Copyright © 2005 Imanami Corporation. All Rights Reserved.1 IdM & Security Robert Haaverson Imanami Corporation.

Slides:



Advertisements
Similar presentations
ADManager Plus Simplify Your Active Directory Management.
Advertisements

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA.
Privileged Identity Management Enterprise Password Vault
User Authentication for Enterprise Applications November 16, 2005 Tom Board, NUIT.
Privileged Account Management Jason Fehrenbach, Product Manager.
Identity Management Choosing and Using Sun’s Identity Management Suite March 13 th, 2007 Kim Tracy Executive Director University Computing Services Northeastern.
IdM & OpenID Present by Fangli cai Prantap Bedi. The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes.
Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.
© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
User Authentication for Enterprise Applications - The Future in Transitions.
Identity and Access Management
Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Understanding Active Directory
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
Microsoft Identity and Access Solutions Market Trends and Futures
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland
Identity and Access Management Dustin Puryear Sr. Consultant, Puryear IT, LLC
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.
IDENTITY MANAGEMENT: PROTECTING FROM THE INSIDE OUT MICHAEL FORNAL, SECURITY ANALYST PROVIDENCE HEALTH & SERVICES SOURCE SEATTLE CONFERENCE
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Unify and Simplify: Security Management
Module 14: Configuring Server Security Compliance
Introduction to IT Governance Support System (ITGSS)
Developing Applications for SSO Justen Stepka Authentisoft, LLC
Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?
TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Secure & Unified Identity for End Users & Privileged Users.
Tech Ed North America /24/2017 1:59 AM SESSION CODE: SIA327
PS Security By Deviprasad. Agenda Components of PS Security Security Model User Profiles Roles Permission List. Dynamic Roles Static Roles Building Roles/Rules.
Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
Federico Guerrini IDA TSP, EMEA Incubation Team From Identity Synchronization to Identity Management.
Module 10: Implementing Administrative Templates and Audit Policy.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
February 24 th, 9am-11am Part 1: Preventing the “Big Lebowski” Justin Stanton, Stuart Ami from Interlink Group, LLC Part 2: Windows Focused Identity Administration.
Information Resource Stewardship A suggested approach for managing the critical information assets of the organization.
TechNet Architectural Design Series Part 5: Identity and Access Management Gary Williams & Colin Brown Microsoft Consulting Services.
Security Insights: Identity Theft & Management. The Identity Theft Problem What is Identity Theft? Dumpster diving Low tech Phishing/Pharming Targets.
Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
Chris Louloudakis Solution Specialist Identity & Access Management Microsoft Corporation SVR302.
GRC: Aligning Policy, Risk and Compliance
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Identity and Access Management
Secure Connected Infrastructure
Identity and Access Management
Managing Digital Identity
Robert Haaverson Imanami Corporation
James Cowling Senior Technical Architect
Presentation transcript:

Copyright © 2005 Imanami Corporation. All Rights Reserved.1 IdM & Security Robert Haaverson Imanami Corporation

2Copyright © 2005 Imanami Corporation. All Rights Reserved. Agenda What is Identity Management Where does IdM fit within Security? How does IdM fit into Security? Conclusions More Information

3Copyright © 2005 Imanami Corporation. All Rights Reserved. Results of about 1,110,000 for "Identity Management". (0.34 seconds)IdentityManagement What is Identity Management? Traditional Definition IncreasingComplexityIncreasingComplexity Authentication Authorization Access Control Current Trend Audit Admin

4Copyright © 2005 Imanami Corporation. All Rights Reserved. What is Identity Management? Identity Management (IdM) is defined as the quality or condition of being the same; absolute or essential sameness; oneness. Identity is what makes something or someone the same today as it, she, or he was yesterday. Importantly, identity can refer to a thing (e.g. a computer) as well as a person. Things and people can have different identities when working with different systems, or can have more than one identity when working with a single system, perhaps when working in different roles. Source: Open Group

5Copyright © 2005 Imanami Corporation. All Rights Reserved. META’s View “While simplistic and not entirely accurate, it’s helpful for planning purposes to think of access and identity management as separate layers of an identity architecture.” (META Group) Identity Management Identity Infrastructure User Provisioning Delegated Admin. Audit, logging, reporting Self-serviceP/W Mgmt. Workflow Directory Metadirectory Authentication Servers (e.g. RADIUS, OS) SSO Authorization Servers (e.g. RBAC, policy)

6Copyright © 2005 Imanami Corporation. All Rights Reserved. Gartner’s View AUDIT Identity Administration AdministerAuthenticate Authorize Authentication Services Enterprise Single Sign-on Password Management User Provisioning Metadirectory Enterprise Access Management Federated Identity Management Access Management (Real-time Enforcement)Identity Management (Administration)

7Copyright © 2005 Imanami Corporation. All Rights Reserved. Burton’s View ~ Burton Group’s Simplified Architecture ~ IdM reference architecture root template

8Copyright © 2005 Imanami Corporation. All Rights Reserved. Deloitte’s View Identity Repository Integrated authoritative source Identity roles User account provisioning Strong Authentication SSO & Portals Federated Identity Access Management Business Value Vision Source: Deloitte

9Copyright © 2005 Imanami Corporation. All Rights Reserved. Imanami’s View – The IdM Journey Identity Repository Integrated authoritative source Identity roles User account provisioning Strong Authentication SSO & Portals Federated Identity Access Management Password Reset /Sync Business Value Vision Basic Source: Deloitte

10Copyright © 2005 Imanami Corporation. All Rights Reserved. IdM Business Drivers Basic Source: Computer Associates Increasing Efficiency Enabling Business Complying with Regulation Increased Security

11Copyright © 2005 Imanami Corporation. All Rights Reserved. Source: SANS Blocking Attacks: Network Based Intrusion PreventionIntrusion DetectionFirewallAnti-Spam Where does IdM fit? Blocking Attacks: Host Based Intrusion PreventionSpyware RemovalPersonal FirewallAnti-Virus Eliminating Security Vulnerabilities Vulnerability MgmtPatch ManagementConfiguration MgmtSecurity Compliance Safely Supporting Authorized Users ID & Access MgmtFile EncryptionPKIVPN Tools to Minimize Business Losses Forensic ToolsBackupComplianceBusiness Recovery

12Copyright © 2005 Imanami Corporation. All Rights Reserved. Source: SANS Blocking Attacks: Network Based Intrusion PreventionIntrusion DetectionFirewallAnti-Spam Where does IdM fit? Blocking Attacks: Host Based Intrusion PreventionSpyware RemovalPersonal FirewallAnti-Virus Eliminating Security Vulnerabilities Vulnerability MgmtPatch ManagementConfiguration MgmtSecurity Compliance Safely Supporting Authorized Users ID & Access MgmtFile EncryptionAuthentication / PKIVPN Tools to Minimize Business Losses Forensic ToolsBackupComplianceBusiness Recovery

13Copyright © 2005 Imanami Corporation. All Rights Reserved. Source: SANS Blocking Attacks: Network Based Intrusion PreventionIntrusion DetectionFirewallAnti-Spam Where does IdM fit? Blocking Attacks: Host Based Intrusion PreventionSpyware RemovalPersonal FirewallAnti-Virus Eliminating Security Vulnerabilities Vulnerability MgmtPatch ManagementConfiguration MgmtSecurity Compliance Safely Supporting Authorized Users ID & Access MgmtFile EncryptionAuthentication / PKIVPN Tools to Minimize Business Losses Forensic ToolsBackupComplianceBusiness Recovery Safely Supporting Authorized Users ID & Access Management Verify that the right people are allowed to use a system Ensure they perform only those tasks for which they are authorized Access blocked when employment is terminated

14Copyright © 2005 Imanami Corporation. All Rights Reserved. Source: SANS Blocking Attacks: Network Based Intrusion PreventionIntrusion DetectionFirewallAnti-Spam Where does IdM fit? Blocking Attacks: Host Based Intrusion PreventionSpyware RemovalPersonal FirewallAnti-Virus Eliminating Security Vulnerabilities Vulnerability MgmtPatch ManagementConfiguration MgmtSecurity Compliance Safely Supporting Authorized Users ID & Access MgmtFile EncryptionAuthentication / PKIVPN Tools to Minimize Business Losses Forensic ToolsBackupComplianceBusiness Recovery Safely Supporting Authorized Users Authentication Verify that the person is whom they claim to be, whether it be via one, two or three factor.

15Copyright © 2005 Imanami Corporation. All Rights Reserved. Source: SANS Blocking Attacks: Network Based Intrusion PreventionIntrusion DetectionFirewallAnti-Spam Where does IdM fit? Blocking Attacks: Host Based Intrusion PreventionSpyware RemovalPersonal FirewallAnti-Virus Eliminating Security Vulnerabilities Vulnerability MgmtPatch ManagementConfiguration MgmtSecurity Compliance Safely Supporting Authorized Users ID & Access MgmtFile EncryptionAuthentication / PKIVPN Tools to Minimize Business Losses Forensic ToolsBackupComplianceBusiness Recovery Tools to Minimize Business Losses Forensic Tools When attackers get through enterprises need to find out what they accessed, what they damaged, and how they got in.

16Copyright © 2005 Imanami Corporation. All Rights Reserved. Source: SANS Blocking Attacks: Network Based Intrusion PreventionIntrusion DetectionFirewallAnti-Spam Where does IdM fit? Blocking Attacks: Host Based Intrusion PreventionSpyware RemovalPersonal FirewallAnti-Virus Eliminating Security Vulnerabilities Vulnerability MgmtPatch ManagementConfiguration MgmtSecurity Compliance Safely Supporting Authorized Users ID & Access MgmtFile EncryptionAuthentication / PKIVPN Tools to Minimize Business Losses Forensic ToolsBackupComplianceBusiness Recovery Tools to Minimize Business Losses Regulatory Compliance Tools Gramm-Leach-Biley, FISMA, Sarbanes Oxley, and HIPAA each generate enormous documentation burdens for companies, universities, and/or government agencies.

17Copyright © 2005 Imanami Corporation. All Rights Reserved. How does IdM fit into Security? Object (user) lifecycle management –Provisioning –Change –Deprovisioning Strong Authentication / SSO (RSO) n-1 Enterprise Access Management The Whole Enchilada

18Copyright © 2005 Imanami Corporation. All Rights Reserved. Object Life Cycle Management Hire Sally’s first day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Sally is Provisioned 1.Sally entered into Peoplesoft. 2.IdM adds Sally to AD. 3.IdM assigns Sally to groups based on her role. 4.IdM adds Sally to other systems based on role. Sally is Provisioned 1.Sally entered into Peoplesoft. 2.IdM adds Sally to AD. 3.IdM assigns Sally to groups based on her role. 4.IdM adds Sally to other systems based on role.

19Copyright © 2005 Imanami Corporation. All Rights Reserved. Object Life Cycle Management Promotion Sally’s second day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Sally is Changed 1.Sally’s title is changed in Peoplesoft. 2.IdM updates Sally in AD. 3.IdM assigns adds and removes Sally to and from groups based on her role. 4.IdM adds/removes Sally to/from other systems based on role. Sally is Changed 1.Sally’s title is changed in Peoplesoft. 2.IdM updates Sally in AD. 3.IdM assigns adds and removes Sally to and from groups based on her role. 4.IdM adds/removes Sally to/from other systems based on role.

20Copyright © 2005 Imanami Corporation. All Rights Reserved. Object Life Cycle Management Retire Sally’s last day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Sally is Deprovisioned 1.Sally’s status changed in Peoplesoft. 2.IdM disables Sally’s account in AD. 3.IdM removes Sally from groups. 4.IdM removes Sally from other systems. Sally is Deprovisioned 1.Sally’s status changed in Peoplesoft. 2.IdM disables Sally’s account in AD. 3.IdM removes Sally from groups. 4.IdM removes Sally from other systems.

21Copyright © 2005 Imanami Corporation. All Rights Reserved. Strong Authentication / SSO Without IdM Bill logs in from home 1. SecureID Card 2. Username & Password Access

22Copyright © 2005 Imanami Corporation. All Rights Reserved. Strong Authentication / SSO With IdM Bill logs in from home 1. SecureID Card Access

23Copyright © 2005 Imanami Corporation. All Rights Reserved. Enterprise Access Management Hire without IdM Jim’s first day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination

24Copyright © 2005 Imanami Corporation. All Rights Reserved. Enterprise Access Management Hire with IdM Jim’s first day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Business Rules

25Copyright © 2005 Imanami Corporation. All Rights Reserved. Regulatory Compliance Accuracy Auditability Transparency Compliance Cost Time Errors

26Copyright © 2005 Imanami Corporation. All Rights Reserved. Trends of IdM in Security RSA has more announcements of identity based approaches of agile and integrated security. There is an upcoming paradigm shift, where identity will allow security across dynamic distributed systems. So as security functions become packaged as appliances that can all be integrated and managed with federated protocols that allow centralized policies to create security and auditability, "security" is relentlessly morphing into "management by identity.“ - Phil Becker, Editor, Digital ID World

27Copyright © 2005 Imanami Corporation. All Rights Reserved. Realizing the Potential of Digital Identity Deployment considerations, lessons learned: –Begin by cleaning your own identity house Start looking at how you use identity, authoritative sources, processes You still need LDAP directory, meta-directory, and provisioning One tool or one suite won’t solve all your IdM problems –80% politics and business, 20% technology Your mileage may vary, but build in time to get stakeholders on board –Carefully scope the problem you’re trying to solve Manage expectations: Don’t try to solve all problems at once Pick projects with early demonstrable results; it’s a long journey, with small steps Build momentum (and political capital) for next phase(s) –All of these are 100% independent of product selection

Copyright © 2005 Imanami Corporation. All Rights Reserved.28 Robert Haaverson, CEO Imanami Corporation Contact Resources Digital ID World, May 9-12 Hyatt Embarcadero, San Francisco Digital ID World Magazine – Burton Group – Open Group – Sans What Works –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.