Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building and Implementing An Identity Management Roadmap John Taylor Manager, IT Security & Service Continuity Phil Hall Security Consultant Apologies.

Published byHortense Shields Modified over 8 years ago

Similar presentations

Presentation on theme: "Building and Implementing An Identity Management Roadmap John Taylor Manager, IT Security & Service Continuity Phil Hall Security Consultant Apologies."— Presentation transcript:

1 Building and Implementing An Identity Management Roadmap John Taylor Manager, IT Security & Service Continuity Phil Hall Security Consultant Apologies : Russell McClimont IT Security Services Manager, eCommerce Security

2  Strategic Overview  Architectural building blocks and identity management overview  Creating the identity management roadmap  Business requirements, principles/blueprint and technical positions  Project implementation  A couple of examples Presentation Overview

3 Architectural Building Blocks Removed

4 Information Security Framework Removed

5 Identity Management – Strategic Overview Removed

6 Business Issues Faced  High administration cost  Inefficient management of user repositories  Numerous authentication points  Various passwords  Disconnect between external and internal facing systems for user access  Security built within each application Identity Management – Strategic Overview

7 Removed

8 Direction  Move towards reduced sign-on through the linkage of Web based protocols- Tivoli Access Manager and Tivoli Identity Manager (‘legacy’ based and non web based systems).  Centralised user management through corporate Meta Directory services.  User self registration and ‘access’ management for majority of the environment through the use of Tivoli Identity Manager.  Centralised authentication and authorisation services to leverage off existing investments.  Work flow management through Tivoli Identity Manager. Identity Management – Strategic Overview

9 Establishing an Identity Management Roadmap Removed

10  Must have a formal identity management architecture. Roadmap is a migration strategy for realising this architecture  Clearly define what identity management is and is not  Essential to ‘ring-fence’ architecture and roadmap  Directories - always a tricky area to address  Vendors have a view that suits their product suite  A discrete set of related services  Business objectives and / or issues that identity management services will address  Investment in a set of complimentary technologies that are consistent with overall IT Architecture / Strategy. Minimise duplication!  Four key components, these are…. Key Components - Overview

11  Identity Management guiding principles  E.g. “Provisioning of IT access will be based on a mix of automatic provisioning of basic services and self-service registration”  Limited in number, no more than 20  Must compliment general IT principles and security principles  Architecture blueprints  Reflect guiding principles  Models of identity management architecture  Describes identity management architecture in terms of discrete, yet related services  Products are not referred to, keep it generic Principles & Blueprints

12  Technical Choices and Decisions  Describe identity management services in terms of a series of possible options and chosen technology / solution  A series of technical positions based on “fitness for purpose”  Migration strategy  Describes activities essential to achieving identity management architecture  Describes each activity in terms of relationship with other activities and time.. But it is not a project plan!  Activities are grouped together to form work streams  Must consider external factors, e.g. other projects  Should demonstrate a timely return on investment  Maximise strategic direction, minimise use of tactical solutions  Consider budgets and resource levels / experience Technical Positions & Migration Strategy

13  Map identity management services to business objectives  Link to IT and Security architectures  Demonstrate structured approach to architecture and roadmap development… we know what we are doing!  Document Business objectives, issues and requirements  Baseline ‘as is’ and perform gap analysis  Document principles, blueprints, technical positions and migration strategy  Demonstrate value in short term and at regular intervals thereafter  Simple high impact solutions, e.g. integrated login, password synchronization  Integrate individual solutions to provide comprehensive infrastructure  Simplify delivery of a critical IT project using an identity management service Getting Support from the Business

14 Map business objective to identity management service Removed

15 Map the identity management product to the identity management service – business requirement. Removed

16 Identity Management Implementation Flow Removed

17 Migration of ‘Existing’ WAM System IAG acquired CGU in 2002. IAG had existing web access management system using Directory Smart as underlying architecture. CGU installed Access Manager. Gap analysis process against roadmap requirements. Chose to migrate Directory Smart to Access Manager.

18 Requirements Complete delivery by December 2004. Maintain client self help and single sign-on functionality as provided by Directory Smart. On going new integration activities to be performed with Access Manager. Compliance with IT Security Architectural principles and strategy.

19 Issues Develop a migration strategy for 40+ applications. Architectural differences – proxy Vs agent based. Avoiding additional authentication points. Introducing a new administration tool to the help desk. Maintaining existing Q&A functionality.

20 Achievements Phase 1 is complete - Access Manager is being used to handle the gatekeeper service for all applications. Automated account provisioning for intranet clients supplied by HR source (SAP) through IDI connectors. Password reset service provided by Identity Manager. Access Manager providing authentication service to Identity Manager interface.

21 ITAM WebSEAL ITAM IDS DSmart 1. Initial request 2. Post 3. Authentication 5. Webseal Session ID & Creds Cached DSMART IDS 6. Request + iv_user, tag pwd attribute 4. Check user. Extract pwd 8. Post DS cookie & caller url etc. 9. Post cookie 10. Request with client cookie 7. Check user. Endpoint Application Integrated Single Sign-On Process

22 TIM Password Synchronisation Deliver same sign-on services for non web applications Support for core system repositories – ACF2, RACF, TAM IDS & various Windows domain controllers (AD, 2000, NT) Reduce help desk workload by simplifying password management Reduce risk of exposure by strengthening and standardising password policies Requirements

23 Issues Impact of password policy change – bringing endpoint systems in line, & client educational process Scalability of domain account synchronisation solution – local agents or agent server Limitations of RACF agent

24 Achievements Reduced password reset tasks for the help desk Stronger password policy for core systems Consolidation of three separate passwords to one – domain, intranet & mainframe.

25 ITIM RACF Agent ACF2 Agent RACF 2 RACF 2 RACF 2 ACF2 3 NT Agent 5 Domains Windows NT SAM W2003 Agent Windows 2003 AD Password Change Set Q&A TSC Password Reset Lost Password TAM Agent Password Sync IDI Sync TAM Directory Reverse PW sync OID DirectorySAP Directory Password Sync IDI Sync HR Feed HR Feed Provisioning

26 Next Steps Phase two of the TAM migration exercise – applications ported from Directory Smart Spengo – Integrated Sign-On for Active Directory clients Roll out password synchronisation service to the organisation Rollout of account provisioning service to the organisation Rationalising disparate source HR feeds through IDI/TIM Association of existing ‘un-owned’ accounts to an enterprise identity – reduce the number of orphans Automated provisioning & termination cycle for basic access…..

Download ppt "Building and Implementing An Identity Management Roadmap John Taylor Manager, IT Security & Service Continuity Phil Hall Security Consultant Apologies."

Similar presentations

© 2006 IBM Corporation Tivoli Identity Manager Express Tivoli Access Manager for Enterprise Single Sign-On (Product Demonstrations) Tivoli Live! – 15 June.

© 2006 IBM Corporation Tivoli Identity Manager Express Tivoli Access Manager for Enterprise Single Sign-On (Product Demonstrations) Tivoli Live! – 15 June.
ADManager Plus Simplify Your Active Directory Management.

ADManager Plus Simplify Your Active Directory Management.
First create and sign up for a blue host account Through the help of Blue Host create a WordPress website for the business After you created WordPress.

First create and sign up for a blue host account Through the help of Blue Host create a WordPress website for the business After you created WordPress.
Leverage MarkITS for agile solutions delivery that balances strategic thinking with tactical execution for “Business & Technology Convergence” MarkITS.

Leverage MarkITS for agile solutions delivery that balances strategic thinking with tactical execution for “Business & Technology Convergence” MarkITS.
Omniran-14-0037-00-00TG 1 Cooperation for OmniRAN P802.1CF Max Riegel, NSN (Chair OmniRAN TG)

Omniran TG 1 Cooperation for OmniRAN P802.1CF Max Riegel, NSN (Chair OmniRAN TG)
1 ILANTUS Proprietary Jaunary 20, 2014 Enabling complete AGS features on ISIM Compliance Express – ISIM Integration.

1 ILANTUS Proprietary Jaunary 20, 2014 Enabling complete AGS features on ISIM Compliance Express – ISIM Integration.
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
Secure Lync mobile Authentication

Secure Lync mobile Authentication
COBIT - II.

COBIT - II.
Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.

Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.
Basic guidelines for the creation of a DW Create corporate sponsors and plan thoroughly Determine a scalable architectural framework for the DW Identify.

Basic guidelines for the creation of a DW Create corporate sponsors and plan thoroughly Determine a scalable architectural framework for the DW Identify.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,

© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
ISS IT Assessment Framework

ISS IT Assessment Framework
Components and Architecture CS 543 – Data Warehousing.

Components and Architecture CS 543 – Data Warehousing.
IACT 901 Module 10 1 Plan Delivery. IACT 901 Module 10 2 Elements of IS & IT Plans Delivered Comprise Overall IS/IT vision Applications development plan.

IACT 901 Module 10 1 Plan Delivery. IACT 901 Module 10 2 Elements of IS & IT Plans Delivered Comprise Overall IS/IT vision Applications development plan.
Identity and Access Management

Identity and Access Management
Digital Campus Initiative Professor Tony Stevenson PVC Planning and Resources 15 February 2012.

Digital Campus Initiative Professor Tony Stevenson PVC Planning and Resources 15 February 2012.
LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.

LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.

Similar presentations

Ads by Google