Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The 4 Web Access Management Problems that Lead to Regulatory Fines (SlideShare)

326 views

Published on

http://www.IDMChecklist.com
The 4 Web Access Management Problems that Lead to Regulatory Fines (SlideShare).
SOX rules on web access management are clear. Is your firm at risk for regulatory fines?
Copyright (C) InfraMatix. All worldwide rights reserved.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

The 4 Web Access Management Problems that Lead to Regulatory Fines (SlideShare)

  1. 1. Courtesy of InfraMatix http://www.IDMChecklist.com The 4 Web Access Management Problems that Lead to Regulatory Fines
  2. 2. The legislation reads, in part, that a company must verify Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  3. 3. “…company transactions are properly authorized, recorded, and reported according to GAAP, and that assets are safeguarded from unauthorized use.” Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  4. 4. The optimal word here is “authorized” Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  5. 5. Web access management tools, like Oracle Access Manager or CA Single Sign-On, check two items: Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  6. 6. Credentials Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  7. 7. Credentials are the user ID and password Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  8. 8. Authorization Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  9. 9. Authorization is the process of checking the user for proper authority to access the application Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  10. 10. In identity management (IDM) systems, this authorization is usually driven by “roles” Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  11. 11. Roles are an abstraction that sets the attributes, groups, and DN (Distinguished Name) of the user in LDAP (Lightweight Directory Access Protocol) Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  12. 12. or Active Directory (e.g., title=VP; cn=banking; ou=operations, dc=company, dc=com) Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  13. 13. Web Access Management Mistakes Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  14. 14. There are two general areas where a single sign-on, web access system can go wrong with regards to granting access: Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  15. 15. (1)problems in the access management tool itself Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  16. 16. (2) problems with user provisioning Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  17. 17. Replication and Sync Issues Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  18. 18. In a high-availability environment, the web access manager load balances between LDAP or Active Directory user stores Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  19. 19. These can have latency issues with replication Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  20. 20. A change made in one server might not make it to another server for several hours Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  21. 21. Offboarding Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  22. 22. Any technical or procedural problems with the IDM system will leave people with access they should not have Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  23. 23. Lack of a Common Approach Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  24. 24. When the web access manager is responsible for authorization, Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  25. 25. risks can be prevented unless the policies in the access manager are driven by roles granted by an IDM system Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  26. 26. Proprietary Provisioning Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  27. 27. If the web access manager handles authorization for those, then these ERP systems need to replicate the roles in those systems to the common user store Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  28. 28. Bottom Line Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  29. 29. The take away message here is that a web access management system should be coupled with some kind of IDM system in order to reduce the kinds of errors listed above Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  30. 30. and, ultimately, regulatory fines Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  31. 31. This gives one system control over the data used as the source for web access management Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  32. 32. What is yourexperience with web access management products? Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  33. 33. Please share yourthought in the Comments box below. Sponsored by http://www.IDMChecklist.com Veera Sandiparthi Founder of InfraMatix
  34. 34. Copyright © InfraMatix Is Your Company Adequately Protected from Security Risks? Download the Free 8 Point Identity Management Checklist Now at http://www.IDMChecklist.com

×