Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Enterprise Identity and Access Management Use Cases

5.083 Aufrufe

Veröffentlicht am

The growth of enterprises result in heterogeneous environments with complex business demands. Some of the biggest identity and access management (IAM) challenges faced by these organizations include inconsistent password policies, excessive identities and directories, diverse and time-consuming auditing processes and an increasing need to stay on top of compliance regulations. Moreover, maintaining an enterprise LAN border is no longer viable as enterprises shift to cloud platforms and adopt SaaS and mobile apps that cross typical security domain boundaries.

Your productivity levels will go down if users can’t access the apps they need, the risk of breach when employees access apps outside of your enterprise will increase and you will face high maintenance costs for legacy systems. To avoid this, you need to implement a modern identity and access management solution that provides seamless user experiences, secures access for employees and partners, easily integrates legacy system as well as cloud and mobile apps, and manages employee data securely and efficiently.

Malithi and Pulasthi explored how to address these IAM challenges and adopt strategies that lead to efficient, secure and compliant IAM. They will discuss

The IAM challenges of complex heterogeneous enterprises
Common IAM use cases
Common patterns for IAM solutions

Veröffentlicht in: Technologie

Enterprise Identity and Access Management Use Cases

  1. 1. Enterprise Identity and Access Management Use Cases Malithi Edirisinghe Pulasthi Mahawithana Associate Technical Lead Senior Software Engineer August 8, 2017
  2. 2. TODAY’S IT CHALLENGES 2 2 More Compliant Business ● Increasing regulatory demands ● Increasing privacy concerns ● Business viability concerns More Agile Business ● More accessibility for employees, partners and customers ● High level of B2B integrations ● Faster reaction to changing requirements More Secured Business ● Identity theft ● Intellectual property theft ● Constant global threats
  3. 3. TODAY’S SECURITY IS NO LONGER SECURE ● Two-thirds of organizations averaged five or more breaches in the past two years Forrester Consulting Thought Leadership Paper, February 2017 ● Nearly six billion data records were lost or stolen in past few years ● An average of over 165,000 records compromised every hour http://www.breachlevelindex.com/ ● Global cybercrime-related damage costs are expected to exceed $6 trillion annually by 2021 www.csoonline.com/article/3153707/security/ top-5-cybersecurity-facts-figures-and- statistics-for-2017.htm 3
  4. 4. How do you rate the need for having a mature IAM to succeed in Digital Transformation ? IAM FOR DIGITAL BUSINESS 4 Kuppinger Cole Ltd.,Berlin, 29.06.2017
  5. 5. FORRESTER IAM MATURITY MODEL ● Nonexistence (level-0): No identity management system in place — and do not realize the need. ● Ad hoc (level-1): Occasionally, not consistent, not planned, disorganized. ● Repeatable (level-2): Intuitive, not documented, occurs only when necessary. ● Defined (level-3): Documented, predictable, occurs only when necessary. ● Measured (level-4): Well-managed, formal, often automated, evaluated frequently. ● Optimized (level-5): Continuous and effective, integrated, proactive, usually automated. 5
  6. 6. ENTERPRISE IAM USECASES ● Identity Lifecycle Management ● Seamless access to applications and resources ● Regulatory Compliance ○ Identity Assurance ○ Auditing, Reporting and Monitoring ● Fraud Detection, Prevention and User Behavior Analytics 6
  7. 7. #1 IDENTITY LIFECYCLE MANAGEMENT
  8. 8. IDENTITY LIFECYCLE MANAGEMENT Phases ● User On-boarding/Account Activation ● Account Maintenance and Support ● User Off-boarding/Account Termination These processes will differ for ● Employees ● Partners ● Contractors 8
  9. 9. USER ONBOARDING / ACTIVATION 9 ● Usually involves ○ Workflow approval ○ Provisioning accounts ○ Verifications ■ Mail ■ Phone ○ Activation
  10. 10. Over the time the employees will require ● Privilege changes due to ○ Promotions ○ Change of Roles ● Profile updates ACCOUNT MAINTENANCE 10
  11. 11. ● Deprovision the federated accounts ● Delete/Disable the account USER OFFBOARDING/TERMINATION 11
  12. 12. DEMONSTRATION
  13. 13. #2 SEAMLESS ACCESS TO RESOURCES
  14. 14. SEAMELESS ACCESS TO RESOURCES ● Distributed Workforce ○ Mergers, Acquisitions and Partnerships ○ Remote Workstations ○ Mobile Workforce ● Distributed Applications ○ SaaS Applications ○ Corporate Applications ○ Mobile Applications 14
  15. 15. SINGLE SIGN ON/ SINGLE LOGOUT 15
  16. 16. BYOID 16
  17. 17. BYOD 17
  18. 18. REAL-TIME ACCESS CONTROL 18
  19. 19. #3 REGULATORY COMPLIANCE
  20. 20. REGULATORY COMPLIANCE ● PCI ● HIPAA ● SOX ● FERPA ● GDPR ● PSD2 20
  21. 21. IDENTITY ASSUARANCE ● Compliance is more or less about ensuring Identity Assurance 21
  22. 22. AUTHENTICATION LEVELS 22 Meaning Authentication AL1 Little or no confidence PIN and Password AL2 Some confidence Single factor Authentication AL3 High Confidence Multi-factor Authentication via ‘soft’, ‘hard’, ‘OTP’ tokens AL4 Very High Confidence Multi-factor cryptographic authentication with hard tokens
  23. 23. PASSWORD RECOMMENDATIONS ● No universally accepted alternative for password ● Password recommendations: ○ Min, Max length ■ PINs - min: 6 digits ■ Passwords - min: 8 characters, max:64 characters ○ Specific character content ○ Password validation ■ against history ■ against a dictionary of bad choices ○ Avoid brute force and dictionary attacks ● Recovery and Password Reset ○ Security questions/ hints ○ Email Notifications 23
  24. 24. AUDITING AND MONITORING ● You might not know who will access your system ● Full Audit on user activities are important ○ Specially on User Management, Admin operations ○ Who, What, From Where, When, How 24
  25. 25. #4 FRAUD DETECTION, PREVENTION AND ANALYTICS
  26. 26. FRAUD DETECTION AND PREVENTION ● Monitor, Detect and Remediate ● Understanding user behavior ● Predicting future needs 26
  27. 27. ALERTING 27
  28. 28. ENTERPRISE IAM PLANNING 28 Assess your current IAM strategy 1 Have a clear inventory of your current identity and authentication infrastructure and policies 2 Evaluate the right IAM approach Security, Productivity and Compliance concerns Cloud Vs Corporate deployments Open standards Vs Proprietary Interfaces Assemble key stakeholders Define deployment plan Implement IAM solution Gain end user acceptance Define a strategy to execute IAM plan 3 28
  29. 29. ENTERPRISE IAM TRENDS ● By 2019, more than 80 percent of organizations will use access management software or services, up from 55 percent today. ● By 2021, IDaaS will be the majority access management delivery model for new purchases, up from less than 20% today. Gartner Magic Quadrant for Access Management, June 2017 29
  30. 30. 30
  31. 31. Q&A 31
  32. 32. THANK YOUTHANK YOU

×