SlideShare a Scribd company logo

IAM Role Management

Download as PPT, PDF
S
sgjense

Role management

TechnologyBusiness
1 of 17
Identity and Access Management 10 Steps to Role-based Access Control Steve Jensen Senior Director and Chief Information Security Officer Blue Cross Blue Shield of Minnesota
Identity Lifecycle Management Business Requirements > The ability to request and review access in terminology understood by the business. > Speed up the on boarding process. > Role based access control
Complexity of IT Security Directories Systems and Servers Applications and Tools Databases Software as a Service Active Directory Mainframe SAP DB2 MeDecisions Novell E-Directory z/Linux Lotus Notes IMS Salesforce.com Lotus Notes Directory Unix STAR Oracle Vurv SAP Employee Directory Microsoft Focus SQL Centreq 10+ 600+ 300+ 100+ 20+ Users  Groups  Permissions Resources
Terminology > Application Role – A functional role that a user plays when utilizing a business application or interfacing with an infrastructure component. – Specific to a single application – For example, roles for a HR recruiting application > Human resource recruiter > Human resource benefit’s specialist > Hiring Manager > Approver > Clerk > Enterprise Role – A combination of application roles that when combined, give a person the access required to do their job across all applications they access.
Our Solution: Identity Lifecycle Management Establish App. Role Management Establish Ent. Role Management Segregation of Duties Management Conduct Control Review New Request System New Request System Conduct Control Review Establish ID Warehouse
Step 1 – Create an identity warehouse > Leverage purchase by quick-win – password self- service functionality > Platform coverage should be a key purchasing decision > You will still need to build custom feeds – Legacy systems – Externally hosted systems – Proprietary security systems > Move to directory services whenever possible > Don’t just buy an IAM suite for “automated provisioning”. Focus on role management
Step 2 – Establish enterprise role management > Either design/build or purchase a role management product > Ensure product can meet business requirements > Include role management, role mining, and role attestation as bare-bones minimum requirements > Plenty of choices now on the market
Step 3 – Define application roles > Create application roles – Don’t attempt enterprise roles on day one – Don’t attempt to link roles to HR > Map one or more access groups into application roles. Leverage documentation, group comments, and group description fields > Add entitlements to provide flexibility > Combine like entitlements that have been applied on multiple platforms
Step 4 – Conduct online role attestation > Validate the assignments of application functionality to users > Must be in business terms – No acronyms – No technical terms – No security specific terms > Provide timely adjustments
Step 5 – Adjust request system > Change your request system to request via application roles instead of “IT technical lingo” > Immediate business value > Generate processes to keep role management in synch > Can show what access is in place, and they can add checks, or remove checks > My advice – do not make automated provisioning your goal just yet
Step 6 – Create enterprise roles > Go to each line of business with a plan > Assign role ownership – usually the manager > Allow for multiple enterprise roles per person > Advice – don’t try to align with HR job codes > KISS - Don’t focus on keeping roles to a minimum – you have role management software to deal with the complexity. > Adjust your role approval processes
Step 7 – Transparency - Conduct online role attestation > Validate the assignments of enterprise roles to users > Must be in business terms – No acronyms – No technical terms – No security specific terms > Provide drill-down capabilities to application roles
Step 8 - Adjust request system (again) > Change your request system to request a enterprise roles instead of application role > New request type – grant access of an enterprise role to an application role. > Tremendous business value > Generate processes to keep role management in synch > Again, show what access is in place, and they can add checks, or remove checks > Automation of provisioning is best done at this phase
Step 9 – Segregation of Duties Analysis > Solicit from internal audit > Solicit from risk management > Provide mutually exclusive application roles and do not allow a enterprise role to have both
Step 10 – Leverage and Measure > Apply role management from internal employees to address customers, suppliers, business partners, etc.
The transformation of access After STEP 1 (2007 - Obscure Technical Lingo) SA_ACCTRECCLK SAS_CML_GROUP_6 CARSVIEW … After STEP 3 (2008 - Application Roles) •Select Account (SAM) Accounts Receivable Clerk Access •Compliance Audit Review & Reporting System (CARS) - View Access •… After STEP 6 (2009 - Enterprise Roles) Select Account Receivable Clerk
Questions?

Recommended

Implementation and Post Go Live Managed Services
Implementation and Post Go Live Managed Services Implementation and Post Go Live Managed Services
Implementation and Post Go Live Managed Services Amit Panchal
 
Building a Data-Driven Culture
Building a Data-Driven CultureBuilding a Data-Driven Culture
Building a Data-Driven CultureLucas Neo
 
FINAL PROJECT REPORT1
FINAL PROJECT REPORT1FINAL PROJECT REPORT1
FINAL PROJECT REPORT1waqar younas
 
SRS for student database management system
SRS for student database management systemSRS for student database management system
SRS for student database management systemSuman Saurabh
 
Blood donor managment system
Blood donor managment systemBlood donor managment system
Blood donor managment systemAfsarah Jahin
 
Data analytics and powerbi intro
Data analytics and powerbi introData analytics and powerbi intro
Data analytics and powerbi introBerkovich Consulting
 
Bank Management System Desktop Application
Bank Management System Desktop Application Bank Management System Desktop Application
Bank Management System Desktop Application Ibadullah Khan
 
Hospital Management System Project
Hospital Management System ProjectHospital Management System Project
Hospital Management System ProjectSanjit Yadav
 

Recommended

Implementation and Post Go Live Managed Services
Implementation and Post Go Live Managed Services Implementation and Post Go Live Managed Services
Implementation and Post Go Live Managed Services Amit Panchal
 
Building a Data-Driven Culture
Building a Data-Driven CultureBuilding a Data-Driven Culture
Building a Data-Driven CultureLucas Neo
 
FINAL PROJECT REPORT1
FINAL PROJECT REPORT1FINAL PROJECT REPORT1
FINAL PROJECT REPORT1waqar younas
 
SRS for student database management system
SRS for student database management systemSRS for student database management system
SRS for student database management systemSuman Saurabh
 
Blood donor managment system
Blood donor managment systemBlood donor managment system
Blood donor managment systemAfsarah Jahin
 
Data analytics and powerbi intro
Data analytics and powerbi introData analytics and powerbi intro
Data analytics and powerbi introBerkovich Consulting
 
Bank Management System Desktop Application
Bank Management System Desktop Application Bank Management System Desktop Application
Bank Management System Desktop Application Ibadullah Khan
 
Hospital Management System Project
Hospital Management System ProjectHospital Management System Project
Hospital Management System ProjectSanjit Yadav
 
Online blood bank management system
Online blood bank management systemOnline blood bank management system
Online blood bank management systemskk4646
 
Business Analytics
Business AnalyticsBusiness Analytics
Business AnalyticsJignesh Kariya
 
Hospital mangement system report file
Hospital mangement system report fileHospital mangement system report file
Hospital mangement system report fileNausheen Hasan
 
Inventory Managment
Inventory ManagmentInventory Managment
Inventory Managmentsai prakash
 
Business Analysis - Essentials
Business Analysis - EssentialsBusiness Analysis - Essentials
Business Analysis - EssentialsBarbara Bermes
 
Microsoft Intune - Global Azure Bootcamp 2018
Microsoft Intune - Global Azure Bootcamp 2018Microsoft Intune - Global Azure Bootcamp 2018
Microsoft Intune - Global Azure Bootcamp 2018JoTechies
 
Productionalizing Machine Learning Solutions with Effective Tracking, Monitor...
Productionalizing Machine Learning Solutions with Effective Tracking, Monitor...Productionalizing Machine Learning Solutions with Effective Tracking, Monitor...
Productionalizing Machine Learning Solutions with Effective Tracking, Monitor...Databricks
 
Advanced Topics In Business Intelligence
Advanced Topics In Business IntelligenceAdvanced Topics In Business Intelligence
Advanced Topics In Business Intelligenceguest1a9ef2
 
Configuration Management
Configuration ManagementConfiguration Management
Configuration ManagementSaqib Raza
 
Online doctor appointment
Online doctor appointmentOnline doctor appointment
Online doctor appointmentAmna Nawazish
 
Faculty evaluation system
Faculty evaluation systemFaculty evaluation system
Faculty evaluation systemEdwin Marquez
 
java Project report online banking system
java Project report online banking systemjava Project report online banking system
java Project report online banking systemVishNu KuNtal
 
Book store Black Book - Dinesh48
Book store Black Book - Dinesh48Book store Black Book - Dinesh48
Book store Black Book - Dinesh48Dinesh Jogdand
 
ONLINE BLOOD BANKING SYSTEM
ONLINE BLOOD BANKING SYSTEMONLINE BLOOD BANKING SYSTEM
ONLINE BLOOD BANKING SYSTEMAkansha Soni
 
Edge AI Framework for Healthcare Applications
Edge AI Framework for Healthcare ApplicationsEdge AI Framework for Healthcare Applications
Edge AI Framework for Healthcare ApplicationsDebmalya Biswas
 
Class Diagrams
Class DiagramsClass Diagrams
Class DiagramsMubariz Hamza Aslam
 
SRS
SRSSRS
SRSNerenraj1
 
online Blood Bank management system
online Blood Bank management system online Blood Bank management system
online Blood Bank management system amarsajid
 
IIS interview questions and answers
IIS interview questions and answersIIS interview questions and answers
IIS interview questions and answersInterviewwiz
 
Hospital management system
Hospital management systemHospital management system
Hospital management systemRai Saheb Bhanwar Singh College Nasrullaganj
 
Transforming IT - ITaaS Onboarding
Transforming IT - ITaaS OnboardingTransforming IT - ITaaS Onboarding
Transforming IT - ITaaS OnboardingJerry Jermann
 
Surya_CV
Surya_CVSurya_CV
Surya_CVSurya Pal
 

More Related Content

What's hot

Online blood bank management system
Online blood bank management systemOnline blood bank management system
Online blood bank management systemskk4646
 
Hospital mangement system report file
Hospital mangement system report fileHospital mangement system report file
Hospital mangement system report fileNausheen Hasan
 
Inventory Managment
Inventory ManagmentInventory Managment
Inventory Managmentsai prakash
 
Business Analysis - Essentials
Business Analysis - EssentialsBusiness Analysis - Essentials
Business Analysis - EssentialsBarbara Bermes
 
Microsoft Intune - Global Azure Bootcamp 2018
Microsoft Intune - Global Azure Bootcamp 2018Microsoft Intune - Global Azure Bootcamp 2018
Microsoft Intune - Global Azure Bootcamp 2018JoTechies
 
Productionalizing Machine Learning Solutions with Effective Tracking, Monitor...
Productionalizing Machine Learning Solutions with Effective Tracking, Monitor...Productionalizing Machine Learning Solutions with Effective Tracking, Monitor...
Productionalizing Machine Learning Solutions with Effective Tracking, Monitor...Databricks
 
Advanced Topics In Business Intelligence
Advanced Topics In Business IntelligenceAdvanced Topics In Business Intelligence
Advanced Topics In Business Intelligenceguest1a9ef2
 
Configuration Management
Configuration ManagementConfiguration Management
Configuration ManagementSaqib Raza
 
Online doctor appointment
Online doctor appointmentOnline doctor appointment
Online doctor appointmentAmna Nawazish
 
Faculty evaluation system
Faculty evaluation systemFaculty evaluation system
Faculty evaluation systemEdwin Marquez
 
java Project report online banking system
java Project report online banking systemjava Project report online banking system
java Project report online banking systemVishNu KuNtal
 
Book store Black Book - Dinesh48
Book store Black Book - Dinesh48Book store Black Book - Dinesh48
Book store Black Book - Dinesh48Dinesh Jogdand
 
ONLINE BLOOD BANKING SYSTEM
ONLINE BLOOD BANKING SYSTEMONLINE BLOOD BANKING SYSTEM
ONLINE BLOOD BANKING SYSTEMAkansha Soni
 
Edge AI Framework for Healthcare Applications
Edge AI Framework for Healthcare ApplicationsEdge AI Framework for Healthcare Applications
Edge AI Framework for Healthcare ApplicationsDebmalya Biswas
 
online Blood Bank management system
online Blood Bank management system online Blood Bank management system
online Blood Bank management system amarsajid
 
IIS interview questions and answers
IIS interview questions and answersIIS interview questions and answers
IIS interview questions and answersInterviewwiz
 

What's hot (20)

Online blood bank management system
Online blood bank management systemOnline blood bank management system
Online blood bank management system
 
Business Analytics
Business AnalyticsBusiness Analytics
Business Analytics
 
Hospital mangement system report file
Hospital mangement system report fileHospital mangement system report file
Hospital mangement system report file
 
Inventory Managment
Inventory ManagmentInventory Managment
Inventory Managment
 
Business Analysis - Essentials
Business Analysis - EssentialsBusiness Analysis - Essentials
Business Analysis - Essentials
 
Microsoft Intune - Global Azure Bootcamp 2018
Microsoft Intune - Global Azure Bootcamp 2018Microsoft Intune - Global Azure Bootcamp 2018
Microsoft Intune - Global Azure Bootcamp 2018
 
Productionalizing Machine Learning Solutions with Effective Tracking, Monitor...
Productionalizing Machine Learning Solutions with Effective Tracking, Monitor...Productionalizing Machine Learning Solutions with Effective Tracking, Monitor...
Productionalizing Machine Learning Solutions with Effective Tracking, Monitor...
 
Advanced Topics In Business Intelligence
Advanced Topics In Business IntelligenceAdvanced Topics In Business Intelligence
Advanced Topics In Business Intelligence
 
Configuration Management
Configuration ManagementConfiguration Management
Configuration Management
 
Online doctor appointment
Online doctor appointmentOnline doctor appointment
Online doctor appointment
 
Faculty evaluation system
Faculty evaluation systemFaculty evaluation system
Faculty evaluation system
 
java Project report online banking system
java Project report online banking systemjava Project report online banking system
java Project report online banking system
 
Book store Black Book - Dinesh48
Book store Black Book - Dinesh48Book store Black Book - Dinesh48
Book store Black Book - Dinesh48
 
ONLINE BLOOD BANKING SYSTEM
ONLINE BLOOD BANKING SYSTEMONLINE BLOOD BANKING SYSTEM
ONLINE BLOOD BANKING SYSTEM
 
Edge AI Framework for Healthcare Applications
Edge AI Framework for Healthcare ApplicationsEdge AI Framework for Healthcare Applications
Edge AI Framework for Healthcare Applications
 
Class Diagrams
Class DiagramsClass Diagrams
Class Diagrams
 
SRS
SRSSRS
SRS
 
online Blood Bank management system
online Blood Bank management system online Blood Bank management system
online Blood Bank management system
 
IIS interview questions and answers
IIS interview questions and answersIIS interview questions and answers
IIS interview questions and answers
 
Hospital management system
Hospital management systemHospital management system
Hospital management system
 

Similar to IAM Role Management

Transforming IT - ITaaS Onboarding
Transforming IT - ITaaS OnboardingTransforming IT - ITaaS Onboarding
Transforming IT - ITaaS OnboardingJerry Jermann
 
Use Microsoft Flow Connectors to create a powerful business process app
Use Microsoft Flow Connectors to create a powerful business process appUse Microsoft Flow Connectors to create a powerful business process app
Use Microsoft Flow Connectors to create a powerful business process appMarkus Alt
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
An Standard ERP System- By Priyanka Chauhan
An Standard ERP System- By Priyanka ChauhanAn Standard ERP System- By Priyanka Chauhan
An Standard ERP System- By Priyanka ChauhanPriyanka Chauhan
 
User Maintenance Workflow Application
User Maintenance Workflow ApplicationUser Maintenance Workflow Application
User Maintenance Workflow ApplicationBijay Shrestha
 
Managing Cloud identities in Hybrid Cloud | Sysfore
Managing Cloud identities in Hybrid Cloud | SysforeManaging Cloud identities in Hybrid Cloud | Sysfore
Managing Cloud identities in Hybrid Cloud | SysforeSysfore Technologies
 
Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017Smart ERP Solutions, Inc.
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...PECB
 
User Manager
User ManagerUser Manager
User ManagerEmpowerID
 

Similar to IAM Role Management (20)

Transforming IT - ITaaS Onboarding
Transforming IT - ITaaS OnboardingTransforming IT - ITaaS Onboarding
Transforming IT - ITaaS Onboarding
 
Surya_CV
Surya_CVSurya_CV
Surya_CV
 
More
MoreMore
More
 
Use Microsoft Flow Connectors to create a powerful business process app
Use Microsoft Flow Connectors to create a powerful business process appUse Microsoft Flow Connectors to create a powerful business process app
Use Microsoft Flow Connectors to create a powerful business process app
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online training
 
An Standard ERP System- By Priyanka Chauhan
An Standard ERP System- By Priyanka ChauhanAn Standard ERP System- By Priyanka Chauhan
An Standard ERP System- By Priyanka Chauhan
 
User Maintenance Workflow Application
User Maintenance Workflow ApplicationUser Maintenance Workflow Application
User Maintenance Workflow Application
 
Managing Cloud identities in Hybrid Cloud | Sysfore
Managing Cloud identities in Hybrid Cloud | SysforeManaging Cloud identities in Hybrid Cloud | Sysfore
Managing Cloud identities in Hybrid Cloud | Sysfore
 
BA Resume
BA ResumeBA Resume
BA Resume
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
 
Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation
 
Senior Test Engineer
Senior Test EngineerSenior Test Engineer
Senior Test Engineer
 
shravan
shravanshravan
shravan
 
Kiran_CV
Kiran_CVKiran_CV
Kiran_CV
 
Day5 R3 Basis Security
Day5 R3 Basis SecurityDay5 R3 Basis Security
Day5 R3 Basis Security
 
MathumithaGnanasekaran_Resume(1)
MathumithaGnanasekaran_Resume(1)MathumithaGnanasekaran_Resume(1)
MathumithaGnanasekaran_Resume(1)
 
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
 
Resume
ResumeResume
Resume
 
User Manager
User ManagerUser Manager
User Manager
 

Recently uploaded

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Recently uploaded (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

IAM Role Management

  • 1. Identity and Access Management 10 Steps to Role-based Access Control Steve Jensen Senior Director and Chief Information Security Officer Blue Cross Blue Shield of Minnesota
  • 2. Identity Lifecycle Management Business Requirements > The ability to request and review access in terminology understood by the business. > Speed up the on boarding process. > Role based access control
  • 3. Complexity of IT Security Directories Systems and Servers Applications and Tools Databases Software as a Service Active Directory Mainframe SAP DB2 MeDecisions Novell E-Directory z/Linux Lotus Notes IMS Salesforce.com Lotus Notes Directory Unix STAR Oracle Vurv SAP Employee Directory Microsoft Focus SQL Centreq 10+ 600+ 300+ 100+ 20+ Users  Groups  Permissions Resources
  • 4. Terminology > Application Role – A functional role that a user plays when utilizing a business application or interfacing with an infrastructure component. – Specific to a single application – For example, roles for a HR recruiting application > Human resource recruiter > Human resource benefit’s specialist > Hiring Manager > Approver > Clerk > Enterprise Role – A combination of application roles that when combined, give a person the access required to do their job across all applications they access.
  • 5. Our Solution: Identity Lifecycle Management Establish App. Role Management Establish Ent. Role Management Segregation of Duties Management Conduct Control Review New Request System New Request System Conduct Control Review Establish ID Warehouse
  • 6. Step 1 – Create an identity warehouse > Leverage purchase by quick-win – password self- service functionality > Platform coverage should be a key purchasing decision > You will still need to build custom feeds – Legacy systems – Externally hosted systems – Proprietary security systems > Move to directory services whenever possible > Don’t just buy an IAM suite for “automated provisioning”. Focus on role management
  • 7. Step 2 – Establish enterprise role management > Either design/build or purchase a role management product > Ensure product can meet business requirements > Include role management, role mining, and role attestation as bare-bones minimum requirements > Plenty of choices now on the market
  • 8. Step 3 – Define application roles > Create application roles – Don’t attempt enterprise roles on day one – Don’t attempt to link roles to HR > Map one or more access groups into application roles. Leverage documentation, group comments, and group description fields > Add entitlements to provide flexibility > Combine like entitlements that have been applied on multiple platforms
  • 9. Step 4 – Conduct online role attestation > Validate the assignments of application functionality to users > Must be in business terms – No acronyms – No technical terms – No security specific terms > Provide timely adjustments
  • 10. Step 5 – Adjust request system > Change your request system to request via application roles instead of “IT technical lingo” > Immediate business value > Generate processes to keep role management in synch > Can show what access is in place, and they can add checks, or remove checks > My advice – do not make automated provisioning your goal just yet
  • 11. Step 6 – Create enterprise roles > Go to each line of business with a plan > Assign role ownership – usually the manager > Allow for multiple enterprise roles per person > Advice – don’t try to align with HR job codes > KISS - Don’t focus on keeping roles to a minimum – you have role management software to deal with the complexity. > Adjust your role approval processes
  • 12. Step 7 – Transparency - Conduct online role attestation > Validate the assignments of enterprise roles to users > Must be in business terms – No acronyms – No technical terms – No security specific terms > Provide drill-down capabilities to application roles
  • 13. Step 8 - Adjust request system (again) > Change your request system to request a enterprise roles instead of application role > New request type – grant access of an enterprise role to an application role. > Tremendous business value > Generate processes to keep role management in synch > Again, show what access is in place, and they can add checks, or remove checks > Automation of provisioning is best done at this phase
  • 14. Step 9 – Segregation of Duties Analysis > Solicit from internal audit > Solicit from risk management > Provide mutually exclusive application roles and do not allow a enterprise role to have both
  • 15. Step 10 – Leverage and Measure > Apply role management from internal employees to address customers, suppliers, business partners, etc.
  • 16. The transformation of access After STEP 1 (2007 - Obscure Technical Lingo) SA_ACCTRECCLK SAS_CML_GROUP_6 CARSVIEW … After STEP 3 (2008 - Application Roles) •Select Account (SAM) Accounts Receivable Clerk Access •Compliance Audit Review & Reporting System (CARS) - View Access •… After STEP 6 (2009 - Enterprise Roles) Select Account Receivable Clerk