Ce support présente comment la gouvernance des identités (IAG) dans le cadre de la conformité peut permettre de :
Comprendre qui a accès à quoi à tout moment, et ce que peuvent faire effectivement les utilisateurs du SI avec leurs habilitations ;
Garantir la réussite des projets de provisioning et capitaliser dessus ;
Renforcer la conformité aux diverses réglementations en vigueur , tout en économisant du temps
et, dans le cadre de l’Entreprise Étendue, faciliter l'émergence de nouveaux modèles de business
La solution de SailPoint est présentée pour démontrer comment une solution IAM de nouvelle génération peut aider une organisation à assurer sa mise en conformité de manière efficace et à la maintenir dans la durée.
La gouvernance IAM au service des stratégies métiers
1. La gouvernance IAM au service
des stratégies métiers
Chris Norman
Partner – Deloitte
Marc Rousselet
Directeur - KERNEL Networks
Séminaire du 13 Juin 2012
15. Un leader reconnu par les analystes
The Magic Quadrant is copyrighted 2011 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's
analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not
advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner
disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
These Magic Quadrant graphics were published by Gartner, Inc. as part of larger research notes and should be evaluated in the context of the entire reports. The Gartner reports are available upon request
from SailPoint.
The Forrester Wave is copyrighted 2011 by Forrester Research, Inc. and is reissued with permission. The Forrester report is available upon request from SailPoint
Gartner Magic
Quadrant
pour la Gouvernance de
l‘Identité et des Accès (IAG)
Q4 2011
Forrester Wave
pour la gestion des rôles et
la re-certifications des
accès
Q3 2011
28. IAG at Sanofi
The first chapter…
Deloitte – Kernel – SailPoint seminar
June 13, 2012
29. Topics
Introduce Sanofi to you
IAG challenges
IAG approach
Lessons Learning
La gouvernance IAM au service des stratégies métiers | 29
30. Sanofi
| 30
Diversified Global Health Care Leader
Pharmaceuticals
Vaccines
Animal Health
112,000 employees focused on patient needs in 100 countries
2011 Net Sales € 33.4 billion
Substantial growth through acquisition and partnership
La gouvernance IAM au service des stratégies métiers
31. Transformations Driving IAG
Sanofi was built from hundreds of mergers, acquisitions, and
partnerships each with its own culture, processes, systems,
etc…
● Business Transformations
● IT Transformations
●
| 31La gouvernance IAM au service des stratégies métiers
32. IAG Challenges
Sanofi is compliant to all regulatory requirements… but we can do it better.
La gouvernance IAM au service des stratégies métiers | 32
● No single organization has overall IAG responsibility
● Conflicting needs and priorities
● Diametrically opposed user requirements
● No common vocabulary
● Legacy tool owners and implementations.
● Many ‘Perfect’ solutions for limited scopes
● No visibility to what is currently being done, who is
doing it, what it costs, etc…
● Multiple duplicate audits
● Budget
33. Sanofi IAG Approach
● Have agreement on the IAG ‘opportunities’
● Building agreement on IAG strategy, roadmap, and vision.
● Finding the right Sponsorship and Governance levels
● Service Foundation Approach for Overall Program
● Governance-Based Approach for Implementation
● Leverage existing projects / approved budgets
● Fit projects into larger roadmap
● Explore key identity features with POCs
● Build the service for continual change
● Org. changes
● Technical changes
All are ‘business as usual’
| 33La gouvernance IAM au service des stratégies métiers
34. Service Governance and Operation
| 34
Strategic
Stakeholders
Service Management/
Operations Board
Technical Advisory
Board
Service
Governance
Board
Service Design
Service Operation
Strategic
External
Partners
La gouvernance IAM au service des stratégies métiers
35. Huge demand for IAG functionality…
Finding the right initial project…
| 35
Extranet
Identity
Joiners,
Leavers,
Movers
IAG Self
Service
Enterprise Directory
Priv. Access for
Infrastructure & Apps
IAG Projects
SOD
Harmonized Audit
Unique ID
Rapid Provisioning Sharepoint Access
La gouvernance IAM au service des stratégies métiers
36. Service Foundation Approach Example:
PAM Infrastructure
● Principles
● “Test and Dev. infrastructure no different than production.”
● “SAS-70 outsources are not reapproved.”
● “No regional or site admins.”
● Vocabulary
● Processes with KPIs
● Map out IAG business processes with target key KPIs built in.
● Standards
● Recertification is annual or more often
● Naming standards,
● Practices
● Internal IAG Service team defines way of working
● IAG Roles
● Etc…
| 36
PAM = Privileged Access Management
La gouvernance IAM au service des stratégies métiers
37. Moving forward
● IdentityIQ accepted as Sanofi’s IAG solution
● Integration with our BMC solution for ITSM services
● Provisioning integration with Oracle, etc. – protect existing
investments.
● Launching several IAG based projects:
● Single PAM SOP for all Infrastructure.
● Replace existing Identity solution for Extranet
● Provide Unique Identifier for all identities with IdentityIQ
● Manager data available from SAP HR instance needs Enterprise
Directory
● Joiners, Leavers, Movers
● Organization
● Consolidating “User Account Management” responsibilities and teams
for all core tasks… Service Architecture and Development
● Relying on IAG partner… SailPoint, SP Partners, Deloitte, Kernel, etc..
| 37La gouvernance IAM au service des stratégies métiers
38. Lessons Learning… are not surprising
● IAG is huge….
● Strong partners
● Obvious product knowledge
● Great advise how to position IAG as project, program, and technology
● Networks with other clients
● Tell you what you think is a great idea…. may not be…
● Organizational .. Managing change
● IAG will touch every part of the business
● We started with a wide survey and study – very well received
● Dangers
● Appearing to throw out everyone else’s hard work.
● Biting off too much…
● Customizing too much..
● Expecting the organization to remain static
| 38La gouvernance IAM au service des stratégies métiers
39. Your Questions or Comments
| 39La gouvernance IAM au service des stratégies métiers