Cost-efficient implementation of                                   IT-security – an I&AM exampleCopyright © 2011 Accenture...
Accenture’s Security Practice understands your business,and has the global footprint, technology expertise and end-to-end ...
Accenture helps balance conflicting business objectivesof safeguarding the enterprise while enabling growth A straightforw...
In Sweden, we work closely with our Nordic Securitycolleagues in Risk Mgmt, IAM, Infra Sec, BC/DR and moreNordic Security ...
Today’s topic                                                  Q: How to achieve cost-efficient                           ...
Why architectural patterns and principles?Identity and Access Management as an example…                                   ...
Example of conceptual pattern/principles: Identities                I.    Information about identities comes from the busi...
Example of conceptual pattern/principles: Externalization• Managed resources should  externalise authN and authZ to       ...
Example of conceptual pattern/principles: Externalization• Externalization provides  foundations for sophisticated  policy...
Today’s topic                                                  Q: How to achieve cost-efficient                           ...
Scaling of IAM through delivery patterns: Goals and Benefits                             Prioritise IAM value drops for qu...
Scaling of I&AM: Conceptual Patterns/Principles                                                                       • St...
Delivery of IAM: Streamlining    High level delivery dimensions required for your programme are    known. Which allows for...
Conclusion • Security work must not lose sight of its business   goals: strong connection to the business, with clear   go...
Upcoming SlideShare
Loading in...5
×

Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Smarter Business 2011

2,118

Published on

Presentation från IBM Smarter Business 2011. Spår: Hantera risk och säkerhet.
Accenture ger sin vision och sina råd på hur du skapar en IT-säkerhetsstrategi som leverarar värde snabbt men samtidgt håller ner kostnaderna och behåller fokuset på affärsmålen. Dessa råd kommer från år av Accentures global erfarenhet av IT-säkerhetsstrategier.
Talare: Peder Nordvaller & Alexandre Messo, Accenture.
Mer information på www.smarterbusiness.se

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,118
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Smarter Business 2011

  1. 1. Cost-efficient implementation of IT-security – an I&AM exampleCopyright © 2011 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. 1
  2. 2. Accenture’s Security Practice understands your business,and has the global footprint, technology expertise and end-to-end capabilities to help you achieve high performanceSecurity Practice Statistics Industries Global Delivery Network• Professionals: 1800+ • Communications & • Over 90,000 GDN resources• Countries: 52+ High Tech across the globe• Clients: 210+ • Financial Services • 300+ GDN Security• Head Count Growth: 50+% • Products Specialists • Health and Public • High growth rate, Service broadening of skills and addition of new locations • ResourcesCopyright © 2011 Accenture All Rights Reserved. 2
  3. 3. Accenture helps balance conflicting business objectivesof safeguarding the enterprise while enabling growth A straightforward approach: honing in on three key organizational objectives can help address challenging business security requirements Managing Identity Defending information, and Access Protecting from systems, critical infrastructures Cyber Threats and key business processes Securing Applications and Infrastructure Enterprise Enabling new business initiatives Opportunity and innovation, improving use of with Inherent information assets, ensuring Protecting Risk compliance and resilience InformationCopyright © 2011 Accenture All Rights Reserved. 3
  4. 4. In Sweden, we work closely with our Nordic Securitycolleagues in Risk Mgmt, IAM, Infra Sec, BC/DR and moreNordic Security Practice• Nordic Team: 60+• Swedish Team: 20+• Example engagements: • IAM strategy, design and implementation • Infrastructure Security assessments, design and implementation • ISO 2700x-assessments and implementation • BC/DR design, planning and implementation • Application security (GRC etc)• Today’s presenters: Peder Nordvaller – Manager Michael Asplund – Senior Manager • 5+ years experience in IAM • 9+ years experience in risk, IAM, Strategy, design, architecture and security delivery; including and implementation program- and project • CISSP, TIM Certified Architect management. CISSP Certified.Copyright © 2011 Accenture All Rights Reserved. 4
  5. 5. Today’s topic Q: How to achieve cost-efficient implementation of IT-security? Accenture’s approach Innovate and industrialize: Enabling Streamline and business align: cost-efficiency through the use of Realizing cost-efficiency through a architectural principles and patterns value-driven delivery modelCopyright © 2011 Accenture All Rights Reserved. 5
  6. 6. Why architectural patterns and principles?Identity and Access Management as an example… applications • Establishes common security controls and aims to improve operational efficiency • Requires clear interfaces and delineation against many processes, governance and technology areas • Realizes value as identities and applications are onboarded and capabilities are grown… • … But has not scaled well, and developed slower than business and technology has evolved Patterns and principles Defines clear responsibilities of and interfaces to IAM to allow for a clear development path, pull-based consumption and demand-driven innovation Conceptually generic frameworks for governance, process- & technology, requiring client adaptationCopyright © 2011 Accenture All Rights Reserved. 6
  7. 7. Example of conceptual pattern/principles: Identities I. Information about identities comes from the business. I&AM should rely on and help improve data, not master it II. I&AM should be the sole mechanism of vending identity data to applications and systems, based on common identity data model describing the different types of identities and their information III. Lifecycle processes shall describe the life of identity types defined in the common identity data model to support RBAC and automated provisioning 3 1 2Copyright © 2011 Accenture All Rights Reserved. 7
  8. 8. Example of conceptual pattern/principles: Externalization• Managed resources should externalise authN and authZ to 1 IAM services. 2• Provides guidelines for 3 consumption and leverage of central IAM• Constrains direct provisioning to common infra, legacy and value- driven exceptions• Favours and drives adoption of 4 loose coupling, federated identity, .NET claims etc.• Realized by e.g. components such as TIM/TAM/TDSCopyright © 2011 Accenture All Rights Reserved. 8
  9. 9. Example of conceptual pattern/principles: Externalization• Externalization provides foundations for sophisticated policy management 1• IAM support, evaluate and enforce access control decisions 2 3• Centralization of policy control is supported by e.g. XACML, Windows Identity Foundation 5 (WIF) etc. 4• Allows for fine-grained policies; 6 SOA security; infrastructure etc.• Can be realized by e.g. TSPMCopyright © 2011 Accenture All Rights Reserved. 9
  10. 10. Today’s topic Q: How to achieve cost-efficient implementation of IT-security? Accenture’s approach Innovate and industrialize: Enabling Streamline and business align: cost-efficiency through the use of Realizing cost-efficiency through a architectural principles and patterns value-driven delivery modelCopyright © 2011 Accenture All Rights Reserved. 10
  11. 11. Scaling of IAM through delivery patterns: Goals and Benefits Prioritise IAM value drops for quick delivery Focus expensive innovation where it’s required Industrialise and de-bureaucratise the most reproducible areas Progressively change the industrialised elements of your programmeCopyright © 2011 Accenture All Rights Reserved. 11
  12. 12. Scaling of I&AM: Conceptual Patterns/Principles • Steady-state factory delivery for industrialised work • Specialised effort concentrated on the hard problems that need innovation • Industrialise what can be • Identity Manager industrialised tailored to your • Directory Consolidation specifics • Web SSO • Establish common, consistent design patterns • Enterprise SSO • Don’t solve problems in a vacuumCopyright © 2011 Accenture All Rights Reserved. 12
  13. 13. Delivery of IAM: Streamlining High level delivery dimensions required for your programme are known. Which allows for industrialisation and realising the synergies. Architect Streamline Prioritise Schedule Offshore Govern MonitorCopyright © 2011 Accenture All Rights Reserved. 13
  14. 14. Conclusion • Security work must not lose sight of its business goals: strong connection to the business, with clear governance is essential. • However, appropriate design patterns can ensure that work is not reinvented and effort is directed where it is most appropriate. • Furthermore, pragmatic management allows for appropriate industrialisation with bespoke work only where it is required and cookie-cutter delivery where it is not.Copyright © 2011 Accenture All Rights Reserved. 14

×