Identity Management: Risk Across The Enterprise


Published on

Managing risk in the enterprise.
What is identity management?
What are the risks associated with identity management in the enterprise?
Mitigation strategies and approaches.

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • This is essentially our Mission Statement for customer-facing communications. It speaks first to our positioning as an IT consulting firm and second to our mission to “help clients implement business-driven IT solutions” that deliver business value in the form of integrated business processes, etc.
  • … the fast facts about Perficient that help position us as a rapidly growing, successful IT services firm with sufficient scale to handle large projects while being more flexible and responsive, based on our size relative to the large players. This slide is to provide “the facts” which are typically required in many “first meetings” and to help position our competitive differentiation, which is addressed directly in the next slide.
  • Identity Management: Risk Across The Enterprise

    1. 1. Identity Management: Risk Across The Enterprise J.D. Bell The contents of this presentation are the sole copyrighted property of Perficient Inc and may not be reproduced in whole or in part without written permission from Perficient Inc.
    2. 2. Agenda <ul><li>Introduction </li></ul><ul><li>Session objectives </li></ul><ul><li>Risk management & mitigation </li></ul><ul><li>A history of identity in the enterprise </li></ul><ul><li>The challenges of managing identity risk </li></ul><ul><li>The solutions </li></ul><ul><li>The next steps you should be taking </li></ul><ul><li>Q&A </li></ul>
    3. 3. Agenda <ul><li>Introduction </li></ul>
    4. 4. About Perficient Perficient is a leading information technology consulting firm serving clients throughout North America. We help clients implement business-driven technology solutions that integrate business processes, improve worker productivity, increase customer loyalty and create a more agile enterprise to better respond to new business opportunities.
    5. 5. Fast Facts <ul><li>Public, NASDAQ: PRFT </li></ul><ul><li>~$230 million in 2008 revenues </li></ul><ul><li>Locations in 19 major North American markets </li></ul><ul><li>Global Delivery Centers in Europe and China </li></ul><ul><li>Approximately 1,300 business and technology consultants </li></ul><ul><li>Dedicated solution practices </li></ul><ul><li>Served 600+ clients in 2008 </li></ul><ul><li>Alliance partnerships with major technology vendors </li></ul><ul><li>Multiple vendor/industry technology and growth awards </li></ul>
    6. 6. Our Solutions
    7. 7. Perficient’s Global Delivery Center – Key Facts <ul><li>Our Strengths </li></ul><ul><li>Fully owned and operated since 2004 </li></ul><ul><li>Operating at SEI CMMI Level 5 </li></ul><ul><li>Worldwide Leader! – One of the first to achieve CMMI L5 using an Agile Methodology </li></ul><ul><li>150+ Perficient employees, organic growth strategy </li></ul><ul><li>Located in Hangzhou, China </li></ul><ul><ul><li>Home to prestigious universities </li></ul></ul><ul><ul><li>Large City - Pop. 6.5M+ </li></ul></ul><ul><ul><li>#1 city to do business in China – Forbes (5 years running!) </li></ul></ul><ul><ul><li>Excellent talent pool- home to over 1200 technology enterprises </li></ul></ul><ul><ul><li>2.5 hours from Shanghai </li></ul></ul><ul><ul><li>All business conducted in English </li></ul></ul>China Global Delivery Center
    8. 8. Agenda <ul><li>Session Objectives </li></ul>
    9. 9. Session Objectives <ul><li>What we’ll cover: </li></ul><ul><li>Managing risk in the enterprise. </li></ul><ul><li>What is identity management? </li></ul><ul><li>What are the risks associated with identity management in the enterprise? </li></ul><ul><li>Mitigation strategies and approaches. </li></ul><ul><li>We won’t cover: </li></ul><ul><li>A solution that fits every industry, organization and philosophy. There is no one-size-fits-all approach. </li></ul><ul><li>Larger scale information security risks that every enterprise must address (policy management, technical infrastructure, oversight, etc.) </li></ul>
    10. 10. Agenda <ul><li>Risk Management & Mitigation </li></ul>
    11. 11. Risk Probability or threat of a damage, injury, liability, loss, or other negative occurrence, caused by external or internal vulnerabilities, and which may be neutralized through pre-mediated action.
    12. 12. Risk Management <ul><li>The process of mitigating exposure to adverse events. </li></ul><ul><li>Risk management planning is all about making informed business decisions to attain levels of risk that are acceptable to the organization </li></ul><ul><li>Reducing risk usually incurs a cost to the bottom line </li></ul><ul><li>Effective risk management requires a balance between cost and risk probabilities </li></ul>
    13. 13. Risk Mitigation <ul><li>What is it? </li></ul><ul><li>Systemic reduction in exposure to and likelihood of an adverse business event </li></ul><ul><li>First step is a risk analysis </li></ul><ul><li>AEMM (Assess, Evaluate, Manage, and Measure) </li></ul>How do you manage the ever-changing balance between risk and reward?
    14. 14. Agenda <ul><li>A History of Identity In The Enterprise </li></ul>
    15. 15. Explosion of Digital IDs Pre 1980’s 1980’s 1990’s 2000’s # of Digital IDs Time Applications Mainframe Client Server Internet Business Automation Company (B2E) Partners (B2B) Customers (B2C) Mobility
    16. 16. Inside The Cloud
    17. 17. Convoluted Reality HR System Infra Application Lotus Notes Apps In-House Application COTS Application NOS In-House Application Enterprise Directory <ul><li>“ Identity Chaos” </li></ul><ul><ul><li>Multiple users and systems required to do business </li></ul></ul><ul><ul><li>Multiple repositories of identity information; multiple user IDs, multiple passwords </li></ul></ul><ul><ul><li>Decentralized management, ad hoc data sharing </li></ul></ul><ul><li>Authentication </li></ul><ul><li>Authorization </li></ul><ul><li>Identity Data </li></ul><ul><li>Authentication </li></ul><ul><li>Authorization </li></ul><ul><li>Identity Data </li></ul><ul><li>Authentication </li></ul><ul><li>Authorization </li></ul><ul><li>Identity Data </li></ul><ul><li>Authentication </li></ul><ul><li>Authorization </li></ul><ul><li>Identity Data </li></ul><ul><li>Authorization </li></ul><ul><li>Identity Data </li></ul><ul><li>Authentication </li></ul><ul><li>Authentication </li></ul><ul><li>Authorization </li></ul><ul><li>Identity Data </li></ul><ul><li>Authentication </li></ul><ul><li>Authorization </li></ul><ul><li>Identity Data </li></ul>
    18. 18. Who Are These People? Your COMPANY and your EMPLOYEES Customer satisfaction & customer intimacy Cost competitiveness Reach, personalization Collaboration Outsourcing Faster business cycles; process automation Value chain M&A Mobile/global workforce Flexible/temp workforce Your SUPPLIERS Your PARTNERS Your REMOTE and VIRTUAL EMPLOYEES Your CUSTOMERS
    19. 19. How Did We Get Here? <ul><li>Regulation & Compliance: A Rising Tide </li></ul><ul><ul><li>HIPAA, SOX, GLB, 21 CFR 11 </li></ul></ul><ul><ul><li>Over $16 billion spent on compliance in 2006 (analysts estimate) </li></ul></ul><ul><li>A More Complex Threat Landscape </li></ul><ul><ul><li>ID theft is on track to cost companies and consumers over $1.4 billion in 2009 </li></ul></ul><ul><ul><li>In 2006, over $295 billion was spent dealing with the exposure of confidential information </li></ul></ul>Data Sources: U.S. Dept of Justice, Gartner, AMR Research
    20. 20. Other Factors Leading To ID Mismanagement <ul><li>Maintenance Costs Are Sucking Up IT Budgets </li></ul><ul><ul><li>An average business user interacts with 16 applications to do their job </li></ul></ul><ul><ul><li>Businesses spend $25-$30 per user per year for password resets </li></ul></ul><ul><li>Business Automation And Integration Is Increasing </li></ul><ul><ul><li>Over 49% of American businesses have some sort of SOA initiative underway </li></ul></ul><ul><ul><li>The deployment of web services is growing by 40% year to year </li></ul></ul>Data Sources: IDC, Gartner
    21. 21. Agenda <ul><li>The Challenge of Managing Identity Risk </li></ul>
    22. 22. What Are We Looking To Accomplish? <ul><li>Identity Management: A complex process with a simple goal </li></ul><ul><li>To ensure that users can only access the information and resources they need to complete tasks they are authorized to undertake </li></ul>
    23. 23. The Chokepoints Business Owner End User IT Administrator Developer Security/ Compliance <ul><li>Too expensive to reach new customers, partners, and channels </li></ul><ul><li>No control </li></ul><ul><li>Too many passwords leads to insecure storage of access info </li></ul><ul><li>Long waits for access to apps </li></ul><ul><li>Excessive time spent managing user stores and id repositories </li></ul><ul><li>Unreliable sync mechanisms </li></ul><ul><li>Same access and validation code from app to app </li></ul><ul><li>Change one? Have to change them all </li></ul><ul><li>Multiple orphaned user accounts </li></ul><ul><li>Limited auditing ability </li></ul>
    24. 24. The Hurdles <ul><li>Key Challenges </li></ul><ul><li>Usability </li></ul><ul><li>Efficiency </li></ul><ul><li>Reliability </li></ul><ul><li>Consistency </li></ul><ul><li>Scalability </li></ul>
    25. 25. The Components Of Identity Management
    26. 26. Agenda <ul><li>The Solutions </li></ul><ul><li>(Not To Be Confused With Your Solution) </li></ul>
    27. 27. It’s All About Analysis <ul><li>First Steps </li></ul><ul><li>Identify critical assets </li></ul><ul><li>Assess the risks associated with those assets (exposure, corruption, etc) </li></ul><ul><li>Determine the cost of risk realization </li></ul><ul><li>Identify ways to reduce that risk that are financially in line with the loss potential </li></ul>
    28. 28. Technology Can Help <ul><li>Relevant Technologies </li></ul><ul><li>Directories </li></ul><ul><ul><li>LDAP, X.500, etc. </li></ul></ul><ul><li>Web Access Management </li></ul><ul><ul><li>Single sign-on (SSO) infrastructure </li></ul></ul><ul><li>Password Management </li></ul><ul><ul><li>Synchronization and ease of user management </li></ul></ul><ul><li>User Provisioning </li></ul><ul><ul><li>On-boarding; Getting the new guy hooked up </li></ul></ul>
    29. 29. But In The End… <ul><ul><li>It’s All About </li></ul></ul><ul><ul><li>Process and Control! </li></ul></ul>
    30. 30. So, Where’s The ROI? <ul><li>Password Management </li></ul><ul><ul><ul><li>“ Password reset costs range from $51 (best case) to $147 (worst case) for labor alone.” – Gartner </li></ul></ul></ul><ul><li>Directory Synchronization </li></ul><ul><ul><ul><li>“ Improved updating of user data: $185 per user/year” </li></ul></ul></ul><ul><ul><ul><li>“ Improved list management: $800 per list” </li></ul></ul></ul><ul><ul><ul><li>- Giga Information Group </li></ul></ul></ul><ul><li>User Provisioning </li></ul><ul><ul><ul><li>“ Improved IT efficiency: $70,000 per year per 1,000 managed users” </li></ul></ul></ul><ul><ul><ul><li>“ Reduced help desk costs: $75 per user per year” </li></ul></ul></ul><ul><ul><ul><li>- Giga Information Group </li></ul></ul></ul>
    31. 31. Doing Nothing Will Cost You <ul><li>Identity Management Issues Are Multiplying </li></ul><ul><li>Today, an average corporate user spends 16 minutes a day logging onto various corporate applications </li></ul><ul><li>A typical home user maintains 14-21 digital identities </li></ul><ul><li>The number of phishing and pharming sites grew over 1600% in the past year </li></ul><ul><li>Corporate IT Ops manage an average of 75 applications and 52 suppliers, often with individual directories and authentication schemes </li></ul><ul><li>Regulators are becoming stricter about compliance and auditing </li></ul><ul><li>Orphaned accounts and digital identities will lead to security problems </li></ul>
    32. 32. Agenda <ul><li>The Steps You Should Be Taking </li></ul>
    33. 33. Identity Management Strategy Self-Assessment Twelve Questions You Should Be Asking (and two reasons why you probably aren’t)
    34. 34. Policy Management <ul><li>Keys To A Successful ID Management Policy </li></ul><ul><li>Establishing executive sponsorship </li></ul><ul><li>Identifying key players </li></ul><ul><li>Breaking down the enterprise into manageable components </li></ul><ul><li>Performing a comprehensive risk analysis component by component </li></ul><ul><li>Establishing appropriate risk mitigation measures and processes </li></ul><ul><li>Communication across the enterprise </li></ul><ul><li>Review and tweak frequently </li></ul>
    35. 35. Agenda <ul><li>Q & A </li></ul>
    36. 36. Questions?