IDM/IAM
Identity & Access
Management
Tell me and I’ll forgetShow me and I may rememberInvolve me and I’ll understand
Sigal Russin ,
VP & Senior Analyst
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
2
Is it identity?
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
3
Identity and Access Management
AccessControl
DirectoryServices
IdentityAdministration
Strong Authentication & Authorization
Risk Based AccessControl
Single Sign-OnFederation
Web Services Security
Identity & OrganizationLifecycle
AdministrationEnterprise Role Mng
Provisioning &Reconciliation
Compliance Automation
Virtualization
Synchronization
Storage
Service Levels Risk Analysis Forensics Configuration Performance Automation
Management
Audit Data Attestation Fraud Detection Segregation of Duties Controls
Audit & Compliance
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
4
Where to start ?!
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
5
Explosion of IDs
# of
Digital IDs
Time
Mainframe
Client Server
Internet
Business
Automation
Company
(B2E)
Partners
(B2B)
Customers
(B2C)
Mobility
Pre 1980’s 1980’s 1990’s 2000’s
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
6
“Identity Chaos”
Lots of users and systems required to do business
Multiple repositories of identity
information;
Multiple user IDs, multiple passwords
Decentralized management, ad hoc data
sharing
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
IDM – Identity Management
7
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
8
5 Core Elements of ID Management
FederatedFederatedIdentity
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
9
5 Core Elements of ID Management
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
10
5 Core Elements of ID Management
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
11
What’s next…
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
12
Before Implementing Access Management
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
13
After Implementing Access Management
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
14
Trends Impacting IAM and privacy management sectors
Gartner, Egham, UK, January 31, 2012, Summit 2012, March 12-13, London
Tactical identity
• IAM projects will generally be limited in scope and schedule to help ensure success.
Identity assurance
• Demands for stronger authentication and more mature identity provider infrastructures will raised.
• You need to know which providers you are trusting, why, and for what.
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
15
Trends Impacting IAM and privacy management sectors
Gartner, Egham, UK, January 31, 2012, Summit 2012, March 12-13, London
The identity bridge
• A new architectural component is needed to manage the flowof identity information between cooperating organizations.
• The edge of the organization is to look inward and outward simultaneously.
Authorization
• It will grow more complex and more urgent due to continuing regulatory pressure.
• Authorization will assume a place as a first-class business function.
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
16
Trends Impacting IAM and privacy management sectors
Gartner, Egham, UK, January 31, 2012, Summit 2012, March 12-13, London
The sea of tokens
• The new tokens-and-transformers architecture is more
modular, more flexible and more loosely coupled.
Policy battles
• Privacy and identity theft are having a serious impact on business operations and viability.
• The business community, law enforcement and national security communities will continue to fight over identification,
privacy laws and regulations.
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Identity Management Market
17
Overlap without integration causes consternation and cost
� Around 60 vendors in IDM
Directory
Meta-directory
Appliances
Access Management
Virtual Directory
Provisioning
Password Management
Authentication
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
18
IAM's Biggest Concerns
HP Research Report, Security & Risk Management Survey Conducted by Coleman Parkes
Research, 2012
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
19
Be Aware - Most of IDM projects failed
1
• Allocating human resources for maintenanceIDM project
• Allocating human resources for maintenanceIDM project
2• Project Leaders: HR with cooperation of IT • Project Leaders: HR with cooperation of IT
3• Support from organization's high management• Support from organization's high management
4
• Sharing and training of all organization departments
• Sharing and training of all organization departments
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
20
Most of IDM projects failed - Be Aware!
5
• Data Cleansing: job definitions include user authorizations
• Data Cleansing: job definitions include user authorizations
6
• Mirroring to organization processes – workflows will maximize ROI
• Mirroring to organization processes – workflows will maximize ROI
7
• If you choose a product make sure about the integration to all organization systems -Learn the product!
• If you choose a product make sure about the integration to all organization systems -Learn the product!
8
• Step by Step-integration special groups on AD with one organizational system (SAP, billing, CRM etc.)
• Step by Step-integration special groups on AD with one organizational system (SAP, billing, CRM etc.)
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
21
Market Overview
Vendor Access ProvN Passwd Meta AuthN
IBM � � � � �
Novell � � � � �
Oracle � � � � �
CA � � � �
Microsoft � � � � �
Netegrity � � � �
Oblix � � � �
RSA � � � �
Entrust � � � �
� = Partner provided
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
22
Identity & Access Management- Israeli Market Positioning 1Q10-11
Lo
cal S
up
po
rt
Market Presence
IDM\IAM Player
This analysis should be used with its
supporting documents
Worldwide Leader
Prominent WAM Player
CANovell
BMCMicrosoft Velo (OS)
IBM
Oracle-Sun
Quest
SAP
Using this
technolog
y
27%
Evaluating
\Not using
73%
Estimated Technology
Penetration
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
23
2012 World Leaders in Cloud Identity Management
Market Presence
Forrester Survey
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
24
IDM Benefits
Centralize Security
Enforce Audit
Policies
Enhance Visibility
Detect Security,
Regulatory
Automate Auditing
Procedures
Maintain Control
Over Data Assets
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
25
2013 Will Change Enterprise IDM
By UCStrategies Staff November 14, 2012
�The rise of stateless identity
�ID standards
�Dissolving internal/external
boundaries
�Identity assurance
“It’s tough to pull your
head up from the static
world of on-premises user
management to the more
dynamic world.”2013 Planning Guide: Identity and Privacy, by Ian Glazer
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
26
Recommendations
Organization should translate the business world into project specification process
Do not try to fit the IDM system to your organization
Before starting – define SOW -> Consider alternatives-> POC for business process
Organization limits – try to start IDM inside the organization
Matching expectations of project initiators, users and
decision makers
Marketing the project to show the meanings and painful problems
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
27
Recommendations
Small steps such as Gradual connection to organization systems, initial provisioning, role based access control etc.
Standardization- you don’t need to update the system all the time
Organization password policy can take a part on IDM project – SSO on the last stage
Workflows- pay attention for duplication or conflict in organizational identities
Organizational Tree - reflect the organizational structure in HR and IT
Each department has a manager (referant) who responsible for management permissions to the same department
Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
28
Scan Me To Your Contacts:
Thank You!