Presentation is loading. Please wait.

Presentation is loading. Please wait.

Quality in Identity and Access Management Systems IDM: Overview Michele Brass, PMP PMI Westchester Chapter Program Manager – Collaboration Tools.

Published byAlexandre Tibbals Modified over 9 years ago

Similar presentations

Presentation on theme: "Quality in Identity and Access Management Systems IDM: Overview Michele Brass, PMP PMI Westchester Chapter Program Manager – Collaboration Tools."— Presentation transcript:

1 Quality in Identity and Access Management Systems IDM: Overview Michele Brass, PMP PMI Westchester Chapter Program Manager – Collaboration Tools

2 2Objectives Demonstrate how important data quality and data accuracy is with Identity and Access Management systems Discuss data flows and the problems and opportunities faced Build a good conceptual background Introduce terminology Promote future discussions

3 3 Session Agenda Identity Problem of Today Identity Laws and Metasystem Components and Terminology

4 4 Identity Problem of Today

5 5 Universal Identity? In-house networks use multiple, often mutually- incompatible, proprietary identity systems Users are incapable of handling multiple identities Criminals love to exploit this mess

6 6 Explosion of IDs Pre 1980’s 1980’s1990’s2000’s # of Digital IDs Time Applications Mainframe Client Server Internet BusinessAutomation Company(B2E) Partners(B2B) Customers(B2C) Mobility

7 7 The Identity And Access Management Chaos Enterprise Directory HRSystem InfraApplication Lotus Notes Apps In-HouseApplication Kelly IT Consulting Feed NOS OtherApplications Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data

8 8 Your COMPANY and your EMPLOYEES Your SUPPLIERS Your PARTNERS Your REMOTE and VIRTUAL EMPLOYEES Your CUSTOMERS Customer satisfaction & customer intimacy Cost competitiveness Reach, personalization Collaboration Outsourcing Faster business cycles; process automation Value chain M&A Mobile/global workforce Flexible/temp workforce Multiple Contexts

9 9 What is Identity Management? Provisioning Single Sign On PKI StrongAuthentication Federation Directories Authorization Secure Remote Access PasswordManagement Web Services Security Auditing & Reporting RoleManagement DigitalRightsManagement

10 10 Identity And Access Management is A system of procedures, policies and technologies to manage the lifecycle of entitlements of electronic credentials for your organization, business partners and customers.

11 11 Identity and Access Management Touches The process of authenticating credentials and controlling access to networked resources based on trust and identity Repositories for storing and managing accounts, identity information, and security credentials The processes used to create and delete accounts, manage account and entitlement changes, and track policy compliance Directory Services Access Management Identity Lifecycle Management

12 12 Trends Impacting Identity Increasing Threat Landscape Identity theft costs banks and credit card issuers $1.2 billion in 1 year $250 billion lost in 2004 from exposure of confidential info Maintenance Costs Dominate IT Budget On average employees need access to 16 apps and systems Companies spend $20-30 per user per year for PW resets Deeper Line of Business Automation and Integration One half of all enterprises have SOA under development Web services spending growing 45% CAGR Rising Tide of Regulation and Compliance SOX, HIPAA, GLB, Basel II, 21 CFR Part 11, … $15.5 billion spend in 2005 on compliance (analyst estimate) Data Sources: Gartner, AMR Research, IDC, eMarketer, U.S. Department. of Justice

13 13 Business Owner End User IT Admin Developer Security/ Compliance Too expensive to reach new partners, channels Need for control Too many passwords Long waits for access to apps, resources Too many user stores and account admin requests Unsafe sync scripts Pain Points Redundant code in each app Rework code too often Too many orphaned accounts Limited auditing ability

14 14 Simplify Enterprise Identity Management Identity Data LDAPSQL Directory Synchronization Active Directory & ADAM Sun/iPlanet Directory Novell eDirectory Microsoft SQL Oracle Lotus Notes Microsoft Exchange Microsoft NT DSML, LDIF, CSV, fixed width …others to follow Password Management Self-service password reset Helpdesk password reset User Provisioning Automate account create/delete NOS LOB Apps IDM

15 15 Who Are The Current Major Vendors? Microsoft Forefront Identity Management (FIM) Oracle Identity Manager Computer Associates Identity And Access Manager

16 16 Identity Management Concepts Connected directory Source and/or destination for synchronized attributes Connector space (CS) Staging area for inbound or outbound synchronized attributes Metaverse (MV) Central store of identity information Matching CS entries to a single MV entry is called “join” iPlanet Oracle SQL Exchange5.5 ConnectedDirectories Metaverse User Connector Space

17 17 Provisioning & de-provisioning Source Email Tel No. Title Tel No. Email Title Tel No. Email Title Tel No. Email ProvisioningEngine

18 18 Provisioning & de-provisioning Source Email Tel No. Title Tel No. Email Title Tel No. Email Title Tel No. Email ProvisioningEngine JoinEngine

19 19 HR MA Connector Space Metaverse Provisioning Types Simple Provisioning MA code modifies attributes as they flow Jimi cn = displayName = Surname = Hendrix First Name = Jimi Email MA Connector Space Constructed Attributes Attributes Jimi Hendrix Hendrix, Jimi cn = Hendrix, Jimi MailboxName = Jimi Hendrix FlowedAttributes MA config flows attributes intact MA maps attributes

20 20ProvisionDe-provision Join and synchronize Provisioning Lifetime Provisioning & de-provisioning PasswordSynch

21 21 Active Directory Password Management Initial password set Password Synchronization Centralized password control via a Web app Self-service password reset Helpdesk password reset Business Directory Web app IDM

22 22 Possible Savings Directory Synchronization Improved data accuracy Improved updating of user data Improved list management Password Management password reset costs range from $51 (best case) to $147 (worst case) for labor alone.” – Gartner User Provisioning “Improved IT efficiency “Reduced help desk costs: $75 per user per year” - Giga Information Group

23 23 Can We Just Ignore It All? Today, average corporate user spends 16 minutes a day logging on A typical home user maintains 12-18 identities Number of phishing and pharming sites grew over 1600% over the past year Corporate IT Ops manage an average of 73 applications and 46 suppliers, often with individual directories Regulators are becoming stricter about compliance and auditing Orphaned accounts and identities lead to security problems Source: Microsoft’s internal research and Anti-phishing Working Group Feb 2005

24 24Solution? Better Option: Build a global, universal, federated identity metasystem Will take years…

25 25 Identity Laws www.identityblog.com – good source on the web www.identityblog.com 1. User Control and Consent 2. Minimal Disclosure for a Constrained Use 3. Directed Identity 4. Pluralism of Operations and Technologies 5. Human Integration 6. Consistent Experience Across Contexts

26 26 Remember the Chaos? Enterprise Directory HRSystem InfraApplication Lotus Notes Apps In-HouseApplication Kelly IT Consulting Feed NOS OtherApplications Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data

27 27 Identity And Access Management Benefits Benefits to take you forward (Strategic) Benefits today (Tactical) Save money and improve operational efficiency Improved time to deliver applications and service Enhance Security Regulatory Compliance and Audit New ways of working Improved time to market Closer Supplier, Customer, Partner and Employee relationships

28 28 IDM Architecture

29 29 In the end... The identity platform is complex as it touches the entire enterprise!

30 30 Identity Management Platform User Management Infrastructure Management Network Security Access Control Network Management Service Management Directory Services Automated Synch. Automated Provisioning Password Management Self-Service Interface IDM Workflow Auditing & Reporting Policy Management Enterprise Role-Man. Enterprise User-Man. Unix/Linux SSO Host SSO Remote Access Audit&Rep Provisioning Services Frontend Services Access Services Smardcard Management Certificate Management Information Rights Mgmt. Extended Directory Services Desktop IDM Env. Windows Server (Active Directory/ADAM, PKI Directory Services Quest / Centrify Identity and Access Management Product Provisioning & Password Management Services Active Directory Federation Server

Download ppt "Quality in Identity and Access Management Systems IDM: Overview Michele Brass, PMP PMI Westchester Chapter Program Manager – Collaboration Tools."

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA.

Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA.
Privileged Identity Management Enterprise Password Vault

Privileged Identity Management Enterprise Password Vault
Microsoft Forefront Identity Manager 2010

Microsoft Forefront Identity Manager 2010
Identity and Access Management Strategy and Solution.

Identity and Access Management Strategy and Solution.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Dobrodošli!. Dobrodošli Peter Novak EPG Manager, Microsoft Slovenija Copyright 2006 © Microsoft.

Dobrodošli!. Dobrodošli Peter Novak EPG Manager, Microsoft Slovenija Copyright 2006 © Microsoft.
Identity Management with Microsoft Identity Integration Server.

Identity Management with Microsoft Identity Integration Server.
Identity and Access Management: Overview Rafal Lukawiecki Strategic Consultant, Project Botticelli Ltd

Identity and Access Management: Overview Rafal Lukawiecki Strategic Consultant, Project Botticelli Ltd
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Identity and Access Management

Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland

Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland
Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution www.cognizancesecurity.com.

Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution
Identity and Access Management Dustin Puryear Sr. Consultant, Puryear IT, LLC

Identity and Access Management Dustin Puryear Sr. Consultant, Puryear IT, LLC

Similar presentations

Ads by Google