Your SlideShare is downloading. ×
IAM  Solution
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

IAM Solution

2,061
views

Published on

Comple Solution framework

Comple Solution framework

Published in: Technology, Business

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,061
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Terry
  • Transcript

    • 1.  
    • 2.
      • Three Keys are– Business Alignment, Executive Involvement, Proven Progress
        • Get all aspects of your business involved
        • Demonstrate ROI to Executives in language they understand and believe
        • Become (or create) a ‘hero’ that delivers real returns
      Identity and Access Management
    • 3. Parts of Organization that are INVOLVED -- WHO ARE YOU?
        • Audit (security control and risk reduction)
        • Financial Dept (cost savings / ROI)
        • IT Infrastructure (efficiency and centralization)
        • Network Manager (consolidation, single infrastructure, management)
        • Support (ease of administration)
        • Platform Owner (Reduced administration and single sign-on)
        • Help Desk (Reduced calls)
        • Application owner for SAP/JDE (Ease of use, integration, security)
        • Strategy (platform and foundation for centralized services)
        • Business Unit (Tactical requirements, improved security)
      Identity and Access Management
    • 4.
      • What is Stopping YOU from Doing a Successful Identity Management Project?
        • Lack of technology? We’re Surrounded by Great Technology!
        • Lack of BUDGET, BUY-IN, and PROVEN EXPERIENCE
        • This is the same all over the world.
      • We’ll show you how Grail helps clients get past the wiz-bang technology, and successfully implement Identity Management organizations throughout the the world.
        • Real Case Study
          • Business Case
          • Implementation Plan
        • Using an ROI Tool
        • ID Accelerator -- IBM solution
      Identity and Access Management
    • 5. Case Study – “Company XYZ”
      • The Problem
      • The Solution
      • The Costs & Cost Savings
      • Business Benefits
        • Real Case Study
      Identity and Access Management
    • 6. Our Client’s Situation
      • Company XYZ Corporate looking to implement Directory Services across their organization
        • intent on developing an enterprise directory ,
        • providing a process for managing identity data, and
        • reducing sign-on across the organization.
      • Broader solution with strategic context of Identity Management
        • the identity directory, Web access management, authoritative source integration, user account provisioning, role base access control, and protection across the organization .
      • We investigated the following.
        • The security infrastructure used by each business unit.
        • The direction units taking related to Directory deployments.
        • The current state and future needs related to the ID Mgmt components.
        • Data to support a business case for pursing ID Mgmt, inclusive of a directory component.
      • Our goal was document findings and build a case for an Id Mgmt strategy project to
        • define the solution, determine actual cost, and provide an implementation plan.
        • Real Case Study
      Identity and Access Management
    • 7. Role Based Access Controls (RBAC) Protection PS v8 Cust BP Data Transformation AuthN AuthZ Authoritative Source Identity Repository User Provisioning Access Management LDAP v3 Directory Business Events/Triggers Platform / Applications Summary of Pain Points
      • Currently Company XYZ Corporate is concentrating on one aspect of identity management, while individual business units are each attempting to address different components of identity management specific to their needs.
      Corporate Focus France Brighton Germany Holland England Spain
        • Real Case Study
      iMAAP Identity and Access Management
    • 8.
      • Despite having an enterprise-wide architecture, each Line Of Business (LOB) is promoting “silo” security authentication, admin and development efforts.
      • New applications imply designing new application specific security solutions.
        • Redundant solutions, technologies and procedures.
        • Inconsistent security administration and architecture.
        • Increased vulnerabilities due to unmanageable and disparate user accounts.
        • Increased costs (e.g., development, hardware, administration).
      The Issue
        • Real Case Study
      Identity and Access Management Distribution XYZ.com Germany Spain England France LOB Security Architecture LOB Development LOB Applications LOB Security Architecture LOB Development LOB Applications LOB Security Architecture LOB Development LOB Applications LOB Security Architecture LOB Development LOB Applications LOB Security Architecture LOB Development LOB Applications LOB Security Architecture LOB Development LOB Applications Other LOB Security Architecture LOB Development LOB Applications
    • 9. Summary of Common Pain Points Distribution England XYX.com Spain Germany France
        • Real Case Study
      Identity and Access Management Inefficient multiple logins with different usernames and passwords. X X X X X Increased maintenance requirements - individual security concerns. Using .com X Using.com X X Waiting on . com Support requirements for stronger levels of authentication . X X X X X X Lack of common strategy regarding directories used by LOB’s. X X X Administration of multiple users becoming harder to manage. X X X X X X
    • 10. Summary of Common Pain Points Distribution England XYX.com Spain Germany France
        • Real Case Study
      Identity and Access Management X X X X X Role based access controls are not commonly used in applications across the organization. X X X X X X Access request process of user accounts is inefficient and inconsistent between business units. X X X X X X Decentralised security, and inconsistent policies and baseline leading to greater concern for risk exposure. Password resets for user accounts across applications large part of help desk volumes . Timely manual processes for security admin of applications. User Information not always up-to-date. X X X X X X X X X / X X
    • 11. The Solution
      • Business Requirements
      • Solution Architecture
      • Implementation Roadmap
        • Real Case Study
      Identity and Access Management
    • 12.
      • The Company XYZ ID Mgmt solution should:
        • Simplify the user process
        • Improve user account management
        • Streamline the administration and approval processes
        • Reduce costs
        • Increase user productivity
        • Provide a common solution
        • Facilitate integration
        • Provide trusted collaboration
        • Reduce the exposure of security vulnerabilities
      Business requirements - Key Drivers for Building Strategy
        • through self registration and delegated admin of user accounts.
        • through role based access control.
        • using workflow.
        • through centralized management of user accounts.
        • through reduced sign-on and cross platform password management and synchronization.
        • for Corporate, Business Units, Partners and Customer web-based authentication and authorization.
        • of Company XYZ business units as well as other business partners.
        • between business partners.
        • through the management of identities and corporate assets (applications, systems and people).
        • Real Case Study
      Identity and Access Management
    • 13. Solution Architecture - Example
      • An identity centric model such as this one provides a common single secure infrastructure to be leveraged across Company XYZ’s business units:
      INFORMATION SECURITY ARCHITECTURE IDENTITY REPOSITORY ACCESS MANAGEMENT USER ACCOUNT PROVISIONING Account and Password Management Web-Based Authentication/ Authorisation
        • Real Case Study
      Identity and Access Management Distribution XYX.com Germany Spain England France LOB Development LOB Applications LOB Development LOB Applications LOB Development LOB Applications LOB Development LOB Applications LOB Development LOB Applications LOB Development LOB Applications Other LOB Development LOB Applications
    • 14. Typical Identity Management Roadmap - It’s a phased approach Phase 1 (2 – 3 Months) Phase 2 ( 4 – 6 Months) Phase 3 ( 6 – 8 Months) Phase 4 ( 5 – 6 Months)
      • Identity Management
      • Strategy
        • As-Is Assessment
        • To-Be Architecture
        • Implementation Plan
      • Directory Alignment
        • Tree Design
        • Enterprise Alignment
        • Schema Extension
      • Web Access Management Base Line
        • Pilot integration of 3 – 5 apps
        • Define Strong Authentication
        • User Delegated and Self-Service
      • Establish Common Infrastructure
        • Align Unique Identifiers
        • Establish Architecture
        • User Repository
      • Extend Web Access Management
        • Enable Web Single-Sign
        • Leverage RBAC
        • Client and Business Partner Integration
      • Provisioning Baseline
        • Authoritative Source Integration
        • 3 – 5 Key Systems
        • Workflow and Self Service
      • RBAC Baseline
        • Design Enterprise Structure
        • Integration with Identity Management
      • Extend Provisioning
        • Password Management
        • Extend Workflow
        • Leverage RBAC
      • Directory Alignment
        • Provisioning Integration
        • RBAC Integration
      • Extend Common Infrastructure
        • Provisioning Integration
        • Decentralised Administration
        • Centralised Management
        • Real Case Study
      Identity and Access Management
    • 15. The Costs & Cost Savings
      • Security Administration and identity Management Costs
      • Identity Management Costs Savings
        • Real Case Study
      Identity and Access Management
    • 16.
      • Company data and base assumptions used in the following costs include:
      Security Administration and Identity Management Costs - Model * based on industry experience
        • Real Case Study
      JUMP TO LIVE ROI Identity and Access Management
    • 17. Security Administration and Identity Management Implementation Costs
      • Direct costs represent the costs associated with managing, administering and development of applications and systems:
      * based on industry experience
        • Real Case Study
      Identity and Access Management
    • 18. Security Administration and Identity Management Costs - Model
      • Productivity costs represent the costs associated with users unable to perform work due to a work stoppage or unavailable resources. Additional costs are associated with incorporating new business units, managing non-employees, security breaches, and compromise of trade secrets.
      * based on industry standards ** Doesn’t include Acquisition Costs
        • Real Case Study
      Identity and Access Management
    • 19. Identity Management Costs Savings - Model * Amounts in 1,000
        • Real Case Study
      Identity and Access Management
    • 20. Benefits
        • Real Case Study
      Identity and Access Management
    • 21. Benefits
      • A common single secure infrastructure with integration to Company XYZ business units provides four major benefits…….
      PROTECTION IDENTITY REPOSITORY ACCESS MANAGEMENT USER ACCOUNT PROVISIONING Common Security Infrastructure
      • Provides a common security authentication and authorisation mechanism:
        • to enable Access Management for Web Based applications;
        • administer security authentication rights for legacy applications;
        • provide Company XYZ branding; and
        • enable deployment of strong authentication.
      • Provides a common security administration mechanism for user account provisioning. Can leverage HR Application as an authoritative source, provide directory management of user data, self-service functionality, delegated administration, and password management
      • Repository that can be used for
        • internal and external user authentication purposes,
        • a centralized repository of identity information of all entities interacting with Company XYZ.
        • a Meta-directory concept, separate directories can be deployed feeding a master directory.
      • Single control point for protection and risk avoidance of the security infrastructure providing policies and procedures, security baselines, vulnerability assessments, and intrusion detection.
      PROTECTION
        • Real Case Study
      Identity and Access Management
    • 22. Benefits – Addressing the Pain Points Distribution Spain XYX.com Germany England France Pain Point Common Security Architecture Component
        • Real Case Study
      Identity and Access Management Multiple logins - An enterprise security infrastructure used across the organization to reduce the sign-on. Identity Management Strategy X X X X X Increased maintenance requirements - Centralised access management point for all web applications Access Management X X X X X X Strong authentication - Access management using infrastructure for strong authentication Web Access Management X X X X X X Lack of strategy regarding common directories - Consistent strategy for directory infrastucture. Identity Repository X X X X X X Administration/Management of multiple users - Common directory for user storage, security attributes, rules, and web app integration. Identity Repository X X X X X X
    • 23. Benefits – Addressing the Pain Points Distribution Spain XYX.com Germany England France Pain Point Common Security Architecture Component
        • Real Case Study
      Identity and Access Management Manual security admin processes - Automatic user account provisioning from PeopleSoft HR to systems and applications. Authoritative Source X X X X X X Held desk password reset calls - Self password reset capability. Access Management and Provisioning X X X X X X Manual access request processes - On-boarding, Off-boarding, updating aligned and automated through workflow. Provisioning X X X X X X Role based access controls - RBAC architecture defined throughout enterprise. RBAC X X X X X X Decentralised security and inconsistent policies - Centralised security policy and standards imposed and enforced. Protection X X X X X X
    • 24. Next Steps
      • Identity Management Strategy
      • Summary of Key Benefits
      • Demonstrating ROI using IBM -ID Accelerator
        • Real Case Study
      Identity and Access Management
    • 25. Identity Management Strategy
      • Conduct an Identity Management strategy project which will do the following.
        • Provide project management and quality assurance;
        • Assess, review, and evaluate existing vendors or custom built applications for Id Mgmt;
        • Identify and interview stakeholders (business units, IT, IS, and application development) directly linked to the applications being integrated with the Id Mgmt solution;
        • Assess authentication and authorisation capabilities and integration for future web applications (data and technology) to determine integration of the central repository and provisioning mechanism;
        • Assess the current and future use of Current Directory (tree structure, data and identities);
        • Assess authoritative source(s) integration (data, process, application, and technology);
        • Evaluate role-based access control activities and integration with other ID Mgmt components;
        • Assess resource provisioning; and
        • Prepare enterprise Id Mgmt detailed business case, strategy, architecture and plan.
        • Real Case Study
      Identity and Access Management
    • 26. Identity Management Strategy
      • The deliverables to be produced from this strategy include:
        • Project Scope – A summary of the project scope and activities completed.
        • As-Is Assessment – An as-is assessment and inventory of existing products or plans related to the Id Mgmt components described above;
        • Business Requirements and Case – A summary of the business goals/requirements that drive the need for an ID Mgmt solution. These requirements will include business value proposition and critical success factors needed to undertake an ID Mgmt solution. Additionally, a business case would be developed with Company XYZ specific cost elements;
        • Architecture (blueprint) – An architecture for the enterprise Id Mgmt solution for employees, business partners, and customers. The architecture will include all the components of an Id Mgmt solution and the process, technology, and data implications, specific to Company XYZ . Additionally, a detailed directory design and structure will be included; and
        • Implementation Plan – A high-level implementation plan that breaks the components of the solution into manageable implementation phases, which will deliver the highest benefits with the easiest integration. This plan will include timing and estimated costs to complete the entire project.
      • This proposed project is estimated to be completed over a six to eight week time frame.
        • Real Case Study
      Identity and Access Management
    • 27. Identity Management Strategy
      • The deliverables to be produced from this strategy include:
        • Project Scope –summary of the project scope and activities completed;
        • As-Is Assessment – assessment and inventory of existing products or plans;
        • Business Requirements and Case – business goals/requirements that drive ID Mgmt;
        • Architecture (blueprint) – architecture for the enterprise Id Mgmt including the process, technology, and data implications and detailed directory design and structure specific to Company XYZ; and
        • Implementation Plan – Implementation plan breaking down components of the solution into manageable implementation phases, deliver the highest benefits with the easiest integration..
      • This proposed project is estimated to be completed over a six to eight week time frame.
        • Real Case Study
      Identity and Access Management
    • 28. Business Case ROI for Identity Management Summary
      • Tangible Benefits
        • Reducing help desk calls for password resets.
        • Reducing the number of admin staff needed to create/ manage accounts.
        • Reducing the number of user licences.
        • Waiting time for new users to get access to accounts.
        • Automating process of removing people once they leave.
        • Single infrastructure to manage and secure.
      • Non-Tangible Benefits
        • Improved control over secure access to resources.
        • Security audit findings reduced.
        • User experience improved.
        • Centralised administration for audit and control mechanisms.
        • Single view of users and mappings to resources.
        • Number of unused accounts reduced.
        • Real Case Study
      End of Case Study
    • 29. ID Accelerator – Become (or Create) A Hero
      • Joint IBM – D&T solution packaging services and technology that combines proven provisioning technology and implementation services.
      • Designed to protect client investments, deliver a rapid ROI, demonstrate ID Management capabilities, and prove Results.
      • The solution is
        • Repeatable
        • Fixed Price for Software and Services
        • Fixed Scope
        • Fixed Timeline
      ID Accelerator Identity and Access Management
    • 30. Identity and Access Management
    • 31. ID Accelerator Scope
        • Manageable entry-cost and rapid ROI
          • Fixed cost < $195K
        • Provisioning license
          • 1,500 users on ITIM Enterprise Server
          • 3 ITIM Services (Managed Resources)
            • Operating System (Unix, Novell, 1 Windows Domain)
            • Email (Exchange, cc:mail, or GroupWise)
            • 1 Initial User Data Feed (DSML service)
        • Enterprise-level Project Management to ensure efficient implementation
        • Baseline Provisioning functionality
          • User Self Service & Password Reset
          • Basic Solution Components
            • Org chart (up to 50 containers)
            • Email notification setup
            • System look-and-feel (logo’s, icons and colors)
            • Provisioning Policies (password & naming)
            • ID Roles (Admin, HelpDesk, Supervisor, User)
            • Policies for above to support auto-provisioning
            • 2 Workflows (ITIM, OS)
            • Access Control Rules (top level only)
            • Input Forms customization
            • Reports (password change, account activities, orphaned/suspended accounts)
      Bundled set of Provisioning Software and Services Provides a foundation for Enterprise-Wide Identity Management ID Accelerator Identity and Access Management
    • 32. Summary
        • Get all aspects of your business involved
          • in this case, broadening the scope makes it easier to succeed
        • Demonstrate ROI to Executives in language they understand and believe
          • demonstrate real cost savings, business efficiencies, and business unit buy in
        • Become (or create) a ‘hero’ that delivers real returns
          • Try it on a manageable department or group
      Identity and Access Management
    • 33. Thank You! Identity Management and Authentication Identity and Access Management