Cloud Compliance Identity and Access Assessment (IdAA) Use Case Demo, Oct 2009
Identity and Access Assessment <ul><li>Excess entitlements typically increase over time </li></ul><ul><ul><li>Primary caus...
How does IdAA work? <ul><li>Access audit owner visits Cloud Compliance site </li></ul><ul><li>Browser-based wizard guides ...
The Excess Rights Dashboard The Excess Rights Dashboard presents a multidimensional view of least privilege compliance by ...
The Excess Rights Dashboard This view presents FFIEC audited applications for a financial services firm.  Resource views c...
The Excess Rights Dashboard Access control assessment results are indicated for each dimension: time; resource; group or d...
The Excess Rights Dashboard Scale-independent metrics measure performance along each dimension, and are the basis for obje...
The Excess Rights Dashboard Overall performance is tracked by the upper-left status indicator. In this case, 7% of account...
The Excess Rights Dashboard This trend tells us that prior to Cloud Compliance being deployed, access controls were not pe...
The Excess Rights Dashboard In the Resource view, we see that Equity Trade is the likely source of this month’s increase i...
Equity Trade We have now isolated Equity Trade from all other applications. Note that the Trend, By User Group and By User...
Equity Trade We see that the problem lies with the Bond Traders group.  They have been provisioned with rights to Equity T...
Bond Traders Now we have isolated the view to Bond Traders with provisioned rights to the Equity Trade application.
Bond Traders We see that Bond Traders are broken into Executives and three Trader sub-groups.  It looks like Executives ha...
Bond Traders In the User view, we see that these Traders all went dormant on the same day. If the dormant policy is 60 day...
Bond Traders In this case, an HR admin granted these rights based on generic job descriptions.  Mergers, layoffs, and ad-h...
IdAA Results <ul><li>Identified access control deficiency </li></ul><ul><ul><li>Determined root cause </li></ul></ul><ul><...
Thank You! <ul><li>For further information, contact Cloud Compliance: </li></ul>Cloud Compliance, Inc. 1250 Oakmead Pkwy #...
Upcoming SlideShare
Loading in...5
×

Cloud Compliance Use Case Demo

846
-1

Published on

Demonstrate identification and root cause analysis of operational error with Cloud Compliance Identity and Access Assessment (IdAA) solution.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
846
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • So let’s look at an example of how it works ….. This is the Excess Rights Dashboard. It presents a multidimensional view of how effectively users are provisioned and de-provisioned across applications, groups, and over time. Overall performance is tracked by the status indicator in the upper left It also identifies problems emerging along the various dimensions of access and identity. Problems with a specific application, group, or even an outlying user are extracted from the noise. Scale-independent metrics measure overall performance along each dimension. In this case we are looking at dormant rights as an indicator of how well rights are provisioned. Configurable management objectives allow you to set goals and compare results to your objectives. In this case, we are looking at a view that focuses on a group of applications that are in scope for an FFIEC audit in the financial services industry. You can set up audit views that are specific to specific audits – FFIEC, SOX, internal, PCI, etc. The trend view tells us that when we first deployed Cloud Compliance, the firm learned that they were not performing well, but using our analysis, they were able to manage it down to reasonable levels. We also see that recently excess rights are creeping back up. By looking at the Resource view, we see that the Equity Trade is the likely source of the problem. We can click on that application to isolate that application to see what’s going on.
  • So let’s look at an example of how it works ….. This is the Excess Rights Dashboard. It presents a multidimensional view of how effectively users are provisioned and de-provisioned across applications, groups, and over time. Overall performance is tracked by the status indicator in the upper left It also identifies problems emerging along the various dimensions of access and identity. Problems with a specific application, group, or even an outlying user are extracted from the noise. Scale-independent metrics measure overall performance along each dimension. In this case we are looking at dormant rights as an indicator of how well rights are provisioned. Configurable management objectives allow you to set goals and compare results to your objectives. In this case, we are looking at a view that focuses on a group of applications that are in scope for an FFIEC audit in the financial services industry. You can set up audit views that are specific to specific audits – FFIEC, SOX, internal, PCI, etc. The trend view tells us that when we first deployed Cloud Compliance, the firm learned that they were not performing well, but using our analysis, they were able to manage it down to reasonable levels. We also see that recently excess rights are creeping back up. By looking at the Resource view, we see that the Equity Trade is the likely source of the problem. We can click on that application to isolate that application to see what’s going on.
  • So let’s look at an example of how it works ….. This is the Excess Rights Dashboard. It presents a multidimensional view of how effectively users are provisioned and de-provisioned across applications, groups, and over time. Overall performance is tracked by the status indicator in the upper left It also identifies problems emerging along the various dimensions of access and identity. Problems with a specific application, group, or even an outlying user are extracted from the noise. Scale-independent metrics measure overall performance along each dimension. In this case we are looking at dormant rights as an indicator of how well rights are provisioned. Configurable management objectives allow you to set goals and compare results to your objectives. In this case, we are looking at a view that focuses on a group of applications that are in scope for an FFIEC audit in the financial services industry. You can set up audit views that are specific to specific audits – FFIEC, SOX, internal, PCI, etc. The trend view tells us that when we first deployed Cloud Compliance, the firm learned that they were not performing well, but using our analysis, they were able to manage it down to reasonable levels. We also see that recently excess rights are creeping back up. By looking at the Resource view, we see that the Equity Trade is the likely source of the problem. We can click on that application to isolate that application to see what’s going on.
  • So let’s look at an example of how it works ….. This is the Excess Rights Dashboard. It presents a multidimensional view of how effectively users are provisioned and de-provisioned across applications, groups, and over time. Overall performance is tracked by the status indicator in the upper left It also identifies problems emerging along the various dimensions of access and identity. Problems with a specific application, group, or even an outlying user are extracted from the noise. Scale-independent metrics measure overall performance along each dimension. In this case we are looking at dormant rights as an indicator of how well rights are provisioned. Configurable management objectives allow you to set goals and compare results to your objectives. In this case, we are looking at a view that focuses on a group of applications that are in scope for an FFIEC audit in the financial services industry. You can set up audit views that are specific to specific audits – FFIEC, SOX, internal, PCI, etc. The trend view tells us that when we first deployed Cloud Compliance, the firm learned that they were not performing well, but using our analysis, they were able to manage it down to reasonable levels. We also see that recently excess rights are creeping back up. By looking at the Resource view, we see that the Equity Trade is the likely source of the problem. We can click on that application to isolate that application to see what’s going on.
  • So let’s look at an example of how it works ….. This is the Excess Rights Dashboard. It presents a multidimensional view of how effectively users are provisioned and de-provisioned across applications, groups, and over time. Overall performance is tracked by the status indicator in the upper left It also identifies problems emerging along the various dimensions of access and identity. Problems with a specific application, group, or even an outlying user are extracted from the noise. Scale-independent metrics measure overall performance along each dimension. In this case we are looking at dormant rights as an indicator of how well rights are provisioned. Configurable management objectives allow you to set goals and compare results to your objectives. In this case, we are looking at a view that focuses on a group of applications that are in scope for an FFIEC audit in the financial services industry. You can set up audit views that are specific to specific audits – FFIEC, SOX, internal, PCI, etc. The trend view tells us that when we first deployed Cloud Compliance, the firm learned that they were not performing well, but using our analysis, they were able to manage it down to reasonable levels. We also see that recently excess rights are creeping back up. By looking at the Resource view, we see that the Equity Trade is the likely source of the problem. We can click on that application to isolate that application to see what’s going on.
  • So let’s look at an example of how it works ….. This is the Excess Rights Dashboard. It presents a multidimensional view of how effectively users are provisioned and de-provisioned across applications, groups, and over time. Overall performance is tracked by the status indicator in the upper left It also identifies problems emerging along the various dimensions of access and identity. Problems with a specific application, group, or even an outlying user are extracted from the noise. Scale-independent metrics measure overall performance along each dimension. In this case we are looking at dormant rights as an indicator of how well rights are provisioned. Configurable management objectives allow you to set goals and compare results to your objectives. In this case, we are looking at a view that focuses on a group of applications that are in scope for an FFIEC audit in the financial services industry. You can set up audit views that are specific to specific audits – FFIEC, SOX, internal, PCI, etc. The trend view tells us that when we first deployed Cloud Compliance, the firm learned that they were not performing well, but using our analysis, they were able to manage it down to reasonable levels. We also see that recently excess rights are creeping back up. By looking at the Resource view, we see that the Equity Trade is the likely source of the problem. We can click on that application to isolate that application to see what’s going on.
  • So let’s look at an example of how it works ….. This is the Excess Rights Dashboard. It presents a multidimensional view of how effectively users are provisioned and de-provisioned across applications, groups, and over time. Overall performance is tracked by the status indicator in the upper left It also identifies problems emerging along the various dimensions of access and identity. Problems with a specific application, group, or even an outlying user are extracted from the noise. Scale-independent metrics measure overall performance along each dimension. In this case we are looking at dormant rights as an indicator of how well rights are provisioned. Configurable management objectives allow you to set goals and compare results to your objectives. In this case, we are looking at a view that focuses on a group of applications that are in scope for an FFIEC audit in the financial services industry. You can set up audit views that are specific to specific audits – FFIEC, SOX, internal, PCI, etc. The trend view tells us that when we first deployed Cloud Compliance, the firm learned that they were not performing well, but using our analysis, they were able to manage it down to reasonable levels. We also see that recently excess rights are creeping back up. By looking at the Resource view, we see that the Equity Trade is the likely source of the problem. We can click on that application to isolate that application to see what’s going on.
  • By clicking on equity trade we has isolated equity trade activity from all other applications to see what’s going on with that application. Here we see that the problem is obviously with the bond traders group. It looks like that group has been provisioned with a lot of rights to the Equity Trading application that they are not using. Now let’s drill into the Bond Trading Group to see what’s going on there.
  • By clicking on equity trade we has isolated equity trade activity from all other applications to see what’s going on with that application. Here we see that the problem is obviously with the bond traders group. It looks like that group has been provisioned with a lot of rights to the Equity Trading application that they are not using. Now let’s drill into the Bond Trading Group to see what’s going on there.
  • Now we further isolated the view to just equity trade, and just Bond Traders. Now we can see that Bond Traders are broken into 4 sub groups. A group of executives and three groups of traders. It looks like the executive have a legitimate need, but the traders themselves really don’t need access to equity trading. By looking at the by User view, we can see that all the dormant users went dormant on the same day. This particular application has a dormant period setting of 60 days, so it looks like all of these users were granted rights in one fell swoop 60 days ago. A lot of process problems could be at the heart of this result. An HR or IT person got a couple of requests from traders for access and got tired of going through the process so he just gave the rights to everyone. An executive wanted one of his guys to have access so he just requested access for the group. Reorganizations, layoffs, mergers, or just new role management initiatives in which HR and IT are trying to guess at rights based upon corporate job descriptions can all lead to this same effect.
  • Now we further isolated the view to just equity trade, and just Bond Traders. Now we can see that Bond Traders are broken into 4 sub groups. A group of executives and three groups of traders. It looks like the executive have a legitimate need, but the traders themselves really don’t need access to equity trading. By looking at the by User view, we can see that all the dormant users went dormant on the same day. This particular application has a dormant period setting of 60 days, so it looks like all of these users were granted rights in one fell swoop 60 days ago. A lot of process problems could be at the heart of this result. An HR or IT person got a couple of requests from traders for access and got tired of going through the process so he just gave the rights to everyone. An executive wanted one of his guys to have access so he just requested access for the group. Reorganizations, layoffs, mergers, or just new role management initiatives in which HR and IT are trying to guess at rights based upon corporate job descriptions can all lead to this same effect.
  • Now we further isolated the view to just equity trade, and just Bond Traders. Now we can see that Bond Traders are broken into 4 sub groups. A group of executives and three groups of traders. It looks like the executive have a legitimate need, but the traders themselves really don’t need access to equity trading. By looking at the by User view, we can see that all the dormant users went dormant on the same day. This particular application has a dormant period setting of 60 days, so it looks like all of these users were granted rights in one fell swoop 60 days ago. A lot of process problems could be at the heart of this result. An HR or IT person got a couple of requests from traders for access and got tired of going through the process so he just gave the rights to everyone. An executive wanted one of his guys to have access so he just requested access for the group. Reorganizations, layoffs, mergers, or just new role management initiatives in which HR and IT are trying to guess at rights based upon corporate job descriptions can all lead to this same effect.
  • Now we further isolated the view to just equity trade, and just Bond Traders. Now we can see that Bond Traders are broken into 4 sub groups. A group of executives and three groups of traders. It looks like the executive have a legitimate need, but the traders themselves really don’t need access to equity trading. By looking at the by User view, we can see that all the dormant users went dormant on the same day. This particular application has a dormant period setting of 60 days, so it looks like all of these users were granted rights in one fell swoop 60 days ago. A lot of process problems could be at the heart of this result. An HR or IT person got a couple of requests from traders for access and got tired of going through the process so he just gave the rights to everyone. An executive wanted one of his guys to have access so he just requested access for the group. Reorganizations, layoffs, mergers, or just new role management initiatives in which HR and IT are trying to guess at rights based upon corporate job descriptions can all lead to this same effect.
  • Cloud Compliance Use Case Demo

    1. 1. Cloud Compliance Identity and Access Assessment (IdAA) Use Case Demo, Oct 2009
    2. 2. Identity and Access Assessment <ul><li>Excess entitlements typically increase over time </li></ul><ul><ul><li>Primary cause is employee transfers, role changes </li></ul></ul><ul><ul><ul><li>Prior entitlements often maintained through transition period, then fall through the cracks </li></ul></ul></ul><ul><ul><ul><li>New transfers often provisioned with rights of most-entitled employee in new department </li></ul></ul></ul><ul><ul><li>But human error and operational issues also lead to excessive access rights, virtually impossible to detect – without Cloud Compliance </li></ul></ul><ul><li>Identifying excessive access rights is only part of the solution </li></ul><ul><ul><li>Fault isolation and root cause identification are essential to remediate underlying processes </li></ul></ul><ul><ul><li>Cloud Compliance provides complete solution for identification and remediation of excessive access rights </li></ul></ul>
    3. 3. How does IdAA work? <ul><li>Access audit owner visits Cloud Compliance site </li></ul><ul><li>Browser-based wizard guides owner through automated data collection process </li></ul><ul><ul><li>Which resources to audit </li></ul></ul><ul><ul><li>Access rights </li></ul></ul><ul><ul><li>Login history/logs </li></ul></ul><ul><li>Data uploaded to secure Cloud Compliance site </li></ul><ul><li>Compliance assessments provided within minutes </li></ul><ul><ul><li>Management metrics </li></ul></ul><ul><ul><li>Trends, problem isolation and root cause analysis </li></ul></ul><ul><li>Integrating IdAA into access control processes can eliminate audit findings for excessive access rights and other access control issues </li></ul>
    4. 4. The Excess Rights Dashboard The Excess Rights Dashboard presents a multidimensional view of least privilege compliance by showing the recent trend as well as a breakdown by application, by group or department, and by user.
    5. 5. The Excess Rights Dashboard This view presents FFIEC audited applications for a financial services firm. Resource views can be defined for specific audits – FFIEC, SOX, PCI, internal, etc.
    6. 6. The Excess Rights Dashboard Access control assessment results are indicated for each dimension: time; resource; group or department; and users. Trends and problem areas are easily identified.
    7. 7. The Excess Rights Dashboard Scale-independent metrics measure performance along each dimension, and are the basis for objective-setting. Here, we look at dormant rights percentage to measure least privilege compliance performance.
    8. 8. The Excess Rights Dashboard Overall performance is tracked by the upper-left status indicator. In this case, 7% of accounts are dormant – higher than the 6% objective and therefore colored red.
    9. 9. The Excess Rights Dashboard This trend tells us that prior to Cloud Compliance being deployed, access controls were not performing well. Then, using our solution, dormant rights were significantly reduced. But dormant rights have jumped up this month…
    10. 10. The Excess Rights Dashboard In the Resource view, we see that Equity Trade is the likely source of this month’s increase in dormant rights. We can click on that application to see what’s going on.
    11. 11. Equity Trade We have now isolated Equity Trade from all other applications. Note that the Trend, By User Group and By User displays have all been updated to reflect the new view.
    12. 12. Equity Trade We see that the problem lies with the Bond Traders group. They have been provisioned with rights to Equity Trading that are now dormant. Let’s drill into the Bond Traders group to investigate.
    13. 13. Bond Traders Now we have isolated the view to Bond Traders with provisioned rights to the Equity Trade application.
    14. 14. Bond Traders We see that Bond Traders are broken into Executives and three Trader sub-groups. It looks like Executives have a business need, but the Bond Traders sub-groups don’t need access to the Equity Trade application.
    15. 15. Bond Traders In the User view, we see that these Traders all went dormant on the same day. If the dormant policy is 60 days, then they were all granted rights 67 days ago.
    16. 16. Bond Traders In this case, an HR admin granted these rights based on generic job descriptions. Mergers, layoffs, and ad-hoc rights requests often lead to the same result.
    17. 17. IdAA Results <ul><li>Identified access control deficiency </li></ul><ul><ul><li>Determined root cause </li></ul></ul><ul><ul><li>Knowledge to fix problem and underlying process </li></ul></ul><ul><ul><li>Avoid repetitive find/fix cycles </li></ul></ul><ul><li>Part of an ongoing management process </li></ul><ul><ul><li>Automated data collection, analysis and visualization </li></ul></ul><ul><ul><li>Before auditors arrive </li></ul></ul><ul><ul><li>No fire drills required </li></ul></ul><ul><li>Relevant metrics support informed management decision-making </li></ul>
    18. 18. Thank You! <ul><li>For further information, contact Cloud Compliance: </li></ul>Cloud Compliance, Inc. 1250 Oakmead Pkwy # 210 Sunnyvale, CA 94085 (408) 501-8812 [email_address] www.cloud-compliance.com Blog: www.cloud-compliance.com/blog

    ×