The document discusses the challenges of identifying and managing identity data for an effective identity and access management (IAM) program. It highlights the importance of connecting to authoritative identity data sources, ensuring data quality, and properly mapping data between systems. Without addressing these data issues, an IAM implementation can result in non-compliance, lack of data integrity, and incorrect provisioning of access.
1. The Born Identity
A drama based on the trial and tribulations in identifying the data required to
run an effective Identity and Access Management program.
Presented by: Sathish Chittibabu
www.solstice-consulting.com
Date: 5/26/2010
1
2. Highlights
Identifying and connecting to source
system of records
Ensuring Data quality (usability, business
friendliness)
Data mapping (between systems)
3. Identity & Access Management
Access Request Provisioning Compliance
System System System
Governance Platform
4. System of Records
What is your System Of Records?
Identity Repository
HR System e.g., PeopleSoft etc.,
IDM System e.g., Sun/Oracle IDM, Novell, CA etc.,
Directory Services e.g., AD, eDirectory, openLDAP etc.,
Internet based (for cloud) e.g., OpenId, GoogleId etc.,
Meta-data Repository
App/Platform definitions with their entitlements for the
Access Request (AR) System.
Access Level data
Application and Platform Entitlements
5. Meta-data Repository
What came first ?
Cannot define an App/Platform’s Entitlement
meta-data completely unless some one has
access on the App/Platform.
6. Data Connections
Meta-data
File based ingestion repository
Auto Adapters
DB Adapters
- Identities
Web Services - Access
Level
FTP I&AM Platform
- App/Entitlements
- Security Policy
- Compliance data
7. Data Quality
Impacts of bad data
Audit & Compliance issues
Data Integrity
Data Validation
Any presentation data should in plain English –
business friendly
Add meaningful descriptions to Applications,
Entitlements etc.,
8. Data Mapping
If(Access Requested == Access Granted)
{
Good !! Excellent!! Awesome !!!
}
else
{
Welcome to the chaotic real world !!!
}
9. Data Mapping issues
Auto Provisioning
No issues – What you request is what granted !
Manual Provisioning
Emails, Ticketing system, Paper based
Support personnel manually enters information in
their Auth System
Black box provisioning – Request Translated by
Homo Sapiens
Requested Granted
Achutung Attention
Baby ! Baby!
10. So what’s the problem?
Data Mapping is a complex problem to solve
Who owns the data ? - App/Platform teams or
Information Security team
Information is stored in the heads of the Provisioning
team
Compliance gets harder and Managers tend to do
Rubber stamping
No real time syncing of data between Live system
and Meta data store
11. Summary
Information Security is not just about Process &
People Sanity… it’s also about Data Sanity !!!
Know your data – Build a central repository
Make the data owners accountable for the data
Streamline your Authentication & Authorization
for Applications
Avoid black box manual provisioning
12. Ideal I&AM Implementation
Build your I&AM Solution
Build your centralized Meta-data repository
Identify and solve data issues
13. Follow-ups.. . .
Sathish Chittibabu
sath79@gmail.com
Twitter: @schittibabu
Other Thought Leadership:
www.solstice-consulting.com
CIO.com Blog: http://advice.cio.com/user/solstice_consulting/track
Follow us on Facebook and Twitter:
Twitter: http://twitter.com/solsticellc
Facebook: http:// www.facebook.com/solsticeconsulting