Simpler, Smoother och Smarter
Zecurity för affärsverksamhetens
ekosystem
Pekka Hagström
Business Area Manager Security
Enf...
Enfo Sweden AB

Enfo Zipper
Zecurity for business ecosystems
+ 25 Co

Hvide Sand,
Denmark

Drivers to enhance identity and access management
1.
2.
3.
4.

Internal users
External users...
Business drivers to enhance IAM – part 1
Streamline the administration of internal users
 Automate the flow of identity r...
Business drivers to enhance IAM – part 2
Streamline the administration of external users







Eliminate/reduce adm...
Business drivers to enhance IAM – part 3
Enable all online business and all online activities






Provide single-si...
Challenge – business based access in ecosystems
Business Ecosystem

Multi-tenant IAM is needed
Deposit bank
Payment Card
c...
Examples of federated identities in the ecosystem

External authentication
services

Employers of external
users

External...
ICT drivers to enhance IAM
Streamline your ICT architecture







Utilize commercial services instead of in-house d...
Alternative solution models
1. Propagation from HR into applications
2. Dynamic, business based access control
Conceptual IAM solution models
Master sources

Target systems

Dynamic access
control

Dynamic authentication &
authorizat...
Provisioning into target systems
Embedded
administration

Source for
internal users
HR

Service Management

Identity porta...
Conceptual model for dynamic access control
Service
Providers
Service
Consumers

3. Delegated Identity management

Foundat...
Services vs. customer specific development?
Cost comparison – service vs. on-premise
Total cost of risk

Economies of scale
Simpler, smoother, smarter ICT
Smarter ICT
Smoother ICT platform for business applications
Business Applications

Business...
Simpler, Smoother och Smarter Zecurity för affärsverksamhetens ekosystem - Smarter Business 2013
Upcoming SlideShare
Loading in …5
×

Simpler, Smoother och Smarter Zecurity för affärsverksamhetens ekosystem - Smarter Business 2013

911 views

Published on

Allt fler organisationer söker kostnadseffektivitet med att
externalisera arbetet i affärsprocesserna och då behövs
åtkomsthantering för företagets hela ekosystem. Med
självbetjäning, centraliserad behörighetshantering och
nya smarta molntjänster har Enfo löst detta hos Tele2,
Folksam med flera. Talare: Pekka Hagström, Business Area Manager, Security, Enfo Zipper Zecurity. Mer från dagen på http://bit.ly/sb13se

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
911
On SlideShare
0
From Embeds
0
Number of Embeds
17
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Sisäisten käyttäjien hallinnointi on perinteisesti toteutettu ensimmäisenäPaljon hajautettuja sovelluksia, Paljon vaihtuvuutta työntekijöissä, Paljon muutoksia työtehtävissäKallista, aikaa vievää, haavoittuvaa eikä täytä moderneja hallinnointivaatimuksiaAutomatisoida ja nopeuttaa prosessejaHajauttaa hallinnointiaTäyttää hallinnointivaatimukset
  • Kustannussäästö … käyttäjä- ja käyttöoikeustiedon operoinnin ulkoistusRiskienhallinta … asiakkaat vastaavat omien käyttäjiensä oikeuksistaAsiakastyytyväisyys … reaaliaikaisuus on nykyään PAKKO!Perinteisessä ulkoistuksessa on paljon parannettavaa … asiakas tilaa ja palveluntarjoaja operoi
  • KertakirjautuminenKaikkiin sovelluksiin Kaikilla tunnistamismenetelmilläMahdollistaa kaikki asiointimallitPerinteinen kuluttaja-asiakasYrityksen edustajaValtakirjaan perustuva pääsyKetjutettu pääsyLainsäädäntöön perustuva pääsy
  • Kuvitteellinen finanssiryhmä:EmoyhtiöUseita tytär- ja osa-omistus yhtiöitäUlkoisia palveluntarjoaja-yrityksiäSisäisiä ja pilvi-palveluitaFederaatioihin perustuva pääsynhallintaAsiakkailla on liikesuhteita usean ryhmään kuuluvan yrityksen kanssaYksi jaettu IAM-ratkaisu / IAM-ratkaisut kommunikoivat keskenään (federaatio):Jokaisella ryhmään kuuluvalla yrityksellä on pääsy omiin sidosryhmiinsäKeskitetty IAM-palvelukeskus voi hallinnoida kaikkea tietoa
  • Sisääntulevat federaatiot:TunnistusAsiakkuuden välitys (asiakas maksaa ostoksensa itse)Työntekijän välitysAsiakkuuden välitys (laskutus välittäjän kautta)Oman asiakkaan välitys (asiakas maksaa itse ostoksensa)Oman asiakkaan välitys (laskutus meidän kautta)Oman työntekijän välitys
  • Tuotepohjainen vs. kotitekoinen ratkaisuTuki modernille palvelupohjaiselle IT-arkkitehtuurilleYhteiset IAM-palvelut yksinkertaistavat sovelluskehitystä Älä keksi pyörää uudelleen joka sovelluksessa
  • New employee …New external developer …Changed job role …An employee quits … A customer starts to use an online service …An external user quits …
  • New employee …New external developer …Changed job role …An employee quits … A customer starts to use an online service …An external user quits …
  • Skaala-etu kehitys & käyttöpalveluissaSamoja palveluita käyttää useampi yritysRiskien kustannukset- Erikoistuneen IT-talon on halvempaa kantaa IT-riskit kuin tavallisen yrityksen
  • Simpler, Smoother och Smarter Zecurity för affärsverksamhetens ekosystem - Smarter Business 2013

    1. 1. Simpler, Smoother och Smarter Zecurity för affärsverksamhetens ekosystem Pekka Hagström Business Area Manager Security Enfo Zipper Zecurity © 2013 IBM Corporation
    2. 2. Enfo Sweden AB Enfo Zipper Zecurity for business ecosystems
    3. 3. + 25 Co Hvide Sand, Denmark Drivers to enhance identity and access management 1. 2. 3. 4. Internal users External users Online business models IT architecture
    4. 4. Business drivers to enhance IAM – part 1 Streamline the administration of internal users  Automate the flow of identity related data, from HR into various systems  Automate the adjustment to changes in job roles  Enforce access according to the job roles  Reduce processing /onboarding time for new employees  Simplify administrative procedures  Delegate administration to different organizational units so that they can administer their own users according to mutual agreements  Centralize the administration of internal users and federate them to external (cloud)services  Fulfill administrative requirements with traceability and audit reporting  Enhance the quality of identity-related data in different target systems
    5. 5. Business drivers to enhance IAM – part 2 Streamline the administration of external users       Eliminate/reduce administration costs Delegate all administration of external users to external stakeholders Ensure that external users have access only in accordance with their agreements Externalize the risks of administration external stakeholders Eliminate latency for changes to user / permission data Ensure ‘non-repudiation?' of all transactions conducted by external users
    6. 6. Business drivers to enhance IAM – part 3 Enable all online business and all online activities      Provide single-sign-on to all users to all applications/services/systems Enable access to all processes for external users (according to agreements) Enable login/authorization with federated external identities Provide seamless integration to external (cloud)services Enhance the business within your ecosystem – customers, partners, brokers, etc.
    7. 7. Challenge – business based access in ecosystems Business Ecosystem Multi-tenant IAM is needed Deposit bank Payment Card company Parent company Investment bank Insurance company Fund company Wealth management Credit bank External organization as a service provider Cloud services Embedded cloud services
    8. 8. Examples of federated identities in the ecosystem External authentication services Employers of external users External partners Cloud services Company External partners
    9. 9. ICT drivers to enhance IAM Streamline your ICT architecture       Utilize commercial services instead of in-house development Externalize the risks associated with internal solutions and maintenance Avoid dependencies to specialized IT-resources Provide modern claim-based access control services to new services/applications Integrate your existing (target) applications with source systems (i.e. HR) Externalize login into a common SSO service
    10. 10. Alternative solution models 1. Propagation from HR into applications 2. Dynamic, business based access control
    11. 11. Conceptual IAM solution models Master sources Target systems Dynamic access control Dynamic authentication & authorization based on attributes Business processes Service 1 HR (1) HR (2) CRM (1) CRM (2) IdM Processes IdM Portal Service 2 ABAC Authentication and authorization based on centralized data (AD) IdM DB AD Application 3 Application 4 Provisioning into target applications Application 1 Application 2 Local authentication and authorization based on local replicated data
    12. 12. Provisioning into target systems Embedded administration Source for internal users HR Service Management Identity portal HR 1 Customers Intranet Service mgmt HR 2 Master data Centralized administration Web services IdM admin app IdM AD IdM Synch. engine Cloud Applications Access Management Who gets access to what, on behalf of whom? LDAP
    13. 13. Conceptual model for dynamic access control Service Providers Service Consumers 3. Delegated Identity management Foundation for entitlements Service agreements Business integrity 2. Business agreements as a foundation for access Access Object User User account Permission A person can act as multiple users Person Online Services Implicit & explicit attributes Application 1. e-Service management
    14. 14. Services vs. customer specific development?
    15. 15. Cost comparison – service vs. on-premise Total cost of risk Economies of scale
    16. 16. Simpler, smoother, smarter ICT Smarter ICT Smoother ICT platform for business applications Business Applications Business processes Business Portals Simpler with common services Application services Service Desk Smart Integration services Workstation services value-added security services Security Services Communication Services Asset management Infrastructure services Business intelligence & Billing services

    ×