Presentation is loading. Please wait.

Presentation is loading. Please wait.

Merritt Maxim, Senior Analyst

Published byIra Small Modified over 6 years ago

Similar presentations

Presentation on theme: "Merritt Maxim, Senior Analyst"— Presentation transcript:

1

2 Merritt Maxim, Senior Analyst
WEBINAR Using Forrester’s IAM Assessment Tools To Build Your IAM Strategy Merritt Maxim, Senior Analyst October 13, Call in at 12:55 p.m. Eastern time

3

4 Abstract Over the past few years, Forrester has published several different identity and access management (IAM) assessment tools. These tools enable organizations to gauge their current maturity across a range of IAM processes and technologies; organizations can then use the assessments to identify areas of weakness and build priorities. This webinar reviews the current inventory of IAM assessment tools, provides hands-on perspective on how to use the tools, and offers guidance on using the tools to build an effective, long-term IAM strategy.

5 Agenda IAM overview How to use the assessment tools Applying the IAM assessment tools Recommendations

6 Agenda IAM overview How to use the assessment tools Applying the IAM assessment tools Recommendations

7 Five market imperatives
Transform the customer experience. Drive business growth with privacy. Age of the customer Accelerate your digital business. Turn big data into business insights. Embrace the mobile mind shift.

8 Access anywhere, anytime

9 Digital operational excellence
It’s not an “or” but an “and” relationship between employee experience and operational excellence Digital operational excellence Employee experience + Image source: Wikimedia Commons ( and Public Domain Pictures and Images (

10 IAM plays a paramount role
Application access Password recovery Single sign-on (SSO) Access certification Employee experience

11 IAM reduces complexity and cost
Minimize the risk of data breaches. Identify compromised credentials, overprivileged users, stale or orphan accounts, and segregation of duty (SoD) violations to maintain principle of least privilege. Improve end user productivity. Automate and centralize the process by which users can request and gain access to applications, yielding significant employee satisfaction and productivity gains. Deliver operational efficiencies. Reduce administrative costs associated with managing and granting user access to applications as well as other tasks such as password resets.

12 Base: 579 to 594 global network security decision-makers (1,000+ employees); Source: Forrester’s Global Business Technographics® Security Survey, 2016

13 Today’s org structures are highly dynamic
“What percentage of your employees change job roles (promotions, reorganizations, etc.) in a given calendar year?” Base: 28 technology management professionals; Source: Forrester’s Q Global Identity Management Online Survey

14 Current Forrester IAM security maturity assessment tools
Forrester’s Customer IAM (CIAM) Security Maturity Assessment Model, August 2016 Forrester’s Active Directory Security Maturity Model, August 2016 Forrester’s IAM Cost Model, December 2015 Forrester’s IAM Self-Assessment, September

15 Agenda IAM overview How to use the assessment tools Applying the IAM assessment tools Recommendations

16 Find the assessment tool

17 Download the tool directly from report
Simply click on the link below the icon to download the Excel tool.

18 First tab: provides basic instructions on using the tool

19 Second tab: complete self-assessment
Drop-down menu to identify your current state

20 Third tab: Scoring summary weighs current state versus our desired state

21 Fourth tab: maturity stage results based on self-assessment

22 Maturity level definitions
Source: Assess Your Active Directory Security Forrester report

23 Agenda IAM overview How to use the assessment tools Applying the IAM assessment tools Recommendations

24 Using the tool in your organization
Apply weightings across the categories. Default model weights each category equally. Increase weightings for higher-priority areas, and reduce weightings of lower-priority items. Capabilities out of scope or of lower priority can have a weighting of 0%. Answer the assessment questions for each criterion. Answer all questions with a simple yes/no response. Use the summary tab to show current maturity against desired future- state maturity. Setting a target maturity can help with prioritization and areas of improvement. Use the results tab for a visual representation of your security maturity. Each category with a weighting > 0% will receive a score between 0 and 5.

25 Understanding the model and what it can do
Identify IAM blind spots and gaps. Identify areas of functional leaders and laggards. Coordinate strategy and cross-functional ownership. Snapshot your environment to initiate cross- functional discussion.

26 Understanding the model and what it cannot do
Quantify risk. The tool provides guidance, but it does not include a method for conducting risk assessments. The model identifies gaps between current state and desired end state that can be fed into other tools and processes to quantify risk accordingly. Prevent data breaches. The tool can identify gaps, but you must accompany those actions with ongoing vigilance and continuous improvement to minimize the risk of data breaches. Tell whether or not you’re secure. In cases where specific controls are needed to mitigate a specific threat, this maturity model will not tell you whether a given control is well-designed or effective. You need to collaborate with your audit team to review individual controls and documentation to assess if a given control is properly designed and effective. Demonstrate compliance. The tool will help you improve your overall compliance posture with IT regulations, but it does not serve as proof of compliance. You will still need to map the model’s components to various regulations and standards and perform control tests as appropriate to demonstrate compliance and meet auditors’ requirements.

27 Tune the model to your organization
Reduce scope as needed. Certain areas may be more or less relevant to your organization, so adjust weightings. Engage with all relevant owners. Don’t just do a self-assessment yourself! Share the model with others to yield a more compelling baseline. Establish a baseline and maturity-level targets. Use initial results to identify unacceptable gaps or areas (based on factors such as risk, budget, or compliance) that you can easily improve. Use quick wins to build momentum, show progress, and keep the team engaged. For larger organizations with more autonomous business units, consider separate assessments, heat maps, and strategies for individual business units or geographies. Measure and report progress at regular intervals. These assessments are not one-time efforts. Build a schedule to measure progress over time with regular reporting to senior management.

28 Agenda IAM overview How to use the assessment tools Applying the IAM assessment tools Recommendations

29 Five actions to take Adjust the IAM models to reflect your organization’s unique characteristics. Engage cross-functional owners. Create realistic targets. Track progress using the IAM maturity models. Use results to build short- and long-term IAM strategy.

30 Image source: Trace One (http://www.traceoneview.com/)

31 Ten commandments of modern identity management — thou shalt support:
A lot of endpoints: on-premises and cloud apps and directories and SCIM Customizable and flexible workflow Mobile application for reviewers and requestors Shopping cart in access request management Access information-aided attestation Bulk access reviews Cloud (true multitenant) and on-premises delivery options A slick user interface for business users and admins Customer-facing IDM tasks out of the box Ad hoc reporting and clickable dashboards +1: customers’ requirements 

32 Forrester’s people and process recommendations for IAM
Seek cross-functional approval for your IAM business case. Hammer out agreement on formal levels of risk. Map tasks and channels to the formal levels of risk. Image source: Salary.com (

33 Research links Active directory security assessment
Assess Your Active Directory Security Forrester report Customer IAM maturity assessment Introducing Forrester’s Customer IAM Security Maturity Assessment Model Forrester report IAM security maturity assessment Assess your IAM Maturity Forrester report IAM cost model Forrester’s Identity And Access Management Cost Model Forrester tool

34 Merritt Maxim

Download ppt "Merritt Maxim, Senior Analyst"

Similar presentations

Leveraging an Integrated ERP and CRM System - Featuring Sage MAS 500 ERP and Sage SalesLogix CRM.

Leveraging an Integrated ERP and CRM System - Featuring Sage MAS 500 ERP and Sage SalesLogix CRM.
A BPM Framework for KPI-Driven Performance Management

A BPM Framework for KPI-Driven Performance Management
DELIVERING SHAREPOINT AS A SERVICE

DELIVERING SHAREPOINT AS A SERVICE
HP Quality Center Overview.

HP Quality Center Overview.
Sarbanes-Oxley Compliance Process Automation

Sarbanes-Oxley Compliance Process Automation
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Defining high-performance What is FM Diagnostics? A demonstration An application Benefits Today’s Agenda.

Defining high-performance What is FM Diagnostics? A demonstration An application Benefits Today’s Agenda.
UNDERSTANDING VALUE THROUGH VISUAL QUADRANT ANALYSIS BY ELIZABETH BOETTCHER, RED BRICK MARKETING, INC. An Exercise For Small Business Owners.

UNDERSTANDING VALUE THROUGH VISUAL QUADRANT ANALYSIS BY ELIZABETH BOETTCHER, RED BRICK MARKETING, INC. An Exercise For Small Business Owners.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.

Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.
Using OMB Section 508 reporting in addressing your agency's program maturity. How to Measure Your Agency's 508 Program.

Using OMB Section 508 reporting in addressing your agency's program maturity. How to Measure Your Agency's 508 Program.
Kathy Corbiere Service Delivery and Performance Commission

Kathy Corbiere Service Delivery and Performance Commission
Chapter 8 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Governor Support Service Training Governor Workshop 31 st March 2016 As a service we have a responsibility to enable all governors to access appropriate,

Governor Support Service Training Governor Workshop 31 st March 2016 As a service we have a responsibility to enable all governors to access appropriate,
WEBINAR Introducing The Forrester Wave™: Real-Time Interaction Management Rusty Warner, Principal Analyst September 22, Call in at 10:55 a.m. Eastern.

WEBINAR Introducing The Forrester Wave™: Real-Time Interaction Management Rusty Warner, Principal Analyst September 22, Call in at 10:55 a.m. Eastern.
Webinar Behind The Scenes Of The Forrester Wave: GRC Platforms, Q Chris McClean, Principal Analyst and Research Director Renee Murphy, Senior Analyst.

Webinar Behind The Scenes Of The Forrester Wave: GRC Platforms, Q Chris McClean, Principal Analyst and Research Director Renee Murphy, Senior Analyst.
January 23,  Balance state’s higher education long range plan and agency operations in the required strategic plan;  Involve agency staff in.

January 23,  Balance state’s higher education long range plan and agency operations in the required strategic plan;  Involve agency staff in.
Deck Customization Checklist

Deck Customization Checklist
Allison Snow, Senior Analyst

Allison Snow, Senior Analyst
Laura Ramos, Vice President, Principal Analyst

Laura Ramos, Vice President, Principal Analyst

Similar presentations

Ads by Google