Flaws in Identity Management and How to Avoid Them

1,691 views

Published on

At the IDC CIO Summit 2010, Singapore, Haf Saba, Senior Solutions Specialist at NetIQ, presented this session around Identity & Access Management and Security.

Read the accompanying blogs at: http://community.netiq.com/blogs/

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,691
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Promise - Here’s how you fix that problem, manage the identities of your people, control what they can access and monitor what they are doing with their access.
  • Standardizing the administration of your heterogeneous environment through Active Directory will reduce the amount of time your team spends administering identities and securing other operating systems.
  • Explain situation, who buyers & influencers were, and how needs were uncovered.
  • Explain situation, who buyers & influencers were, and how needs were uncovered.
  • Flaws in Identity Management and How to Avoid Them

    1. 1. Flaws in Identity Management and How to Avoid Them<br />Haf Saba<br />Senior Solutions Specialist, NetIQ, Asia-Pacific<br />July 2010<br />
    2. 2. Security in Identity Management<br />Flaws<br />IAM as an enabler<br />Case Studies<br />Agenda<br />
    3. 3. Security as it relates to Identity Management<br />3<br />
    4. 4. The Issue:<br />Remove the employee, but neglect their access and equipment<br />Need to Integrate with Human Resources<br />Tight integration ensures faster response<br />Automated workflows are the safest approach<br />Must ensure best practices are followed:<br />Remove access<br />If access is maintained, monitor closely<br />Ensure all accounts are dealt with<br />Watch for shared accounts<br />Be prepared to raise level of activity monitoring<br />Flaw #1 - Employee De-provisioning<br />4<br />
    5. 5. The Issue:<br />Too many independent platforms with their own unique access<br />Flaw #2 – Lack of Centralised Identity Management<br />Leverage Active Directory<br />5<br />
    6. 6. The Issue:<br />Too many independent platforms with their own unique access<br />Flaw #2 – Lack of Centralised Identity Management<br />Leverage Active Directory<br />6<br /><ul><li>Eliminate access controls at system & application level
    7. 7. Reduce inconsistency
    8. 8. Reduce vulnerabilities
    9. 9. Consolidate access controls at the directory service
    10. 10. Consistent security and configuration policies
    11. 11. Enables business process and secure infomation sharing</li></li></ul><li>The Issue:<br />Reduce the number of administrators<br />Help eliminate the risk of accidents<br />More tightly manage who can do what<br />Improve auditing<br />Streamline and simplify compliance<br />Flaw #3 - No Secure Privilege Delegation<br />7<br />
    12. 12. Excessive numbers of Admins remains a common audit finding<br />Records stolen are via credentials that were:<br />Default<br />Shared<br />Stolen<br />Flaw #3 - No Secure Privilege DelegationToo many admins, too little control<br />8<br />“Out of date and/or excessive privileged and access control rights for users are viewed as having the most financial impact on organisations.”<br />– IDC Insider Risk Management August 2009<br />
    13. 13. Centralised IAM in the Real World<br />COMPLIANCE<br />Audit & Report<br />IncreaseControl<br />Active Directory<br />ESX<br />Detect & Resolve Incidents<br />Mac<br />Unix<br />Linux<br />Windows<br />Decrease Workload<br />
    14. 14. Company Snapshot<br />Growing company<br />Manage thousands of servers in over 2900 locations<br />Face many compliance mandates<br />Key Challenges<br />Consolidate vendors & securely administer Active Directory <br />Too many vendors providing point solutions<br />Had problems with integrity of their billing (per user)<br />High turnover in their admin positions<br />NetIQ identifies the need<br />Achieve and maintain regulatory compliance<br />Streamline administration while enforcing security controls<br />Quickly perform forensics analysis when a problem occurs<br />“Minimize self-inflicted wounds”<br />Case Study #1Managed IT Service Provider for Fortune 1000 Companies<br />
    15. 15. Company Snapshot<br />Focus on defense, homeland security and other markets<br />73,000 employees globally<br />COMPLEX environment (70 domain controllers in the U.S alone, 700 GPOs, 23 AD Sites, 105k Computer Objects, 80k user accounts, 25k Groups and 100 Administrators)<br />Key Challenges<br />Lower costs of administering and securing Active Directory and Group Policy<br />Improve Security and Compliance of the AD and Group Policy environments <br />NetIQ identifies the need<br />Achieve efficiencies through delegation and automation<br />Improve security by reducing privileges and controlling Group Policy management<br />Meet compliance through auditing and reporting<br />Case Study #2Technology and Innovation Government Contractor<br />
    16. 16. Abuse and misuse of privilege is a risk<br />Reduce risk by securely managing the identity<br />Automate provisioning and de-provisioning<br />Consolidate identity management<br />Reduce unnecessary administrative privilege<br />Integrate identity management and security<br />Stop by our booth for more information!<br />Summary<br />12<br />
    17. 17. Thank You!<br />For information on NetIQ’s Identity Management solutions visit www.netiq.com<br />

    ×