Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Identity Coherence - Part 1

132 views

Published on

Identity Coherence provides the conceptual framework critical to the success of serious IAM initiatives. Not every organization needs to invest equally in each leverage area, but it’s to your benefit to consciously consider where you will direct your investments so that you can create the strategic IAM program your business needs to be successful and scale.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Identity Coherence - Part 1

  1. 1. Identity Coherence May 5, 2016 Steve Tout @stevetout Forte Advisory @forteadvisory
  2. 2. @st e v e t o ut @f o rt e ad v i so ry YourBusiness • Data breach costs jumped 23% in two years • Productivity loss in $10s of millions annually • Customer attrition • Fines & litigation • Loss of IP • Customer & employee expectation of privacy • Susceptible to phishing and social engineering • Less than 0.5% unemployment • Politics undermine success • 34% actively looking for new job opportunities • Legacy systems increase risk • Interoperability often lacking • Shadow IT • Emerging technologies coming at accelerated pace o IoT o Micro-services o Big data • Complexity still a problem • Internet-connected devices expected to reach 50B by 2020 Economic Social Technological The writing on the wall
  3. 3. @st e v e t o ut @ f o r t e a d v i so r y Challenges with Managing IAM • Too many products put a burden on operations • End-of-life systems need to be retired • Provisioning embedded into applications • Dependency on legacy SOA frameworks • Challenges auditing (ID & access) provisioning systems • Unauthorized and over privileged access • A lack of executive sponsorship
  4. 4. @st e v e t o ut @ f o r t e a d v i so r y Is IAM a project or a program in your company? Identity Coherence provides the conceptual framework critical to the success of serious IAM initiatives. Not every organization needs to invest equally in each leverage area, but it’s to your benefit to consciously consider where you will direct your investments so that you can create the strategic IAM program your business needs to be successful and scale.
  5. 5. Why Identity Coherence? • IAM is more than SSO and technology • IT & business leaders too focused on the tactical • Today’s “consultants” are not really consultants, but in-placement specialists • VP-level folks such as CISO or CIO do not have the visibility or a full understanding of the impact that IAM has on the business # I d e n t i t y Co h e r e n c e @st e v e t o ut @f o r t e a d v i so r y The whole is greater than the sum of its parts. –Aristotle
  6. 6. @st e v e t o ut @f o r t e a d v i so r y Learning Imperatives • The upfront work needed to modernize IAM, including strategy, architecture, operations and innovation • The new realities that have dramatically changed the way we do IAM today • The momentum factors that will either propel your efforts forward within your organization or stop you dead in your tracks • The reason culture and talent are so critical to the success of IAM and business
  7. 7. Focus on Identity Coherence Culture Strategy Architecture InfoSec GRC CX Integration InnovationOps Federation Talent PMO # I d e n t i t y Co h e r e n c e @st e v e t o ut @f o r t e a d v i so r y
  8. 8. CX, Federation & InfoSec # I d e n t i t y Co h e r e n c e @st e v e t o ut @f o r t e a d v i so r y CUSTOMER EXPERIENCE – Delivering the right experience, to the right people, in the right place at the right time that provide a seamless conversion and renewal experience to customers. E.g. Customer IAM FEDERATION – Links provisioning and access; integrates sales, marketing, support and so forth across a multi-vendor, multi-cloud landscape. INFOSEC – Delivering the right access, to the right people, in the right place at the right time to ensure least privilege access, privilege access management and SOD are enforceable.
  9. 9. @st e v e t o ut @f o r t e a d v i so r y Customer Journey Try Purchase Use EngageActing Doing Thinking Feeling Overall Downloading trial software Register contact profile Activate account with 2-Step registration Online checkout Contact sales Click to chat Buy more licenses Activate a new service subscription Become a enterprise customer Install & register software Manage on-prem to cloud Migrate AD to cloud/SaaS portal Delegate administration Promote user to Admin (delegate) Register for supportforums Contact support Register for a conference Become a partner Do I have to register to download this? Does my login from 2 years ago still work? Does my cloud login work for this? Is this a global ID? Do I login in order to obtain a license or activate my subscription? Will tenant cloud know who I am or do I have to register again? How will I sync or migrate my users to tenant cloud? Do I use my local account or my enterprise credentials to login to cloud? How will I login to tenant cloud? How can I assign access to others within my organization? Can I audit who has access to my tenant? Does my enterprise login ID work for support? Do I have to register a new account for conference attendance? How do I access Partner Portal? Consistent messaging & UI and central login builds confidence and trust Enterprise respected my privacy and did not ask for too much information My authentication experience is the same now as it was during evaluation period I have visibility into new products and services that my identity is allowed to see and purchase Happy that enterprise recognizes my identity across all of its products and services Enterprise provides me with the tools I need to monitor and manage my users Excited that the enterprise really knows me and correctly identifies me in every context of interaction I will recommend to my colleagues based on my experiences Confidence Helpfulness Confidence Helpfulness Confidence Helpfulness Confidence Helpfulness The larger a company gets, often the harder it becomes to do business with.
  10. 10. KPI Description Pre Transformation Post Transformation Impact Total time spent logging into various enterprise applications each day 30 seconds 10 seconds Reduce time spent on login by 66% Total time spent logging into various applications per year (using 230 working days) 115 hours 38 hours Reduce time spent on login by 77 hours annually per user Average hourly rate $75/hr $75/hr Number of users affected 16000 16000 @st e v e t o ut @f o r t e a d v i so r y ($75 x 39 hours) x 16000 employees = $92.5M redirected through productivity enhancements alone Economic Impact on Productivity
  11. 11. @st e v e t o ut @f o r t e a d v i so r y Federated IAM Externally hosted Internally hosted Attribute services Directorysync Access Gateway AuthZ query AuthN Entitlementpush Identity Hub IDM Sales/ Mktg HR ERPAD Portals GRC E.g. O365, Salesforce, Workday, Okta, Google Apps FederatedSSO IDaaSCASB
  12. 12. @st e v e t o ut @f o r t e a d v i so r y Integrated IAM & GRC • Streamline access review and certification • Business rules driven identity & access provisioning • Automate the join/move/leave process • Simplify compliance audit and readiness (we want to audit the IAM processes, not the applications or data) Identity HubGRC
  13. 13. @st e v e t o ut @f o r t e a d v i so r y SIEM in the Cloud Service Provider IAM Cloud Access Security Broker • Policy enforcement point • On-prem or cloud-based proxy • Data encryption & tokenization • Enforce DLP policies • User behavior analytics Risk & Threat Services • Real-time visibility • Machine learning • Security configuration management • Predictive analytics • Automated incident response CASB
  14. 14. @st e v e t o ut @f o r t e a d v i so r y Risk Driven IAM • IAM projects fail or stall because of a lack of strategy, which increases risk to the business • With dozens of priorities competing, make sure IAM initiatives are aligned to C suite and the business • The IAM program will be under funded, under utilized and under performing without strong dedicated leadership • Leverage IAM initiatives and capabilities to reduce the number of credentials and identity stores How do corporate politics and directors with big egos affect your security posture?
  15. 15. @st e v e t o ut @f o r t e a d v i so r y 2 ROIs Return on Investment • Increase revenues • Improve employee productivity • Reduce risk • Avoid fines • Reduce costs Risk of Ignoring • Loss of competitive advantage • Loss of IP • Breach customer PII • Increase customer churn • Reputational damage • Missed earnings
  16. 16. @st e v e t o ut @f o r t e a d v i so r y Key Takeaways • Get business stakeholders and end users involved in your assessment to quantify IAM impact on productivity and CSAT • Engage your risk management and business stakeholders to inform and prioritize IAM initiatives • Use systems thinking to look at IAM from end-to-end, not just within a department • Don’t let consultants die at your company – expect transformation, not just sustaining life support • Integrate IAM with GRC and CASB for near continuous compliance and risk reduction Are you planning for massive results in your IAM program in 2016, or are you responding to last year's problems today?
  17. 17. Thank You! Follow us online at: Steve Tout @stevetout @forteadvisory www.forteadvisory.com

×