Presentation is loading. Please wait.

Presentation is loading. Please wait.

Robert Haaverson Imanami Corporation

Published byElwin Moore Modified over 6 years ago

Similar presentations

Presentation on theme: "Robert Haaverson Imanami Corporation"— Presentation transcript:

1 Robert Haaverson Imanami Corporation
November 30, 2018 IdM & Security Robert Haaverson Imanami Corporation Copyright © 2005 Imanami Corporation. All Rights Reserved.

2 Agenda What is Identity Management Where does IdM fit within Security?
November 30, 2018 What is Identity Management Where does IdM fit within Security? How does IdM fit into Security? Conclusions More Information Copyright © 2005 Imanami Corporation. All Rights Reserved.

3 What is Identity Management?
November 30, 2018 What is Identity Management? Authentication Authorization Access Control Traditional Definition Admin Audit Increasing Complexity Current Trend Results of about 1,110,000 for "Identity Management". (0.34 seconds) Copyright © 2005 Imanami Corporation. All Rights Reserved.

4 What is Identity Management?
November 30, 2018 What is Identity Management? Identity Management (IdM) is defined as the quality or condition of being the same; absolute or essential sameness; oneness. Identity is what makes something or someone the same today as it, she, or he was yesterday. Importantly, identity can refer to a thing (e.g. a computer) as well as a person. Things and people can have different identities when working with different systems, or can have more than one identity when working with a single system, perhaps when working in different roles. Source: Open Group Copyright © 2005 Imanami Corporation. All Rights Reserved.

5 November 30, 2018 META’s View Delegated Admin. P/W Mgmt. Self-service Identity Management User Provisioning Audit, logging, reporting Workflow Directory Metadirectory Identity Infrastructure Authentication Servers (e.g. RADIUS, OS) Authorization Servers (e.g. RBAC, policy) SSO “While simplistic and not entirely accurate, it’s helpful for planning purposes to think of access and identity management as separate layers of an identity architecture.” (META Group) Copyright © 2005 Imanami Corporation. All Rights Reserved.

6 Gartner’s View AUDIT Identity Administration Administer Authenticate
November 30, 2018 AUDIT Identity Administration Administer Authenticate Authorize Authentication Services Enterprise Single Sign-on Password Management User Provisioning Metadirectory Enterprise Access Management Federated Identity Management Access Management (Real-time Enforcement) Identity Management (Administration) Copyright © 2005 Imanami Corporation. All Rights Reserved.

7 Burton’s View ~ Burton Group’s Simplified Architecture ~
November 30, 2018 Burton’s View ~ Burton Group’s Simplified Architecture ~ IdM reference architecture root template Copyright © 2005 Imanami Corporation. All Rights Reserved.

8 Deloitte’s View Business Value Vision Source: Deloitte
November 30, 2018 Deloitte’s View Federated Identity SSO & Portals User account provisioning Identity roles Integrated authoritative source Business Value Strong Authentication Identity Repository Access Management Vision Source: Deloitte Copyright © 2005 Imanami Corporation. All Rights Reserved.

9 Imanami’s View – The IdM Journey
November 30, 2018 Imanami’s View – The IdM Journey Federated Identity User account provisioning SSO & Portals Integrated authoritative source Identity roles Identity Repository Business Value Password Reset /Sync Access Management Strong Authentication Vision Basic Source: Deloitte Copyright © 2005 Imanami Corporation. All Rights Reserved.

10 IdM Business Drivers Enabling Business Increasing Efficiency Complying
with Regulation Increased Security Basic Source: Computer Associates Copyright © 2005 Imanami Corporation. All Rights Reserved.

11 Where does IdM fit? Blocking Attacks: Network Based
Intrusion Prevention Intrusion Detection Firewall Anti-Spam Blocking Attacks: Host Based Intrusion Prevention Spyware Removal Personal Firewall Anti-Virus Eliminating Security Vulnerabilities Vulnerability Mgmt Patch Management Configuration Mgmt Security Compliance Safely Supporting Authorized Users ID & Access Mgmt File Encryption PKI VPN Tools to Minimize Business Losses Forensic Tools Backup Compliance Business Recovery Source: SANS Copyright © 2005 Imanami Corporation. All Rights Reserved.

12 Where does IdM fit? Blocking Attacks: Network Based
Intrusion Prevention Intrusion Detection Firewall Anti-Spam Blocking Attacks: Host Based Intrusion Prevention Spyware Removal Personal Firewall Anti-Virus Eliminating Security Vulnerabilities Vulnerability Mgmt Patch Management Configuration Mgmt Security Compliance Safely Supporting Authorized Users ID & Access Mgmt File Encryption Authentication / PKI VPN Tools to Minimize Business Losses Forensic Tools Backup Compliance Business Recovery Source: SANS Copyright © 2005 Imanami Corporation. All Rights Reserved.

13 Where does IdM fit? Safely Supporting Authorized Users
Blocking Attacks: Network Based Intrusion Prevention Intrusion Detection Firewall Anti-Spam Safely Supporting Authorized Users ID & Access Management Verify that the right people are allowed to use a system Ensure they perform only those tasks for which they are authorized Access blocked when employment is terminated Blocking Attacks: Host Based Intrusion Prevention Spyware Removal Personal Firewall Anti-Virus Eliminating Security Vulnerabilities Vulnerability Mgmt Patch Management Configuration Mgmt Security Compliance Safely Supporting Authorized Users ID & Access Mgmt File Encryption Authentication / PKI VPN Tools to Minimize Business Losses Forensic Tools Backup Compliance Business Recovery Source: SANS Copyright © 2005 Imanami Corporation. All Rights Reserved.

14 Where does IdM fit? Safely Supporting Authorized Users
Blocking Attacks: Network Based Intrusion Prevention Intrusion Detection Firewall Anti-Spam Safely Supporting Authorized Users Authentication Verify that the person is whom they claim to be, whether it be via one, two or three factor. Blocking Attacks: Host Based Intrusion Prevention Spyware Removal Personal Firewall Anti-Virus Eliminating Security Vulnerabilities Vulnerability Mgmt Patch Management Configuration Mgmt Security Compliance Safely Supporting Authorized Users ID & Access Mgmt File Encryption Authentication / PKI VPN Tools to Minimize Business Losses Forensic Tools Backup Compliance Business Recovery Source: SANS Copyright © 2005 Imanami Corporation. All Rights Reserved.

15 Where does IdM fit? Tools to Minimize Business Losses
Blocking Attacks: Network Based Intrusion Prevention Intrusion Detection Firewall Anti-Spam Tools to Minimize Business Losses Forensic Tools When attackers get through enterprises need to find out what they accessed, what they damaged, and how they got in. Blocking Attacks: Host Based Intrusion Prevention Spyware Removal Personal Firewall Anti-Virus Eliminating Security Vulnerabilities Vulnerability Mgmt Patch Management Configuration Mgmt Security Compliance Safely Supporting Authorized Users ID & Access Mgmt File Encryption Authentication / PKI VPN Tools to Minimize Business Losses Forensic Tools Backup Compliance Business Recovery Source: SANS Copyright © 2005 Imanami Corporation. All Rights Reserved.

16 Where does IdM fit? Tools to Minimize Business Losses
Blocking Attacks: Network Based Intrusion Prevention Intrusion Detection Firewall Anti-Spam Tools to Minimize Business Losses Regulatory Compliance Tools Gramm-Leach-Biley, FISMA, Sarbanes Oxley, and HIPAA each generate enormous documentation burdens for companies, universities, and/or government agencies. Blocking Attacks: Host Based Intrusion Prevention Spyware Removal Personal Firewall Anti-Virus Eliminating Security Vulnerabilities Vulnerability Mgmt Patch Management Configuration Mgmt Security Compliance Safely Supporting Authorized Users ID & Access Mgmt File Encryption Authentication / PKI VPN Tools to Minimize Business Losses Forensic Tools Backup Compliance Business Recovery Source: SANS Copyright © 2005 Imanami Corporation. All Rights Reserved.

17 How does IdM fit into Security?
Object (user) lifecycle management Provisioning Change Deprovisioning Strong Authentication / SSO (RSO) n-1 Enterprise Access Management The Whole Enchilada Copyright © 2005 Imanami Corporation. All Rights Reserved.

18 Object Life Cycle Management Hire
Sally’s first day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Sally is Provisioned Sally entered into Peoplesoft. IdM adds Sally to AD. IdM assigns Sally to groups based on her role. IdM adds Sally to other systems based on role. Copyright © 2005 Imanami Corporation. All Rights Reserved.

19 Object Life Cycle Management Promotion
Sally’s second day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Sally is Changed Sally’s title is changed in Peoplesoft. IdM updates Sally in AD. IdM assigns adds and removes Sally to and from groups based on her role. IdM adds/removes Sally to/from other systems based on role. Copyright © 2005 Imanami Corporation. All Rights Reserved.

20 Object Life Cycle Management Retire
Sally’s last day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Sally is Deprovisioned Sally’s status changed in Peoplesoft. IdM disables Sally’s account in AD. IdM removes Sally from groups. IdM removes Sally from other systems. Copyright © 2005 Imanami Corporation. All Rights Reserved.

21 Strong Authentication / SSO Without IdM
Bill logs in from home 1. SecureID Card Access 2. Username & Password Access Copyright © 2005 Imanami Corporation. All Rights Reserved.

22 Strong Authentication / SSO With IdM
Bill logs in from home 1. SecureID Card Access Access Copyright © 2005 Imanami Corporation. All Rights Reserved.

23 Enterprise Access Management Hire without IdM
Jim’s first day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination Copyright © 2005 Imanami Corporation. All Rights Reserved.

24 Enterprise Access Management Hire with IdM
Jim’s first day at work PeopleSoft Active Directory Exchange Live Communications Server Avaya Faxination IdM Business Rules Copyright © 2005 Imanami Corporation. All Rights Reserved.

25 Regulatory Compliance
Accuracy Auditability Transparency Compliance Cost Time Errors Copyright © 2005 Imanami Corporation. All Rights Reserved.

26 Trends of IdM in Security
RSA has more announcements of identity based approaches of agile and integrated security. There is an upcoming paradigm shift, where identity will allow security across dynamic distributed systems. So as security functions become packaged as appliances that can all be integrated and managed with federated protocols that allow centralized policies to create security and auditability, "security" is relentlessly morphing into "management by identity.“ - Phil Becker, Editor, Digital ID World Copyright © 2005 Imanami Corporation. All Rights Reserved.

27 Realizing the Potential of Digital Identity
Deployment considerations, lessons learned: Begin by cleaning your own identity house Start looking at how you use identity, authoritative sources, processes You still need LDAP directory, meta-directory, and provisioning One tool or one suite won’t solve all your IdM problems 80% politics and business, 20% technology Your mileage may vary, but build in time to get stakeholders on board Carefully scope the problem you’re trying to solve Manage expectations: Don’t try to solve all problems at once Pick projects with early demonstrable results; it’s a long journey, with small steps Build momentum (and political capital) for next phase(s) All of these are 100% independent of product selection Copyright © 2005 Imanami Corporation. All Rights Reserved.

28 Contact Resources Robert Haaverson, CEO Imanami Corporation
Resources Digital ID World, May 9-12 Hyatt Embarcadero, San Francisco Digital ID World Magazine – Burton Group – Open Group – Sans What Works – Copyright © 2005 Imanami Corporation. All Rights Reserved.

Download ppt "Robert Haaverson Imanami Corporation"

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA.

Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA.
Privileged Identity Management Enterprise Password Vault

Privileged Identity Management Enterprise Password Vault
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
IdM & OpenID Present by Fangli cai Prantap Bedi. The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes.

IdM & OpenID Present by Fangli cai Prantap Bedi. The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes.
Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.

Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.
Copyright © 2005 Imanami Corporation. All Rights Reserved.1 IdM & Security Robert Haaverson Imanami Corporation.

Copyright © 2005 Imanami Corporation. All Rights Reserved.1 IdM & Security Robert Haaverson Imanami Corporation.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Understanding Active Directory

Understanding Active Directory
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Identity and Access Management Dustin Puryear Sr. Consultant, Puryear IT, LLC

Identity and Access Management Dustin Puryear Sr. Consultant, Puryear IT, LLC
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Similar presentations

Ads by Google