CNIC Information System with Pakdata Cf In Pakistan
IAM
1. Digital Law
Identity & access management
Jacques Folon
www.folon.com
Partner Edge Consulting
Maître de conférences
Université de Liège
Chargé de cours
ICHEC Brussels Management School
Professeur invité
Université de Lorraine (Metz)
ESC Rennes
http://www.nyls.edu/institute_for_information_law_and_policy/conferences/visualizing_law_in_the_digital_age/
2. IAM
1. IAM?
2. Preset context?
3. IAM & cloud computing
4. Why is it useful and
mandatory?
5. To do list
6. IAM & privacy
7. IAM & control
8. e-discovery
9. Conclusion
6. Q: What’s posted on this
monitor?
a – password to financial application
b – phone messages
c – to-do’s
7. Q: What determines your
employee’s access?
a – give Alice whatever Wally has
b – roles, attributes, and requests
c – whatever her manager says
8. Q: Who is the most privileged
user in your enterprise?
a – security administrator
b – CFO
c – the summer intern who is now working
for your competitor
9. Q: How secure is your
identity data?
a – It is in 18 different secured stores
b – We protect the admin passwords
c – Privacy? We don’t hold credit card
numbers
10. Q: How much are manual
compliance controls costing
your organization?
a – nothing, no new headcount
b – don’t ask
c – don’t know
11. Today’s IT Challenges
More Agile Business
• More accessibility for employees,
customers and partners
• Higher level of B2B integrations
• Faster reaction to changing requirements
More Secured Business
• Organized crime
• Identity theft
• Intellectual property theft
• Constant global threats
More Compliant Business
• Increasing regulatory demands
• Increasing privacy concerns
• Business viability concerns
12. State Of Security In Enterprise
• Incomplete
• Multiple point solutions from many vendors
• Disparate technologies that don’t work together
• Complex
• Repeated point-to-point integrations
• Mostly manual operations
• ‘Non-compliant’
• Difficult to enforce consistent set of policies
• Difficult to measure compliance with those policies
13. Identity Management Values
• Trusted and reliable security
• Efficient regulatory compliance
• Lower administrative and development costs
• Enable online business networks
• Better end-user experience
16. 17
IAM INCLUDES
• DATABASE OF ALL AND EVERY USER
•DATABASE OF ALL TYPE OF PROFILES
& ROLES
•DEFINITION BEFOREHAND
•DEFINE WICH ROLE FOR WICH
EMPLOYEE
•DEFINITION OF LOGIN & PASSWORDS
•AUDIT
•REPORTING
•ACCESS CONTROL
source clusif
18. 19
Identity and Access Management is the process for managing the
lifecycle of digital identities and access for people, systems and
services. This includes:
User Management – management of large, changing user
populations along with delegated- and self-service
administration.
Access Management – allows applications to authenticate
users and allow access to resources based upon policy.
Provisioning and De-Provisioning – automates account
propagation across applications and systems.
Audit and Reporting – review access privileges, validate
changes, and manage accountability.
CA
IAM : J. Tony Goulding CISSP, ITIL CA t ony.goulding@ca.com
27. • Internet is based on IP identification
• everybody has different profiles
• Each platform has a different
authentification system
• Users are the weakest link
• Cybercrime increases
• Controls means identification
• Data privacy imposes controls & security
• e-discovery imposes ECM
Welcome to a digital world
28.
29. Explosion of IDs
Pre 1980’s 1980’s 1990’s 2000’s
# of
Digital IDs
Time
Applications
Mainframe
Client Server
Internet
Business
Automation
Company
(B2E)
Partners
(B2B)
Customers
(B2C)
Mobility
Source: Identity and Access Management: OverviewRafal Lukawiecki - Strategic Consultant, Project Botticelli Ltd rafal@projectbotticelli.co.uk
30. The Disconnected Reality
• “Identity Chaos”
– Many users
– Many ID
– Many log in & passwords
– Multiple repositories of identity information
– Multiple user IDs, multiple passwords
Enterprise Directory
HR
Infra
Application
Office
In-House
Application
External app
Finance
employee
Application
•Authentication
•Authorization
•Identity Data
•Authentication
•Authorization
•Identity Data
•Authentication
•Authorization
•Identity Data
•Authentication
•Authorization
•Identity Data
•Authorization
•Identity Data
•Authentication
•Authentication
•Authorization
•Identity Data
•Authentication
•Authorization
•Identity Data
Source: Identity and Access Management: OverviewRafal Lukawiecki - Strategic Consultant, Project Botticelli Ltd rafal@projectbotticelli.co.uk
32. Trends Impacting Identity
Increasing Threat Landscape
Identity theft costs banks and credit card issuers $1.2 billion in 1 yr
•$250 billion lost from exposure of confidential info
Maintenance Costs Dominate IT Budget
On average employees need access to 16 apps and systems
•Companies spend $20-30 per user per year for PW resets
Deeper Line of Business Automation and Integration
One half of all enterprises have SOA under development
•Web services spending growing 45%
Rising Tide of Regulation and Compliance
SOX, HIPAA, GLB, Basel II, 21 CFR Part 11, …
•$15.5 billion spend on compliance (analyst estimate)
Data Sources: Gartner, AMR Research, IDC, eMarketer, U.S. Department. of Justice
36. First,
What the heck is
Cloud Computing
First, what the heck is
Cloud Computing?
…in simple, plain
English please!
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
37. Let’s use a simple analogy
Say you just
moved to a city,
and you’re looking
for a nice
place to
live
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
38. You can either
Build a house
or
Rent an
apartment
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
39. If you build a house, there are a few
important decisions you have to make…
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
40. How big is the house?
are you planning to grow a large
family?
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
41. Remodel, addition typically cost a lot more once the
house is built
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
42. But, you get a
chance to
customize it
Roof
Andy Harjanto I’m cloud confused
43. Once the house is built,
you’re
responsible for
maintenance
Hire Landscaper
Electrician
Plumber
Pay
property tax
Electricity
Water
Gutter Cleaning
Heating and Cooling
House Keeping
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
45. Consider a builder in your city builds a
Huge
number of apartment units
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
46. A unit can easily be converted
into a 2,3,4 or more units
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
47. You make a fewer,
simpler
decisions
You can start with one
unit and grow later, or
downsize
Andy Harjanto I’m cloud confused
http://www.andyharjanto.com
48. But…
You do not
have
a lot of
options to
customize
your unit Andy Harjanto I’m cloud confuse
d http://www.andyharjanto.com
49. However, builders provide you with
very high quality infrastructure
high speed Internet
high capacity electricity
triple pane windows
green materials
50. No need to worry
about maintenance
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
51. Just pay your
rent
and utilities
Pay as You Go
Andy Harjanto I’m cloud confused
http://www.andyharjanto.com
61. Let’s Hire an Army of IT Engineers
Software Upgrade
Support
Backup/Restore
Service Pack
Development
Network issues
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
62. Let’s Build
Huge Data
Center
Capacity Planning
Disaster Plan
Cooling Management
Server
Crashes
Andy Harjanto I’m cloud confused
http://www.andyharjanto.com
63. Your data is replicated
3 or 4 times in their data
center
High Availability
64. Adding “servers” is a click
away.
Running in just minutes, not
days
HighTraffic?
67. Yes, you can even pick
where your data
and “servers” reside
Don’t forget data privacy issues
68. So we know what
Cloud is and the
choice we have
69. Cloud Computing: Definition
• No Unique Definition or General Consensus about what Cloud
Computing is …
• Different Perspectives & Focuses (Platform, SW, Service Levels…)
• Flavours:
– Computing and IT Resources Accessible Online
– Dynamically Scalable Computing Power
– Virtualization of Resources
– Access to (potentially) Composable & Interchangeable Services
– Abstraction of IT Infrastructure
! No need to understand its implementation: use Services & their APIs
– Some current players, at the Infrastructure & Service Level:
SalesfoRce.com, Google Apps, Amazon, Yahoo, Microsoft, IBM, HP, etc.
The Future of Identity in the Cloud: Requirements, Risks & OpportunitiesMarco Casassa Mont marco.casassa-mont@hp.com HP Labs Systems Security Lab Bristol, UK - EEMA e-Identity Conference, 2009
78. IAM Benefits
Benefits to take you
forward
(Strategic)
Benefits today
(Tactical)
Save money and improve operational
efficiency
Improved time to deliver applications and
service
Enhance Security
Regulatory Compliance and Audit
New ways of working
Improved time to market
Closer Supplier, Customer,
Partner and Employee relationships
Source: Identity and Access Management: OverviewRafal Lukawiecki - Strategic Consultant, Project Botticelli Ltd rafal@projectbotticelli.co.uk