SlideShare a Scribd company logo

RUNNING A SUCCESSFUL IDENTITY PROGRAM

Download as PPTX, PDF
D
Dan Houser

dan.houser@cardinalhealth.com Website: www.danhouser.com LinkedIn: www.linkedin.com/in/danhouser Twitter: @danhouser Phone: 614-757-5555 Thank you!

Technology
1 of 41
RUNNING A SUCCESSFUL IDENTITY PROGRAM Copyright © 2007, 2008, 2011, 2012 by Dan Houser, All rights reserved.
2 Agenda Identity Management Overview Course Intro & Objectives Specific Implementation Challenges Advanced Identity Topics & Case Studies
3 Logistics • Silence cell phones & pagers • Breaks • Facilities & Fire Exit • Interactive classroom • Course evaluations
4 Introduction Dan Houser, CISSP-ISSAP, CISM, CISA, CSSLP, CGEIT • Sr. Security & Identity Architect • Cardinal Health – $103 Billion Healthcare Corp, 19 on Fortune 500 – 350+ facilities, 90 Countries • 20 years IT experience – Banking, Financial Services, Education, Consulting, Telecommunications, Healthcare • (ISC)² Board Member • RSA Conference Committee
5 Level Set: Common Problems • Too many identity repositories & identity islands • Users want Single Sign-on, but no $$ to fund it • Single Sign-on should be free, but requires capital • You have identity problems that seem impossible to fix • Identity gets no respect in your organization • Reporting, compliance needs getting more complex, not less • eDiscovery & regulations causing headaches • Heavy knowledge-base of identity admins, but little documentation • No cohesive identity strategy • Authentication complexity is growing, but no appetite for addressing with enterprise PKI
6 Level Set: Common Problems • Authentication risk management emerging • Break-glass / privileged user access with accountability gaps • Rapid move to Cloud / Outsourcing / etc…with identity a distant afterthought • More Federation than ever before • More AD domains than you want • HR owns employee identity, but doesn’t know it • Managing Service/ system accounts big problem • More non-employees than ever with our data • User context missing from security event processes • More exceptions than rules?
7 Forces of change affecting identity… • Data Privacy & Invasive Technology – Massive Consumer Info Aggregation – Context Sensitive Computing with Consumerization – Ubiquity of Mobile & Wearable Computing – Highly mobile storage & capture devices – Social networking & HTTP-based storage • Degradation of Trust – Spam & Phishing – Credit card theft – Malware Everywhere – Identity Theft • Reactionary Legislation • The world has changed
8 Laws and Regulations  eSecurity • Sarbanes - Oxley Act of 2002 • Basel II Accord • Privacy – Gramm Leach Bliley Act – HIPAA / HITECH – FERPA – EU Directive on Data Protection – State, County & Municipality privacy laws • FTC Act • Bank Secrecy Act • General Negligence Law • Electronic Communications Privacy Act • Anti-Money Laundering • FFIEC Auth-N Guidance I & II • Nevada NRS-603A & Massachusetts 201CMR17.00 • PCI DSS • California (SB)1386 • OFAC –OCC Rules • Negligence Law • NDAA 2012 • SEC Regulations 10b(5) • FTC Do-Not-Call Law • Digital Millennium Copyright Act • Super-DMCA • Foreign Corrupt Practices Act • Know Your Customer • eDiscovery Law and Spoliation • PCI-DSS Codification • Fractal Breach Notification Laws • EU – Right to be Forgotten and the list goes on….
9 Cloud Computing, Virtualization & SaaS change the game – Network inversion: Our data everywhere – Extranet access to core systems – SOAP identity components – Authentication & authorization challenges in a world without borders – Dynamic workforce – Autonomous systems – Outsourced authentication through federated identity – Shrinking time to market, change control, and presentation layer – How is identity managed in an Enterprise Service Bus? Rapid Business Model Changes
10 eBusiness Trust Unqualified Trust cannot exist in eBusiness • “Sure I trust you, but let me cut the cards * ” • “Trust but Verify” – Ronald Reagan • Trust must be earned to be granted • Fundamental “W” questions: – What is being trusted? – When, Who, Where, Why, in what context? • Identity Management enables us to answer: – Who are they? – Why should they have access? – Increasingly Where and What context are being added to identity * Harry DeMaio, “B2B and Beyond”, 2003
11 Increased Pressure for Identity Management • Identity Theft, data theft and phishing • Missing laptops, PDAs, backup tapes • Organized crime • Regulatory pressure • Application Integration forces • Identity silos slowing down business • Due-diligence bar has been raised “Identity is the New Perimeter” -Cisco
12 Level-set • Identity problems are not unique • Common components – but no universal answers • Different needs, starting points, drivers – Industry, capital investment, risk tolerance, regulators • Good news: Common patterns from which we might learn Learning opportunities might be sitting beside you • Bad news: There is no silver bullet or checklist
13 Why an Identity Architecture? • Reduce operational costs • Duty to the shareholders, employees • Ensure fiduciary responsibility • Create confidence and trust, which are vital to eBusiness (c.f. HBGary, RSA, ChoicePoint, TJX, Heartland) • Repeatable operations • Reliable information • Enabling customer/ associate self-service • Availability for revenue generating projects • Potential for reduced time to market
14 Why identity management? Cost Reduction – Drive down cost of managing identities – Increase user and administrator efficiency – Speeds up provisioning cycle – Reduced password repositories = $avings
15 Why identity management? Increased Security – At times, IAM is the most visible & effective control – Reduction in stale accounts – Visibility to, and reduction of excessive rights – Sufficient controls over vital process – Documented, consistent process for audit – Without IAM, Defense in Depth is negated
16 Why identity management? Increased compliance – Enables data security and privacy controls – Reduces potential for privacy breaches – Reduces risk of non-compliance – Provides ability to demonstrate compliance – Binding entitlements to authorization decision
17 Enables the business – Customer identity mapping enables deeper selling and cross-selling – Reduces time to market for new systems – Enables private-label service offerings and seamless outsourcing through federation – The business doesn’t have to worry about management of access to systems… freeing them to focus on the business WHY IDENTITY MANAGEMENT?
18 Improved user experience – Easy to use interfaces – Reduced provisioning & access frustration – Enables reduced sign-on, reducing customer frustration – Permits self-service, further enabling 24x7 customer access – Customization of the user experience WHY IDENTITY MANAGEMENT?
19 Selling Identity Management Points of pain of your organization – Reduction in password resets? – Hundreds of identity repositories to manage? – Rapid associate onboarding? – Reduction in risk? – Regulatory compliance? Three primary considerations: • ROI • Management Commitment • Prioritization of IAM tasks / roadmap
20 If your company looks like this: Quantifiable ROI 8%Job change10%Turnover ratio 200E-mail Lists16Audits per year 50kCustomers8kEmployees 200Total Apps15Web Apps
21 Quantifiable ROI Then your ROI is estimated to be: £ 5,9MM€ 7,94MM$ 11.6MMCentralized LDAP £ 286MM€ 384MM$ 561MMProvisioning £ 9,8MM€ 12,2MM$ 17.7MMWeb SSO Study by Giga Information Group Source: Enterprise Identity Management, IT Governance Institute No longer published by ITGI 
22 Specific ROI Savings • Improved IT efficiency • Improved data management • Reduced development of security features • Reduced helpdesk costs • Quicker access to applications • Improved searching/updating user data • Improved managerial tasks • Improved e-mail list management • Audit savings • Elimination of paper costs
23 Management Commitment • Identity Management will touch every corner of the organization • Along the way: – Significant changes in infrastructure and process – Corporate Politics – IT turf wars – Potential for outages • Very long road • Search for vocal, demonstrable early wins – Enough to move you down the road – Not so tough that you can’t demonstrate competency
24 Typical Stakeholders • CIO • CISO/CSO • Human Resources • Infrastructure (Server/database/network) • CFO • Principal Lines of Business
25 Obtaining Buy-in • Focus on quick wins to demonstrate early success • Establish executive sponsorship – Identity Management Steering Committee – Senior executive to own (e.g. CIO) • Funding a program, not a project – Realistic expectations – Long-term funding model – Changing how IT does business • Sell slow, gradual migration path of many small projects – NOT Big Bang
26 Prioritization • Critical to manage expectations and limit impact • Long journey • Many moving parts and dependencies • Infrastructure build-out typically precedes procedural and workflow implementations • Important to communicate and demonstrate progress and savings
27 Roadmaps help sell and tell 2Q12 4Q12 2Q13 4Q13 2Q14 SunFUN v7 Identity Mangler 2.0 Enterprise Directory Meta-Directory Virtual Directory Gradient Chaos* Active Refrectory 2004 Product DIRECTORY SERVICES Technology AR 2009
28 IAM Program Roadmap Infrastructure Application Integration Provisioning AutomationAccess ReportingPaperlessProvisioning Planning • Current/Future • Role Analysis • Provisioning Roadmap • Access Review Process • Process Automation Provisioning Upgrade Performance Tuning Core Infrastructure • Hardware Build • Prototype • Base Product Installation/ Configuration • Performance Updates Base Provisioning • Employee Joiners/Leavers • Temp Workers • PW Synch InfrastructureImplementationProject • Self Service Request Process • HR Integration B2CB2B Pilot Extend B2E B2E Pilot • HR System • Employee File • AD Passwords • LDAP • Mail system • Asset management • Financial/accounting • Pilot App • WAM Audit Integrations Provisioning Process Pilot • B2E Apps • Associate Onboarding • Majority of Apps • Pilot App • WAM/SSO Federate Federated Identity Web Services Support PKI • XML/SOAP Gateway • Service Bus B2CB2B Pilot
29 Identity Management Program • Running a successful IAM program is about PROCESS not technology • Every component of IAM is part of a larger plan: Think strategically, then deliver components that align with the strategy • Architecture & Assessments are key to a successful IAM implementation
30 IAM Program: Getting started 30
31 IAM Program: Getting started As with any architectural endeavour: –What shall we build? –What are the needs? –What materials are available? –What engineering/technical skills do we have? –What does the environment look like?
32 IAM Program: Getting started • Gap analysis: Missing skills, support, infrastructure, funding, sponsorship • Needs assessment: What are the critical business drivers that are to be met? • As-is assessment: – Determine unique identity repositories – What IAM components need replaced? • Map gaps to needs, and prioritize • Develop roadmap, including infrastructure, process and integration components
33 IAM Program Roadmap Infrastructure Application Integration Provisioning AutomationAccess ReportingPaperless Provisioning Planning • Current/Future • Role Analysis • Provisioning Roadmap • Access Review Process • Process Automation Provisioning Upgrade Performance Tuning Core Infrastructure • Hardware Build • Prototype • Base Product Installation/ Configuration • Performance Updates Base Provisioning • Employee Joiners/Leavers • Temp Workers • PW Synch InfrastructureImplementationProject • Self Service Request Process • HR Integration B2CB2B Pilot Extend B2E B2E Pilot • HR System • Employee File • AD Passwords • LDAP • Mail system • Asset management • Financial/accounting • Pilot App • WAM Audit Integrations Provisioning Process Pilot • B2E Apps • Associate Onboarding • Majority of Apps • Pilot App • WAM/SSO Federate Federated Identity Web Services Support PKI • XML/SOAP Gateway • Service Bus B2CB2B Pilot
34 IAM Program • Identity Management requires a program office – much more than a project or series of projects • IAM Program Office – Metrics, reporting and demonstrable progress – Coordination of identity initiatives: many projects – Provisioning coordinator – Visible agent for IAM in organization – Single accountable party – Visibility to senior management – Coordination with Steering & Advisory Committees
35 Identity Program Organization Program Management IntegrationProvisioningInfrastructure · Program Measurement · Program Monitoring · Program Status · Steering Committee Coordination · Release Definition · Program Finance · Program Communications · Issue Management & Resolution Architecture · Technical Architecture Vision · Release Plans · Requirements · Use Case Definition Testing DeploymentReporting · Network/Server Architecture · Infrastructure Administration (System, Database, WebSphere) · Core Product Specialists (Thor, Radiant, SunOne, ClearTrust) · Operations Architecture · Environment Design and Coordination (Development, Test, Staging, Production) · Infrastructure Issue Resolution · As-is Process · To-be Process · Thor configuration & customization (Workflows, Self Service, Delegated Admin, etc.) · Thor adapter development · Integration Analysis (Functional & Technical) · Integration Support (Thor Adapter Configuration, Directory Integration Support, ClearTrust Agents) · Access Review Process · Report Definition · Report Development · Warehousing Architecture · System Test · User Acceptance Test · Performance Test · Requirements Traceability · Build Coordination · Code Configuration Management
36 Advanced IdM SSO Strategy: Critical Success Factors • Strategic Staffing • Evangelist with credibility • Management commitment for 3+ years • Demonstration of short-term success, but… • Long view needed • Examine offshore for integration • MBOs / Performance Goals / KPIs • HR, Procurement & Architecture on-board • Communicate, communicate, communicate
37 Recommendations • Get executive sponsorship • Sell business solution, not technology • Ensure that the message is clear • Solicit representation from all groups to be affected • Get quick hits, show success • Underpromise, overdeliver • Be persistent • Realize that deployment is easy; politics and money can get in the way
38 Recommendations • KISS – Keep it simple • Avoid product focus where possible • Focus on Demonstrated CAPABILITIES not products • Document, document, document • Get help – good consultant(s) with strong BUSINESS skills as well as IAM experience • Make presentations of broad architectural concepts to senior management • Run identity as a Program Office
39 • Intellectual horsepower & meditation required – study, research, network • Long road – 3-5 years, don’t expect overnight results. • Publish all documents to all participants to facilitate understanding • Join peer group for fertile soil – (ISC)2 Chapter – ISSA – InfraGard – ISACA – ISF What Next?
40 Q&A Copyright FarWorks & Gary Larson
41 Contact Info Dan Houser:

Recommended

Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySaskSummit
 
MISMO / eMortgage Update
MISMO / eMortgage UpdateMISMO / eMortgage Update
MISMO / eMortgage UpdateElectronic Signature & Records Association
 
MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...
MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...
MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...Citrin Cooperman
 
Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010Donald E. Hester
 
LiveOffice Email Archiving & Compliance 201
LiveOffice Email Archiving & Compliance 201LiveOffice Email Archiving & Compliance 201
LiveOffice Email Archiving & Compliance 201Veritas Technologies LLC
 
Special Operations Command
Special Operations CommandSpecial Operations Command
Special Operations CommandNC Military Business Center
 
The future of innovation - meeting increasing business expectations, rapid in...
The future of innovation - meeting increasing business expectations, rapid in...The future of innovation - meeting increasing business expectations, rapid in...
The future of innovation - meeting increasing business expectations, rapid in...Exo Futures
 
283L15_INH
283L15_INH283L15_INH
283L15_INHJennifer Israel
 

Recommended

Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySaskSummit
 
MISMO / eMortgage Update
MISMO / eMortgage UpdateMISMO / eMortgage Update
MISMO / eMortgage UpdateElectronic Signature & Records Association
 
MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...
MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...
MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...Citrin Cooperman
 
Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010Donald E. Hester
 
LiveOffice Email Archiving & Compliance 201
LiveOffice Email Archiving & Compliance 201LiveOffice Email Archiving & Compliance 201
LiveOffice Email Archiving & Compliance 201Veritas Technologies LLC
 
Special Operations Command
Special Operations CommandSpecial Operations Command
Special Operations CommandNC Military Business Center
 
The future of innovation - meeting increasing business expectations, rapid in...
The future of innovation - meeting increasing business expectations, rapid in...The future of innovation - meeting increasing business expectations, rapid in...
The future of innovation - meeting increasing business expectations, rapid in...Exo Futures
 
283L15_INH
283L15_INH283L15_INH
283L15_INHJennifer Israel
 
Technology Enabled Corporate Communications- Forum For Corporate Directors an...
Technology Enabled Corporate Communications- Forum For Corporate Directors an...Technology Enabled Corporate Communications- Forum For Corporate Directors an...
Technology Enabled Corporate Communications- Forum For Corporate Directors an...Roger Cohen
 
Andy Hepburn Value Proposition
Andy Hepburn Value PropositionAndy Hepburn Value Proposition
Andy Hepburn Value Propositionhandyjr
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach CostResilient Systems
 
SEMTEXX IT Security Services
SEMTEXX IT Security ServicesSEMTEXX IT Security Services
SEMTEXX IT Security ServicesMaris Kocins
 
Lumenous trust mit media
Lumenous trust mit mediaLumenous trust mit media
Lumenous trust mit mediaLaVonne Reimer
 
Touchpoints and security
Touchpoints and securityTouchpoints and security
Touchpoints and securityMohan Datar
 
Technical Challenges Facing e-Payment
Technical Challenges Facing e-PaymentTechnical Challenges Facing e-Payment
Technical Challenges Facing e-PaymentFadi Aljabali , PMP , PMI-ACP
 
Cyber Liability Insurance And Protecting SMEs
Cyber Liability Insurance And Protecting SMEsCyber Liability Insurance And Protecting SMEs
Cyber Liability Insurance And Protecting SMEsE Radar
 
RSM - 2/1/2019
RSM - 2/1/2019RSM - 2/1/2019
RSM - 2/1/2019MiaGarcia19
 
Core Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MBCore Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MBAlan Greggo
 
Symbiotic Consulting Group LLC - PCI Compliance Overview
Symbiotic Consulting Group LLC - PCI Compliance OverviewSymbiotic Consulting Group LLC - PCI Compliance Overview
Symbiotic Consulting Group LLC - PCI Compliance OverviewRosy Kaur
 
Pasoco ITSMF,SPMI-PDPA-140626-public
Pasoco ITSMF,SPMI-PDPA-140626-publicPasoco ITSMF,SPMI-PDPA-140626-public
Pasoco ITSMF,SPMI-PDPA-140626-publicPasocoPteLtd
 
Acc 675 control audit final project
Acc 675 control audit final projectAcc 675 control audit final project
Acc 675 control audit final projectKelly Giambra
 
Discovering and Preventing Employee Dishonesty and Fraud
Discovering and Preventing Employee Dishonesty and FraudDiscovering and Preventing Employee Dishonesty and Fraud
Discovering and Preventing Employee Dishonesty and FraudSikich LLP
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management Prof. Jacques Folon (Ph.D)
 
ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast Logikcull.com
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTProf. Jacques Folon (Ph.D)
 
IAM
IAMIAM
IAMProf. Jacques Folon (Ph.D)
 
Identity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryIdentity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryHanno Ekdahl
 
Information Strategy: Updating the IT Strategy for Information, Insights and ...
Information Strategy: Updating the IT Strategy for Information, Insights and ...Information Strategy: Updating the IT Strategy for Information, Insights and ...
Information Strategy: Updating the IT Strategy for Information, Insights and ...Jamal_Shah
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 

More Related Content

What's hot

Technology Enabled Corporate Communications- Forum For Corporate Directors an...
Technology Enabled Corporate Communications- Forum For Corporate Directors an...Technology Enabled Corporate Communications- Forum For Corporate Directors an...
Technology Enabled Corporate Communications- Forum For Corporate Directors an...Roger Cohen
 
Andy Hepburn Value Proposition
Andy Hepburn Value PropositionAndy Hepburn Value Proposition
Andy Hepburn Value Propositionhandyjr
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach CostResilient Systems
 
SEMTEXX IT Security Services
SEMTEXX IT Security ServicesSEMTEXX IT Security Services
SEMTEXX IT Security ServicesMaris Kocins
 
Lumenous trust mit media
Lumenous trust mit mediaLumenous trust mit media
Lumenous trust mit mediaLaVonne Reimer
 
Touchpoints and security
Touchpoints and securityTouchpoints and security
Touchpoints and securityMohan Datar
 
Cyber Liability Insurance And Protecting SMEs
Cyber Liability Insurance And Protecting SMEsCyber Liability Insurance And Protecting SMEs
Cyber Liability Insurance And Protecting SMEsE Radar
 
Core Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MBCore Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MBAlan Greggo
 
Symbiotic Consulting Group LLC - PCI Compliance Overview
Symbiotic Consulting Group LLC - PCI Compliance OverviewSymbiotic Consulting Group LLC - PCI Compliance Overview
Symbiotic Consulting Group LLC - PCI Compliance OverviewRosy Kaur
 
Pasoco ITSMF,SPMI-PDPA-140626-public
Pasoco ITSMF,SPMI-PDPA-140626-publicPasoco ITSMF,SPMI-PDPA-140626-public
Pasoco ITSMF,SPMI-PDPA-140626-publicPasocoPteLtd
 
Acc 675 control audit final project
Acc 675 control audit final projectAcc 675 control audit final project
Acc 675 control audit final projectKelly Giambra
 
Discovering and Preventing Employee Dishonesty and Fraud
Discovering and Preventing Employee Dishonesty and FraudDiscovering and Preventing Employee Dishonesty and Fraud
Discovering and Preventing Employee Dishonesty and FraudSikich LLP
 

What's hot (14)

Technology Enabled Corporate Communications- Forum For Corporate Directors an...
Technology Enabled Corporate Communications- Forum For Corporate Directors an...Technology Enabled Corporate Communications- Forum For Corporate Directors an...
Technology Enabled Corporate Communications- Forum For Corporate Directors an...
 
Andy Hepburn Value Proposition
Andy Hepburn Value PropositionAndy Hepburn Value Proposition
Andy Hepburn Value Proposition
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
SEMTEXX IT Security Services
SEMTEXX IT Security ServicesSEMTEXX IT Security Services
SEMTEXX IT Security Services
 
Lumenous trust mit media
Lumenous trust mit mediaLumenous trust mit media
Lumenous trust mit media
 
Touchpoints and security
Touchpoints and securityTouchpoints and security
Touchpoints and security
 
Technical Challenges Facing e-Payment
Technical Challenges Facing e-PaymentTechnical Challenges Facing e-Payment
Technical Challenges Facing e-Payment
 
Cyber Liability Insurance And Protecting SMEs
Cyber Liability Insurance And Protecting SMEsCyber Liability Insurance And Protecting SMEs
Cyber Liability Insurance And Protecting SMEs
 
RSM - 2/1/2019
RSM - 2/1/2019RSM - 2/1/2019
RSM - 2/1/2019
 
Core Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MBCore Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MB
 
Symbiotic Consulting Group LLC - PCI Compliance Overview
Symbiotic Consulting Group LLC - PCI Compliance OverviewSymbiotic Consulting Group LLC - PCI Compliance Overview
Symbiotic Consulting Group LLC - PCI Compliance Overview
 
Pasoco ITSMF,SPMI-PDPA-140626-public
Pasoco ITSMF,SPMI-PDPA-140626-publicPasoco ITSMF,SPMI-PDPA-140626-public
Pasoco ITSMF,SPMI-PDPA-140626-public
 
Acc 675 control audit final project
Acc 675 control audit final projectAcc 675 control audit final project
Acc 675 control audit final project
 
Discovering and Preventing Employee Dishonesty and Fraud
Discovering and Preventing Employee Dishonesty and FraudDiscovering and Preventing Employee Dishonesty and Fraud
Discovering and Preventing Employee Dishonesty and Fraud
 

Similar to RUNNING A SUCCESSFUL IDENTITY PROGRAM

ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast Logikcull.com
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
 
Identity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryIdentity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryHanno Ekdahl
 
Information Strategy: Updating the IT Strategy for Information, Insights and ...
Information Strategy: Updating the IT Strategy for Information, Insights and ...Information Strategy: Updating the IT Strategy for Information, Insights and ...
Information Strategy: Updating the IT Strategy for Information, Insights and ...Jamal_Shah
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
TSPi-Corporate-Presentation-Short-052813
TSPi-Corporate-Presentation-Short-052813TSPi-Corporate-Presentation-Short-052813
TSPi-Corporate-Presentation-Short-052813Ramon F. La Torre
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialVMware Tanzu
 
Lessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupLessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupJoel Rader, CISSP
 
Fate of the Chief Data Officer
Fate of the Chief Data OfficerFate of the Chief Data Officer
Fate of the Chief Data OfficerTamarah Usher
 
Finding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA ComplianceFinding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA CompliancePrecisely
 
SLVA - Top IT Trends and Priorities for 2014
SLVA - Top IT Trends and Priorities for 2014SLVA - Top IT Trends and Priorities for 2014
SLVA - Top IT Trends and Priorities for 2014SLVA Information Security
 
AWS Summit Singapore 2019 | Bridging Start-ups and Enterprises
AWS Summit Singapore 2019 | Bridging Start-ups and EnterprisesAWS Summit Singapore 2019 | Bridging Start-ups and Enterprises
AWS Summit Singapore 2019 | Bridging Start-ups and EnterprisesAWS Summits
 
Business Drivers of SDN by Paul Wiefels, Chasm Group
Business Drivers of SDN by Paul Wiefels, Chasm GroupBusiness Drivers of SDN by Paul Wiefels, Chasm Group
Business Drivers of SDN by Paul Wiefels, Chasm GroupSDxCentral
 
Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1Sal Abramo
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?ITU
 
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...Edge Pereira
 
C01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01 office 365, DLP data loss preventions, privacy, compliance, regulationsC01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01 office 365, DLP data loss preventions, privacy, compliance, regulationsEdge Pereira
 

Similar to RUNNING A SUCCESSFUL IDENTITY PROGRAM (20)

Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
 
ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniques
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
 
IAM
IAMIAM
IAM
 
Identity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryIdentity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and Recovery
 
Information Strategy: Updating the IT Strategy for Information, Insights and ...
Information Strategy: Updating the IT Strategy for Information, Insights and ...Information Strategy: Updating the IT Strategy for Information, Insights and ...
Information Strategy: Updating the IT Strategy for Information, Insights and ...
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
TSPi-Corporate-Presentation-Short-052813
TSPi-Corporate-Presentation-Short-052813TSPi-Corporate-Presentation-Short-052813
TSPi-Corporate-Presentation-Short-052813
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony Financial
 
Lessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupLessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User Group
 
Fate of the Chief Data Officer
Fate of the Chief Data OfficerFate of the Chief Data Officer
Fate of the Chief Data Officer
 
Finding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA ComplianceFinding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA Compliance
 
SLVA - Top IT Trends and Priorities for 2014
SLVA - Top IT Trends and Priorities for 2014SLVA - Top IT Trends and Priorities for 2014
SLVA - Top IT Trends and Priorities for 2014
 
AWS Summit Singapore 2019 | Bridging Start-ups and Enterprises
AWS Summit Singapore 2019 | Bridging Start-ups and EnterprisesAWS Summit Singapore 2019 | Bridging Start-ups and Enterprises
AWS Summit Singapore 2019 | Bridging Start-ups and Enterprises
 
Business Drivers of SDN by Paul Wiefels, Chasm Group
Business Drivers of SDN by Paul Wiefels, Chasm GroupBusiness Drivers of SDN by Paul Wiefels, Chasm Group
Business Drivers of SDN by Paul Wiefels, Chasm Group
 
Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?
 
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
 
C01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01 office 365, DLP data loss preventions, privacy, compliance, regulationsC01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01 office 365, DLP data loss preventions, privacy, compliance, regulations
 

More from Dan Houser

Hacking Bourbon
Hacking BourbonHacking Bourbon
Hacking BourbonDan Houser
 
2013 (ISC)² Congress: This Curious Thing Called Ethics
2013 (ISC)² Congress: This Curious Thing Called Ethics2013 (ISC)² Congress: This Curious Thing Called Ethics
2013 (ISC)² Congress: This Curious Thing Called EthicsDan Houser
 
Securing Big Data and the Grid
Securing Big Data and the GridSecuring Big Data and the Grid
Securing Big Data and the GridDan Houser
 
RSA2008: What Vendors Won’t Tell You About Federated Identity
RSA2008: What Vendors Won’t Tell You About Federated IdentityRSA2008: What Vendors Won’t Tell You About Federated Identity
RSA2008: What Vendors Won’t Tell You About Federated IdentityDan Houser
 
The Challenges & Risks of New Technology: Privacy Law & Policy
The Challenges & Risks of New Technology: Privacy Law & PolicyThe Challenges & Risks of New Technology: Privacy Law & Policy
The Challenges & Risks of New Technology: Privacy Law & PolicyDan Houser
 
Perimeter Defense in a World Without Walls
Perimeter Defense in a World Without WallsPerimeter Defense in a World Without Walls
Perimeter Defense in a World Without WallsDan Houser
 
Risk Based Planning for Mission Continuity
Risk Based Planning for Mission ContinuityRisk Based Planning for Mission Continuity
Risk Based Planning for Mission ContinuityDan Houser
 
Security Capability Model - InfoSec Forum VIII
Security Capability Model - InfoSec Forum VIIISecurity Capability Model - InfoSec Forum VIII
Security Capability Model - InfoSec Forum VIIIDan Houser
 
Certifications and Career Development for Security Professionals
Certifications and Career Development for Security ProfessionalsCertifications and Career Development for Security Professionals
Certifications and Career Development for Security ProfessionalsDan Houser
 
Advanced IAM - Surviving the IAM Audit
Advanced IAM - Surviving the IAM AuditAdvanced IAM - Surviving the IAM Audit
Advanced IAM - Surviving the IAM AuditDan Houser
 
Debunking Information Security myths
Debunking Information Security mythsDebunking Information Security myths
Debunking Information Security mythsDan Houser
 
Hacking a Major Security Conference
Hacking a Major Security ConferenceHacking a Major Security Conference
Hacking a Major Security ConferenceDan Houser
 
Case Study: Securing & Tokenizing Big Data
Case Study: Securing & Tokenizing Big DataCase Study: Securing & Tokenizing Big Data
Case Study: Securing & Tokenizing Big DataDan Houser
 
Crypto in the Real World: or How to Scare an IT Auditor
Crypto in the Real World: or How to Scare an IT AuditorCrypto in the Real World: or How to Scare an IT Auditor
Crypto in the Real World: or How to Scare an IT AuditorDan Houser
 

More from Dan Houser (14)

Hacking Bourbon
Hacking BourbonHacking Bourbon
Hacking Bourbon
 
2013 (ISC)² Congress: This Curious Thing Called Ethics
2013 (ISC)² Congress: This Curious Thing Called Ethics2013 (ISC)² Congress: This Curious Thing Called Ethics
2013 (ISC)² Congress: This Curious Thing Called Ethics
 
Securing Big Data and the Grid
Securing Big Data and the GridSecuring Big Data and the Grid
Securing Big Data and the Grid
 
RSA2008: What Vendors Won’t Tell You About Federated Identity
RSA2008: What Vendors Won’t Tell You About Federated IdentityRSA2008: What Vendors Won’t Tell You About Federated Identity
RSA2008: What Vendors Won’t Tell You About Federated Identity
 
The Challenges & Risks of New Technology: Privacy Law & Policy
The Challenges & Risks of New Technology: Privacy Law & PolicyThe Challenges & Risks of New Technology: Privacy Law & Policy
The Challenges & Risks of New Technology: Privacy Law & Policy
 
Perimeter Defense in a World Without Walls
Perimeter Defense in a World Without WallsPerimeter Defense in a World Without Walls
Perimeter Defense in a World Without Walls
 
Risk Based Planning for Mission Continuity
Risk Based Planning for Mission ContinuityRisk Based Planning for Mission Continuity
Risk Based Planning for Mission Continuity
 
Security Capability Model - InfoSec Forum VIII
Security Capability Model - InfoSec Forum VIIISecurity Capability Model - InfoSec Forum VIII
Security Capability Model - InfoSec Forum VIII
 
Certifications and Career Development for Security Professionals
Certifications and Career Development for Security ProfessionalsCertifications and Career Development for Security Professionals
Certifications and Career Development for Security Professionals
 
Advanced IAM - Surviving the IAM Audit
Advanced IAM - Surviving the IAM AuditAdvanced IAM - Surviving the IAM Audit
Advanced IAM - Surviving the IAM Audit
 
Debunking Information Security myths
Debunking Information Security mythsDebunking Information Security myths
Debunking Information Security myths
 
Hacking a Major Security Conference
Hacking a Major Security ConferenceHacking a Major Security Conference
Hacking a Major Security Conference
 
Case Study: Securing & Tokenizing Big Data
Case Study: Securing & Tokenizing Big DataCase Study: Securing & Tokenizing Big Data
Case Study: Securing & Tokenizing Big Data
 
Crypto in the Real World: or How to Scare an IT Auditor
Crypto in the Real World: or How to Scare an IT AuditorCrypto in the Real World: or How to Scare an IT Auditor
Crypto in the Real World: or How to Scare an IT Auditor
 

Recently uploaded

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Recently uploaded (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

RUNNING A SUCCESSFUL IDENTITY PROGRAM

  • 1. RUNNING A SUCCESSFUL IDENTITY PROGRAM Copyright © 2007, 2008, 2011, 2012 by Dan Houser, All rights reserved.
  • 2. 2 Agenda Identity Management Overview Course Intro & Objectives Specific Implementation Challenges Advanced Identity Topics & Case Studies
  • 3. 3 Logistics • Silence cell phones & pagers • Breaks • Facilities & Fire Exit • Interactive classroom • Course evaluations
  • 4. 4 Introduction Dan Houser, CISSP-ISSAP, CISM, CISA, CSSLP, CGEIT • Sr. Security & Identity Architect • Cardinal Health – $103 Billion Healthcare Corp, 19 on Fortune 500 – 350+ facilities, 90 Countries • 20 years IT experience – Banking, Financial Services, Education, Consulting, Telecommunications, Healthcare • (ISC)² Board Member • RSA Conference Committee
  • 5. 5 Level Set: Common Problems • Too many identity repositories & identity islands • Users want Single Sign-on, but no $$ to fund it • Single Sign-on should be free, but requires capital • You have identity problems that seem impossible to fix • Identity gets no respect in your organization • Reporting, compliance needs getting more complex, not less • eDiscovery & regulations causing headaches • Heavy knowledge-base of identity admins, but little documentation • No cohesive identity strategy • Authentication complexity is growing, but no appetite for addressing with enterprise PKI
  • 6. 6 Level Set: Common Problems • Authentication risk management emerging • Break-glass / privileged user access with accountability gaps • Rapid move to Cloud / Outsourcing / etc…with identity a distant afterthought • More Federation than ever before • More AD domains than you want • HR owns employee identity, but doesn’t know it • Managing Service/ system accounts big problem • More non-employees than ever with our data • User context missing from security event processes • More exceptions than rules?
  • 7. 7 Forces of change affecting identity… • Data Privacy & Invasive Technology – Massive Consumer Info Aggregation – Context Sensitive Computing with Consumerization – Ubiquity of Mobile & Wearable Computing – Highly mobile storage & capture devices – Social networking & HTTP-based storage • Degradation of Trust – Spam & Phishing – Credit card theft – Malware Everywhere – Identity Theft • Reactionary Legislation • The world has changed
  • 8. 8 Laws and Regulations  eSecurity • Sarbanes - Oxley Act of 2002 • Basel II Accord • Privacy – Gramm Leach Bliley Act – HIPAA / HITECH – FERPA – EU Directive on Data Protection – State, County & Municipality privacy laws • FTC Act • Bank Secrecy Act • General Negligence Law • Electronic Communications Privacy Act • Anti-Money Laundering • FFIEC Auth-N Guidance I & II • Nevada NRS-603A & Massachusetts 201CMR17.00 • PCI DSS • California (SB)1386 • OFAC –OCC Rules • Negligence Law • NDAA 2012 • SEC Regulations 10b(5) • FTC Do-Not-Call Law • Digital Millennium Copyright Act • Super-DMCA • Foreign Corrupt Practices Act • Know Your Customer • eDiscovery Law and Spoliation • PCI-DSS Codification • Fractal Breach Notification Laws • EU – Right to be Forgotten and the list goes on….
  • 9. 9 Cloud Computing, Virtualization & SaaS change the game – Network inversion: Our data everywhere – Extranet access to core systems – SOAP identity components – Authentication & authorization challenges in a world without borders – Dynamic workforce – Autonomous systems – Outsourced authentication through federated identity – Shrinking time to market, change control, and presentation layer – How is identity managed in an Enterprise Service Bus? Rapid Business Model Changes
  • 10. 10 eBusiness Trust Unqualified Trust cannot exist in eBusiness • “Sure I trust you, but let me cut the cards * ” • “Trust but Verify” – Ronald Reagan • Trust must be earned to be granted • Fundamental “W” questions: – What is being trusted? – When, Who, Where, Why, in what context? • Identity Management enables us to answer: – Who are they? – Why should they have access? – Increasingly Where and What context are being added to identity * Harry DeMaio, “B2B and Beyond”, 2003
  • 11. 11 Increased Pressure for Identity Management • Identity Theft, data theft and phishing • Missing laptops, PDAs, backup tapes • Organized crime • Regulatory pressure • Application Integration forces • Identity silos slowing down business • Due-diligence bar has been raised “Identity is the New Perimeter” -Cisco
  • 12. 12 Level-set • Identity problems are not unique • Common components – but no universal answers • Different needs, starting points, drivers – Industry, capital investment, risk tolerance, regulators • Good news: Common patterns from which we might learn Learning opportunities might be sitting beside you • Bad news: There is no silver bullet or checklist
  • 13. 13 Why an Identity Architecture? • Reduce operational costs • Duty to the shareholders, employees • Ensure fiduciary responsibility • Create confidence and trust, which are vital to eBusiness (c.f. HBGary, RSA, ChoicePoint, TJX, Heartland) • Repeatable operations • Reliable information • Enabling customer/ associate self-service • Availability for revenue generating projects • Potential for reduced time to market
  • 14. 14 Why identity management? Cost Reduction – Drive down cost of managing identities – Increase user and administrator efficiency – Speeds up provisioning cycle – Reduced password repositories = $avings
  • 15. 15 Why identity management? Increased Security – At times, IAM is the most visible & effective control – Reduction in stale accounts – Visibility to, and reduction of excessive rights – Sufficient controls over vital process – Documented, consistent process for audit – Without IAM, Defense in Depth is negated
  • 16. 16 Why identity management? Increased compliance – Enables data security and privacy controls – Reduces potential for privacy breaches – Reduces risk of non-compliance – Provides ability to demonstrate compliance – Binding entitlements to authorization decision
  • 17. 17 Enables the business – Customer identity mapping enables deeper selling and cross-selling – Reduces time to market for new systems – Enables private-label service offerings and seamless outsourcing through federation – The business doesn’t have to worry about management of access to systems… freeing them to focus on the business WHY IDENTITY MANAGEMENT?
  • 18. 18 Improved user experience – Easy to use interfaces – Reduced provisioning & access frustration – Enables reduced sign-on, reducing customer frustration – Permits self-service, further enabling 24x7 customer access – Customization of the user experience WHY IDENTITY MANAGEMENT?
  • 19. 19 Selling Identity Management Points of pain of your organization – Reduction in password resets? – Hundreds of identity repositories to manage? – Rapid associate onboarding? – Reduction in risk? – Regulatory compliance? Three primary considerations: • ROI • Management Commitment • Prioritization of IAM tasks / roadmap
  • 20. 20 If your company looks like this: Quantifiable ROI 8%Job change10%Turnover ratio 200E-mail Lists16Audits per year 50kCustomers8kEmployees 200Total Apps15Web Apps
  • 21. 21 Quantifiable ROI Then your ROI is estimated to be: £ 5,9MM€ 7,94MM$ 11.6MMCentralized LDAP £ 286MM€ 384MM$ 561MMProvisioning £ 9,8MM€ 12,2MM$ 17.7MMWeb SSO Study by Giga Information Group Source: Enterprise Identity Management, IT Governance Institute No longer published by ITGI 
  • 22. 22 Specific ROI Savings • Improved IT efficiency • Improved data management • Reduced development of security features • Reduced helpdesk costs • Quicker access to applications • Improved searching/updating user data • Improved managerial tasks • Improved e-mail list management • Audit savings • Elimination of paper costs
  • 23. 23 Management Commitment • Identity Management will touch every corner of the organization • Along the way: – Significant changes in infrastructure and process – Corporate Politics – IT turf wars – Potential for outages • Very long road • Search for vocal, demonstrable early wins – Enough to move you down the road – Not so tough that you can’t demonstrate competency
  • 24. 24 Typical Stakeholders • CIO • CISO/CSO • Human Resources • Infrastructure (Server/database/network) • CFO • Principal Lines of Business
  • 25. 25 Obtaining Buy-in • Focus on quick wins to demonstrate early success • Establish executive sponsorship – Identity Management Steering Committee – Senior executive to own (e.g. CIO) • Funding a program, not a project – Realistic expectations – Long-term funding model – Changing how IT does business • Sell slow, gradual migration path of many small projects – NOT Big Bang
  • 26. 26 Prioritization • Critical to manage expectations and limit impact • Long journey • Many moving parts and dependencies • Infrastructure build-out typically precedes procedural and workflow implementations • Important to communicate and demonstrate progress and savings
  • 27. 27 Roadmaps help sell and tell 2Q12 4Q12 2Q13 4Q13 2Q14 SunFUN v7 Identity Mangler 2.0 Enterprise Directory Meta-Directory Virtual Directory Gradient Chaos* Active Refrectory 2004 Product DIRECTORY SERVICES Technology AR 2009
  • 28. 28 IAM Program Roadmap Infrastructure Application Integration Provisioning AutomationAccess ReportingPaperlessProvisioning Planning • Current/Future • Role Analysis • Provisioning Roadmap • Access Review Process • Process Automation Provisioning Upgrade Performance Tuning Core Infrastructure • Hardware Build • Prototype • Base Product Installation/ Configuration • Performance Updates Base Provisioning • Employee Joiners/Leavers • Temp Workers • PW Synch InfrastructureImplementationProject • Self Service Request Process • HR Integration B2CB2B Pilot Extend B2E B2E Pilot • HR System • Employee File • AD Passwords • LDAP • Mail system • Asset management • Financial/accounting • Pilot App • WAM Audit Integrations Provisioning Process Pilot • B2E Apps • Associate Onboarding • Majority of Apps • Pilot App • WAM/SSO Federate Federated Identity Web Services Support PKI • XML/SOAP Gateway • Service Bus B2CB2B Pilot
  • 29. 29 Identity Management Program • Running a successful IAM program is about PROCESS not technology • Every component of IAM is part of a larger plan: Think strategically, then deliver components that align with the strategy • Architecture & Assessments are key to a successful IAM implementation
  • 31. 31 IAM Program: Getting started As with any architectural endeavour: –What shall we build? –What are the needs? –What materials are available? –What engineering/technical skills do we have? –What does the environment look like?
  • 32. 32 IAM Program: Getting started • Gap analysis: Missing skills, support, infrastructure, funding, sponsorship • Needs assessment: What are the critical business drivers that are to be met? • As-is assessment: – Determine unique identity repositories – What IAM components need replaced? • Map gaps to needs, and prioritize • Develop roadmap, including infrastructure, process and integration components
  • 33. 33 IAM Program Roadmap Infrastructure Application Integration Provisioning AutomationAccess ReportingPaperless Provisioning Planning • Current/Future • Role Analysis • Provisioning Roadmap • Access Review Process • Process Automation Provisioning Upgrade Performance Tuning Core Infrastructure • Hardware Build • Prototype • Base Product Installation/ Configuration • Performance Updates Base Provisioning • Employee Joiners/Leavers • Temp Workers • PW Synch InfrastructureImplementationProject • Self Service Request Process • HR Integration B2CB2B Pilot Extend B2E B2E Pilot • HR System • Employee File • AD Passwords • LDAP • Mail system • Asset management • Financial/accounting • Pilot App • WAM Audit Integrations Provisioning Process Pilot • B2E Apps • Associate Onboarding • Majority of Apps • Pilot App • WAM/SSO Federate Federated Identity Web Services Support PKI • XML/SOAP Gateway • Service Bus B2CB2B Pilot
  • 34. 34 IAM Program • Identity Management requires a program office – much more than a project or series of projects • IAM Program Office – Metrics, reporting and demonstrable progress – Coordination of identity initiatives: many projects – Provisioning coordinator – Visible agent for IAM in organization – Single accountable party – Visibility to senior management – Coordination with Steering & Advisory Committees
  • 35. 35 Identity Program Organization Program Management IntegrationProvisioningInfrastructure · Program Measurement · Program Monitoring · Program Status · Steering Committee Coordination · Release Definition · Program Finance · Program Communications · Issue Management & Resolution Architecture · Technical Architecture Vision · Release Plans · Requirements · Use Case Definition Testing DeploymentReporting · Network/Server Architecture · Infrastructure Administration (System, Database, WebSphere) · Core Product Specialists (Thor, Radiant, SunOne, ClearTrust) · Operations Architecture · Environment Design and Coordination (Development, Test, Staging, Production) · Infrastructure Issue Resolution · As-is Process · To-be Process · Thor configuration & customization (Workflows, Self Service, Delegated Admin, etc.) · Thor adapter development · Integration Analysis (Functional & Technical) · Integration Support (Thor Adapter Configuration, Directory Integration Support, ClearTrust Agents) · Access Review Process · Report Definition · Report Development · Warehousing Architecture · System Test · User Acceptance Test · Performance Test · Requirements Traceability · Build Coordination · Code Configuration Management
  • 36. 36 Advanced IdM SSO Strategy: Critical Success Factors • Strategic Staffing • Evangelist with credibility • Management commitment for 3+ years • Demonstration of short-term success, but… • Long view needed • Examine offshore for integration • MBOs / Performance Goals / KPIs • HR, Procurement & Architecture on-board • Communicate, communicate, communicate
  • 37. 37 Recommendations • Get executive sponsorship • Sell business solution, not technology • Ensure that the message is clear • Solicit representation from all groups to be affected • Get quick hits, show success • Underpromise, overdeliver • Be persistent • Realize that deployment is easy; politics and money can get in the way
  • 38. 38 Recommendations • KISS – Keep it simple • Avoid product focus where possible • Focus on Demonstrated CAPABILITIES not products • Document, document, document • Get help – good consultant(s) with strong BUSINESS skills as well as IAM experience • Make presentations of broad architectural concepts to senior management • Run identity as a Program Office
  • 39. 39 • Intellectual horsepower & meditation required – study, research, network • Long road – 3-5 years, don’t expect overnight results. • Publish all documents to all participants to facilitate understanding • Join peer group for fertile soil – (ISC)2 Chapter – ISSA – InfraGard – ISACA – ISF What Next?