Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Building an Effective Identity Management Strategy


Published on

Very few organizations do identity management as effectively as they could.

They have trouble developing effective methods for provisioning new users, de-provisioning old users, updating access privileges as users move around the organization, and automating the user change and configuration processes.

This presentation by identity and access management (IAM) experts, Adrian Lane, CTO and analyst at Securosis, and Rick Wagner, director of product management at NetIQ covered key elements of building a strong IAM strategy and the leading industry practices behind those strategies.

Originally presented as a UBM TechWeb DarkReading webinar the on-demand version will be available at: until July 1st 2013.

Published in: Technology
  • Be the first to comment

Building an Effective Identity Management Strategy

  1. 1. Building an EffectiveIdentity Management Strategy   Webcast A Dark Reading Sponsored by
  2. 2. Today’s Presenters Erik Sherman Moderator Adrian Lane Analyst & CTO  Securosis  Rick Wagner Director  Product Management  Identity and Access Governance  NetIQ
  3. 3. Presents Building an IAM Management StrategyAdrian Lane
  4. 4. Objectivity DisclaimerThis is a sponsored webcast, but all of the content is developed  independently and represents Securosis  objective research  positions.  For more information about our Totally Transparent Research  process, visit: 
  5. 5. Outline• IAM in context• Trends and Issues• Deployment Strategies• Key Questions & Recommendations
  6. 6. When IAM was easier
  7. 7. ProliferationIdentity & Access Management
  8. 8. Do more with less…
  9. 9. The Cloud…
  10. 10. …has many faces…
  11. 11. …and many characteristics
  12. 12. And let’s not forget mobile  identity…
  13. 13. What’s changed?• External cloud services forever alters  IAM – forces changes• Both customers & employees using  internal & external resources• Constant pressure to do more with less  has IT ops looking for streamlined  solutions• These changes make it very difficult to  manage identity & authorization across  the enterprise
  14. 14. Which is another way tosay you have more to do, in a more complex environment, so you’d better automate!
  15. 15. Exactly Opposite• Need to distribute policy decisions & enforcement• Need to centralize management
  16. 16. Terms and Definitions
  17. 17. Concepts
  18. 18. Federation and Identity
  19. 19. Authorization and Access ManagementPolicy DecisionPolicy Decision Policy Policy Point Point Enforcement Point Enforcement Point (PDP) (PDP) (PEP) (PEP)Determines the RulesDetermines the Rules Enforces the Rules Enforces the Rules
  20. 20. What is your strategy?
  21. 21. Deployment Strategies• Replication Model• Federation Model• Emerging Hybrids
  22. 22. Replication & Synchronization Document Management Partner Services Off-site Backup Remote Web Services HR Financial Systems In-house Directory Services
  23. 23. Federation Software as a Service Approved User Un-approved user Remote Internal User Federation Extensions In-houseDirectory Services
  24. 24. Hybrids SAML Identity As A Service XACML IaaS Provider Cloud SPML Vendor API SCIM Web Services HR Financial Systems Federation Extensions In-houseDirectory Services
  25. 25. InterfacesIdentity / Attribute Providers Identity / Attribute Providers Central Broker Proxy or Repository Service Providers Service Providers
  26. 26. Quick Word on IAM Standards
  27. 27. Key Identity Management Questions• How do we manage user accounts across multiple internal/external apps?• Do we replicate directory services?• How do we deal with cloud provider identity management & interfaces?• How do we link internal & external functions?
  28. 28. Key AccessManagement Questions• How do we integrate with internal apps? Cloud apps? Mobile apps?• How do we enforce policy?• Do we have granular controls?• Where do authorization maps reside?• Who initiates authorization requests?
  29. 29. Provisioning Courtesy of Axiomatics
  30. 30. Key Provisioning Questions • User registration & identity propagation • Account revocation • Identity Management • De-provisioning • Auditing
  31. 31. Recommendations• Centralized management framework• Leverage models that work for cloud and local• No one ‘right’ strategy for all customers• Select model that maximizes automation• Understand that management and storage is likely shared responsibility
  32. 32. IAM Recommendations• Use Federated Identity to authenticate locally and authorize remotely• Define authoritative sources for policies – often HR instead of standard directory services• Determine if providers supports roles and attributes
  33. 33. Adrian Lane Securosis, Twitter: AdrianLane
  34. 34. Building an IAMManagement StrategyUsing NetIQ Identity & Access GovernanceProductsRick WagnerDirector, Product
  35. 35. Key Elements of “Access” – the Verb Right People, Right Access, Right Time, Right Business Purpose Elements of Identity - Who/What are you? - Name, location, etc. - Roles/Privilege - Title, Manager, etc. - Relationship to business - Employee, Contractor, etc.36 © 2012 NetIQ Corporation. All rights reserved.
  36. 36. Key Elements of “Access” – the Verb Right People, Right Access, Right Time, Right Business Purpose Access is a Relationship - Applications - Systems - Data - Resources - Physical Facilities37 © 2012 NetIQ Corporation. All rights reserved.
  37. 37. Key Elements of “Access” – the Verb Right People, Right Access, Right Time, Right Business Purpose Access Utilization - Is activity aligned to roles and policy - Orphans, dormant access and entitlement creep - Privileged access control - Distinguish attacker from insider activity38 © 2012 NetIQ Corporation. All rights reserved.
  38. 38. Right Access Requires Proper Context What, Where, Why and When add critical value to the Who What is being Who has access to what? accessed? When was the Where is the access granted? access originating from?Is the access appropriate? Why was the access granted? 39 © 2012 NetIQ Corporation. All rights reserved.
  39. 39. What is “Right” Varies By Organization Moving at the speed of business vs. mitigating business risks Flexible Manageable40 © 2012 NetIQ Corporation. All rights reserved.
  40. 40. What Are Your Priorities and Needs? Modular, Integrated Solutions – Start Where Your Need is Greatest Mana ibility geab Flex ility Key Capabilities To Deliver Business Centric Access Access Access Delegated Access Request Certification Administration Administration Access Fulfillment User Authorization Privileged Single Sign-on Access Authentication Enforcement Management Access Authorization Dashboards, Security & Activity Forensic Log Management Risks & Trends Intelligence Analytics & Reporting Reporting Access Monitoring41 © 2012 NetIQ Corporation. All rights reserved.
  41. 41. Identity Management MarketDriven by IT Identity Management //User Provisioning Identity Management User Provisioning• Improve operational efficiency • Automated on boarding / off boarding • User management / self-service• Security and Compliance • Automated policy enforcement Identity • Reporting Administration 2002 2004 2006 2008 2010 2012 2014 and • Improved user interface Governance • Simplified interface for non-IT business users • Quick time to value – aggregation vs. integration • Access certification to achieve compliance objectives • Immediate business need Driven by the business Access Governance Access Governance 42 © 2012 NetIQ Corporation. All rights reserved.
  42. 42. Identity Administration & Governance 2012 2013 2014 2015 2016 Industry leading provisioning •Manual •Semi-automated •Fully automated Access governance •Access certification •Access requestIdentity Administration & Identity Administration & •Role management Governance Governance •Risk monitoring On-demand Anomaly Detection •Continuous compliance •Dynamic transparency Identity Intelligence •Information you need, when you need it to make better business decisions43 © 2012 NetIQ Corporation. All rights reserved.
  43. 43. The Evolving Marketplace Identity Intelligence and Business Visibility44 © 2012 NetIQ Corporation. All rights reserved.
  44. 44. Identity Intelligence 3600 View of Identity and Access45 © 2012 NetIQ Corporation. All rights reserved.
  45. 45. Nearly 7,000 Customers46 © 2012 NetIQ Corporation. All rights reserved.
  46. 46. This document could include technical inaccuracies or typographical errors. Changes areperiodically made to the information herein. These changes may be incorporated in neweditions of this document. NetIQ Corporation may make improvements in or changes to thesoftware described in this document at any time.Copyright © 2013 NetIQ Corporation. All rights reserved.ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, thecube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain MigrationAdministrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group PolicyGuardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit,PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite,Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQCorporation or its subsidiaries in the United States and other countries.
  47. 47. Q&A Erik Sherman Moderator Adrian Lane Analyst & CTO Securosis Rick Wagner Director Product Management Identity and Access Governance NetIQ
  48. 48. Learn More at • Access informative white papers: – “Navigate the Future of Identity and Access Management,” by Eve Maler, Forrester Research – – “Identity and Access Governance – Bringing IT and Business Together,” NetIQ – • Continue the conversation! – – 4949 © 2012 NetIQ Corporation. All rights reserved.