Robert Haaverson Imanami Corporation

Slides:



Advertisements
Similar presentations
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Advertisements

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA.
Privileged Identity Management Enterprise Password Vault
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
IdM & OpenID Present by Fangli cai Prantap Bedi. The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes.
Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.
Copyright © 2005 Imanami Corporation. All Rights Reserved.1 IdM & Security Robert Haaverson Imanami Corporation.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Understanding Active Directory
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Microsoft Identity and Access Solutions Market Trends and Futures
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Identity and Access Management Dustin Puryear Sr. Consultant, Puryear IT, LLC
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
General Awareness Training
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Unify and Simplify: Security Management
Module 14: Configuring Server Security Compliance
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Federico Guerrini IDA TSP, EMEA Incubation Team From Identity Synchronization to Identity Management.
Module 10: Implementing Administrative Templates and Audit Policy.
Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
TechNet Architectural Design Series Part 5: Identity and Access Management Gary Williams & Colin Brown Microsoft Consulting Services.
Security Insights: Identity Theft & Management. The Identity Theft Problem What is Identity Theft? Dumpster diving Low tech Phishing/Pharming Targets.
Chris Louloudakis Solution Specialist Identity & Access Management Microsoft Corporation SVR302.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Documents. Process. Data. Payables
Securing Information Systems
Identity and Access Management
Secure Connected Infrastructure
ClearAvenue, LLC Headquartered in Columbia, Maryland
Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli.
Working at a Small-to-Medium Business or ISP – Chapter 8
Cloud Security– an overview Keke Chen
City-wide Active Directory Project Town Hall II
SaaS Application Deep Dive
Identity and Access Management
Introduction to Networking
Security of a Local Area Network
Securing Information Systems
Unit 27: Network Operating Systems
Cybersecurity Strategy
ESA Single Sign On (SSO) and Federated Identity Management
Windows Server 2008 Administration
Managing Digital Identity
Access and Information Protection Product Overview October 2013
Check Point Connectra NGX R60
Identity & Access Management
Contact Center Security Strategies
How to Mitigate the Consequences What are the Countermeasures?
What are IAM Key Processes.
James Cowling Senior Technical Architect
IT Management, Simplified
IT Management, Simplified
Presentation transcript:

Robert Haaverson Imanami Corporation November 30, 2018 IdM & Security Robert Haaverson Imanami Corporation Copyright © 2005 Imanami Corporation. All Rights Reserved.

Agenda What is Identity Management Where does IdM fit within Security? November 30, 2018 What is Identity Management Where does IdM fit within Security? How does IdM fit into Security? Conclusions More Information Copyright © 2005 Imanami Corporation. All Rights Reserved.

What is Identity Management? November 30, 2018 What is Identity Management? Authentication Authorization Access Control Traditional Definition Admin Audit Increasing Complexity Current Trend Results 1 - 10 of about 1,110,000 for "Identity Management". (0.34 seconds) Copyright © 2005 Imanami Corporation. All Rights Reserved.

What is Identity Management? November 30, 2018 What is Identity Management? Identity Management (IdM) is defined as the quality or condition of being the same; absolute or essential sameness; oneness. Identity is what makes something or someone the same today as it, she, or he was yesterday. Importantly, identity can refer to a thing (e.g. a computer) as well as a person. Things and people can have different identities when working with different systems, or can have more than one identity when working with a single system, perhaps when working in different roles. Source: Open Group Copyright © 2005 Imanami Corporation. All Rights Reserved.

November 30, 2018 META’s View Delegated Admin. P/W Mgmt. Self-service Identity Management User Provisioning Audit, logging, reporting Workflow Directory Metadirectory Identity Infrastructure Authentication Servers (e.g. RADIUS, OS) Authorization Servers (e.g. RBAC, policy) SSO “While simplistic and not entirely accurate, it’s helpful for planning purposes to think of access and identity management as separate layers of an identity architecture.” (META Group) Copyright © 2005 Imanami Corporation. All Rights Reserved.

Gartner’s View AUDIT Identity Administration Administer Authenticate November 30, 2018 AUDIT Identity Administration Administer Authenticate Authorize Authentication Services Enterprise Single Sign-on Password Management User Provisioning Metadirectory Enterprise Access Management Federated Identity Management Access Management (Real-time Enforcement) Identity Management (Administration) Copyright © 2005 Imanami Corporation. All Rights Reserved.

Burton’s View ~ Burton Group’s Simplified Architecture ~ November 30, 2018 Burton’s View ~ Burton Group’s Simplified Architecture ~ IdM reference architecture root template Copyright © 2005 Imanami Corporation. All Rights Reserved.

Deloitte’s View Business Value Vision Source: Deloitte November 30, 2018 Deloitte’s View Federated Identity SSO & Portals User account provisioning Identity roles Integrated authoritative source Business Value Strong Authentication Identity Repository Access Management Vision Source: Deloitte Copyright © 2005 Imanami Corporation. All Rights Reserved.

Imanami’s View – The IdM Journey November 30, 2018 Imanami’s View – The IdM Journey Federated Identity User account provisioning SSO & Portals Integrated authoritative source Identity roles Identity Repository Business Value Password Reset /Sync Access Management Strong Authentication Vision Basic Source: Deloitte Copyright © 2005 Imanami Corporation. All Rights Reserved.

IdM Business Drivers Enabling Business Increasing Efficiency Complying with Regulation Increased Security Basic Source: Computer Associates Copyright © 2005 Imanami Corporation. All Rights Reserved.

Where does IdM fit? Blocking Attacks: Network Based Intrusion Prevention Intrusion Detection Firewall Anti-Spam Blocking Attacks: Host Based Intrusion Prevention Spyware Removal Personal Firewall Anti-Virus Eliminating Security Vulnerabilities Vulnerability Mgmt Patch Management Configuration Mgmt Security Compliance Safely Supporting Authorized Users ID & Access Mgmt File Encryption PKI VPN Tools to Minimize Business Losses Forensic Tools Backup Compliance Business Recovery Source: SANS Copyright © 2005 Imanami Corporation. All Rights Reserved.

Where does IdM fit? Blocking Attacks: Network Based Intrusion Prevention Intrusion Detection Firewall Anti-Spam Blocking Attacks: Host Based Intrusion Prevention Spyware Removal Personal Firewall Anti-Virus Eliminating Security Vulnerabilities Vulnerability Mgmt Patch Management Configuration Mgmt Security Compliance Safely Supporting Authorized Users ID & Access Mgmt File Encryption Authentication / PKI VPN Tools to Minimize Business Losses Forensic Tools Backup Compliance Business Recovery Source: SANS Copyright © 2005 Imanami Corporation. All Rights Reserved.

Where does IdM fit? Safely Supporting Authorized Users Blocking Attacks: Network Based Intrusion Prevention Intrusion Detection Firewall Anti-Spam Safely Supporting Authorized Users ID & Access Management Verify that the right people are allowed to use a system Ensure they perform only those tasks for which they are authorized Access blocked when employment is terminated Blocking Attacks: Host Based Intrusion Prevention Spyware Removal Personal Firewall Anti-Virus Eliminating Security Vulnerabilities Vulnerability Mgmt Patch Management Configuration Mgmt Security Compliance Safely Supporting Authorized Users ID & Access Mgmt File Encryption Authentication / PKI VPN Tools to Minimize Business Losses Forensic Tools Backup Compliance Business Recovery Source: SANS Copyright © 2005 Imanami Corporation. All Rights Reserved.

Where does IdM fit? Safely Supporting Authorized Users Blocking Attacks: Network Based Intrusion Prevention Intrusion Detection Firewall Anti-Spam Safely Supporting Authorized Users Authentication Verify that the person is whom they claim to be, whether it be via one, two or three factor. Blocking Attacks: Host Based Intrusion Prevention Spyware Removal Personal Firewall Anti-Virus Eliminating Security Vulnerabilities Vulnerability Mgmt Patch Management Configuration Mgmt Security Compliance Safely Supporting Authorized Users ID & Access Mgmt File Encryption Authentication / PKI VPN Tools to Minimize Business Losses Forensic Tools Backup Compliance Business Recovery Source: SANS Copyright © 2005 Imanami Corporation. All Rights Reserved.

Where does IdM fit? Tools to Minimize Business Losses Blocking Attacks: Network Based Intrusion Prevention Intrusion Detection Firewall Anti-Spam Tools to Minimize Business Losses Forensic Tools When attackers get through enterprises need to find out what they accessed, what they damaged, and how they got in. Blocking Attacks: Host Based Intrusion Prevention Spyware Removal Personal Firewall Anti-Virus Eliminating Security Vulnerabilities Vulnerability Mgmt Patch Management Configuration Mgmt Security Compliance Safely Supporting Authorized Users ID & Access Mgmt File Encryption Authentication / PKI VPN Tools to Minimize Business Losses Forensic Tools Backup Compliance Business Recovery Source: SANS Copyright © 2005 Imanami Corporation. All Rights Reserved.

Where does IdM fit? Tools to Minimize Business Losses Blocking Attacks: Network Based Intrusion Prevention Intrusion Detection Firewall Anti-Spam Tools to Minimize Business Losses Regulatory Compliance Tools Gramm-Leach-Biley, FISMA, Sarbanes Oxley, and HIPAA each generate enormous documentation burdens for companies, universities, and/or government agencies. Blocking Attacks: Host Based Intrusion Prevention Spyware Removal Personal Firewall Anti-Virus Eliminating Security Vulnerabilities Vulnerability Mgmt Patch Management Configuration Mgmt Security Compliance Safely Supporting Authorized Users ID & Access Mgmt File Encryption Authentication / PKI VPN Tools to Minimize Business Losses Forensic Tools Backup Compliance Business Recovery Source: SANS Copyright © 2005 Imanami Corporation. All Rights Reserved.

How does IdM fit into Security? Object (user) lifecycle management Provisioning Change Deprovisioning Strong Authentication / SSO (RSO) n-1 Enterprise Access Management The Whole Enchilada Copyright © 2005 Imanami Corporation. All Rights Reserved.

Object Life Cycle Management Hire Sally’s first day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Sally is Provisioned Sally entered into Peoplesoft. IdM adds Sally to AD. IdM assigns Sally to groups based on her role. IdM adds Sally to other systems based on role. Copyright © 2005 Imanami Corporation. All Rights Reserved.

Object Life Cycle Management Promotion Sally’s second day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Sally is Changed Sally’s title is changed in Peoplesoft. IdM updates Sally in AD. IdM assigns adds and removes Sally to and from groups based on her role. IdM adds/removes Sally to/from other systems based on role. Copyright © 2005 Imanami Corporation. All Rights Reserved.

Object Life Cycle Management Retire Sally’s last day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Sally is Deprovisioned Sally’s status changed in Peoplesoft. IdM disables Sally’s account in AD. IdM removes Sally from groups. IdM removes Sally from other systems. Copyright © 2005 Imanami Corporation. All Rights Reserved.

Strong Authentication / SSO Without IdM Bill logs in from home 1. SecureID Card Access 2. Username & Password Access Copyright © 2005 Imanami Corporation. All Rights Reserved.

Strong Authentication / SSO With IdM Bill logs in from home 1. SecureID Card Access Access Copyright © 2005 Imanami Corporation. All Rights Reserved.

Enterprise Access Management Hire without IdM Jim’s first day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination Copyright © 2005 Imanami Corporation. All Rights Reserved.

Enterprise Access Management Hire with IdM Jim’s first day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Business Rules Copyright © 2005 Imanami Corporation. All Rights Reserved.

Regulatory Compliance Accuracy Auditability Transparency Compliance Cost Time Errors Copyright © 2005 Imanami Corporation. All Rights Reserved.

Trends of IdM in Security RSA has more announcements of identity based approaches of agile and integrated security. There is an upcoming paradigm shift, where identity will allow security across dynamic distributed systems. So as security functions become packaged as appliances that can all be integrated and managed with federated protocols that allow centralized policies to create security and auditability, "security" is relentlessly morphing into "management by identity.“ - Phil Becker, Editor, Digital ID World Copyright © 2005 Imanami Corporation. All Rights Reserved.

Realizing the Potential of Digital Identity Deployment considerations, lessons learned: Begin by cleaning your own identity house Start looking at how you use identity, authoritative sources, processes You still need LDAP directory, meta-directory, and provisioning One tool or one suite won’t solve all your IdM problems 80% politics and business, 20% technology Your mileage may vary, but build in time to get stakeholders on board Carefully scope the problem you’re trying to solve Manage expectations: Don’t try to solve all problems at once Pick projects with early demonstrable results; it’s a long journey, with small steps Build momentum (and political capital) for next phase(s) All of these are 100% independent of product selection Copyright © 2005 Imanami Corporation. All Rights Reserved.

Contact Resources Robert Haaverson, CEO Imanami Corporation 925-371-3000 robert.haaverson@imanami.com Resources Digital ID World, May 9-12 Hyatt Embarcadero, San Francisco Digital ID World Magazine – http://www.digitalidworld.com Burton Group – http://www.butongroup.com Open Group – http://www.opengroup.com Sans What Works – http://www.sans.org/whatworks Copyright © 2005 Imanami Corporation. All Rights Reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com Inc. All rights reserved.