Role Management
gem
IdenQty
Ro
Identyfikacja ról występujących w środowisku
ent
Lifecycle
Management Stworzenie przykładowych ról, które pasują do organizacji
Analizowanie i zarządzanie rolami w czasie, zgodnie z potrzebami
biznesowymi
Security Compliance
Security Compliance Management
Zrozumienie polityk bezpieczeństwa
Import zdarzeń audytowych i logów
Import informacji o rolach i prawach dostępu
Wsparcie procesu zgodności z normami.
4
5. CA IDM + RCM
• CA Role & Compliance
Manager
– Jakie uprawnienia, role i polityki
powinny być – kontrola
– Połączenie z Identity
Manager plus
systemy/aplikacje
niezautomatyzowane
RACF
• CA Identity Manager UNIX
– Jak są nadawane CA Role &
CA IdenQty Compliance
uprawnienia Manager Manager
– Zarządzanie
SAP
aplikacjami –
HR
automatyzacja
JAK CO
6. CA Identity Management
Funkcje
• Smart Provisioning
– IT i biznes efektywnie wnioskuje i przyznaje uprawnienia dostępowe
– Sugerowanie ról, identyfikacja niestandardowych dostępów proaktywne wymuszanie
zgodności z politykami
• Samoobsługa użytkowników
– Oddaje użytkownikom zadania związane z zarządzaniem
ich hasłami i profilami, zmniejszenie ilości
pracy dla helpdesk’u
• Administracja kontami
– Centralizacja danych/polityk
– Delegacja uprawnień do właścicieli aplikacji
• Xpress Integration CA Role &
Compliance
Manager
– Eliminacja kodowania dzięki Policy Xpress,
Connector Xpress, edytorom graficznym
– Interfejs web services umożliwiający integrację
z innymi systemami
• Rekonsyliacja uprawnień użytkowników
7. CA Role + Compliance
Co robi
• Kontrola Jakości Uprawnień
– Identyfikacja niepoprawnych i wyjątkowych praz dostępu –
czyszczenie i audyt
• Modelowanie i zarządzanie politykami
– Definiowanie i wykrywanie przekroczeń polityk (e.g. SoD)
– Zmiany modelu ról i ocena wpływu
• Modelowanie i zarządzanie rolami
– Planowanie, optymalizacja, wykrywanie i modelowanie ról
– Modelowa nie zmian, ocena wpływu, przeglądy i aprobaty
• Certyfikowanie i raportowanie uprawnień
– Ułatwienie i uproszczenie procesu potwierdzania
uprawnień
– Raporty i panele dla ról, uprawnień, polityk
• Smart Provisioning
– Wykorzystsnie ról i polityk przez Identity Manager’a w
procesie provisioningu
13. Rozwiązanie problemu: Role Based Access Control
Użytkownicy (5,000)
X
~ 800 Role Biznesowe
Privileges (1,000,000) Zasoby (100,000)
Model zarządzania oparty na rolach (CA.com):
Obejmuje natychmiast 60-‐80% praw dostępu
Tworzy wspólny język opisu łączący oczekiwania biznesu i zarżadzania bezpieczeństwem
Łatwość automatyzacji i wprowadzania nowych użytkowników
13
15. Implementacja: RBAC implementation
Ongoing management and
administraCon
Role management
Compliance management
User stores Smart provisioning
consolidaCon …
Cleanup
Compliance
modeling
Eurekify Gap Analysis
Role modeling
Export to IDM
The key message here is that conversations are less meaningful focusing on feature/function, when we talk about what we have to offer – so we have changed our presentation of the ILM accordingly – to focus more on the overall solution and how it addresses the key business processes that make up an organization’s approach to ILM.CA ILM is the combination of CA Identity Manager and CA Role & Compliance Manager (Eurekify)Together they address the complete lifecycle:Privilege QualityRole ManagementIdentity compliance controlsIdentity risk assessmentAccess requestAutomated provisioning Identity Lifecycle Management, as delivered through CA Identity Manager and CA Role & Compliance Manager, puts your organization in control by automating identity processes – as shown above. This results in:Reduced costs by eliminating labor intensive procedures for proving compliance to auditors, managing user access requests or customizing solutions to meet your business’ needs.Better service by getting users up and running in a day instead of a week or providing users with the necessary business context that they need to make identity-related decisions.Reduced risk by preventing compliance violations before they happen, validating that users have appropriate access or consistently auditing and reporting on compliance issues. These activities enable you to confidently, proactively and efficiently answer key questions:Who has access to what?What access should they have? Have managers certified access for all their users?Is access immediately updated as users come, go, and change roles, with preventive compliance so smart provisioning is achieved and your organization stays compliant? [Michelle]CA Security is focused on helping customers maximize value, get more rapid TTV, and minimize cost and waste to achieve Lean IT….how do we do that with ILM? ILM automates the process of managing users and their access to apps based on their roles within the business, and doing so across the entire lifecycle. Although each step in that process can add value on it’s own, the most benefit comes from an environment where each of the major process steps – id mgmt, role mgmt, id compliance – feeds on information from the other to inform and improve that step. Example is efficient role model with fewer, better defined roles, makes user provisioning more efficient and effective. Another example is using an automated process for managers to certify the roles their employees are assigned to, and the related access rights, ensures that the users are getting only the access they need to do their jobs, and eases audit efforts. Helps customers streamline and enable users faster, as well as help adhere to internal and externally mandated compliance policies based on user access. With the Eurekify acquisition, we have a more complete foundation. Now let’s look at some customer sales wins and successes to learn what sales tactics helped win these deals.
The key message here is that conversations are less meaningful focusing on feature/function, when we talk about what we have to offer – so we have changed our presentation of the ILM accordingly – to focus more on the overall solution and how it addresses the key business processes that make up an organization’s approach to ILM.CA ILM is the combination of CA Identity Manager and CA Role & Compliance Manager (Eurekify)Together they address the complete lifecycle:Privilege QualityRole ManagementIdentity compliance controlsIdentity risk assessmentAccess requestAutomated provisioning Identity Lifecycle Management, as delivered through CA Identity Manager and CA Role & Compliance Manager, puts your organization in control by automating identity processes – as shown above. This results in:Reduced costs by eliminating labor intensive procedures for proving compliance to auditors, managing user access requests or customizing solutions to meet your business’ needs.Better service by getting users up and running in a day instead of a week or providing users with the necessary business context that they need to make identity-related decisions.Reduced risk by preventing compliance violations before they happen, validating that users have appropriate access or consistently auditing and reporting on compliance issues. These activities enable you to confidently, proactively and efficiently answer key questions:Who has access to what?What access should they have? Have managers certified access for all their users?Is access immediately updated as users come, go, and change roles, with preventive compliance so smart provisioning is achieved and your organization stays compliant? [Michelle]CA Security is focused on helping customers maximize value, get more rapid TTV, and minimize cost and waste to achieve Lean IT….how do we do that with ILM? ILM automates the process of managing users and their access to apps based on their roles within the business, and doing so across the entire lifecycle. Although each step in that process can add value on it’s own, the most benefit comes from an environment where each of the major process steps – id mgmt, role mgmt, id compliance – feeds on information from the other to inform and improve that step. Example is efficient role model with fewer, better defined roles, makes user provisioning more efficient and effective. Another example is using an automated process for managers to certify the roles their employees are assigned to, and the related access rights, ensures that the users are getting only the access they need to do their jobs, and eases audit efforts. Helps customers streamline and enable users faster, as well as help adhere to internal and externally mandated compliance policies based on user access. With the Eurekify acquisition, we have a more complete foundation. Now let’s look at some customer sales wins and successes to learn what sales tactics helped win these deals.