Micro Focus , profile picture
Uploaded byMicro Focus
334 views

SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017

The document outlines the evolution and challenges of identity governance, particularly through the lens of the Sarbanes-Oxley Act, emphasizing the need for efficient management of access controls and permissions. It contrasts traditional identity governance methods with next-generation approaches that aim to reduce information overload and improve risk management through automation and context-based decision support. Five steps for effective identity governance are proposed, focusing on curation, noise reduction, informed decision-making, risk closure, and governance demonstration.

Embed presentation

Download to read offline
Adam Evans Senior Identity & Access Specialist 21 March 2017 Innovation——In Action Supporting Security Through Next Generation Identity Governance #MFSummit2017
• The Origins of Identity Governance • Identity Governance 1.x • Pros • Cons • Identity Governance.NextGen • Five Steps to Efficient ID Governance • Questions & Answers Agenda
Identity Governance The Origins…
Identity Repositories The Evolution of Identity Governance? Phase One: The Proliferation of Identity Repositories Identity Repository
The Evolution of Identity Governance? Phase Two: The Directory Services “Silver Bullet” Identity Repositories Directory Services …plus Identity Repositories …or NOT!
The Evolution of Identity Governance? Phase Three: Provisioning, Password Sync & SSO Identity Repositories Directory Services …plus Identity Repositories Provisioning/Pwd Sync Single-Sign On
What Does This Have To Do With ID Governance? Sarbanes-Oxley Act 202 Section 404 SoX Section 404 Identity Governance & Administration 1.x ITCentricBusiness Centric Assessment of Internal Control Requires management & external auditor to report on the adequacy of the company's internal control on financial reporting (ICFR). This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort.
What Does This Have To Do With ID Governance? Sarbanes-Oxley Act 202 Section 404 SoX Section 404 Identity Governance & Administration 1.x ITCentricBusiness Centric
• Ability to Collect Accounts & Permission from Apps • Central Repository of All Access • Automatically Link Accounts to Identities • Configure & Forget • Scheduled • Policy • Create & Apply Consistent Policies • SoD, Risk, High Privileged Access, Unmapped/Orphaned • Easily Identify Policy Violations from the “Noise” Identity Governance & Administration 1.x Pros…
• Review Management • Create Targeted Review Campaigns • Run Review on a Schedule and/or Ad-Hoc • Track Completion & Escalate • Transparency • Capture Access Decisions • Review Sign-Off • Audit Reporting Identity Governance & Administration 1.x Pros…
• Fulfilment • Automated • Manual • Closed Loop Verification Identity Governance & Administration 1.x Pros…
That All Sounds Great, Right? However…
• Persistent Information Overload • Little or No Reduction In Number of Review Items • Lack of Business Context • Automation of Controls, Not The Review Identity Governance & Administration 1.x Cons… Select All Permission #1 Permission #2 Permission #3 Permission #4 Permission #5 Permission #6 Permission #7 Permission #21 Permission #22 Permission #23 Permission #24 Permission #25 Permission #26 Permission #27 Permission #x1 Permission #x2 Permission #x3 Permission #x4 Permission #x5 Permission #x6 Permission #x7 Keep Next 1 2 3
• No Decision Support • Requires Manual Intelligence Gathering Identity Governance & Administration 1.x Cons… Permission #1 Permission #2 Permission #3 Permission #4 Permission #5 Permission #6 Permission #7 Permission #21 Permission #22 Permission #23 Permission #24 Permission #25 Permission #26 Permission #27 Permission #x1 Permission #x2 Permission #x3 Permission #x4 Permission #x5 Permission #x6 Permission #x7Who Approved These Permissions? When Did This Person Get These Permissions? Are These Direct Assignments, or Part of a Role? Are These Permissions Normal? What Do These Permissions Mean? Do These Permissions Violate Any SoD Policies? Is This Person a Privileged User? How Did The Person Get These Permissions?
• It Does Not Significantly Reduce Risk Identity Governance & Administration 1.x Cons… Collect Review Sign Off Certified Collect Review Review Campaign #1 Review Campaign #2 Change Risk Window ~6 Months?
• The Role Mining Myth • It Looks Good in Demos • But… Identity Governance & Administration 1.x Cons… • Are All The Permission Assignments: • Correct? • Appropriate? • Accurate (Point in Time)? • Are The New Roles Appropriate? • Do They Reflect The Business? • Are They Close To Existing Roles? • Will Risk Be Accurately Represented?
• Delivers Automation & Review Oversight • No Significant Reduction in Review Effort • Lack of Decision Support • No Reduction in Risk • Review Items Usually Out Of Date • Select All, Keep, Next! • Role Mining Is Not The Answer Identity Governance & Administration 1.x In Summary
Identity Governance.NextGen Five Steps to Efficient Identity Governance
Step One – Curation Make Sense of What You Have…
• Identity Centric • Review at Macro Level • Authorised Roles Can Be Excluded From Reviews • Concentrate Exceptions (White listing) Step Two – Reduce the Noise Business Roles…
• Membership Expression Automates Assignment • Contains Permissions, Technical Roles & Applications • Role Items Are Mandatory / Optional • Can be Authorised at the role, or More Granular with Time Limits Step Two – Reduce the Noise Business Roles…
• Capability Centric • Review at Macro Level • Assignment is based on Permissions Assigned Step Two – Reduce the Noise Technical Roles…
Step Two – Reduce the Noise Working with Roles…
Step Two – Reduce Noise Without Increasing Risk Risk-Based Reviews… • Concentrate on High Risk Access • Review Everything Else Less Often… …If At All …Or On Change
Step Three – Make Informed Decisions Context-Based Decision Support… Usage Guidance Permission Relationship Person Details Permission Details
Step Four – Close the Risk Windows Event-Based Reviews – High Risk Group Example… Person Added to High Risk AD Group (e.g. Domain Admins) Detected by Change Guardian Alert Raised Alert Event Triggers a Review of the User Complete Fulfilment (If Required) Store Decision (for Audit) Near Real-Time Window of Risk
Step Five – Demonstrating Governance Tracking…
Step Five – Demonstrating Governance Reporting…
Step Five – Demonstrating Governance Analytics…
• Automates the Entire Review Process • Efficiency Without Compromise • Curaton, Roles, Risk-Based Review • Enables the Business to Make Informed Decisions • Context-Based Decision Support • Reduces Risk Exposure • Event-Based Reviews • Easily Demonstrate Governance Identity Governance.NextGen In Summary
It Delivers the Promises Made by Identity Governance & Administration 1.x Identity Governance.NextGen In Summary Fundamentally…
www.microfocus.com

More Related Content

PDF
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
byBeyondTrust
 
PDF
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
byMicro Focus
 
PDF
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
byBeyondTrust
 
PDF
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
byMicro Focus
 
PPTX
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
byWendy Knox Everette
 
PPTX
Lets talk about soc2s, baby! BSidesLV 2021
byWendy Knox Everette
 
PPTX
Otx introduction sw
byAlienVault
 
PDF
Unearth Active Directory Threats Before They Bury Your Enterprise
byBeyondTrust
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
byBeyondTrust
 
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
byMicro Focus
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
byBeyondTrust
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
byMicro Focus
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
byWendy Knox Everette
 
Lets talk about soc2s, baby! BSidesLV 2021
byWendy Knox Everette
 
Otx introduction sw
byAlienVault
 
Unearth Active Directory Threats Before They Bury Your Enterprise
byBeyondTrust
 

What's hot

PDF
Tips to Remediate your Vulnerability Management Program
byBeyondTrust
 
PPTX
Safeguarding PCI Data in the Cloud
byHostway|HOSTING
 
PPTX
PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
byAlienVault
 
PPTX
PCI DSS v3.0: How to Adapt Your Compliance Strategy
byAlienVault
 
PPTX
"EL ATAQUE INTERNO"
byJose Luis Balbiano
 
PPTX
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
byAggregage
 
PDF
Arbel Zinger | Microsoft Advanced Threat Analytics
byMicrosoft Österreich
 
PDF
Nicholas DiCola | Secure your IT resources with Azure Security Center
byMicrosoft Österreich
 
PPTX
Observe It Presentation
bytsteh
 
PPTX
Unit4
byIntegral university, India
 
PPTX
Cybersecurity framework v1-1_presentation
byMonchai Phaichitchan
 
PDF
Emma Aubert | Information Protection
byMicrosoft Österreich
 
PDF
Presentazione-CyberArk-MDM-v3
byMarco Di Martino
 
PDF
Managing privileged account security
byRaleigh ISSA
 
PPT
dos_security_final
byMichele Vincent
 
PPTX
How to Solve Your Top IT Security Reporting Challenges with AlienVault
byAlienVault
 
PDF
Application Security - Your Success Depends on it
byWSO2
 
PDF
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
byRisk Analysis Consultants, s.r.o.
 
PPTX
Zero Trust Model
byYash
 
PPTX
How to Simplify PCI DSS Compliance with AlienVault USM
byAlienVault
 
Tips to Remediate your Vulnerability Management Program
byBeyondTrust
 
Safeguarding PCI Data in the Cloud
byHostway|HOSTING
 
PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
byAlienVault
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
byAlienVault
 
"EL ATAQUE INTERNO"
byJose Luis Balbiano
 
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
byAggregage
 
Arbel Zinger | Microsoft Advanced Threat Analytics
byMicrosoft Österreich
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
byMicrosoft Österreich
 
Observe It Presentation
bytsteh
 
Unit4
byIntegral university, India
 
Cybersecurity framework v1-1_presentation
byMonchai Phaichitchan
 
Emma Aubert | Information Protection
byMicrosoft Österreich
 
Presentazione-CyberArk-MDM-v3
byMarco Di Martino
 
Managing privileged account security
byRaleigh ISSA
 
dos_security_final
byMichele Vincent
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
byAlienVault
 
Application Security - Your Success Depends on it
byWSO2
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
byRisk Analysis Consultants, s.r.o.
 
Zero Trust Model
byYash
 
How to Simplify PCI DSS Compliance with AlienVault USM
byAlienVault
 

Similar to SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017

PDF
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
byIBM Security
 
PDF
Achieving Effective Identity and Access Governance
byEnterprise Management Associates
 
PDF
The Role of IGA Identity Governance in Strengthening Your Organizations Cyber...
bySecurity Compliance Corporation
 
PDF
Identity & Access Management for Securing DevOps
byEryk Budi Pratama
 
PPTX
OneIdentity - A Future-Ready Approach to IAM
byAdrian Dumitrescu
 
PDF
#MFSummit2016 Secure: Introduction to identity, access and security
byMicro Focus
 
PPTX
Co p
byAllyn McGillicuddy
 
PDF
A Study in Borderless Over Perimeter
byForgeRock
 
PDF
David doret (2019) SIGS IAM Conference: Revisiting IAM Foundations
byDavid Doret
 
PDF
unveiling-the-true-potential-of-identity-strengthening-security-through-compl...
byHarshada Mulay
 
PPT
Identity Management: Risk Across The Enterprise
byPerficient, Inc.
 
PDF
Co p
byAllyn McGillicuddy
 
PPTX
Developing an IAM Roadmap that Fits Your Business
byForgeRock
 
PPTX
IDSA at Charlotte IAM Meetup
byIdentity Defined Security Alliance
 
PDF
AccessPaaS by SafePaaS
byJane Jones
 
PDF
AccessPaaS (SafePaaS)
byEmma Kelly
 
PPT
EDUCAUSE_SEC10_Apr2010_Fed_Seminar_Final.ppt
byPreethamS41
 
PPT
The Business Of Identity, Access And Security V1.0
bytheonassiokas
 
PDF
Denver ISSA Chapter Meetings - Changing the Security Paradigm
byIdentity Defined Security Alliance
 
DOCX
Unified Identity and Access Governance: Centralizing Security, Compliance, an...
byhenmathkumar24
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
byIBM Security
 
Achieving Effective Identity and Access Governance
byEnterprise Management Associates
 
The Role of IGA Identity Governance in Strengthening Your Organizations Cyber...
bySecurity Compliance Corporation
 
Identity & Access Management for Securing DevOps
byEryk Budi Pratama
 
OneIdentity - A Future-Ready Approach to IAM
byAdrian Dumitrescu
 
#MFSummit2016 Secure: Introduction to identity, access and security
byMicro Focus
 
Co p
byAllyn McGillicuddy
 
A Study in Borderless Over Perimeter
byForgeRock
 
David doret (2019) SIGS IAM Conference: Revisiting IAM Foundations
byDavid Doret
 
unveiling-the-true-potential-of-identity-strengthening-security-through-compl...
byHarshada Mulay
 
Identity Management: Risk Across The Enterprise
byPerficient, Inc.
 
Co p
byAllyn McGillicuddy
 
Developing an IAM Roadmap that Fits Your Business
byForgeRock
 
IDSA at Charlotte IAM Meetup
byIdentity Defined Security Alliance
 
AccessPaaS by SafePaaS
byJane Jones
 
AccessPaaS (SafePaaS)
byEmma Kelly
 
EDUCAUSE_SEC10_Apr2010_Fed_Seminar_Final.ppt
byPreethamS41
 
The Business Of Identity, Access And Security V1.0
bytheonassiokas
 
Denver ISSA Chapter Meetings - Changing the Security Paradigm
byIdentity Defined Security Alliance
 
Unified Identity and Access Governance: Centralizing Security, Compliance, an...
byhenmathkumar24
 

More from Micro Focus

PPTX
North America Strategic Modernization Exec Forum
byMicro Focus
 
PDF
Tech Channel COBOL ebook
byMicro Focus
 
PDF
Unlocking COBOL Business Value
byMicro Focus
 
PDF
Quietly confident, enduringly competent - COBOL.
byMicro Focus
 
PDF
5 key capabilitie for a smart service desk solution infographic
byMicro Focus
 
PDF
SAP Fortify by Micro Focus.
byMicro Focus
 
PDF
Digital Transformation pillars 2020
byMicro Focus
 
PDF
Whats new in Enterprise 5.0 Product Suite
byMicro Focus
 
PPTX
Micro Focus Corporate Overview
byMicro Focus
 
PPTX
Why attend the application modernization & connectivity track at Micro Focus ...
byMicro Focus
 
PDF
Micro Focus #DevDay50 - Atlanta
byMicro Focus
 
PDF
Growth of Internet Data - 2017
byMicro Focus
 
PPTX
Easily Create Scalable Automation using Selenium
byMicro Focus
 
PDF
The Journey to Mainframe DevOps
byMicro Focus
 
PDF
Micro Focus extend 10 and 10.1 with AcuToWeb
byMicro Focus
 
PDF
The COBOL Story by Wim Ebbinkhuijsen
byMicro Focus
 
PPTX
DevDay Copenhagen - Micro Focus overview and introduction
byMicro Focus
 
PPTX
The DevOps Journey
byMicro Focus
 
PPTX
ACUCOBOL - Product Strategy and Roadmap
byMicro Focus
 
PDF
#DevDay Copenhagen - Bluegarden Presentation
byMicro Focus
 
North America Strategic Modernization Exec Forum
byMicro Focus
 
Tech Channel COBOL ebook
byMicro Focus
 
Unlocking COBOL Business Value
byMicro Focus
 
Quietly confident, enduringly competent - COBOL.
byMicro Focus
 
5 key capabilitie for a smart service desk solution infographic
byMicro Focus
 
SAP Fortify by Micro Focus.
byMicro Focus
 
Digital Transformation pillars 2020
byMicro Focus
 
Whats new in Enterprise 5.0 Product Suite
byMicro Focus
 
Micro Focus Corporate Overview
byMicro Focus
 
Why attend the application modernization & connectivity track at Micro Focus ...
byMicro Focus
 
Micro Focus #DevDay50 - Atlanta
byMicro Focus
 
Growth of Internet Data - 2017
byMicro Focus
 
Easily Create Scalable Automation using Selenium
byMicro Focus
 
The Journey to Mainframe DevOps
byMicro Focus
 
Micro Focus extend 10 and 10.1 with AcuToWeb
byMicro Focus
 
The COBOL Story by Wim Ebbinkhuijsen
byMicro Focus
 
DevDay Copenhagen - Micro Focus overview and introduction
byMicro Focus
 
The DevOps Journey
byMicro Focus
 
ACUCOBOL - Product Strategy and Roadmap
byMicro Focus
 
#DevDay Copenhagen - Bluegarden Presentation
byMicro Focus
 

Recently uploaded

PDF
Taxi App UIUX Design for Seamless Ride Booking
byV3CUBE TECHNOLABS
 
PPTX
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
PPTX
Installing Python in Visual Studio Code
bydabydcatahanibmcom
 
PDF
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
PPTX
Prime Teams – Real-Time Employee Monitoring & Project Management Software
byPrime Teams
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
PDF
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
PDF
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
PPTX
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
PDF
Prompt Engineering vs Content Engineering vs RAG.pdf
byVineet Sharma
 
PDF
Mastering Zero-Allocation Parsers: A Deep Dive into High-Performance C#
byVineet Sharma
 
PDF
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 
PPTX
Chapter Two Logic and Language - Copy.pptx
byGediyonBelay
 
PDF
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
PDF
Jira, Powered by Enterprise-Grade Intelligence from NeoroTalks.pdf
byNeoro Talks
 
PDF
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
PDF
Building Smarter AI: 16 RAG Approaches for Accuracy, Memory, and Reasoning Vi...
byVineet Sharma
 
PDF
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
PPTX
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
PDF
Langchain4J – An Introduction for Impatient Developers
byJuarez Junior
 
Taxi App UIUX Design for Seamless Ride Booking
byV3CUBE TECHNOLABS
 
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
Installing Python in Visual Studio Code
bydabydcatahanibmcom
 
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
Prime Teams – Real-Time Employee Monitoring & Project Management Software
byPrime Teams
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
Prompt Engineering vs Content Engineering vs RAG.pdf
byVineet Sharma
 
Mastering Zero-Allocation Parsers: A Deep Dive into High-Performance C#
byVineet Sharma
 
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 
Chapter Two Logic and Language - Copy.pptx
byGediyonBelay
 
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
Jira, Powered by Enterprise-Grade Intelligence from NeoroTalks.pdf
byNeoro Talks
 
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
Building Smarter AI: 16 RAG Approaches for Accuracy, Memory, and Reasoning Vi...
byVineet Sharma
 
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
Langchain4J – An Introduction for Impatient Developers
byJuarez Junior
 

SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017

  • 1.
    Adam Evans Senior Identity& Access Specialist 21 March 2017 Innovation——In Action Supporting Security Through Next Generation Identity Governance #MFSummit2017
  • 2.
    • The Originsof Identity Governance • Identity Governance 1.x • Pros • Cons • Identity Governance.NextGen • Five Steps to Efficient ID Governance • Questions & Answers Agenda
  • 3.
  • 4.
    Identity Repositories The Evolution ofIdentity Governance? Phase One: The Proliferation of Identity Repositories Identity Repository
  • 5.
    The Evolution ofIdentity Governance? Phase Two: The Directory Services “Silver Bullet” Identity Repositories Directory Services …plus Identity Repositories …or NOT!
  • 6.
    The Evolution ofIdentity Governance? Phase Three: Provisioning, Password Sync & SSO Identity Repositories Directory Services …plus Identity Repositories Provisioning/Pwd Sync Single-Sign On
  • 7.
    What Does ThisHave To Do With ID Governance? Sarbanes-Oxley Act 202 Section 404 SoX Section 404 Identity Governance & Administration 1.x ITCentricBusiness Centric Assessment of Internal Control Requires management & external auditor to report on the adequacy of the company's internal control on financial reporting (ICFR). This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort.
  • 8.
    What Does ThisHave To Do With ID Governance? Sarbanes-Oxley Act 202 Section 404 SoX Section 404 Identity Governance & Administration 1.x ITCentricBusiness Centric
  • 9.
    • Ability toCollect Accounts & Permission from Apps • Central Repository of All Access • Automatically Link Accounts to Identities • Configure & Forget • Scheduled • Policy • Create & Apply Consistent Policies • SoD, Risk, High Privileged Access, Unmapped/Orphaned • Easily Identify Policy Violations from the “Noise” Identity Governance & Administration 1.x Pros…
  • 10.
    • Review Management •Create Targeted Review Campaigns • Run Review on a Schedule and/or Ad-Hoc • Track Completion & Escalate • Transparency • Capture Access Decisions • Review Sign-Off • Audit Reporting Identity Governance & Administration 1.x Pros…
  • 11.
    • Fulfilment • Automated •Manual • Closed Loop Verification Identity Governance & Administration 1.x Pros…
  • 12.
    That All SoundsGreat, Right? However…
  • 13.
    • Persistent InformationOverload • Little or No Reduction In Number of Review Items • Lack of Business Context • Automation of Controls, Not The Review Identity Governance & Administration 1.x Cons… Select All Permission #1 Permission #2 Permission #3 Permission #4 Permission #5 Permission #6 Permission #7 Permission #21 Permission #22 Permission #23 Permission #24 Permission #25 Permission #26 Permission #27 Permission #x1 Permission #x2 Permission #x3 Permission #x4 Permission #x5 Permission #x6 Permission #x7 Keep Next 1 2 3
  • 14.
    • No DecisionSupport • Requires Manual Intelligence Gathering Identity Governance & Administration 1.x Cons… Permission #1 Permission #2 Permission #3 Permission #4 Permission #5 Permission #6 Permission #7 Permission #21 Permission #22 Permission #23 Permission #24 Permission #25 Permission #26 Permission #27 Permission #x1 Permission #x2 Permission #x3 Permission #x4 Permission #x5 Permission #x6 Permission #x7Who Approved These Permissions? When Did This Person Get These Permissions? Are These Direct Assignments, or Part of a Role? Are These Permissions Normal? What Do These Permissions Mean? Do These Permissions Violate Any SoD Policies? Is This Person a Privileged User? How Did The Person Get These Permissions?
  • 15.
    • It DoesNot Significantly Reduce Risk Identity Governance & Administration 1.x Cons… Collect Review Sign Off Certified Collect Review Review Campaign #1 Review Campaign #2 Change Risk Window ~6 Months?
  • 16.
    • The RoleMining Myth • It Looks Good in Demos • But… Identity Governance & Administration 1.x Cons… • Are All The Permission Assignments: • Correct? • Appropriate? • Accurate (Point in Time)? • Are The New Roles Appropriate? • Do They Reflect The Business? • Are They Close To Existing Roles? • Will Risk Be Accurately Represented?
  • 17.
    • Delivers Automation& Review Oversight • No Significant Reduction in Review Effort • Lack of Decision Support • No Reduction in Risk • Review Items Usually Out Of Date • Select All, Keep, Next! • Role Mining Is Not The Answer Identity Governance & Administration 1.x In Summary
  • 18.
    Identity Governance.NextGen Five Stepsto Efficient Identity Governance
  • 19.
    Step One –Curation Make Sense of What You Have…
  • 20.
    • Identity Centric •Review at Macro Level • Authorised Roles Can Be Excluded From Reviews • Concentrate Exceptions (White listing) Step Two – Reduce the Noise Business Roles…
  • 21.
    • Membership Expression AutomatesAssignment • Contains Permissions, Technical Roles & Applications • Role Items Are Mandatory / Optional • Can be Authorised at the role, or More Granular with Time Limits Step Two – Reduce the Noise Business Roles…
  • 22.
    • Capability Centric •Review at Macro Level • Assignment is based on Permissions Assigned Step Two – Reduce the Noise Technical Roles…
  • 23.
    Step Two –Reduce the Noise Working with Roles…
  • 24.
    Step Two –Reduce Noise Without Increasing Risk Risk-Based Reviews… • Concentrate on High Risk Access • Review Everything Else Less Often… …If At All …Or On Change
  • 25.
    Step Three –Make Informed Decisions Context-Based Decision Support… Usage Guidance Permission Relationship Person Details Permission Details
  • 26.
    Step Four –Close the Risk Windows Event-Based Reviews – High Risk Group Example… Person Added to High Risk AD Group (e.g. Domain Admins) Detected by Change Guardian Alert Raised Alert Event Triggers a Review of the User Complete Fulfilment (If Required) Store Decision (for Audit) Near Real-Time Window of Risk
  • 27.
    Step Five –Demonstrating Governance Tracking…
  • 28.
    Step Five –Demonstrating Governance Reporting…
  • 29.
    Step Five –Demonstrating Governance Analytics…
  • 30.
    • Automates theEntire Review Process • Efficiency Without Compromise • Curaton, Roles, Risk-Based Review • Enables the Business to Make Informed Decisions • Context-Based Decision Support • Reduces Risk Exposure • Event-Based Reviews • Easily Demonstrate Governance Identity Governance.NextGen In Summary
  • 31.
    It Delivers thePromises Made by Identity Governance & Administration 1.x Identity Governance.NextGen In Summary Fundamentally…
  • 33.