Identity and AccessManagementAn integrated solution for an   For enterprise investment in IAM solutions,Enterprise        ...
Table of ContentsIntroduction ...............................................................................................
IntroductionIdentity and Access Management (IAM) is a set of processes and technologies to manage usersdigital identities ...
IAM Architecture and ServicesAn IAM solution provides secure and auditable access to systems, resources and applications. ...
Identity and Access Management TechnologiesThe two major classes of IAM technology are identity Management and access mana...
(intranet) or across independent and disparate domains (extranet) using open standardsA full IAM solution requires multipl...
Upcoming SlideShare
Loading in...5
×

Identityand accessmanagement

365

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
365
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
19
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Identityand accessmanagement"

  1. 1. Identity and AccessManagementAn integrated solution for an For enterprise investment in IAM solutions,Enterprise primary driver shifts from compliance to information protection. Additionally, Organizations are now focusing on IAMNilesh Shirke solution to improve infrastructure security & providing better user experience. The IAMeSecurity Practice solution primarily consists of three mainTech Mahindra components, Identity Repository, Identity Management and Access Management. The rationale behind building an IAM solution in an Enterprise is to achieve greater ROI at lower TCO. It optimizes new investment for direct benefits & frees up part of operational budget for Innovation. © Tech Mahindra Limited 2010
  2. 2. Table of ContentsIntroduction ................................................................................................................................. 2 Increase Operating Efficiency ................................................................................................. 2 Security Efficiency .................................................................................................................. 2 Security Effectiveness............................................................................................................. 2 Business Enablement ............................................................................................................. 2IAM Architecture and Services .................................................................................................... 3Identity and Access Management Technologies ......................................................................... 4 Directory Technologies ........................................................................................................... 4 Identity Management Technologies ........................................................................................ 4 Access Control Technologies.................................................................................................. 4Summary .................................................................................................................................... 5 1 © Tech Mahindra Limited 2010
  3. 3. IntroductionIdentity and Access Management (IAM) is a set of processes and technologies to manage usersdigital identities and ensuring that only authorized users have access to the informationresources, with access-needs based on users’ business relationship with the organizationIn reality, IAM is a complex business solution that goes far beyond the IT department. Itencompasses the entire enterprise, including all business units, individual locations, systems,access points, business partners, and customers. Organizations have been implementingidentity and Access Management on a per system and application basis through the creation ofuser accounts and administering file permissions.Identity and Access Management have evolved into independent products which provide acentralized identity and access management services across the system and application estate.These solutions are maturing in their capabilities and service offerings. We are gradually seeingthe emergence of IAM as a recognizable discipline within information security that encompassesa broad range of enterprise tools and technologies within a distinct architecture supporting aset of interrelated processes.There are many factors driving the adoption of IAM Solution in enterprises and governmentorganizations which can be categorized in four broad areas.Increase Operating EfficiencyOrganizations are continually in hunt for measures to reduce cycletime and reduce TCO while improving SLNs. Business DriversSecurity EfficiencyBy centralization of security policy enforcement and controlling  Operating Efficiencyauthentication and authorization to its application infrastructure,  Security EfficiencyOrganization need to exhibit how security is being enforced and  Securitymanaged at all times Effectiveness  BusinessSecurity Effectiveness EnablementOrganizations are also mandated to adhere to regulatorycompliance by managing the enterprises risk-profile better.Business EnablementStreamline the business processes and structuring the technology components provideOrganizations greater flexibility. It is expected to proactively support business initiatives suchas reorganizations, mergers and acquisitions, new business partnerships, new product andsystem rollout.2 © Tech Mahindra Limited 2010
  4. 4. IAM Architecture and ServicesAn IAM solution provides secure and auditable access to systems, resources and applications. Itcomprises of the people, processes, and technology collaborating for the solution. An IAMsolution mediates between identities and resources. It is able to centrally administer identityand policy information and is able to support both centralizedand distributed policy decision points. Centralizing policydecisions simplifies how policy changes are propagated, as well IAM is a set of processesas how the integrity of those policies is maintained. It comprises and technologies toof three core areas; manage users digital identities and its access Directory services - Storing identity and its attribute data, privileges to systems and configuration information, and policies. information based on users business relationship with Identity Provisioning and Administration Services - Providing the Organization identity lifecycle management services, such as ID provisioning/de-provisioning, password management, approval-workflows, synchronization logic. Access Management Services - Defining and evaluating security policies related to authentication, authorization, auditing, and privacy through well-defined service interfaces. Benefits to the Enterprise  Reduce TCOThe diagram below identifies various components of each of thecore layers.  Improved Risk Management  Regulatory Compliance  Increase Operational Efficiency  Business Facilitation IAM Architecture in an Enterprise 3 © Tech Mahindra Limited 2010
  5. 5. Identity and Access Management TechnologiesThe two major classes of IAM technology are identity Management and access management whileDirectory Technology provides the underlying infrastructure and interface for storage of Identityinformation.Directory TechnologiesUsers’ credentials and attributes are stored in Directories. Directory Directory TechnologyTechnology provides an object-oriented, dynamically configurable solutionsrepository with standards for access, security, and information  Meta Directorymanagement. To facilitate potentially unlimited scalability,  Virtual Directorydirectories organize their data hierarchically. Directories are designedfor fast response times to queries as the identity information isgenerally queried much more often than it is updated. SomeOrganizations prefer to leverage existing relational DB to storeenterprise Identities as wellIdentity Management Technologies Identity Management SolutionsIdentity management technologies are designed to provide  Centralized Usercentralized capabilities for managing the Enterprise User identity Provisioninglifecycle (creation, modification, self-service, synchronization,  Process Workflowreporting, and revoking). It includes Identity Administration and mappingIdentity Auditing.  Role ManagementThe Identity administration focuses on the management of users  Centralized Passwordmultiple identities, attributes and credentials across heterogeneous Mgmtenvironment. It also includes password management and theadministration of access model constructs such as roles and resource  Identity Auditing andaccess control information Compliance Capability  Policy based SegregationIdentity auditing tools focus primarily on identity-related event of duties.monitoring, reporting status auditing and enforcement of segregationof duties.Access Control TechnologiesAccess Control technologies are designed to provide and managing SSO Technology Solutionsthe access to an application or operating system environment with  ESSO for Enterprisehigh depth of access, adequate logging, ability to implement dynamic Applicationsaccess rules, and ability to perform authentication when accessing  WebSSO for Web Basedinformation. The access management tools certainly have Applicationadministration capabilities, but their distinctive focus is onauthorization. Access management tools enforce access control  Smart Token Based SSOpolicies across heterogeneous environments  Federation from Cross domain SSOIt includes technologies to Authenticate and provide seamless accessto organization’s application estate. Federation is an approach of  OS Access Managementauthenticating users across multiple sites within the organization4 © Tech Mahindra Limited 2010
  6. 6. (intranet) or across independent and disparate domains (extranet) using open standardsA full IAM solution requires multiple products, at least one from each technology class discussed brieflyin the document. Although any major IAM vendor can provide core products, no one vendor can providea full integrated IAM solution. Following is the brief summary of IAM technologies and their solidity inthe marketSummaryThe Identity Solution designed around business policies should be able to revolve business issues withthe help of neatly laid out standardized business processes. The IAM Solution also offers a thorough anddynamic data protection solution that can be implemented around the existing business processes andtechnologies. It delivers an adequate level of security through a simple set of customizable managementinterfaces. 5 © Tech Mahindra Limited 2010

×