Your SlideShare is downloading. ×
0
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administration, Save Time and Money

2,566

Published on

In this session, which has been presented after the Connect also at Rheinland Nachlese, Engage by BLUG and BCCon, we took you on the quest of strengthening the security while cutting costs for …

In this session, which has been presented after the Connect also at Rheinland Nachlese, Engage by BLUG and BCCon, we took you on the quest of strengthening the security while cutting costs for administration.

Daily administration of the IBM Domino environment can be manual, tedious and cost-intensive. Mismanagement can also pose significant security issues and can also result in legal ramifications.

Whether you need to cut costs in administration, save time spent on routine tasks, or make your audit team happy, there is help available.

Specialized in administration automation and security solutions, BCC has gained an unique insight in various Notes/Domino enviroments of more than 800 customers worldwide. In this session we will share the best practices on how to streamline IBM Notes and Domino administration, enhance system and process security, and ensure compliance with legal regulations.

* Automate the user, group, and app administration processes to reduce manual tasks and avoid human errors

* Implement strict compliance with corporate administration standards and reduce administration costs

* Prevent fraud / malicious actions from inside your company and ensure compliance with legal regulations

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,566
On Slideshare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
13
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SPOT114 : No Compromise on Compliance: Streamline Administration, Save Time and Money Olaf Boerner, BCC © 2014 IBM Corporation
  • 2. Agenda  Introduction  Requirements for todays IBM Domino® infrastructure  How to streamline Administration  How to ensure Compliance  Question Time
  • 3. About us  BCC, an IBM Business Partner since 1996  Solution provider for secure and cost-efficient management of IBM Collaboration Infrastructure  Develops software products, provides consulting and implementation services  800 companies with more than 3 million users trust BCC solutions
  • 4. About me  Administrator / Developer since 1994  Founded BCC in 1996  Working as senior architect with large enterprise customers –reducing Total cost of Ownership of IBM Notes and Domino® –securing and optimizing Domino infrastructures  IBM Champion  Twitter: @OlafBoerner
  • 5. Current situation for Domino Infrastructure 5
  • 6. Current situation for Domino infrastructures Compliance is a major issue The cost pressure in IT has grown enormously Hands-on admin skills are required The delivery model or platform is under question 6
  • 7. The cost pressure in IT has grown enormously The demands in the IT are growing and assurance of safe operations to make powerful and efficient systems is their prime goal 7 More than 80% of the IT companies are under enormous increasing cost pressures
  • 8. Compliance Requirements  Sarbanes Oxley (SOX) - related to investments and securities  FINRA - related to investments and financial advisors  HIPAA - related to the protection and privacy of health information –Any company that deals with protected health information (PHI) must ensure that all the required • physical, • network, and • process security measures –are in place and followed.
  • 9. The cost of not being compliant  Brand Damage  Non-Compliance Fines  Litigation Expenses Examples  $1.45 billion judgment against Morgan Stanley for being unable to produce reliable emails in the course of fraud litigation  $2.5 million fine against Merrill Lynch for failing to promptly produce emails over a period of 17 months
  • 10. Objectives for todays social business infrastructure Streamline / TCO Security / Compliance
  • 11. How to handle these conflicts of objectives ? 11
  • 12. How to handle these conflicts of objectives ?  How can you ensure compliance,  Enhance security and  Reduce total cost of ownership?  QUESTIONS: –Compliance and security are really expensive ? –Trade off ?  Let’s discuss this at current example: NSA and Snowden 12
  • 13. NSA Security ...  Why did they have a Security Leak ? –“The scariest threat is the systems administrator,” –“The system administrator has godlike access to systems they manage.” • Eric Chiu Hytrust , Security Advisor http://www.nytimes.com/2013/06/24/technology/nsa-leak-puts-focus-onsystem-administrators.html?_r=0
  • 14. Lessons learned: How will NSA increase security ?  Additional monitoring systems  “a two-man rule” that would limit the ability of each of its 1,000 root system admins to gain unfettered access to the entire system  Two–man rule is easy to implement !!!  Automation
  • 15. Why Automation increases security  NSA to Axe 90 Percent of System Administrators, Adopt Automation Instead – “What we’re in the process of doing – not fast enough – is reducing our system administrators by about 90 percent,” Keith Alexander, NSA – „doing things that machines are probably better at doing.“  1000 * 90% = 900 of its root system admins http://www.washingtonpost.com/blogs/federal-eye/wp/2013/08/13/nsa-to-cut-90percent-of-systems-administrators/ http://www.dailytech.com/NSA+to+Axe+90+Percent+of+System+Administrators+Ad opt+Automation+Instead/article33145.htm
  • 16. Summary: Why Automation increases security  „doing things that machines are probably better at doing.“ (Keith Alexander)  decrease required access rights  provide system log trails  TCO reduction is included for free! (currently) not important for NSA ;-) 17
  • 17. Automation is key ! Security Reduce TCO Compliance Automation
  • 18. That’s the reason for BCC’s mission statement
  • 19. Case Study - Global bank 20
  • 20. Case Study - Global bank Reduce Cost by 50% 21 Ensure new compliance req. Project
  • 21. Initial Situation: Domino Administration Lot of development efforts Manual monitoring Highly skilled administrators required High access rights required Frequency of human errors can be high Using “internal” Tools Domino Administrator Client Compliance issue
  • 22. Case Study– Global Bank  Simplified System Administration – Standardized technical procedures – Leveraging latest Domino TCO Improvements  Automation with Web-based Self-Service Application – User and group management – Team rooms – Mail-In databases  Enhanced Compliance and Security Check – Server Based Compliance check and Audit Trial – Additional security layer beyond ACL with 3rd party tool  Result: – Reduction of management costs by 50% – Return on Investment in 8 Months
  • 23. How did we achieve this? 24
  • 24. How did we achieve this? Streamline Administration • Organize (Helpdesk, Self-Service) • Standardize (technical procedures & infrastructure) • Automate with BCC AdminSuite Ensure compliance • Define security settings • Ensure with additional security product DominoProtect 25
  • 25. Three Steps to streamline Administration • Delegate the tasks to Helpdesk, HR … • Provide SelfService Request 1.Organize 2.Standardize • Convert admin tasks to an IT Process • A detailed checklist for every task • “simple” standard system environment running the most current IBM Domino release • Processing checklists by rules, profiles and backend server tasks • Ensuring Compliance by having a central log database to automatically record all actions • Reduce access rights! 3.Automate
  • 26. Streamlined IT Process examples
  • 27. Standardized IT Process ‘New Employee‘ Request Workflow (optional)
  • 28. Standardized IT Process ‘New Employee‘ Expected rule based UserID Request Workflow (optional) Creation of Person document in DominoDirectory Group entries corresponding to the user are set in the profile Mail file replica including cluster created Password calculated and distributed via Mail / print or fax / SMS Data directory of the user created Basic settings is stored in ID, Address Book, Workspace User gets links, necessary applications on the Workspace / Bookmarks
  • 29. Standardized IT Process ‘New Employee‘ Request Workflow (optional) Send confirmation mail to requestor Send information mail to business owner Create Billing entry in billing database Create Reporting entry Send welcome mail to new user
  • 30. Live demo
  • 31. Standardized IT Process ‘New Application‘ NSF file is based on the specifications of template creation Request Workflow (optional) ACL group (s) in the Domino Directory, are created with all entries ACL group (s) in the ACL of the Database created are corresponding To the registered rights Email is sent to requestor on success, And error is notified to Admin User gets links to necessary applications on the Workspace / Bookmarks Mobile users get local replica automatically
  • 32. What makes AdminSuite so valuable for your organization? Delegate to Helpdesk or Self-Service Ensure proper execution Reduce Access Rights Accelerate request & no manual effort
  • 33. Ensure Compliance with additional security product DominoProtect 34
  • 34. How we achieve this? Streamline Administration • Organize (Helpdesk, Self Service) • Standardize (technical procedures) • Automate with BCC AdminSuite Ensure compliance • Define security settings • Automate with additional security product BCC DominoProtect 35
  • 35. Define security settings: Three key elements to IBM Domino Server Security Server ID Database Access Document Access & Change
  • 36. What does DominoProtect do ? Provide an additional security layer Add security at document field level • beyond ACL and document access rights • Manager, Designer or Editors are not allowed to perform changes • Provide different security settings for single fields in a document • Manager, Designer or Editors are not allowed to change defined fields
  • 37. What does DominoProtect do ? Detailed monitoring and tracking at real time • Track access • Track modifications at field level • Old entry • new entry Prevent changes at real time • Control Domino access rights -> even Manager can not change • Track blocked changes
  • 38. What does DominoProtect technically? Protect Server ID with passwords • Assign random password to server ID • Provide password at startup • Automatic restart possible Protect ACL • Prevent ACL Change • Track ACL Changes Protect Notes document beyond ACL settings • Track access to document • Track modification • Prevent opening, modification or deletion • Check and control field level changes
  • 39. How do we achieve this: Security Settings Examples Secure your ID Vault Server with DominoProtect
  • 40. Secure your ID Vault Server 1. Step: Password protected server ID file
  • 41. Why secure your server ID ? Protect ID Vault !  IBM Recommendation: Securing the server ID file –‘We understand that most Domino servers are not password-protected to make unattended reboots simpler, but the vault server's ID file is a key element in the security of your ID vault.‘ –‘..a sophisticated attacker with a vault database and one of the corresponding server Ids ... would have all of the cryptographic information needed to masquerade as the vault server and decrypt all of the ID files stored in the vault‘.  http://www-10.lotus.com/ldd/dominowiki.nsf/dx/securing-your-notes-idvault-server
  • 42. Secure your ID Vault Server 2. Step Secure your ID Vault ACL Everyone with role Auditor and Admin client is able to download ID Files from ID Vault How to Change ACL • • Full Access Admins might be able to do this Server based script agents Preventing unwanted changes in ID Vault ACL is mandatory
  • 43. Secure your ID Vault Server 3. Step: Protect Configuration in Domino Directory  Main Goal: Reduce Access Rights to ID Vault Database and ensure these settings  Server Document: – Protect Field: Full access administrators – Protect optional Fields: “Programmability Restrictions“ – DominoProtect will • Block every change in these defined fields. • All other fields can be changed  Protect ACL Groups providing Access to ID Vault : – Prevent Modification of all ACL Groups related to ID Vault – DominoProtect will • Block every change in these defined Group Documents • All other groups can be changed 44
  • 44. Secure your ID Vault Server 4. Step: Control security log entries in log.nsf  Main Goal: Reduce Access Rights to log.nsf and prevent deletion or modification of Security Event log entries  Log.nsf –ACL: Protect Changes in log.nsf –Log “Security Events” • Protect Changes in Documents “Security Events” • Optional Restrict access to “Security Events”  DominoDirectory –Protect ACL Groups providing Access to log.nsf –Protect Full Access Admin Field 45
  • 45. Live demo
  • 46. What makes DominoProtect so valuable for your organization ? Real-time on server level Different access at field level No template modification
  • 47. Benefits for end users/employees  Personal increase in productivity by faster service  Better service quality by lesser mistakes  Self-service possibility ‘I can help myself‘
  • 48. Benefits for Admin/IT department  Simplification in administration  Concentration on mission-critical projects and strategic measures  Reduction on the variety of tools and scripts  No requirement of customized training
  • 49. Benefits for administrators  Prevents unauthorized modification of server configuration  Enhances process reliability through request-based change management with approval cycles  Provides full control and automated documentation of all configuration changes  Recovery function for configuration documents in case of mistakes or configuration errors  Alerts in case of defined protection violation
  • 50. Benefits for Management  Cost-efficient –Reduces the notes infrastructure administration cost by 70% –Service transparency  Minimizes risks –Ensure compliance –Reliable information about unauthorized access or modification attempts  Increases the employee productivity
  • 51. Question time … BCC Olaf Boerner Olaf_Boerner@bcc.biz
  • 52.  Access Connect Online to complete your session surveys using any: – Web or mobile browser – Connect Online kiosk onsite 54
  • 53. Acknowledgements and Disclaimers Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. © Copyright IBM Corporation 2014. All rights reserved.  U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.  IBM, the IBM logo, ibm.com, IBM Lotus and IBM Notes and Domino are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml  All BCC product names are registered trademarks of BCC.  Other company, product, or service names may be trademarks or service marks of others. 55

×