Workshop on Identity & Access Management.
(Introduction & Scope,Functional Modules,Taxonomy,Global Trends for Roadmap,Capability Maturity Models,Vendor Selection Criteria, Guide to Vendors in the Landscape, CPI Findings).
2. + Agenda
n Introduction and Scope
n Functional Modules .
n Taxonomy (IAM, IGA, IDaaS).
n Global Trends for Roadmap.
n Capability Maturity Models.
n Vendors Selection Criteria.
n Guide to Vendors in the landscape.
n CPI (CISO Platform Index) Findings.
3. + IAM, IGA and IDaaS
IDaaS is all of the above in the cloud or as a Service with reporting thrown in.
User
Administration
and
Provisioning
Identity and
Access
Governance
Identity
Governance
and
Administration
(IGA)
Identity
Life
Cycle
Access
Requests/
Self
Service
Risk
Scoring
Policy
Enforcem
ent
Automated
Provisioning
Role
Management
Identity
Analytics
Segregation
of Duties
Role and
Entitlement
Mining
Reporting
4. + Additional -Software Components
Advanced
Authentication
Two/Multi
factor
Authentication
Hardware,
Software,
Biometric
Authorization
Access Control
Rule Based
Role based
Analytics
Repositories
Centralized
Meta Directory
Synchronization
Federation/
SSO
Access
Control to
multiple
applications
Trusted
identities
outside the
domain
Privileged
Identity
Session
management
Recording
Audits
Not exhaustive, many newer areas such as threat intelligence, SIEM integration are left
out.
6. + Global Trends and Scope
Social
Identities
Federation by
Google and FB
Merging of
professional and
personal
Mobile
BYOD
Loss of Perimeter
Cloud
SaaS/IaaS/PaaS
Applications in
Cloud
Varies based on the nature of business (consumer v/s b2b) and verticals.
7. + Where do you stand ?
n Maturity Model space is Pretty fuzzy area right now.
n Many models out there, No standards defined. (CMM, COBIT..)
n It is possible to define your own, and probably is preferred. But to
assess you need the following pre-requisites
• An in-depth knowledge of the state of the technology market segment,
which the programs are related to,
• Sufficient information about the maturity status of other organizations,
both in the industry sector of the particular organization and in other
industry sectors,
• A good understanding of trends that will have an impact on the program
and investments and
• A rigorous methodological approach based on reliable information.
* Source Dr Horst Walhter of KC
10. + Needs Assessment
n Readiness deals with
Organization’s capability to
implement a IAM solution.
n Translation of the CMM
models into implementation.
WorksheetWorksheet
(CPI Reference Questionnaire)
11. +
Vendor Selection Criteria
• Features, all of the IGA requirements.Product Architecture
• Customization support, Services, Languages
Deployment and Managed
Services Support
• Specific usecase flows. Single sign on support,
Vertical domain support if any.
Use Case or Vertical
Support
• Application Servers, Directories, Mobile
Platforms and Cloud applications, IAM standards
Interoperability
• Security Models (Role based, Rule based) AuditsProduct Security
• License model, Number of users, Number of
Servers
Pricing Models