Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity.

Published byAhmad Henry Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity."— Presentation transcript:

1 Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity Practice – IGA Dell/Immersion Consulting

2 Established in 1995, Orient Logic is a leading IT company and system integrator in Georgia.

3 Discussion points Current state of affairs in IT Security Basics of Identity Governance Administration Connecting the dots: agile I-G-A Use cases – Government of Austria, Bayern Department of Justice and State of Alabama

4 Current State of Affairs in IT Security

5 IT Security realities of today Change of focus: from protection the perimeter (external only) to the governance of the whole infrastructure (internal and external) Change of mentality: from “castle under siege” to “enemy is already here” Main external goal: advanced threat protection Main internal goal: IGA – Identity Governance and Administration Shift from pure technical-based to business and human factor focused solutions

6 WHO ARE THE “BAD GUYS”?

7

8 ATTACKS ALWAYS RELY ON INTERNAL PROCESS FLAWS No established business process for granting rights to individuals Lack of governance, access controls and monitoring No actionable reporting IGA SHOULD BE READY FOR ADVANCED THREATS

9 IGA ATR Best response practice: ATR+ IGA 9 Pre-Incident Preparation DetectTriage Collect Data : - Volatile Data - Forensic Dup. - Network Traffic Perform Analysis Take Action: Admin and Legal Reporting Incident Occurs: Point-In-Time or Ongoing Remediation: Technical Recovery from the Incident Status Reporting Identity Governance and Administration central authority Data feed Data feed Data feed Data feed Targets/Applications/Devices Account checks Access freeze Risk-based provisioning Notifications, access restore and provisioning Identity Data Sync Data feed

10 Basics of Identity Governance and Administration (IGA)

11 Three dimensions of IGA I - Identity Management G - Governance, Risk and Compliance (GRC) A – Administration – Access Management and Provisioning Main challenge: Make all three components connected to work as one

12 Three forces of IGA in your enterprise Identity owners (HR, Identity suppliers) - I –Responsibilities: manage identities, organization charts –Goal: make sure that identity and organization information is up to date Business owners (C-level managers, PM, compliance officers) - G –Responsibilities: manage all business-related matters, including governance, risk and compliance –Goal: make business successful and customers happy Technology owners (System admins, DB admins, etc.) - A –Responsibilities: support business with technology –Goal: All systems should be up and running 24-7 with no downtime

13 Identity Posture - how to evaluate Identity Posture is about how connected and in-sync three forces are – Three forces collaboration – Maturity of each force Identity Posture is about measuring maturity of – Identity model – Governance model – Administration model Identity Posture is about how enterprise can handle CHANGES – Identity updates – Governance processes restructuring – Administration redesigning

14 Connecting the dots – agile IGA

15 Connected I-G-A goal – be agile All elements are connected into one solution where each responsible person is a contributor to the system Each contributor has means to configure his/her own IGA elements within his knowledge IGA project should have short length phases with clear achievable milestones 15 I G GG A A Identity Governance Administration

16 Managers should easily see all the entitlements of an employee in one clear view Actionable All logical, physical systems, resources and assets. Identity - Identity Goal - Enterprise Visibility

17 Identity goal – separate business and technical views Business view Technical view

18 Governance goal – give dashboard views for current status visibility Managers should easily find the overall and specific status of requests and processes in the system

19 Governance goal - Access granting history audit People responsible for auditing should be able to see the history of assigning access and entitlements to the individuals

20 Governance goal – Approval Workflow builder Approval workflows should be built by the same people who are responsible for the granting process using regular tools, not scripts

21 Use Cases

22 Government of Austria Central portal for Austrian citizens requests Central business workflow engine for handling requests Monitoring automation and actionable reports

23 Bayern Department of Justice Internal personnel IGA: access control, governance and attestation Centralized Policy engine Advanced threat protection: external and internal Constant activity monitoring and actionable reports

24 State of Alabama State of Alabama was breached in 2012 –Millions of data records were stolen –State Web site was disabled –IT operations was paralyzed IT Security and IGA solution –Advanced threat detection software –IGA full suite solution –Privileged access manager Security and IGA education of the personnel

Download ppt "Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity."

Similar presentations

Network Systems Sales LLC

Network Systems Sales LLC
Steve Lewis J.D. Edwards & Company

Steve Lewis J.D. Edwards & Company
COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
© 2004 Intelliob Technologies (P) Ltd.. All rights reserved. This presentation is for informational purposes only. Intelliob makes no warranties, express.

© 2004 Intelliob Technologies (P) Ltd.. All rights reserved. This presentation is for informational purposes only. Intelliob makes no warranties, express.
A Federated Approach to Systems Management Todd Nugent Mike Huffstatler Sr. Product Specialist Systems Engineer.

A Federated Approach to Systems Management Todd Nugent Mike Huffstatler Sr. Product Specialist Systems Engineer.
Security and Personnel

Security and Personnel
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
SACM Terminology Nancy Cam-Winget, David Waltermire, March.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.
Security Controls – What Works

Security Controls – What Works
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Lower costs and improve predictability Automation Enable service owners to focus on work that adds business value Reduce error-prone manual activities.

Lower costs and improve predictability Automation Enable service owners to focus on work that adds business value Reduce error-prone manual activities.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123 Dotting Your I’s and Crossing Your T’s: Preparing for an IT Audit David.

GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123 Dotting Your I’s and Crossing Your T’s: Preparing for an IT Audit David.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Microsoft Premier Support for Office 365 Service Introduction

Microsoft Premier Support for Office 365 Service Introduction
Defining Services for Your IT Service Catalog

Defining Services for Your IT Service Catalog
Network security policy: best practices

Network security policy: best practices

Similar presentations

Ads by Google