SlideShare a Scribd company logo

Optimizing Identity Governance using Perseus IAM

Aldo Pietropaolo
Aldo Pietropaolo

Our modern approach to identity governance data management includes high-performing and layered IAM microservices that, once configured, continuously extract, correlate, transform, and normalize identity, system, application, device, and account data.

Software
1 of 17
Download to read offline
A modern and cloud-native approach for identity and access governance, data quality, and data accuracy. This cloud-native approach in identity and access management (IAM) includes IAM microservices that, once configured, continuously extract, correlate, and normalize identity and access data. This paper discusses the process by which you can develop a high-performing, effective, and efficient IAM–IGA infrastructure and use cases leveraging Perseus IAM and industry-leading IGA platforms. © Copyright 2018 Good Dog Labs, LLC
© Copyright 2018 Good Dog Labs, LLC | 2 Table of Contents Summary 3 IGA Program Pain 3 Relying on an IGA Platform Alone Is Not a Strategy 4 Next-Generation IGA and IAM 4 Moving Toward an Automated IGA Framework 5 Nine Steps to an Automated IGA Framework 5 The First Six Steps in Establishing an Automated IGA Framework 8 Automate Application Onboarding 8 Continuously Baseline Identity, Account, and Access Information 9 Baseline and Catalog Your Current IGA Process 11 Collect Data and Assign Risk 12 Identify and Eliminate Bad Combinations 13 Feed the IGA Automation Engine 14 Conclusion 16 External Validation of the Perseus IAM Platform 16 Contact Good Dog Labs 17
© Copyright 2018 Good Dog Labs, LLC | 3 Summary Our modern approach to identity governance data management includes high-performing and layered IAM microservices that, once configured, continuously extract, correlate, transform, and normalize identity, system, application, device, and account data. This approach provides your enterprise with the following benefits: ● Establishes high-performing, automated identity governance and administration (IGA) data-processing pipelines and frameworks for bootstrapping IGA programs and establishing ongoing identity analytics and access recertification processes across disparate technologies and integrated business processes. ● Uses your current technology ecosystem of systems, applications, and devices in conjunction with enterprise-grade IGA technology components, and includes new components provided by Good Dog Labs™. (Contact Good Dog Labs for information about Perseus IAM and its associated IAM microservices.) ● Allows you to implement an IGA Program in small, iterative sprints while establishing asset interrelationships that simplify IGA platform integration and integration in a cloud- native world. You can iteratively build your IGA capabilities over time, enabling you to establish a risk assessment process that allows for fast data collection, correlation, transformation, and normalization. Implementation consists of nine main steps, six of which this paper describes in detail. By implementing this new approach, you can better answer critical audit and business questions. You can continuously and more easily identify toxic access combinations, accelerate your project delivery, and automate your enterprise IGA framework and platform. IGA Program Pain There is an industry-wide consensus that an IGA Program begins with accurate and complete data and is critical to a successful project delivery. Often, business stakeholders will claim there are no issues with data quality, accuracy, and processes. Unfortunately, most often this claim turns out simply not to be true, which is discovered either before project initiation or during the requirements analysis phase of a project implementation. Generally, ensuring identity and access data quality and accuracy is the most time- and resource-intensive task during an implementation. Generally, organizations don’t have an appetite for “fixing” processes and technology that produce bad data because of the time, costs, and cross-organizational collaboration required. Not fixing the data quality and accuracy problem generally leads to delayed project implementations and highly customized IAM/IGA implementations, both of which affect project budgets and probabilities of success. Not fixing the data quality and accuracy problem effectively propagates bad data to downstream IAM/IGA systems, which leads to the granting of inaccurate access or to inaccurate access recertification campaigns. This affects the
© Copyright 2018 Good Dog Labs, LLC | 4 organization’s ability to comply with audits or leads to investments in manual reviews and corrections. Fixing the data problem is generally not effective and is often a short-term solution. Many questions still remain: ● How do you verify that problems are fixed? ● How do you know that the processes and technology in place will scale as business requirements change? ● How can you react to real-time changes in levels of access? ● How can you automate the onboarding of data, systems, devices, and applications into governance via the proper IGA platform channels and interfaces? Overall, IAM/IGA return on investment is reduced, time to value is increased, and business stakeholder dissatisfaction is rampant. This is generally the state in which we find our clients today. Relying on an IGA Platform Alone Is Not a Strategy Although IGA systems are powerful and have robust capabilities, they often expect data in a specific format. These systems often rely on inefficient means of performing real-time transformations and quality checks on data, based on overarching business rules and policies. Generally, IGA systems do not provide a means of applying real-time event management and dynamic data policies to ensure data accuracy and completeness. In general, IGA programs that rely on the IGA platform alone will experience difficulties and implementation hurdles because of inflexible data models that do not adapt well to objects beyond identities and entitlements. This also affects the overall solution’s ability to scale and support cloud-native infrastructures, applications, and devices. Finally, IGA systems generally do not provide a real- time view of data quality issues to security and operations teams so that they can take proactive threat countermeasures. Next-Generation IGA and IAM As part of an overall cloud-native and modern IAM and IGA architecture, Perseus IAM provides a real-time approach to ensuring identity, system, application, and device data accuracy and quality. This allows organizations to take a systematic and modern approach to addressing significant data accuracy and quality issues. Perseus IAM enables organizations to realize the value of their IAM–IGA infrastructure faster and in a more cost-effective manner, all while optimizing existing investments in IGA platforms and in-house technology. Here are a few key capabilities Perseus IAM introduces into an IGA Program for accelerating IGA program success. • Configuration-driven, real-time, and dynamic data filtering • Configuration-driven data normalization • Configuration-driven data inclusion/exclusion policies • Dynamic JSON-based data model that scales across various types of identity, application, infrastructure, and device data
© Copyright 2018 Good Dog Labs, LLC | 5 • Real-time views into data quality, errors, and policies • Real-time alerts when data is not of sufficient quality • Real-time data transformations based on policies derived from Lua scripting • Distributed IAM microservices–based architecture that leverages containerization for faster deployment and updates to IGA capabilities • Bridge between on-premise IGA systems, cloud applications, and cloud infrastructures (i.e., Azure, Google Compute Platform, and AWS EC2) • Bridge between IGA platforms, cloud-native infrastructure and applications, and real- time cybersecurity alerting and threat response systems (e.g., SIEM) Increasingly, the IGA industry is using these capabilities for accelerated delivery and adoption of IAM services within an enterprise. Perseus IAM provided by Good Dog Labs, is the world’s first IAM microservices–driven platform that organizations use to implement this new cloud-native approach. Moving Toward an Automated IGA Framework This paper describes steps for creating and automating a modern IGA framework using Perseus IAM and your existing IGA platform. Once you have mastered the steps, you can automate the processes and tasks highlighted in this document, which include but are not limited to the following: 1. Continuously baseline and collect your identity and account data from multiple sources. Your sources can include non-traditional cybersecurity sources such as cloud access security brokers, Tripwire, SIEMs, and governance risk and compliance platforms. You can also use asset management or CMDB solutions for automatically extracting platform information through the IAM services layer. 2. Continuously plan and run identity and privileged account certification campaigns with real-time or near real-time data. 3. Automate Identity Lifecycle Management for cloud-native systems, applications, devices, standard identities, and privileged accounts. 4. Perform real-time Integration into PIM/PAM and HashiCorp Vault Enterprise solutions within actionable recertification processes. 5. Perform identification and remediation of separation-of-duty violations. Nine Steps to an Automated IGA Framework This section summarizes the guidance for successfully automating your IGA framework. 1. Automate Application Onboarding – Establish a “self-service” approach for delegating application onboarding and integration into the IGA platform. In this use case, the Perseus IAM platform performs the following tasks: • Gathers application metadata, including configuration information for automated connection and onboarding.
© Copyright 2018 Good Dog Labs, LLC | 6 • Connects application identities, accounts, groups, and entitlements. • Maps to the IGA metadata via the Perseus IAM normalizer, metadata, and IGA services. This defines what users can access within the application’s landscape. • Integrates into the IGA risk engines for assigning initial application risk scores. • Aggregates and processes identity, account, and entitlement changes. Includes issuing the appropriate identity lifecycle management events for provisioning and • de-provisioning access. • Creates a data quality and mapping report that identifies the level of adherence to the IGA metadata model configured within Perseus IAM. 2. Continuously Baseline Identity, Account, and Access Information – Establish a core foundation of “known and allowed” access for identities. It’s important to identify all critical financial assets and key systems to baseline first. Once you have identified systems and applications, prioritize the list of all applications currently under operation. You can mine the resulting baseline information to determine the actual access and identity behaviors for these assets. Resist the urge to spend time mining low-priority or non-critical assets at first. Low-priority or low-risk assets do not contribute metadata information for deciphering future roles and entitlements. 3. Baseline and Catalog Your Current IGA Process – Identify and document every step of your current IGA process, from inception of access requests to manual or automated provisioning. Leverage baseline periods to perform checks of current system and application access. Record all findings in a format usable by future automated IGA platforms, or leverage the Perseus IAM platform for storing the process metadata in the IGA warehouse in a normalized fashion. You can then leverage these processes to automate and orchestrate activities from Perseus IAM in conjunction with the underlying IGA platform. 4. Collect Data and Assign Risk – Connect the baseline data with the current IGA processes from the inception of access request to the manual provisioning and recording of granted access. Define and assign organizational risk, create a risk-scoring model, and score organizational risks on several factors. This is key for defining risk-driven access certification and visualizing with tools such as heat maps. You can leverage Perseus IAM for the automation of collection, correlation, transformation, and normalization of data against existing IGA process definitions. 5. Identify and Eliminate Bad Access Combinations – Use the risk-based scoring model created in the previous step to run “bad” or “toxic” roles, entitlements, and privileges reports. You can also run data analysis pipelines within Perseus IAM. Perseus IAM is specifically designed in conjunction with your IGA platform and program to use the existing identity, account, and entitlements metadata to help determine what possible toxic combinations currently exist. The value of doing this before sending data to the IGA platform is faster analysis and definition of the higher-level IGA metadata relationships. This helps provide a smaller, more focused superset of IGA data to the IGA platform for processing and certification. It also significantly reduces the load on the IGA platform,
© Copyright 2018 Good Dog Labs, LLC | 7 making it that much faster for business users. Execute the reports by highest to lowest risk. Remediate any high-risk or critical findings immediately. 6. Revisit Your Separation of Duties – By creating a business activity–driven framework and leveraging the risk model and reporting processes described in the previous step, you can identify common and recurring SOD violations. You can then adjust your framework for baseline data, current IGA processes, and collected risk information. 7. Feed the IGA Automation Engine – Via Perseus IAM, you can continuously feed clean and normalized sets of identity and access data into your IGA engine, including the models from the previous steps. Transition to and establish a business activity– based access recertification process. By mapping simple-to-understand business activities or processes to underlying roles and entitlements, business managers can better understand whether an employee should have access to an application and underlying system. 8. Implement a Continuous Recertification Model –Take time to implement a model that yields the lowest operational maintenance time and cost and is easy to understand from a business perspective. Technical IGA models are not popular and tend to be costly from both time and operational support perspectives. Technical models drive high operational staff costs. While looking for an automated IGA vendor, it’s important to verify whether the vendor supports business-friendly campaigns based on business- friendly activities and/or processes. In addition, IGA vendors should have key identity and access management service and technology providers such as Good Dog Labs that can implement a cost-effective, continuous, and iterative IGA model. 9. Make Your Recertification Model Actionable – Ensure that your automated IGA platform and processes are actionable from within the automation engine. For example, if a certification campaign identifies roles that should not be assigned to a person, the business manager should be able to immediately revoke access. This also works in reverse: if employees do not have the appropriate roles, they need to do their jobs, the business manager should be able to immediately grant them access to the application or system. The automated system should have pre-built connectors to or integration into Perseus IAM for taking action on target systems and applications.
© Copyright 2018 Good Dog Labs, LLC | 8 The First Six Steps in Establishing an Automated IGA Framework The following diagram and process descriptions provide additional details on the approach to establishing a continuous IGA framework and automated access recertification process. These processes are implemented in an iterative fashion and are listed in order of execution and priority. The processes accelerate IGA for an organization that is currently based on manual processes and non-enterprise–scale technology. Automate Application Onboarding This section includes the recommended initial steps for establishing a self-service automated application and platform onboarding process to collect identity, account, group, and entitlement information. This is an IBM Identity Governance and Intelligence example via Perseus IAM SCIM API support. A diagram of this process follows. The process consists of the following steps: 1. Application owners and custodians access the Perseus IAM application onboarding “self-service” user interface or API and post application metadata, including connection parameters.
© Copyright 2018 Good Dog Labs, LLC | 9 2. The UX or API posts information to the ETL (extract, transform, and load) microservice. The microservice communicates with the family of microservices to begin the process of orchestrating the onboarding process. 3. The IGA microservice creates the appropriate application artifacts in the IGA platform. 4. The ETL microservice automates the extraction of the identity, group, accounts, and entitlements data from the application or platform. This information may also be provided by an onboarding API exposed by the ETL microservice. 5. The IGA microservice creates mappings for the configured IGA metadata model. 6. Once data is normalized, a subset of the data is aggregated into the IGA platform for the appropriate application and launches the certification campaigns and any other custom IGA platform workflows. Continuously Baseline Identity, Account, and Access Information This section includes the recommended steps and questions to ask for establishing a continuous baseline. A diagram of the process follows. Perform these steps to complete the process.
© Copyright 2018 Good Dog Labs, LLC | 10 1. Implement fast, small, and efficient continuous identity and account data collection Perseus IAM microservices that can accept data from any source. Key questions follow. a. What types of sources can send identity event data? Here are some common source protocols to identify: • Syslog • JDBC • Network equipment protocols • Firewall log export API (e.g., OPSEC/LEA) • Intrusion prevention systems (e.g., SDEE) • SNMP (all versions) • Standard log files • Microsoft security event logs • Mail server logs • Standard network services logs (e.g., DHCP, DNS) • Standard web and application server logs • Virtualization and containerization (e.g., docker) logs • Database listener logs • Network packet captures b. Are the continuous audit services invasive to the source or network? c. Do the continuous audit services support standard identity event and monitoring protocols? d. Can the continuous audit services feed identity-specific metadata to other event collection systems? 2. Via Perseus IAM, collect audit and event information and provide it to the management and security team via various methods (e.g., Splunk, Graylog). The team can run data approval flows in parallel in a continuous and iterative fashion while flagging and throwing out exceptions for handling. Tip: Exceptions will likely lead to pointers to toxic access combinations. 3. Once both the IT security team and management agree on the “known access,” add the information to the baseline for that period. Perform baselines within “baseline periods,” as access is continuously changing. Compare baseline periods to determine access differences as you are identifying “known access” to critical assets. 4. Store baselines to help in documenting the current IGA process. Store baselines in a format supported by automated IGA platforms. You can use a platform like Perseus IAM from Good Dog Labs to automate the extraction of the data and set up a larger IAM metadata model that then feeds a subset of normalized identity and access data to an IGA platform.
© Copyright 2018 Good Dog Labs, LLC | 11 Baseline and Catalog Your Current IGA Process This section includes the recommended steps for baselining and cataloguing your current IGA process. A diagram of this process follows. Perform these steps to complete the process. 1. Analyze current application and system access request processes. 2. Build an application and system catalog. Your catalog should contain critical functional and security metadata. 3. Analyze and automate your current communication process between the access requestor, approver, and IT security teams.
© Copyright 2018 Good Dog Labs, LLC | 12 4. Review your current violation checks, approvals, and access exception processes. Record violation trends in addition to documenting why, rather than how, decisions are made. Ensure that the IT security team is adding decisions and entitlements into an entitlements warehouse store. Send this data for secure record keeping and place it in a format for future automated IGA frameworks and platforms. Collect Data and Assign Risk This section includes the recommended steps for collecting data and assigning risk. A diagram of this process follows. Perform these steps to complete the process. 1. Establish a continuous data collection mechanism while performing this phase. This ensures that you can reuse these IAM ETL microservices to feed an automated IGA framework and platform. Implement audit or data extraction IAM microservices for custom or unsupported applications and systems. Audit or data extraction IAM microservices expose a developer- and business application–friendly interface for sending and collecting identity event messages for custom business applications. 2. Generate detailed identity and asset reports for management and auditor reviews. You use these to develop a thorough risk profile.
© Copyright 2018 Good Dog Labs, LLC | 13 3. The IT security and auditor review process then correlates and confirms the risk scoring and rating with management and adds the risk profiles to a reusable catalog. 4. IT security stores the risk profiles for future automated access governance models and platforms. Identify and Eliminate Bad Combinations This section includes the recommended steps for identifying and eliminating bad access combinations. A diagram of this process follows. Perform these steps to complete the process. 1. Implement continuous “risk-aware” audit and security incident and event management data collectors. Continuous-risk IAM microservices allow for a “risk-aware” business application–, developer-friendly interface. You use this interface to ask risk-scoring questions and for sending event data for automatic risk classification for custom business applications. The IAM microservices, in conjunction with Lua capabilities, allow for client application registration, risk category, and rating, and automatically classify identity events received. 2. Leverage the store created in the “Collect Data and Assign Risk” phase to generate a series of reports for management, auditor, and IT security review.
© Copyright 2018 Good Dog Labs, LLC | 14 3. Identify “toxic” combinations in addition to actual toxic systems and applications. 4. Remediate and handle any emergency removals of toxic combinations if they present a significant risk to the organization. 5. Store toxic profiles for future automated access and governance models and platforms. Feed the IGA Automation Engine This section describes the recommended steps for feeding the IGA automation engine. A diagram of this process follows. Perform these steps to complete the process. 1. Go through an automation readiness check before attempting to transition to a fully automated system. Otherwise, you run the danger of automating bad processes and data. Assess the processes that worked or that presented a constraint for automation. When in doubt, do not automate a process. As you create the appropriate automation
© Copyright 2018 Good Dog Labs, LLC | 15 rules, take the outputs, models, processes, and data stores generated from the previous steps and systematically feed them into the automated IGA platform rules. 2. Analyze each of the following, which helps you complete an initial set of business activities and roles based on known risk categories and levels: a. Examine the application system catalog closely and note the system or application risk score. b. Review access request patterns – Understand the pattern of access requests by examining the top 80 percent of access granted for 90 percent of user groups, entitlements, and existing roles. c. Review the risk profile for current access. d. Define “toxic” combination and SOD rules. Import them into the IGA platform. e. Import all identity and account baseline data that you have collected. f. Review all identity analytic information. g. Using the information, you have gathered, create a set of common business activities and roles based on the system and application risk scores. 3. Create business-driven activities with associated roles and entitlements within the IGA platform. 4. Perform a series of test campaigns to prepare business management, application owners, and the IT security team for the real automated certification campaigns. 5. Record campaign results. Review them with business management, auditors, application and system owners, and IT security. 6. Build continuous change mechanisms for easily adding or removing new applications and systems to the IGA framework and platform.
© Copyright 2018 Good Dog Labs, LLC | 16 Conclusion Spend time upfront to implement a model that yields the lowest operational maintenance burden, is amenable to change, and is easy to understand from a business perspective. Build your access certification to be almost in real time if not in real time by leveraging Perseus IAM. Think continuous implementation cycles and ensure that you enable your applications with access governance capabilities. Implementations that do not emphasize business capability and focus on technical-driven models are not popular and tend to be complex and costly from both time and operational support perspectives. When looking for an automated IGA vendor, verify whether the vendor supports robust SCIM API and business-friendly campaigns based on business-friendly activities or process identifiers. Ensure that your automated IGA platform and processes are actionable from within the automation engine. For example, if a certification campaign identifies roles that should not be assigned to a person, or if it flags a toxic combination, the business manager should be able to immediately revoke access. This also works in reverse: if employees do not have the appropriate roles, they need to do their jobs, then the business manager should be able to immediately grant them access. The automated IGA system should have pre-built connectors for taking action on target systems and applications. Ideally, the IGA platform has an integrated identity and access Management platform for end-to-end management. Finally, ensure that you are implementing an IAM microservices platform such as Perseus IAM. Perseus IAM allows you to abstract the collection, correlation, transformation, and normalization of identity and platform data for establishing a dynamic and configuration-driven superset IAM metadata model that is applicable to your business. This high-performing layer is integrated into your existing IAM, IGA, and cybersecurity platforms, directories, and databases in real time. Consult with Good Dog Labs for details about Perseus IAM, which you can use as the platform for accelerating implementation of your IAM microservices. (Find Good Dog Labs contact information at the end of this document.) External Validation of the Perseus IAM Platform The Perseus IAM services platform approach to IAM is in line with industry analysts from a next- generation IAM perspective. Using our services platform, a global retailer has implemented remote-access two-factor authentication services and has integrated identity lifecycle events with its IGA platform. Additionally, Perseus IAM utilizes a next-generation microservices architecture for faster and nimbler delivery of IAM services. In conjunction with your IGA platform, Perseus creates a high-performing, resilient, and flexible end-to-end IGA services offering. In combination, the platforms reduce overall longer-term costs and provide your organization with the utmost flexibility in implementation styles.
Contact Good Dog Labs Contact Good Dog Labs for more information on Perseus IAM. Email: sales@gooddoglabs.com Web Site: www.perseusiam.com Good Dog Labs, LLC 6 Blackstone Valley Pl #205 Lincoln RI 02865 Good Dog Labs, LLC 801 Barton Springs Rd Austin TX 78704 Authors: Dino Pietropaolo, Chief Technical Officer & Co-Founder dino@gooddoglabs.com Aldo Pietropaolo, Chief Executive & Co-Founder aldo@gooddoglabs.com Good Dog Labs, LLC. 401-495-6888

Recommended

An Identity Governance and Administration (IGA) quick start to help you prepa...
An Identity Governance and Administration (IGA) quick start to help you prepa...An Identity Governance and Administration (IGA) quick start to help you prepa...
An Identity Governance and Administration (IGA) quick start to help you prepa...Aldo Pietropaolo
 
A Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterA Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterForgeRock
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudAjit Bhingarkar
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYForgeRock
 
IAM and cybersecurity - June 15
IAM and cybersecurity - June 15IAM and cybersecurity - June 15
IAM and cybersecurity - June 15Capgemini
 
The Future of Enterprise Identity Management
The Future of Enterprise Identity ManagementThe Future of Enterprise Identity Management
The Future of Enterprise Identity ManagementOneLogin
 
Revealing the State of Network Configuration Management & Automation in the E...
Revealing the State of Network Configuration Management & Automation in the E...Revealing the State of Network Configuration Management & Automation in the E...
Revealing the State of Network Configuration Management & Automation in the E...Itential
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --SymantecAbhishek Sood
 

Recommended

An Identity Governance and Administration (IGA) quick start to help you prepa...
An Identity Governance and Administration (IGA) quick start to help you prepa...An Identity Governance and Administration (IGA) quick start to help you prepa...
An Identity Governance and Administration (IGA) quick start to help you prepa...Aldo Pietropaolo
 
A Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterA Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterForgeRock
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudAjit Bhingarkar
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYForgeRock
 
IAM and cybersecurity - June 15
IAM and cybersecurity - June 15IAM and cybersecurity - June 15
IAM and cybersecurity - June 15Capgemini
 
The Future of Enterprise Identity Management
The Future of Enterprise Identity ManagementThe Future of Enterprise Identity Management
The Future of Enterprise Identity ManagementOneLogin
 
Revealing the State of Network Configuration Management & Automation in the E...
Revealing the State of Network Configuration Management & Automation in the E...Revealing the State of Network Configuration Management & Automation in the E...
Revealing the State of Network Configuration Management & Automation in the E...Itential
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --SymantecAbhishek Sood
 
Best Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility ArchitecturesBest Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility ArchitecturesEnterprise Management Associates
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? Jorge García
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingCloudSecurityAllianceAustralia
 
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan Singh
 
Why CSA Australia
Why CSA AustraliaWhy CSA Australia
Why CSA AustraliaCloudSecurityAllianceAustralia
 
Software Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in IndiaSoftware Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in Indiafranc24
 
GDPR
GDPRGDPR
GDPRRajivarnan R
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Scalar Decisions
 
Cloud monitoring overview
Cloud monitoring overviewCloud monitoring overview
Cloud monitoring overviewDr. Ramkumar Lakshminarayanan
 
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies
 
Trust and Transformation: Peter Coffee at Cloud@KM 20110503
Trust and Transformation: Peter Coffee at Cloud@KM 20110503Trust and Transformation: Peter Coffee at Cloud@KM 20110503
Trust and Transformation: Peter Coffee at Cloud@KM 20110503Peter Coffee
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Robert Crane
 
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...Flexera
 
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
10 Tips to Optimize, Automate, and Govern your Hybrid IT EnvironmentFlexera
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityDreamforce
 
Docker container webinar final
Docker container webinar finalDocker container webinar final
Docker container webinar finalControlCase
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePodGaret Keller
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development SummaryCloudSecurityAllianceAustralia
 
Meet Secure Messaging
Meet Secure MessagingMeet Secure Messaging
Meet Secure MessagingRapidScale
 
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud Initiatives
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud InitiativesLeading Trends in IAM Webinar 3: Optimizing User Experience in Cloud Initiatives
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud InitiativesOneLogin
 
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT StrategyWhite Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT StrategyGigya
 
White Paper: DIY vs CIAM
White Paper: DIY vs CIAMWhite Paper: DIY vs CIAM
White Paper: DIY vs CIAMGigya
 

More Related Content

What's hot

Best Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility ArchitecturesBest Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility ArchitecturesEnterprise Management Associates
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? Jorge García
 
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan Singh
 
Software Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in IndiaSoftware Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in Indiafranc24
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Scalar Decisions
 
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies
 
Trust and Transformation: Peter Coffee at Cloud@KM 20110503
Trust and Transformation: Peter Coffee at Cloud@KM 20110503Trust and Transformation: Peter Coffee at Cloud@KM 20110503
Trust and Transformation: Peter Coffee at Cloud@KM 20110503Peter Coffee
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Robert Crane
 
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...Flexera
 
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
10 Tips to Optimize, Automate, and Govern your Hybrid IT EnvironmentFlexera
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityDreamforce
 
Docker container webinar final
Docker container webinar finalDocker container webinar final
Docker container webinar finalControlCase
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePodGaret Keller
 
Meet Secure Messaging
Meet Secure MessagingMeet Secure Messaging
Meet Secure MessagingRapidScale
 
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud Initiatives
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud InitiativesLeading Trends in IAM Webinar 3: Optimizing User Experience in Cloud Initiatives
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud InitiativesOneLogin
 

What's hot (20)

Best Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility ArchitecturesBest Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility Architectures
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night?
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud Computing
 
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
 
Why CSA Australia
Why CSA AustraliaWhy CSA Australia
Why CSA Australia
 
Software Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in IndiaSoftware Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in India
 
GDPR
GDPRGDPR
GDPR
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6
 
Cloud monitoring overview
Cloud monitoring overviewCloud monitoring overview
Cloud monitoring overview
 
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution Overview
 
Trust and Transformation: Peter Coffee at Cloud@KM 20110503
Trust and Transformation: Peter Coffee at Cloud@KM 20110503Trust and Transformation: Peter Coffee at Cloud@KM 20110503
Trust and Transformation: Peter Coffee at Cloud@KM 20110503
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
 
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...
 
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and Security
 
Docker container webinar final
Docker container webinar finalDocker container webinar final
Docker container webinar final
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development Summary
 
Meet Secure Messaging
Meet Secure MessagingMeet Secure Messaging
Meet Secure Messaging
 
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud Initiatives
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud InitiativesLeading Trends in IAM Webinar 3: Optimizing User Experience in Cloud Initiatives
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud Initiatives
 

Similar to Optimizing Identity Governance using Perseus IAM

White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT StrategyWhite Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT StrategyGigya
 
White Paper: DIY vs CIAM
White Paper: DIY vs CIAMWhite Paper: DIY vs CIAM
White Paper: DIY vs CIAMGigya
 
GoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapGoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapAldo Pietropaolo
 
Guardian analytics vs. actimize 2016
Guardian analytics vs. actimize 2016Guardian analytics vs. actimize 2016
Guardian analytics vs. actimize 2016Laurent Pacalin
 
Disrupting Insurance with Advanced Analytics The Next Generation Carrier
Disrupting Insurance with Advanced Analytics The Next Generation CarrierDisrupting Insurance with Advanced Analytics The Next Generation Carrier
Disrupting Insurance with Advanced Analytics The Next Generation CarrierDataWorks Summit/Hadoop Summit
 
Modern Architectures
Modern ArchitecturesModern Architectures
Modern ArchitecturesSecureAuth
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access managementPiyush Jain
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfVishnuGone
 
Need of Adaptive Authentication in defending the borderless Enterprise
Need of Adaptive Authentication in defending the borderless EnterpriseNeed of Adaptive Authentication in defending the borderless Enterprise
Need of Adaptive Authentication in defending the borderless Enterprisehardik soni
 
SOUG Day - autonomous what is next
SOUG Day - autonomous what is nextSOUG Day - autonomous what is next
SOUG Day - autonomous what is nextThomas Teske
 
Building the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud ComputingBuilding the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud ComputingSrinivas Koushik
 
Digital Transformation: Empowering People to Adapt to the Cloud
Digital Transformation: Empowering People to Adapt to the CloudDigital Transformation: Empowering People to Adapt to the Cloud
Digital Transformation: Empowering People to Adapt to the CloudAmazon Web Services
 
Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...happiestmindstech
 
Blue Bricks Business Collateral
Blue Bricks Business CollateralBlue Bricks Business Collateral
Blue Bricks Business CollateralVikram Sareen
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the CloudAegify Inc.
 
8 Tools For Digital Transformation For Every Leader.pdf
8 Tools For Digital Transformation For Every Leader.pdf8 Tools For Digital Transformation For Every Leader.pdf
8 Tools For Digital Transformation For Every Leader.pdflearntransformation0
 
Adaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_studyAdaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_studyRob Johnston, MBA
 
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...D. Scott Clark
 

Similar to Optimizing Identity Governance using Perseus IAM (20)

White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT StrategyWhite Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
 
White Paper: DIY vs CIAM
White Paper: DIY vs CIAMWhite Paper: DIY vs CIAM
White Paper: DIY vs CIAM
 
GoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapGoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the Gap
 
Guardian analytics vs. actimize 2016
Guardian analytics vs. actimize 2016Guardian analytics vs. actimize 2016
Guardian analytics vs. actimize 2016
 
Disrupting Insurance with Advanced Analytics The Next Generation Carrier
Disrupting Insurance with Advanced Analytics The Next Generation CarrierDisrupting Insurance with Advanced Analytics The Next Generation Carrier
Disrupting Insurance with Advanced Analytics The Next Generation Carrier
 
Modern Architectures
Modern ArchitecturesModern Architectures
Modern Architectures
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdf
 
Need of Adaptive Authentication in defending the borderless Enterprise
Need of Adaptive Authentication in defending the borderless EnterpriseNeed of Adaptive Authentication in defending the borderless Enterprise
Need of Adaptive Authentication in defending the borderless Enterprise
 
SOUG Day - autonomous what is next
SOUG Day - autonomous what is nextSOUG Day - autonomous what is next
SOUG Day - autonomous what is next
 
Building the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud ComputingBuilding the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud Computing
 
Digital Transformation: Empowering People to Adapt to the Cloud
Digital Transformation: Empowering People to Adapt to the CloudDigital Transformation: Empowering People to Adapt to the Cloud
Digital Transformation: Empowering People to Adapt to the Cloud
 
Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...
 
IAM Solution
IAM SolutionIAM Solution
IAM Solution
 
Chris Reed Sigma PDF
Chris Reed Sigma PDFChris Reed Sigma PDF
Chris Reed Sigma PDF
 
Blue Bricks Business Collateral
Blue Bricks Business CollateralBlue Bricks Business Collateral
Blue Bricks Business Collateral
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the Cloud
 
8 Tools For Digital Transformation For Every Leader.pdf
8 Tools For Digital Transformation For Every Leader.pdf8 Tools For Digital Transformation For Every Leader.pdf
8 Tools For Digital Transformation For Every Leader.pdf
 
Adaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_studyAdaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_study
 
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
 

Recently uploaded

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationJuha-Pekka Tolvanen
 
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI EraEvolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Eraconfluent
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...WSO2
 
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...WSO2
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...WSO2
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
WSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid EnvironmentsWSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid EnvironmentsWSO2
 

Recently uploaded (20)

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI EraEvolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Era
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
 
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid EnvironmentsWSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid Environments
 

Optimizing Identity Governance using Perseus IAM

  • 1. A modern and cloud-native approach for identity and access governance, data quality, and data accuracy. This cloud-native approach in identity and access management (IAM) includes IAM microservices that, once configured, continuously extract, correlate, and normalize identity and access data. This paper discusses the process by which you can develop a high-performing, effective, and efficient IAM–IGA infrastructure and use cases leveraging Perseus IAM and industry-leading IGA platforms. © Copyright 2018 Good Dog Labs, LLC
  • 2. © Copyright 2018 Good Dog Labs, LLC | 2 Table of Contents Summary 3 IGA Program Pain 3 Relying on an IGA Platform Alone Is Not a Strategy 4 Next-Generation IGA and IAM 4 Moving Toward an Automated IGA Framework 5 Nine Steps to an Automated IGA Framework 5 The First Six Steps in Establishing an Automated IGA Framework 8 Automate Application Onboarding 8 Continuously Baseline Identity, Account, and Access Information 9 Baseline and Catalog Your Current IGA Process 11 Collect Data and Assign Risk 12 Identify and Eliminate Bad Combinations 13 Feed the IGA Automation Engine 14 Conclusion 16 External Validation of the Perseus IAM Platform 16 Contact Good Dog Labs 17
  • 3. © Copyright 2018 Good Dog Labs, LLC | 3 Summary Our modern approach to identity governance data management includes high-performing and layered IAM microservices that, once configured, continuously extract, correlate, transform, and normalize identity, system, application, device, and account data. This approach provides your enterprise with the following benefits: ● Establishes high-performing, automated identity governance and administration (IGA) data-processing pipelines and frameworks for bootstrapping IGA programs and establishing ongoing identity analytics and access recertification processes across disparate technologies and integrated business processes. ● Uses your current technology ecosystem of systems, applications, and devices in conjunction with enterprise-grade IGA technology components, and includes new components provided by Good Dog Labs™. (Contact Good Dog Labs for information about Perseus IAM and its associated IAM microservices.) ● Allows you to implement an IGA Program in small, iterative sprints while establishing asset interrelationships that simplify IGA platform integration and integration in a cloud- native world. You can iteratively build your IGA capabilities over time, enabling you to establish a risk assessment process that allows for fast data collection, correlation, transformation, and normalization. Implementation consists of nine main steps, six of which this paper describes in detail. By implementing this new approach, you can better answer critical audit and business questions. You can continuously and more easily identify toxic access combinations, accelerate your project delivery, and automate your enterprise IGA framework and platform. IGA Program Pain There is an industry-wide consensus that an IGA Program begins with accurate and complete data and is critical to a successful project delivery. Often, business stakeholders will claim there are no issues with data quality, accuracy, and processes. Unfortunately, most often this claim turns out simply not to be true, which is discovered either before project initiation or during the requirements analysis phase of a project implementation. Generally, ensuring identity and access data quality and accuracy is the most time- and resource-intensive task during an implementation. Generally, organizations don’t have an appetite for “fixing” processes and technology that produce bad data because of the time, costs, and cross-organizational collaboration required. Not fixing the data quality and accuracy problem generally leads to delayed project implementations and highly customized IAM/IGA implementations, both of which affect project budgets and probabilities of success. Not fixing the data quality and accuracy problem effectively propagates bad data to downstream IAM/IGA systems, which leads to the granting of inaccurate access or to inaccurate access recertification campaigns. This affects the
  • 4. © Copyright 2018 Good Dog Labs, LLC | 4 organization’s ability to comply with audits or leads to investments in manual reviews and corrections. Fixing the data problem is generally not effective and is often a short-term solution. Many questions still remain: ● How do you verify that problems are fixed? ● How do you know that the processes and technology in place will scale as business requirements change? ● How can you react to real-time changes in levels of access? ● How can you automate the onboarding of data, systems, devices, and applications into governance via the proper IGA platform channels and interfaces? Overall, IAM/IGA return on investment is reduced, time to value is increased, and business stakeholder dissatisfaction is rampant. This is generally the state in which we find our clients today. Relying on an IGA Platform Alone Is Not a Strategy Although IGA systems are powerful and have robust capabilities, they often expect data in a specific format. These systems often rely on inefficient means of performing real-time transformations and quality checks on data, based on overarching business rules and policies. Generally, IGA systems do not provide a means of applying real-time event management and dynamic data policies to ensure data accuracy and completeness. In general, IGA programs that rely on the IGA platform alone will experience difficulties and implementation hurdles because of inflexible data models that do not adapt well to objects beyond identities and entitlements. This also affects the overall solution’s ability to scale and support cloud-native infrastructures, applications, and devices. Finally, IGA systems generally do not provide a real- time view of data quality issues to security and operations teams so that they can take proactive threat countermeasures. Next-Generation IGA and IAM As part of an overall cloud-native and modern IAM and IGA architecture, Perseus IAM provides a real-time approach to ensuring identity, system, application, and device data accuracy and quality. This allows organizations to take a systematic and modern approach to addressing significant data accuracy and quality issues. Perseus IAM enables organizations to realize the value of their IAM–IGA infrastructure faster and in a more cost-effective manner, all while optimizing existing investments in IGA platforms and in-house technology. Here are a few key capabilities Perseus IAM introduces into an IGA Program for accelerating IGA program success. • Configuration-driven, real-time, and dynamic data filtering • Configuration-driven data normalization • Configuration-driven data inclusion/exclusion policies • Dynamic JSON-based data model that scales across various types of identity, application, infrastructure, and device data
  • 5. © Copyright 2018 Good Dog Labs, LLC | 5 • Real-time views into data quality, errors, and policies • Real-time alerts when data is not of sufficient quality • Real-time data transformations based on policies derived from Lua scripting • Distributed IAM microservices–based architecture that leverages containerization for faster deployment and updates to IGA capabilities • Bridge between on-premise IGA systems, cloud applications, and cloud infrastructures (i.e., Azure, Google Compute Platform, and AWS EC2) • Bridge between IGA platforms, cloud-native infrastructure and applications, and real- time cybersecurity alerting and threat response systems (e.g., SIEM) Increasingly, the IGA industry is using these capabilities for accelerated delivery and adoption of IAM services within an enterprise. Perseus IAM provided by Good Dog Labs, is the world’s first IAM microservices–driven platform that organizations use to implement this new cloud-native approach. Moving Toward an Automated IGA Framework This paper describes steps for creating and automating a modern IGA framework using Perseus IAM and your existing IGA platform. Once you have mastered the steps, you can automate the processes and tasks highlighted in this document, which include but are not limited to the following: 1. Continuously baseline and collect your identity and account data from multiple sources. Your sources can include non-traditional cybersecurity sources such as cloud access security brokers, Tripwire, SIEMs, and governance risk and compliance platforms. You can also use asset management or CMDB solutions for automatically extracting platform information through the IAM services layer. 2. Continuously plan and run identity and privileged account certification campaigns with real-time or near real-time data. 3. Automate Identity Lifecycle Management for cloud-native systems, applications, devices, standard identities, and privileged accounts. 4. Perform real-time Integration into PIM/PAM and HashiCorp Vault Enterprise solutions within actionable recertification processes. 5. Perform identification and remediation of separation-of-duty violations. Nine Steps to an Automated IGA Framework This section summarizes the guidance for successfully automating your IGA framework. 1. Automate Application Onboarding – Establish a “self-service” approach for delegating application onboarding and integration into the IGA platform. In this use case, the Perseus IAM platform performs the following tasks: • Gathers application metadata, including configuration information for automated connection and onboarding.
  • 6. © Copyright 2018 Good Dog Labs, LLC | 6 • Connects application identities, accounts, groups, and entitlements. • Maps to the IGA metadata via the Perseus IAM normalizer, metadata, and IGA services. This defines what users can access within the application’s landscape. • Integrates into the IGA risk engines for assigning initial application risk scores. • Aggregates and processes identity, account, and entitlement changes. Includes issuing the appropriate identity lifecycle management events for provisioning and • de-provisioning access. • Creates a data quality and mapping report that identifies the level of adherence to the IGA metadata model configured within Perseus IAM. 2. Continuously Baseline Identity, Account, and Access Information – Establish a core foundation of “known and allowed” access for identities. It’s important to identify all critical financial assets and key systems to baseline first. Once you have identified systems and applications, prioritize the list of all applications currently under operation. You can mine the resulting baseline information to determine the actual access and identity behaviors for these assets. Resist the urge to spend time mining low-priority or non-critical assets at first. Low-priority or low-risk assets do not contribute metadata information for deciphering future roles and entitlements. 3. Baseline and Catalog Your Current IGA Process – Identify and document every step of your current IGA process, from inception of access requests to manual or automated provisioning. Leverage baseline periods to perform checks of current system and application access. Record all findings in a format usable by future automated IGA platforms, or leverage the Perseus IAM platform for storing the process metadata in the IGA warehouse in a normalized fashion. You can then leverage these processes to automate and orchestrate activities from Perseus IAM in conjunction with the underlying IGA platform. 4. Collect Data and Assign Risk – Connect the baseline data with the current IGA processes from the inception of access request to the manual provisioning and recording of granted access. Define and assign organizational risk, create a risk-scoring model, and score organizational risks on several factors. This is key for defining risk-driven access certification and visualizing with tools such as heat maps. You can leverage Perseus IAM for the automation of collection, correlation, transformation, and normalization of data against existing IGA process definitions. 5. Identify and Eliminate Bad Access Combinations – Use the risk-based scoring model created in the previous step to run “bad” or “toxic” roles, entitlements, and privileges reports. You can also run data analysis pipelines within Perseus IAM. Perseus IAM is specifically designed in conjunction with your IGA platform and program to use the existing identity, account, and entitlements metadata to help determine what possible toxic combinations currently exist. The value of doing this before sending data to the IGA platform is faster analysis and definition of the higher-level IGA metadata relationships. This helps provide a smaller, more focused superset of IGA data to the IGA platform for processing and certification. It also significantly reduces the load on the IGA platform,
  • 7. © Copyright 2018 Good Dog Labs, LLC | 7 making it that much faster for business users. Execute the reports by highest to lowest risk. Remediate any high-risk or critical findings immediately. 6. Revisit Your Separation of Duties – By creating a business activity–driven framework and leveraging the risk model and reporting processes described in the previous step, you can identify common and recurring SOD violations. You can then adjust your framework for baseline data, current IGA processes, and collected risk information. 7. Feed the IGA Automation Engine – Via Perseus IAM, you can continuously feed clean and normalized sets of identity and access data into your IGA engine, including the models from the previous steps. Transition to and establish a business activity– based access recertification process. By mapping simple-to-understand business activities or processes to underlying roles and entitlements, business managers can better understand whether an employee should have access to an application and underlying system. 8. Implement a Continuous Recertification Model –Take time to implement a model that yields the lowest operational maintenance time and cost and is easy to understand from a business perspective. Technical IGA models are not popular and tend to be costly from both time and operational support perspectives. Technical models drive high operational staff costs. While looking for an automated IGA vendor, it’s important to verify whether the vendor supports business-friendly campaigns based on business- friendly activities and/or processes. In addition, IGA vendors should have key identity and access management service and technology providers such as Good Dog Labs that can implement a cost-effective, continuous, and iterative IGA model. 9. Make Your Recertification Model Actionable – Ensure that your automated IGA platform and processes are actionable from within the automation engine. For example, if a certification campaign identifies roles that should not be assigned to a person, the business manager should be able to immediately revoke access. This also works in reverse: if employees do not have the appropriate roles, they need to do their jobs, the business manager should be able to immediately grant them access to the application or system. The automated system should have pre-built connectors to or integration into Perseus IAM for taking action on target systems and applications.
  • 8. © Copyright 2018 Good Dog Labs, LLC | 8 The First Six Steps in Establishing an Automated IGA Framework The following diagram and process descriptions provide additional details on the approach to establishing a continuous IGA framework and automated access recertification process. These processes are implemented in an iterative fashion and are listed in order of execution and priority. The processes accelerate IGA for an organization that is currently based on manual processes and non-enterprise–scale technology. Automate Application Onboarding This section includes the recommended initial steps for establishing a self-service automated application and platform onboarding process to collect identity, account, group, and entitlement information. This is an IBM Identity Governance and Intelligence example via Perseus IAM SCIM API support. A diagram of this process follows. The process consists of the following steps: 1. Application owners and custodians access the Perseus IAM application onboarding “self-service” user interface or API and post application metadata, including connection parameters.
  • 9. © Copyright 2018 Good Dog Labs, LLC | 9 2. The UX or API posts information to the ETL (extract, transform, and load) microservice. The microservice communicates with the family of microservices to begin the process of orchestrating the onboarding process. 3. The IGA microservice creates the appropriate application artifacts in the IGA platform. 4. The ETL microservice automates the extraction of the identity, group, accounts, and entitlements data from the application or platform. This information may also be provided by an onboarding API exposed by the ETL microservice. 5. The IGA microservice creates mappings for the configured IGA metadata model. 6. Once data is normalized, a subset of the data is aggregated into the IGA platform for the appropriate application and launches the certification campaigns and any other custom IGA platform workflows. Continuously Baseline Identity, Account, and Access Information This section includes the recommended steps and questions to ask for establishing a continuous baseline. A diagram of the process follows. Perform these steps to complete the process.
  • 10. © Copyright 2018 Good Dog Labs, LLC | 10 1. Implement fast, small, and efficient continuous identity and account data collection Perseus IAM microservices that can accept data from any source. Key questions follow. a. What types of sources can send identity event data? Here are some common source protocols to identify: • Syslog • JDBC • Network equipment protocols • Firewall log export API (e.g., OPSEC/LEA) • Intrusion prevention systems (e.g., SDEE) • SNMP (all versions) • Standard log files • Microsoft security event logs • Mail server logs • Standard network services logs (e.g., DHCP, DNS) • Standard web and application server logs • Virtualization and containerization (e.g., docker) logs • Database listener logs • Network packet captures b. Are the continuous audit services invasive to the source or network? c. Do the continuous audit services support standard identity event and monitoring protocols? d. Can the continuous audit services feed identity-specific metadata to other event collection systems? 2. Via Perseus IAM, collect audit and event information and provide it to the management and security team via various methods (e.g., Splunk, Graylog). The team can run data approval flows in parallel in a continuous and iterative fashion while flagging and throwing out exceptions for handling. Tip: Exceptions will likely lead to pointers to toxic access combinations. 3. Once both the IT security team and management agree on the “known access,” add the information to the baseline for that period. Perform baselines within “baseline periods,” as access is continuously changing. Compare baseline periods to determine access differences as you are identifying “known access” to critical assets. 4. Store baselines to help in documenting the current IGA process. Store baselines in a format supported by automated IGA platforms. You can use a platform like Perseus IAM from Good Dog Labs to automate the extraction of the data and set up a larger IAM metadata model that then feeds a subset of normalized identity and access data to an IGA platform.
  • 11. © Copyright 2018 Good Dog Labs, LLC | 11 Baseline and Catalog Your Current IGA Process This section includes the recommended steps for baselining and cataloguing your current IGA process. A diagram of this process follows. Perform these steps to complete the process. 1. Analyze current application and system access request processes. 2. Build an application and system catalog. Your catalog should contain critical functional and security metadata. 3. Analyze and automate your current communication process between the access requestor, approver, and IT security teams.
  • 12. © Copyright 2018 Good Dog Labs, LLC | 12 4. Review your current violation checks, approvals, and access exception processes. Record violation trends in addition to documenting why, rather than how, decisions are made. Ensure that the IT security team is adding decisions and entitlements into an entitlements warehouse store. Send this data for secure record keeping and place it in a format for future automated IGA frameworks and platforms. Collect Data and Assign Risk This section includes the recommended steps for collecting data and assigning risk. A diagram of this process follows. Perform these steps to complete the process. 1. Establish a continuous data collection mechanism while performing this phase. This ensures that you can reuse these IAM ETL microservices to feed an automated IGA framework and platform. Implement audit or data extraction IAM microservices for custom or unsupported applications and systems. Audit or data extraction IAM microservices expose a developer- and business application–friendly interface for sending and collecting identity event messages for custom business applications. 2. Generate detailed identity and asset reports for management and auditor reviews. You use these to develop a thorough risk profile.
  • 13. © Copyright 2018 Good Dog Labs, LLC | 13 3. The IT security and auditor review process then correlates and confirms the risk scoring and rating with management and adds the risk profiles to a reusable catalog. 4. IT security stores the risk profiles for future automated access governance models and platforms. Identify and Eliminate Bad Combinations This section includes the recommended steps for identifying and eliminating bad access combinations. A diagram of this process follows. Perform these steps to complete the process. 1. Implement continuous “risk-aware” audit and security incident and event management data collectors. Continuous-risk IAM microservices allow for a “risk-aware” business application–, developer-friendly interface. You use this interface to ask risk-scoring questions and for sending event data for automatic risk classification for custom business applications. The IAM microservices, in conjunction with Lua capabilities, allow for client application registration, risk category, and rating, and automatically classify identity events received. 2. Leverage the store created in the “Collect Data and Assign Risk” phase to generate a series of reports for management, auditor, and IT security review.
  • 14. © Copyright 2018 Good Dog Labs, LLC | 14 3. Identify “toxic” combinations in addition to actual toxic systems and applications. 4. Remediate and handle any emergency removals of toxic combinations if they present a significant risk to the organization. 5. Store toxic profiles for future automated access and governance models and platforms. Feed the IGA Automation Engine This section describes the recommended steps for feeding the IGA automation engine. A diagram of this process follows. Perform these steps to complete the process. 1. Go through an automation readiness check before attempting to transition to a fully automated system. Otherwise, you run the danger of automating bad processes and data. Assess the processes that worked or that presented a constraint for automation. When in doubt, do not automate a process. As you create the appropriate automation
  • 15. © Copyright 2018 Good Dog Labs, LLC | 15 rules, take the outputs, models, processes, and data stores generated from the previous steps and systematically feed them into the automated IGA platform rules. 2. Analyze each of the following, which helps you complete an initial set of business activities and roles based on known risk categories and levels: a. Examine the application system catalog closely and note the system or application risk score. b. Review access request patterns – Understand the pattern of access requests by examining the top 80 percent of access granted for 90 percent of user groups, entitlements, and existing roles. c. Review the risk profile for current access. d. Define “toxic” combination and SOD rules. Import them into the IGA platform. e. Import all identity and account baseline data that you have collected. f. Review all identity analytic information. g. Using the information, you have gathered, create a set of common business activities and roles based on the system and application risk scores. 3. Create business-driven activities with associated roles and entitlements within the IGA platform. 4. Perform a series of test campaigns to prepare business management, application owners, and the IT security team for the real automated certification campaigns. 5. Record campaign results. Review them with business management, auditors, application and system owners, and IT security. 6. Build continuous change mechanisms for easily adding or removing new applications and systems to the IGA framework and platform.
  • 16. © Copyright 2018 Good Dog Labs, LLC | 16 Conclusion Spend time upfront to implement a model that yields the lowest operational maintenance burden, is amenable to change, and is easy to understand from a business perspective. Build your access certification to be almost in real time if not in real time by leveraging Perseus IAM. Think continuous implementation cycles and ensure that you enable your applications with access governance capabilities. Implementations that do not emphasize business capability and focus on technical-driven models are not popular and tend to be complex and costly from both time and operational support perspectives. When looking for an automated IGA vendor, verify whether the vendor supports robust SCIM API and business-friendly campaigns based on business-friendly activities or process identifiers. Ensure that your automated IGA platform and processes are actionable from within the automation engine. For example, if a certification campaign identifies roles that should not be assigned to a person, or if it flags a toxic combination, the business manager should be able to immediately revoke access. This also works in reverse: if employees do not have the appropriate roles, they need to do their jobs, then the business manager should be able to immediately grant them access. The automated IGA system should have pre-built connectors for taking action on target systems and applications. Ideally, the IGA platform has an integrated identity and access Management platform for end-to-end management. Finally, ensure that you are implementing an IAM microservices platform such as Perseus IAM. Perseus IAM allows you to abstract the collection, correlation, transformation, and normalization of identity and platform data for establishing a dynamic and configuration-driven superset IAM metadata model that is applicable to your business. This high-performing layer is integrated into your existing IAM, IGA, and cybersecurity platforms, directories, and databases in real time. Consult with Good Dog Labs for details about Perseus IAM, which you can use as the platform for accelerating implementation of your IAM microservices. (Find Good Dog Labs contact information at the end of this document.) External Validation of the Perseus IAM Platform The Perseus IAM services platform approach to IAM is in line with industry analysts from a next- generation IAM perspective. Using our services platform, a global retailer has implemented remote-access two-factor authentication services and has integrated identity lifecycle events with its IGA platform. Additionally, Perseus IAM utilizes a next-generation microservices architecture for faster and nimbler delivery of IAM services. In conjunction with your IGA platform, Perseus creates a high-performing, resilient, and flexible end-to-end IGA services offering. In combination, the platforms reduce overall longer-term costs and provide your organization with the utmost flexibility in implementation styles.
  • 17. Contact Good Dog Labs Contact Good Dog Labs for more information on Perseus IAM. Email: sales@gooddoglabs.com Web Site: www.perseusiam.com Good Dog Labs, LLC 6 Blackstone Valley Pl #205 Lincoln RI 02865 Good Dog Labs, LLC 801 Barton Springs Rd Austin TX 78704 Authors: Dino Pietropaolo, Chief Technical Officer & Co-Founder dino@gooddoglabs.com Aldo Pietropaolo, Chief Executive & Co-Founder aldo@gooddoglabs.com Good Dog Labs, LLC. 401-495-6888