1. © 2003 IBM Corporation Integrated Identity Management for the on demand world Laura Voglino, Director Security and SOA Marketing IBM Software Security Automation May 2004 Launch

2. © 2003 IBM Corporation 2 On Demand Business… Color palette An on demand business is an enterprise whose business processes—integrated end-to-end across the company and with key partners, suppliers and customers—can respond with flexibility and speed to any customer demand, market opportunity or external threat.

3. © 2003 IBM Corporation 3 Where to focus first? Flexible Financial & Delivery Options ENTRY Where you start depends on YOUR organization’s priorities. Business Transformation On Demand Operating Environment Business Processes Increasing flexibility is the key—business models, processes, infrastructure, plus financing and delivery

4. © 2003 IBM Corporation 4 Security Supports Customers’ Business Strategies Top CIO priorities for 2004 1. Security 2. Disaster recovery/business continuity 3. PC replacements 4. Existing application upgrades 5. Compliance with government regulations

5. © 2003 IBM Corporation 5 Reduce Cost and Increase Productivity Manage Complexity Increase Business Flexibility To Support Change & Innovation On Demand On Demand Security Delivers Measurable Business Value Demonstrate and Measure IT Value to the Business  Authorities responsive to changes in users & roles  Security controls that adapt in your business federation  Security components, revisions, and patches adapts to changes in security knowledge  Security changes driven by business process  No central control over security  Weak links between sources of user information, users & authorities  Hard to bridge IT to business processes  Manual processes Traditional IT

6. © 2003 IBM Corporation 6 Current Business Process Inefficiencies Provisioning New Users Users wait up to 3 weeks for activated accounts Managing Users Help Desk costs $20 per call for password resets De-Provisioning Users 30-60% of existing accounts are invalid Up to 30% of development for controlling access to applications and data Deploying New Initiatives Reconciling User Data 100+ user data sources at typical firm provide out-of- sync, untrustworthy security inputs Many new privacy and regulatory requirements around the world Protecting Trust

7. © 2003 IBM Corporation 7 The Control Layer and Assurance Layer Provides Flexibility to the Enterprise Perimeter Defense Keep out unwanted with Firewalls Anti-Virus Intrusion Detection, etc. Perimeter Defense Control Layer Assurance Layer Control Layer Which users can come in? What can users see and do? Are user preferences supported? Can user privacy be protected? Assurance Layer Can I comply with regulations? Can I deliver audit reports? Am I at risk? Can I respond to security events?

8. © 2003 IBM Corporation 8 Tivoli Security Automates Key Security Management Tasks Simplify portal sign-on while protecting content Secure identities and lower support costs with Integrated Identity Management Manage security policies at the point of entry into the network with Tivoli Identity Manager integrated with Cisco Automate password reset/sync

9. © 2003 IBM Corporation 9 ● Increase Business Agility of the way your people work and your business processes perform ● Manage Complexity with single sign-on and unified user experience. Comply with regulations and audit requirements ● Help reduce the cost of security administration and support costs ● Optimize IT Resources by controlling “who has access to what” with end-to- end security management Security Automation is a Business Imperative

10. © 2003 IBM Corporation 10 Security Automation Helps to Reduce Costs  Expand administrative capacity with less resources  Address escalating help desk costs  Eliminate regulatory non- compliance penalties  Reduce lag time to user productivity  Deliver user self-service and a more personalized experience

11. © 2003 IBM Corporation 11 Typical Inefficient Process: Password Management Forgotten Password Call Help Desk - Wait On Queue Help Desk Identifies User Challenge / Response Questions Password Reset, Sent to Manager User Productive Again Manager Notifies Employee of Updated Password Employees request an average of 3-4 reset per year Up to 40% of Help Desk calls are password related Each Help Desk call costs $20 to $45

12. © 2003 IBM Corporation 12 Cost Reduction @ Whirlpool… Help Desk integration with WebSphere Portal & Tivoli Security Whirlpool Employee able to work again in minutes!!! No call to the Help Desk has to be made! Huge Cost Savings!!!!!!! Whirlpool Employee able to work again in minutes!!! No call to the Help Desk has to be made! Huge Cost Savings!!!!!!!

13. © 2003 IBM Corporation 13 Tivoli Security Reduces Costs Decrease Administration Cost 1 admin to 5,000 users versus 1 to 500 Decrease Help Desk Cost User self-service reduces help desk costs by as much as 40% Decrease Non-Compliance Costs Autonomic policy enforcement eliminates regulatory penalties Expense savings applied to other revenue generating activities Become Competitive

14. © 2003 IBM Corporation 14  Mobilize people to IT resources on demand  Ensure appropriate access for all users at privilege level: –Who can come in? –Where can they go? –What can they do?  Enforce corporate policy while delegating administration  Extend user management from the network infrastructure for end-to-end security management Security Automation Optimizes IT Resources

15. © 2003 IBM Corporation 15 Typical Inefficient Process: Provisioning & De-Provisioning Users New User Request for Access Generated Policy & Role Examined Approval Routing User with Accounts Administrators Create Accounts Account turn-off performance: 30-60% of accounts are invalid Costly, 1 administrator only handles 300-500 users Elapsed turn-on time: up to 12 days per user

16. © 2003 IBM Corporation 16 Driving Efficiency by Managing Identities Life Cycle New User / Self Registration Temporary VPN Access for Contractor Re-certify that Access Still Needed Create Add Remove Change Custom Process Account Notif. Policy Role User Ext Sys Tivoli Identity Manager Workflow Identity change requested Approvals gathered Detect and correct local privilege settings Access policy evaluated Accounts updated

17. © 2003 IBM Corporation 17 IBM and Cisco have joined to simplify and secure user management in the network and application infrastructure Cisco Secure Access Control Server  Leading network access management solution IBM Tivoli Identity Manager  Leading user provisioning and identity lifecycle management solution Automate repetitive tasks to lower network user administration and help desk costs Respond rapidly to business needs for long-term and temporary network access Increase network security by deleting orphan accounts and fixing over privileged accounts Support regulatory compliance through centralized policy enforcement and audit

18. © 2003 IBM Corporation 18 “ Tivoli Identity Manager forms one of the key elements of our security services, supporting our ability to respond rapidly to change. Centralized provisioning is the only way to manage the scale and speed of organizational change that our business growth requires” —Paul Dorey, VP Digital Security & CISO, BP p.l.c Business Challenge on demand Business Benefits: Solution  IBM Tivoli Identity Manager British Petroleum plc  Provisioning went from 5 days to 10 minutes  Project justified after one merger  Manage assimilation of users and resources for large mergers and acquisitions  Ensure security policy is enforced across the global enterprise in an auditable manner for regulation compliance, also maintaining international uniqueness  Automate the administration of frequent changes to user access rights for 155,000+ users across 135 countries Tivoli Identity Manager – Driving Efficiencies

19. © 2003 IBM Corporation 19 Security Automation Increases Business Agility  Mobilize people to IT resources on demand  Enhance market reach of business services to subsidiaries and third-party customers  Eliminate need to manage third-party identities or users  Enforce corporate policy while delegating administration  Deliver user self-service and a more personalized experience  Manage fragmented identity information with consistency while protecting privacy

20. © 2003 IBM Corporation 20 401K / Employee Pension Provider Employee User Profiles/Directory Employee Portal Web Services Corporate Identity Provider Supply-chain Provider Health Care Provider Employee Self-Service to Outsourced Services Trusted Identity, Roles & Entitlements  Federated  Identity  Manager Federated Identity Management

21. © 2003 IBM Corporation 21 IBM Tivoli Security Compliance Manager Operating Systems Applications Workstations Databases IT Environment Users An early warning system to assist with security policy compliance and identify potential security vulnerabilities Checks for vulnerabilities by identifying violations against security policies Integrates with other Tivoli software to take actions to fix violations before damage is done Decreases IT costs through automation, centralization, and separation of duties Assists in complying with legislative and governmental standards

22. © 2003 IBM Corporation 22 Reduce the costs and time associated with creating and adhering to a corporate security policy Costs and time were saved by moving from an internal tool to one from IBM that was ready to go on day one  Automated, centralized checking of IT systems ensured consistent adherence to security policy  Elimination of disruptions to business operations as exposures were addressed prior to damage being done  Enforcement of security policies across the enterprise reduces potential security risks  IBM Tivoli Security Compliance Manager  IBM Global Services “We needed an automated, centralized tool, with best practices - out-of-the box security policies to mitigate security exposures and strictly enforce security policy. IBM Global Services and IBM Tivoli Security Compliance Manager provide that solution now.” on demand Business Benefits Solution Business Challenge Policy-Driven Control for Security

23. © 2003 IBM Corporation 23 Security Automation Manages Complexity  Centralized access control for applications  Create a secure environment without having to re-code for each new application  Enforce corporate policy for remote administrative changes  Protect corporate information assets without hindering productivity  Synchronize disparate islands of information into a “trusted data source”  Protect user privacy requirements

24. © 2003 IBM Corporation 24 Customers Retail: Business to Consumer and Employee Business Data and Applications Biometric Signature Capture Kiosks Personal Shopping Devices Access Manager Identity Manager Mobile Consumer Devices Directory Integrator New technologies bring in new users, new market opportunities and require new applications Explosion of new users creates administrative backlog White Pages HR Partner Directory Charge Centers Internet store Tivoli Access Manager Decrease development and deployment time with standardize security and access control Provide access controls, who can get in, what can they get to, and what can they do Resource protection and logging Identities come in many forms and sources Tivoli Identity Manager Automate user provisioning Provide user self administration capabilities Tivoli Directory Integrator Eliminate need for centralized repository Synchronize critical user data across the enterprise to their authoritative sources Employees Partners and Suppliers Privacy Manager Tivoli Privacy Manager Enforce privacy policy compliance in systems that collect and use personal data

25. © 2003 IBM Corporation 25 “The information held within the UPS enterprise is of extraordinary value. We depend upon the IBM Tivoli Identity Management tools to provide a secure, automated and policy-based user management solution for our Enterprise Portal. —Jim Flynn, Information Security Systems Manager, United Parcel Service on demand Business Benefits Solution Design, build and implement a framework that leverages automated ID management and Access Control across the UPS portal and mainframe systems.  Automated business processes using Identity lifecycle management for 450,000+ identities in the UPS Enterprise Portal application.  Manage the rapid updating of employee data, up to 30,000 per day with automated approval process and provisioning.  Self service interfaces for password reset, projected to save over $1.5 million over the next four years  IBM Tivoli Identity Manager  IBM Directory Integrator  IBM DB2  IBM WebSphere Business Challenge United Parcel Service

26. 26 17 May 04 David Harris CIO Avis Futures, Avis Europe PLC Avis Futures

27. 27 Agenda Introduction Avis Futures Security Benefits

28. 28 Introduction to Avis Futures  Strategic initiative.  Form a base on which applications can be built.  e-Secure  Service Oriented Architecture – Use of mature, standard, and open underlying technologies to minimize dependence on proprietary technologies – Well-defined industry standard interfaces to reservation system functions and data based on XML – Messaging that enables industry standards-based communication between multi-platform systems

29. 29 Security Goals  Simplified security management by providing centralised administration for authentication and authorisation services independent of specific applications  Reduction of development complexity and lead times by creating a security infrastructure that supports the rapid deployment of new applications  Exploitation of existing and emerging security standards that is in line with open architecture standards  A flexible and open architecture that enables Avis to take advantage of future emerging trends and technologies

30. 30 Solution Overview Permissions and policy management A consistent set of access rights for employees, customers and business partners User Provisioning Enables RBAC to increase efficiency and effectiveness of user administration Workflow Management Approval and notification of provisioning Directory Services Centralised repository for storing and managing user and application information. Strong Authentication Ability to use multiple forms of authentication

31. 31 Solution Overview Permissions and Policy management IBM Tivoli Access Manager for eBusiness IBM Tivoli Access Manager for Operating Systems IBM Tivoli Access Manager for Business Integration User Provisioning and Workflow IBM Tivoli Identity Manager Strong authentication Verisign Directory Services IBM Tivoli Directory Server

32. 32 Benefits Integrated and flexible solution. IBM Tivoli products provide integration with the existing Avis OS/390 and RAC-F environment. Ensures consistent application of security policies. Consolidates security and identity management. Enables ‘self service’ to reduce costs.

33. © 2003 IBM Corporation 33 Summary ● Manage Complexity ● Accelerate deployment of new initiatives and services ● Audit and regulatory compliance using central system of record  Optimize IT Resources  Improve user experience through self-service  Delegate administration  Centrally enforce policy to facilitate rapid change ● Increase Business Agility ● Decrease time to market for new initiatives ● Automate cross- company provisioning/de- provisioning  Reduce Costs  Security administration  Help desk  Application development Mgr

34. © 2003 IBM Corporation 34 Take the Next Steps Now! 1. Get educated !  Case studies  User groups & Networking 2. Develop your On Demand Automation plan  We provide the capabilities  If needed, get help through services 3. Talk to your IBM sales rep or business partner about a complimentary On Demand Automation Assessment 4. Approach On Demand Automation in a step-by-step fashion with the overall vision in mind Automation helps you move to the on demand world Automation Assessment www.ibm.com/software/tivoli/solutions/security/

35. © 2003 IBM Corporation 35 © Copyright IBM Corporation 2003. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, the e-business logo and other IBM products and services are trademarks or registered trademarks of the International Business Machines Corporation, in the United States, other countries or both. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries or both. Microsoft, Windows, Windows NT and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries or both. All other trademarks, company, products or service names may be trademarks, registered trademarks or service marks of others Disclaimer: NOTICE – BUSINESS VALUE INFORMATION IS PROVIDED TO YOU 'AS IS' WITH THE UNDERSTANDING THAT THERE ARE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND EITHER EXPRESS OR IMPLIED. IBM DISCLAIMS ALL WARRANTIES INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IBM DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE, VALIDITY, ACCURACY OR RELIABILITY OF THE BUSINESS BENEFITS SHOWN.. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGES, INCLUDING THOSE ARISING AS A RESULT OF IBM'S NEGLIGENCE.WHETHER THOSE DAMAGES ARE DIRECT, CONSEQUENTIAL, INCIDENTAL, OR SPECIAL, FLOWING FROM YOUR USE OF OR INABILITY TO USE THE INFORMATION PROVIDED HEREWITH OR RESULTS EVEN IF IBM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE ULTIMATE RESPONSIBILITY FOR ACHIEVING THE CALCULATED RESULTS REMAINS WITH YOU.