SlideShare a Scribd company logo

The Born Identity

Sathish Chittibabu
Sathish Chittibabu

The document discusses the challenges of identifying and managing identity data for an effective identity and access management (IAM) program. It highlights the importance of connecting to authoritative identity data sources, ensuring data quality, and properly mapping data between systems. Without addressing these data issues, an IAM implementation can result in non-compliance, lack of data integrity, and incorrect provisioning of access.

Technology
1 of 13
The Born Identity A drama based on the trial and tribulations in identifying the data required to run an effective Identity and Access Management program. Presented by: Sathish Chittibabu www.solstice-consulting.com Date: 5/26/2010 1
Highlights  Identifying and connecting to source system of records  Ensuring Data quality (usability, business friendliness)  Data mapping (between systems)
Identity & Access Management Access Request Provisioning Compliance System System System Governance Platform
System of Records  What is your System Of Records?  Identity Repository  HR System e.g., PeopleSoft etc.,  IDM System e.g., Sun/Oracle IDM, Novell, CA etc.,  Directory Services e.g., AD, eDirectory, openLDAP etc.,  Internet based (for cloud) e.g., OpenId, GoogleId etc.,  Meta-data Repository  App/Platform definitions with their entitlements for the Access Request (AR) System.  Access Level data  Application and Platform Entitlements
Meta-data Repository  What came first ?  Cannot define an App/Platform’s Entitlement meta-data completely unless some one has access on the App/Platform.
Data Connections Meta-data  File based ingestion repository  Auto Adapters  DB Adapters - Identities  Web Services - Access Level  FTP I&AM Platform - App/Entitlements - Security Policy - Compliance data
Data Quality  Impacts of bad data  Audit & Compliance issues  Data Integrity  Data Validation  Any presentation data should in plain English – business friendly  Add meaningful descriptions to Applications, Entitlements etc.,
Data Mapping If(Access Requested == Access Granted) { Good !! Excellent!! Awesome !!! } else { Welcome to the chaotic real world !!! }
Data Mapping issues  Auto Provisioning  No issues – What you request is what granted !  Manual Provisioning  Emails, Ticketing system, Paper based  Support personnel manually enters information in their Auth System  Black box provisioning – Request Translated by Homo Sapiens Requested Granted Achutung Attention Baby ! Baby!
So what’s the problem?  Data Mapping is a complex problem to solve  Who owns the data ? - App/Platform teams or Information Security team  Information is stored in the heads of the Provisioning team  Compliance gets harder and Managers tend to do Rubber stamping  No real time syncing of data between Live system and Meta data store
Summary  Information Security is not just about Process & People Sanity… it’s also about Data Sanity !!!  Know your data – Build a central repository  Make the data owners accountable for the data  Streamline your Authentication & Authorization for Applications  Avoid black box manual provisioning
Ideal I&AM Implementation Build your I&AM Solution Build your centralized Meta-data repository Identify and solve data issues
Follow-ups.. . . Sathish Chittibabu sath79@gmail.com Twitter: @schittibabu Other Thought Leadership: www.solstice-consulting.com CIO.com Blog: http://advice.cio.com/user/solstice_consulting/track Follow us on Facebook and Twitter: Twitter: http://twitter.com/solsticellc Facebook: http:// www.facebook.com/solsticeconsulting

Recommended

Navigating The Clouds With An Enterprise IT Strategy
Navigating The Clouds With An Enterprise IT StrategyNavigating The Clouds With An Enterprise IT Strategy
Navigating The Clouds With An Enterprise IT Strategy
redmiller1
 
Campus Consortium EdTalks Featuring Clemson University
Campus Consortium EdTalks Featuring Clemson UniversityCampus Consortium EdTalks Featuring Clemson University
Campus Consortium EdTalks Featuring Clemson University
Campus Consortium
 
Federated Access Management 102
Federated Access Management 102Federated Access Management 102
Federated Access Management 102
JISC.AM
 
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarShibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
John Lewis
 
The Ball Launch on 2013 Microsoft TechDays Part 1/2
The Ball Launch on 2013 Microsoft TechDays Part 1/2The Ball Launch on 2013 Microsoft TechDays Part 1/2
The Ball Launch on 2013 Microsoft TechDays Part 1/2
Kallex
 
50 data principles for loosely coupled identity management v1 0
50 data principles for loosely coupled identity management v1 050 data principles for loosely coupled identity management v1 0
50 data principles for loosely coupled identity management v1 0
Ganesh Prasad
 
Data Harmony Version 3.9 Features Update
Data Harmony Version 3.9 Features UpdateData Harmony Version 3.9 Features Update
Data Harmony Version 3.9 Features Update
Access Innovations, Inc.
 
Persistently identifying website content
Persistently identifying website contentPersistently identifying website content
Persistently identifying website content
Andy Powell
 

Recommended

Navigating The Clouds With An Enterprise IT Strategy
Navigating The Clouds With An Enterprise IT StrategyNavigating The Clouds With An Enterprise IT Strategy
Navigating The Clouds With An Enterprise IT Strategy
redmiller1
 
Campus Consortium EdTalks Featuring Clemson University
Campus Consortium EdTalks Featuring Clemson UniversityCampus Consortium EdTalks Featuring Clemson University
Campus Consortium EdTalks Featuring Clemson University
Campus Consortium
 
Federated Access Management 102
Federated Access Management 102Federated Access Management 102
Federated Access Management 102
JISC.AM
 
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarShibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
John Lewis
 
The Ball Launch on 2013 Microsoft TechDays Part 1/2
The Ball Launch on 2013 Microsoft TechDays Part 1/2The Ball Launch on 2013 Microsoft TechDays Part 1/2
The Ball Launch on 2013 Microsoft TechDays Part 1/2
Kallex
 
50 data principles for loosely coupled identity management v1 0
50 data principles for loosely coupled identity management v1 050 data principles for loosely coupled identity management v1 0
50 data principles for loosely coupled identity management v1 0
Ganesh Prasad
 
Data Harmony Version 3.9 Features Update
Data Harmony Version 3.9 Features UpdateData Harmony Version 3.9 Features Update
Data Harmony Version 3.9 Features Update
Access Innovations, Inc.
 
Persistently identifying website content
Persistently identifying website contentPersistently identifying website content
Persistently identifying website content
Andy Powell
 
A Pragmatic Approach to Identity and Access Management
A Pragmatic Approach to Identity and Access ManagementA Pragmatic Approach to Identity and Access Management
A Pragmatic Approach to Identity and Access Management
hankgruenberg
 
Experiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceExperiences in federated access control for UK e-Science
Experiences in federated access control for UK e-Science
Eduserv Foundation
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
jbasney
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference Architecture
Hannu Kasanen
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access management
Evolveum
 
OAuth
OAuthOAuth
OAuth
Iván Fernández Perea
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
Mohammad Yousri
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity Manager
Hitachi ID Systems, Inc.
 
Canarie Federated Non Web Signon
Canarie Federated Non Web SignonCanarie Federated Non Web Signon
Canarie Federated Non Web Signon
Chris Phillips
 
Cultura DevOps
Cultura DevOpsCultura DevOps
Cultura DevOps
Carlos Felippe Cardoso
 
Shirish Brochure
Shirish BrochureShirish Brochure
Shirish Brochure
Shirish Durve
 
January 2010 Issue
January 2010 IssueJanuary 2010 Issue
January 2010 Issue
Leeds Met India
 
March 2010 Issue 3
March 2010 Issue 3March 2010 Issue 3
March 2010 Issue 3
Leeds Met India
 
Competition Power Point
Competition Power PointCompetition Power Point
Competition Power Point
jacalyn
 
Systeemveranderingnodig
SysteemveranderingnodigSysteemveranderingnodig
Systeemveranderingnodig
hiemstra
 
Camaro Article
Camaro ArticleCamaro Article
Camaro Article
mhoober
 
August
AugustAugust
August
Leeds Met India
 
Shirish Tally Brochure
Shirish Tally BrochureShirish Tally Brochure
Shirish Tally Brochure
Shirish Durve
 
Quiz stuff
Quiz stuffQuiz stuff
Quiz stuff
guest88c75a4
 
May 2010 Issue
May 2010 IssueMay 2010 Issue
May 2010 Issue
Leeds Met India
 
February 2010 Issue 2
February 2010 Issue 2February 2010 Issue 2
February 2010 Issue 2
Leeds Met India
 
July 2010
July 2010July 2010
July 2010
Leeds Met India
 

More Related Content

What's hot

Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
jbasney
 
Canarie Federated Non Web Signon
Canarie Federated Non Web SignonCanarie Federated Non Web Signon
Canarie Federated Non Web Signon
Chris Phillips
 

What's hot (9)

A Pragmatic Approach to Identity and Access Management
A Pragmatic Approach to Identity and Access ManagementA Pragmatic Approach to Identity and Access Management
A Pragmatic Approach to Identity and Access Management
 
Experiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceExperiences in federated access control for UK e-Science
Experiences in federated access control for UK e-Science
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference Architecture
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access management
 
OAuth
OAuthOAuth
OAuth
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity Manager
 
Canarie Federated Non Web Signon
Canarie Federated Non Web SignonCanarie Federated Non Web Signon
Canarie Federated Non Web Signon
 

Viewers also liked

Systeemveranderingnodig
SysteemveranderingnodigSysteemveranderingnodig
Systeemveranderingnodig
hiemstra
 
TU Delft personal branding
TU Delft personal brandingTU Delft personal branding
TU Delft personal branding
Rob Speekenbrink
 
Java Consulting tips for Beginners
Java Consulting tips for BeginnersJava Consulting tips for Beginners
Java Consulting tips for Beginners
Sathish Chittibabu
 

Viewers also liked (17)

Cultura DevOps
Cultura DevOpsCultura DevOps
Cultura DevOps
 
Shirish Brochure
Shirish BrochureShirish Brochure
Shirish Brochure
 
January 2010 Issue
January 2010 IssueJanuary 2010 Issue
January 2010 Issue
 
March 2010 Issue 3
March 2010 Issue 3March 2010 Issue 3
March 2010 Issue 3
 
Competition Power Point
Competition Power PointCompetition Power Point
Competition Power Point
 
Systeemveranderingnodig
SysteemveranderingnodigSysteemveranderingnodig
Systeemveranderingnodig
 
Camaro Article
Camaro ArticleCamaro Article
Camaro Article
 
August
AugustAugust
August
 
Shirish Tally Brochure
Shirish Tally BrochureShirish Tally Brochure
Shirish Tally Brochure
 
Quiz stuff
Quiz stuffQuiz stuff
Quiz stuff
 
May 2010 Issue
May 2010 IssueMay 2010 Issue
May 2010 Issue
 
February 2010 Issue 2
February 2010 Issue 2February 2010 Issue 2
February 2010 Issue 2
 
July 2010
July 2010July 2010
July 2010
 
Intro a Testes Automatizados
Intro a Testes AutomatizadosIntro a Testes Automatizados
Intro a Testes Automatizados
 
TU Delft personal branding
TU Delft personal brandingTU Delft personal branding
TU Delft personal branding
 
Java Consulting tips for Beginners
Java Consulting tips for BeginnersJava Consulting tips for Beginners
Java Consulting tips for Beginners
 
Developing Agile Java Applications using Spring tools
Developing Agile Java Applications using Spring toolsDeveloping Agile Java Applications using Spring tools
Developing Agile Java Applications using Spring tools
 

Similar to The Born Identity

Privacy Preserved Data Augmentation using Enterprise Data Fabric
Privacy Preserved Data Augmentation using Enterprise Data FabricPrivacy Preserved Data Augmentation using Enterprise Data Fabric
Privacy Preserved Data Augmentation using Enterprise Data Fabric
Atif Shaikh
 
A great api is hard to find
A great api is hard to findA great api is hard to find
A great api is hard to find
Dan Diephouse
 
Spca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackieSpca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackie
NCCOMMS
 
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
gueste4e93e3
 

Similar to The Born Identity (20)

Privacy Preserved Data Augmentation using Enterprise Data Fabric
Privacy Preserved Data Augmentation using Enterprise Data FabricPrivacy Preserved Data Augmentation using Enterprise Data Fabric
Privacy Preserved Data Augmentation using Enterprise Data Fabric
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
 
Peopleware. Introduction to Enterprise DataMashups
Peopleware. Introduction to Enterprise DataMashupsPeopleware. Introduction to Enterprise DataMashups
Peopleware. Introduction to Enterprise DataMashups
 
2016 Building Bridges - Need for a Data Management Strategy
2016 Building Bridges - Need for a Data Management Strategy2016 Building Bridges - Need for a Data Management Strategy
2016 Building Bridges - Need for a Data Management Strategy
 
Engineering Data Pipeline for Data-Driven Analytics
Engineering Data Pipeline for Data-Driven AnalyticsEngineering Data Pipeline for Data-Driven Analytics
Engineering Data Pipeline for Data-Driven Analytics
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
 
Crossing the Mashup Chasm. Enterprise Mashup Requirements
Crossing the Mashup Chasm. Enterprise Mashup RequirementsCrossing the Mashup Chasm. Enterprise Mashup Requirements
Crossing the Mashup Chasm. Enterprise Mashup Requirements
 
A great api is hard to find
A great api is hard to findA great api is hard to find
A great api is hard to find
 
Spca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackieSpca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackie
 
SAML protected resources: the theory and practice of granularity and manageme...
SAML protected resources: the theory and practice of granularity and manageme...SAML protected resources: the theory and practice of granularity and manageme...
SAML protected resources: the theory and practice of granularity and manageme...
 
Personium - Open Source PDS envisioning the Web of MyData
Personium - Open Source PDS envisioning the Web of MyDataPersonium - Open Source PDS envisioning the Web of MyData
Personium - Open Source PDS envisioning the Web of MyData
 
Qiagram
QiagramQiagram
Qiagram
 
Virdatint Distributed Data Virtualization Basics_2.6
Virdatint Distributed Data Virtualization Basics_2.6Virdatint Distributed Data Virtualization Basics_2.6
Virdatint Distributed Data Virtualization Basics_2.6
 
Gianluigi Viganò - How to use HP HEAVEN-on-demand functions for Big Data apps
Gianluigi Viganò - How to use HP HEAVEN-on-demand functions for Big Data appsGianluigi Viganò - How to use HP HEAVEN-on-demand functions for Big Data apps
Gianluigi Viganò - How to use HP HEAVEN-on-demand functions for Big Data apps
 
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and compliance
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
 
How IBM is Creating a Foundation for Cloud Innovation
How IBM is Creating a Foundation for Cloud InnovationHow IBM is Creating a Foundation for Cloud Innovation
How IBM is Creating a Foundation for Cloud Innovation
 
Why Data Virtualization? An Introduction by Denodo
Why Data Virtualization? An Introduction by DenodoWhy Data Virtualization? An Introduction by Denodo
Why Data Virtualization? An Introduction by Denodo
 
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Recently uploaded (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 

The Born Identity

  • 1. The Born Identity A drama based on the trial and tribulations in identifying the data required to run an effective Identity and Access Management program. Presented by: Sathish Chittibabu www.solstice-consulting.com Date: 5/26/2010 1
  • 2. Highlights  Identifying and connecting to source system of records  Ensuring Data quality (usability, business friendliness)  Data mapping (between systems)
  • 3. Identity & Access Management Access Request Provisioning Compliance System System System Governance Platform
  • 4. System of Records  What is your System Of Records?  Identity Repository  HR System e.g., PeopleSoft etc.,  IDM System e.g., Sun/Oracle IDM, Novell, CA etc.,  Directory Services e.g., AD, eDirectory, openLDAP etc.,  Internet based (for cloud) e.g., OpenId, GoogleId etc.,  Meta-data Repository  App/Platform definitions with their entitlements for the Access Request (AR) System.  Access Level data  Application and Platform Entitlements
  • 5. Meta-data Repository  What came first ?  Cannot define an App/Platform’s Entitlement meta-data completely unless some one has access on the App/Platform.
  • 6. Data Connections Meta-data  File based ingestion repository  Auto Adapters  DB Adapters - Identities  Web Services - Access Level  FTP I&AM Platform - App/Entitlements - Security Policy - Compliance data
  • 7. Data Quality  Impacts of bad data  Audit & Compliance issues  Data Integrity  Data Validation  Any presentation data should in plain English – business friendly  Add meaningful descriptions to Applications, Entitlements etc.,
  • 8. Data Mapping If(Access Requested == Access Granted) { Good !! Excellent!! Awesome !!! } else { Welcome to the chaotic real world !!! }
  • 9. Data Mapping issues  Auto Provisioning  No issues – What you request is what granted !  Manual Provisioning  Emails, Ticketing system, Paper based  Support personnel manually enters information in their Auth System  Black box provisioning – Request Translated by Homo Sapiens Requested Granted Achutung Attention Baby ! Baby!
  • 10. So what’s the problem?  Data Mapping is a complex problem to solve  Who owns the data ? - App/Platform teams or Information Security team  Information is stored in the heads of the Provisioning team  Compliance gets harder and Managers tend to do Rubber stamping  No real time syncing of data between Live system and Meta data store
  • 11. Summary  Information Security is not just about Process & People Sanity… it’s also about Data Sanity !!!  Know your data – Build a central repository  Make the data owners accountable for the data  Streamline your Authentication & Authorization for Applications  Avoid black box manual provisioning
  • 12. Ideal I&AM Implementation Build your I&AM Solution Build your centralized Meta-data repository Identify and solve data issues
  • 13. Follow-ups.. . . Sathish Chittibabu sath79@gmail.com Twitter: @schittibabu Other Thought Leadership: www.solstice-consulting.com CIO.com Blog: http://advice.cio.com/user/solstice_consulting/track Follow us on Facebook and Twitter: Twitter: http://twitter.com/solsticellc Facebook: http:// www.facebook.com/solsticeconsulting