NetIQ sessie Boudewijn van Lith

Identity & Access GovernanceMitigate Risk, Ensure Compliance, Empower User Access

2 © 2011 NetIQ Corporation. All rights reserved.

Agenda

• Identity and Access Governance‒ Industry trends

• Identity Manager‒ Markt, ontwikkelingen en opportunities

• Access Governance ‒ Architecture

‒ Product Overview

‒ Technical Details


Identity Management Automatiseren

LoB Manager

CIO, CSO, Compliance Mgr, Auditor

Systemen waar veel gebruikers in bestaan

AutomationDirect Management• Identity Management• User Provisioning• Access Management• Single Sign On

VoorbeeldIdentity Lifecycle Management•Koppelen bron-systemen o.a. SAP HR•Opzetten Identiteiten register – central view•Provisioning naar basis systemen


Access Governance Toezichthouders

LoB Manager

CSO, Compliance Mgr, Auditor

Meest risicovolle applicaties en systemen

Beheren en valideren van autorisatiesPeriodieke controle• Inlezen en analyse van toegang (risico)• Rapportages• Valideren van autorisaties (certificering) • Verbeter akties inititeren


Future State

User Provisioning and Access Governance markets are converging

User Provisioning (IDM 4)

Access Governance (AGS)

Next Generation Identity and Access Governance “Business Interface – Trusted

Fulfillment”

Demanding business-centric user interfaces

Demanding better

Provisioning


LoB Manager

CSO, Compliance Mgr, Auditor

Applications, Databases, Infrastructure

MonitoringReal-time Activity Detection• Security Event Management • Log Management• Access Monitoring

Real-time inzicht in gebruik Monitoring


Maturity Roadmap

Identity Manager


Identity Manager

Bron systemen

Centraal ID register

IdM Integration Modules

Identity Manager

Identiteiten, regels, rollen, beleid etc.

Id services: zelfservice, workflow etc

Gedelegeerd beheergegevens distributie

Basis rapportage en monitoring

IdM Integration Modules

Gebruikers GUIzelf service, zelf registratie etc.User Application

Rapportages

SAP HR Handmatig directe invoerof systeem

HR administratie Overige administratie

Informatie systemen

ExchangeMail

Windowsnetwerk

Active Directory

Eigenapplicaties

Fysiekebeveiliging

OverigeMicrosoftSQL

FIle systemHome

Directories


Klanten

Province Noord-Brabant

Red Spider

ROC


Product Support Lifecycle


IdM 4Standard

IdM 4A.E.


IdM 4Standard

IdM 4Adv


Nieuwste versie IdM

• Identity Manager 4.02 – juli / aug‒ Minor upgrade / refresh components

‒ Ondersteuning voor RedHat Enterprise Server

‒ Updates on reports, performance, drivers, AD passwords policy, digital signatures.... etc


Upsell

• IdM 4 Advanced Edition‒ roles based provisioning

‒ Reporting etc

• Access Manager 3.2 (mei)

• Sentinel LogManager

• Identity tracking for Idm ( * NIEUW *)

• Access Governance

BYODsharepoint

Toegang klanten

Toegang partners

eolCloud

BYODsharepoint

Toegang klanten

Toegang partners

eolCloud Toezichthouders

risico inzicht


Identity tracking for Identity Manager

16

NetIQ Access Governance Suite 6Mitigate Risk, Ensure Compliance, Empower User Access


Agenda

• Identity and Access Governance‒ The what and why

‒ Key Functions

‒ Convergence

• Access Governance Suite 6‒ Architecture

‒ Product Overview

‒ Technical Details


Why Does the Business Care?

InsiderThreats

User Demands

Identity Theft

Regulations

Confidentiality

Governance

Risk Management

Business Continuity

Compliance

Audits

Data protection

Agility

Protect I.P.


What does the Business want?

AutomatedProvisioning

BusinessEnablement

FlexibleFulfillment

Help Desk Manual

Lifecycle

Event Mgmt

• Business intelligence and user experience

• Business process management

• Business policy enforcement and risk management

Access

Request

Access

Certification

Role

Management

Policy

Definition

BPM/

Workflow

Risk

Modeling

Audit &

Reporting

Access GovernanceKey functions


Effective Governance of AccessKey Functions

Discovery and collection of user access data

• Enterprise-wide collection and organization of millions of IT entitlements and role memberships

• Translation of IT terminology into business-relevant terms

● For example: RACF 54-RS93 is translated toPay Invoice

Discover Certify Model




Application of policy analytics for decision

support

Regular review and certification of user access

• Business reviewers review and certify access of users they are responsible for

• Automated notifications

• Business-relevant presentation

• Enforce fulfillment policy

• All actions are logged for audit purposes





Application of policy analytics for decision

support

Regular review and certification of user access

Orchestration of automated controls for remediation

• Approved change requests are automatically fed to IT systems to make the changes, including

● User Provisioning

● Helpdesk/ Service Request Mgmt

• All change actions are logged for audit purposes



Effective Governance of AccessRequires a Dynamic, Ongoing Process

Regular Review and Certification of User AccessAnalytics for

Decision Support

Orchestration of Controls to Remediate Inappropriate AccessRole Design and

Maintenance

Change Management for

User AccessDiscovery and

Collection of User Access Information

Identity and Access Governance (IAG) Convergence


Current State

IT and Business focused solutions led to two market segments within Identity Management

User Provisioning

Access Governance

Driven by IT

Driven by the Business


Future State

User Provisioning and Access Governance markets are converging

User Provisioning (IDM 4)

Access Governance (AGS)

Next Generation Identity and Access Governance “Business Interface – Trusted

Fulfillment”

Demanding business-centric user interfaces

Demanding better

Provisioning


Questions

+1 713.548.1700 (Worldwide)888.323.6768 (Toll-free)[email protected]

Worldwide Headquarters1233 West Loop South Suite 810 Houston, TX 77027 USA

http://community.netiq.com


mailto:[email protected]

http://www.netiq.com/

http://community.netiq.com/

http://www.facebook.com/netiq

http://www.twitter.com/netiq

http://www.linkedin.com/groups?gid=2745833

http://community.netiq.com/


Wie en Waar

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

Copyright © 2011 NetIQ Corporation. All rights reserved.

ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States.

Education

NetIQ sessie Boudewijn van Lith