Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2005 Imanami Corporation. All Rights Reserved.1 IdM & Security Robert Haaverson Imanami Corporation.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2005 Imanami Corporation. All Rights Reserved.1 IdM & Security Robert Haaverson Imanami Corporation."— Presentation transcript:

1

2 Copyright © 2005 Imanami Corporation. All Rights Reserved.1 IdM & Security Robert Haaverson Imanami Corporation

3 2Copyright © 2005 Imanami Corporation. All Rights Reserved. Agenda What is Identity Management Where does IdM fit within Security? How does IdM fit into Security? Conclusions More Information

4 3Copyright © 2005 Imanami Corporation. All Rights Reserved. Results 1 - 10 of about 1,110,000 for "Identity Management". (0.34 seconds)IdentityManagement What is Identity Management? Traditional Definition IncreasingComplexityIncreasingComplexity Authentication Authorization Access Control Current Trend Audit Admin

5 4Copyright © 2005 Imanami Corporation. All Rights Reserved. What is Identity Management? Identity Management (IdM) is defined as the quality or condition of being the same; absolute or essential sameness; oneness. Identity is what makes something or someone the same today as it, she, or he was yesterday. Importantly, identity can refer to a thing (e.g. a computer) as well as a person. Things and people can have different identities when working with different systems, or can have more than one identity when working with a single system, perhaps when working in different roles. Source: Open Group

6 5Copyright © 2005 Imanami Corporation. All Rights Reserved. META’s View “While simplistic and not entirely accurate, it’s helpful for planning purposes to think of access and identity management as separate layers of an identity architecture.” (META Group) Identity Management Identity Infrastructure User Provisioning Delegated Admin. Audit, logging, reporting Self-serviceP/W Mgmt. Workflow Directory Metadirectory Authentication Servers (e.g. RADIUS, OS) SSO Authorization Servers (e.g. RBAC, policy)

7 6Copyright © 2005 Imanami Corporation. All Rights Reserved. Gartner’s View AUDIT Identity Administration AdministerAuthenticate Authorize Authentication Services Enterprise Single Sign-on Password Management User Provisioning Metadirectory Enterprise Access Management Federated Identity Management Access Management (Real-time Enforcement)Identity Management (Administration)

8 7Copyright © 2005 Imanami Corporation. All Rights Reserved. Burton’s View ~ Burton Group’s Simplified Architecture ~ IdM reference architecture root template

9 8Copyright © 2005 Imanami Corporation. All Rights Reserved. Deloitte’s View Identity Repository Integrated authoritative source Identity roles User account provisioning Strong Authentication SSO & Portals Federated Identity Access Management Business Value Vision Source: Deloitte

10 9Copyright © 2005 Imanami Corporation. All Rights Reserved. Imanami’s View – The IdM Journey Identity Repository Integrated authoritative source Identity roles User account provisioning Strong Authentication SSO & Portals Federated Identity Access Management Password Reset /Sync Business Value Vision Basic Source: Deloitte

11 10Copyright © 2005 Imanami Corporation. All Rights Reserved. IdM Business Drivers Basic Source: Computer Associates Increasing Efficiency Enabling Business Complying with Regulation Increased Security

12 11Copyright © 2005 Imanami Corporation. All Rights Reserved. Source: SANS Blocking Attacks: Network Based Intrusion PreventionIntrusion DetectionFirewallAnti-Spam Where does IdM fit? Blocking Attacks: Host Based Intrusion PreventionSpyware RemovalPersonal FirewallAnti-Virus Eliminating Security Vulnerabilities Vulnerability MgmtPatch ManagementConfiguration MgmtSecurity Compliance Safely Supporting Authorized Users ID & Access MgmtFile EncryptionPKIVPN Tools to Minimize Business Losses Forensic ToolsBackupComplianceBusiness Recovery

13 12Copyright © 2005 Imanami Corporation. All Rights Reserved. Source: SANS Blocking Attacks: Network Based Intrusion PreventionIntrusion DetectionFirewallAnti-Spam Where does IdM fit? Blocking Attacks: Host Based Intrusion PreventionSpyware RemovalPersonal FirewallAnti-Virus Eliminating Security Vulnerabilities Vulnerability MgmtPatch ManagementConfiguration MgmtSecurity Compliance Safely Supporting Authorized Users ID & Access MgmtFile EncryptionAuthentication / PKIVPN Tools to Minimize Business Losses Forensic ToolsBackupComplianceBusiness Recovery

14 13Copyright © 2005 Imanami Corporation. All Rights Reserved. Source: SANS Blocking Attacks: Network Based Intrusion PreventionIntrusion DetectionFirewallAnti-Spam Where does IdM fit? Blocking Attacks: Host Based Intrusion PreventionSpyware RemovalPersonal FirewallAnti-Virus Eliminating Security Vulnerabilities Vulnerability MgmtPatch ManagementConfiguration MgmtSecurity Compliance Safely Supporting Authorized Users ID & Access MgmtFile EncryptionAuthentication / PKIVPN Tools to Minimize Business Losses Forensic ToolsBackupComplianceBusiness Recovery Safely Supporting Authorized Users ID & Access Management Verify that the right people are allowed to use a system Ensure they perform only those tasks for which they are authorized Access blocked when employment is terminated

15 14Copyright © 2005 Imanami Corporation. All Rights Reserved. Source: SANS Blocking Attacks: Network Based Intrusion PreventionIntrusion DetectionFirewallAnti-Spam Where does IdM fit? Blocking Attacks: Host Based Intrusion PreventionSpyware RemovalPersonal FirewallAnti-Virus Eliminating Security Vulnerabilities Vulnerability MgmtPatch ManagementConfiguration MgmtSecurity Compliance Safely Supporting Authorized Users ID & Access MgmtFile EncryptionAuthentication / PKIVPN Tools to Minimize Business Losses Forensic ToolsBackupComplianceBusiness Recovery Safely Supporting Authorized Users Authentication Verify that the person is whom they claim to be, whether it be via one, two or three factor.

16 15Copyright © 2005 Imanami Corporation. All Rights Reserved. Source: SANS Blocking Attacks: Network Based Intrusion PreventionIntrusion DetectionFirewallAnti-Spam Where does IdM fit? Blocking Attacks: Host Based Intrusion PreventionSpyware RemovalPersonal FirewallAnti-Virus Eliminating Security Vulnerabilities Vulnerability MgmtPatch ManagementConfiguration MgmtSecurity Compliance Safely Supporting Authorized Users ID & Access MgmtFile EncryptionAuthentication / PKIVPN Tools to Minimize Business Losses Forensic ToolsBackupComplianceBusiness Recovery Tools to Minimize Business Losses Forensic Tools When attackers get through enterprises need to find out what they accessed, what they damaged, and how they got in.

17 16Copyright © 2005 Imanami Corporation. All Rights Reserved. Source: SANS Blocking Attacks: Network Based Intrusion PreventionIntrusion DetectionFirewallAnti-Spam Where does IdM fit? Blocking Attacks: Host Based Intrusion PreventionSpyware RemovalPersonal FirewallAnti-Virus Eliminating Security Vulnerabilities Vulnerability MgmtPatch ManagementConfiguration MgmtSecurity Compliance Safely Supporting Authorized Users ID & Access MgmtFile EncryptionAuthentication / PKIVPN Tools to Minimize Business Losses Forensic ToolsBackupComplianceBusiness Recovery Tools to Minimize Business Losses Regulatory Compliance Tools Gramm-Leach-Biley, FISMA, Sarbanes Oxley, and HIPAA each generate enormous documentation burdens for companies, universities, and/or government agencies.

18 17Copyright © 2005 Imanami Corporation. All Rights Reserved. How does IdM fit into Security? Object (user) lifecycle management –Provisioning –Change –Deprovisioning Strong Authentication / SSO (RSO) n-1 Enterprise Access Management The Whole Enchilada

19 18Copyright © 2005 Imanami Corporation. All Rights Reserved. Object Life Cycle Management Hire Sally’s first day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Sally is Provisioned 1.Sally entered into Peoplesoft. 2.IdM adds Sally to AD. 3.IdM assigns Sally to groups based on her role. 4.IdM adds Sally to other systems based on role. Sally is Provisioned 1.Sally entered into Peoplesoft. 2.IdM adds Sally to AD. 3.IdM assigns Sally to groups based on her role. 4.IdM adds Sally to other systems based on role.

20 19Copyright © 2005 Imanami Corporation. All Rights Reserved. Object Life Cycle Management Promotion Sally’s second day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Sally is Changed 1.Sally’s title is changed in Peoplesoft. 2.IdM updates Sally in AD. 3.IdM assigns adds and removes Sally to and from groups based on her role. 4.IdM adds/removes Sally to/from other systems based on role. Sally is Changed 1.Sally’s title is changed in Peoplesoft. 2.IdM updates Sally in AD. 3.IdM assigns adds and removes Sally to and from groups based on her role. 4.IdM adds/removes Sally to/from other systems based on role.

21 20Copyright © 2005 Imanami Corporation. All Rights Reserved. Object Life Cycle Management Retire Sally’s last day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Sally is Deprovisioned 1.Sally’s status changed in Peoplesoft. 2.IdM disables Sally’s account in AD. 3.IdM removes Sally from groups. 4.IdM removes Sally from other systems. Sally is Deprovisioned 1.Sally’s status changed in Peoplesoft. 2.IdM disables Sally’s account in AD. 3.IdM removes Sally from groups. 4.IdM removes Sally from other systems.

22 21Copyright © 2005 Imanami Corporation. All Rights Reserved. Strong Authentication / SSO Without IdM Bill logs in from home 1. SecureID Card 2. Username & Password Access

23 22Copyright © 2005 Imanami Corporation. All Rights Reserved. Strong Authentication / SSO With IdM Bill logs in from home 1. SecureID Card Access

24 23Copyright © 2005 Imanami Corporation. All Rights Reserved. Enterprise Access Management Hire without IdM Jim’s first day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination

25 24Copyright © 2005 Imanami Corporation. All Rights Reserved. Enterprise Access Management Hire with IdM Jim’s first day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Business Rules

26 25Copyright © 2005 Imanami Corporation. All Rights Reserved. Regulatory Compliance Accuracy Auditability Transparency Compliance Cost Time Errors

27 26Copyright © 2005 Imanami Corporation. All Rights Reserved. Trends of IdM in Security RSA has more announcements of identity based approaches of agile and integrated security. There is an upcoming paradigm shift, where identity will allow security across dynamic distributed systems. So as security functions become packaged as appliances that can all be integrated and managed with federated protocols that allow centralized policies to create security and auditability, "security" is relentlessly morphing into "management by identity.“ - Phil Becker, Editor, Digital ID World

28 27Copyright © 2005 Imanami Corporation. All Rights Reserved. Realizing the Potential of Digital Identity Deployment considerations, lessons learned: –Begin by cleaning your own identity house Start looking at how you use identity, authoritative sources, processes You still need LDAP directory, meta-directory, and provisioning One tool or one suite won’t solve all your IdM problems –80% politics and business, 20% technology Your mileage may vary, but build in time to get stakeholders on board –Carefully scope the problem you’re trying to solve Manage expectations: Don’t try to solve all problems at once Pick projects with early demonstrable results; it’s a long journey, with small steps Build momentum (and political capital) for next phase(s) –All of these are 100% independent of product selection

29 Copyright © 2005 Imanami Corporation. All Rights Reserved.28 Robert Haaverson, CEO Imanami Corporation 925-371-3000 robert.haaverson@imanami.com Contact Resources Digital ID World, May 9-12 Hyatt Embarcadero, San Francisco Digital ID World Magazine – http://www.digitalidworld.com Burton Group – http://www.butongroup.comhttp://www.butongroup.com Open Group – http://www.opengroup.com Sans What Works – http://www.sans.org/whatworks

Download ppt "Copyright © 2005 Imanami Corporation. All Rights Reserved.1 IdM & Security Robert Haaverson Imanami Corporation."

Similar presentations

ADManager Plus Simplify Your Active Directory Management.

ADManager Plus Simplify Your Active Directory Management.
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA.

Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA.
Privileged Identity Management Enterprise Password Vault

Privileged Identity Management Enterprise Password Vault
User Authentication for Enterprise Applications November 16, 2005 Tom Board, NUIT.

User Authentication for Enterprise Applications November 16, 2005 Tom Board, NUIT.
Privileged Account Management Jason Fehrenbach, Product Manager.

Privileged Account Management Jason Fehrenbach, Product Manager.
Identity Management Choosing and Using Sun’s Identity Management Suite March 13 th, 2007 Kim Tracy Executive Director University Computing Services Northeastern.

Identity Management Choosing and Using Sun’s Identity Management Suite March 13 th, 2007 Kim Tracy Executive Director University Computing Services Northeastern.
IdM & OpenID Present by Fangli cai Prantap Bedi. The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes.

IdM & OpenID Present by Fangli cai Prantap Bedi. The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes.
Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.

Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.

July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
User Authentication for Enterprise Applications - The Future in Transitions.

User Authentication for Enterprise Applications - The Future in Transitions.
Identity and Access Management

Identity and Access Management
Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.

Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

Similar presentations

Ads by Google