More Related Content Similar to Novell Access Governance Suite Similar to Novell Access Governance Suite (20) Novell Access Governance Suite1. Novell Access Governance Suite
®
Overview and Business Case
Ross Chevalier
CTO Americas, President Novell Canada
Novell, Inc / rchevalier@novell.ca
3. Reduce Cost
Manage Complexity
Mitigate Risk
3 © Novell, Inc. All rights reserved.
4. Our Conversation Today
• Quick Access Governance Review
• Motivating Factors
• Opening Questions
• Cost Containment
• Cost Avoidance
• Risk Avoidance
• Positive Financial Impact
• Call to Action
4 © Novell, Inc. All rights reserved.
5. Risk to the Enterprise is Rising
Security Breaches
Compliance Violations
Growth Challenges
Identity Theft
Privacy Concerns
Significant Risk, Cost and Exposure
5 © Novell, Inc. All rights reserved.
6. Growing Risk, Growing Regulations
Gramm-Leach-Bliley
PCI-
DSS Basel II
Sarbanes-
FISMA
Oxley
HIPAA HSPD-12
6 © Novell, Inc. All rights reserved.
7. “Governance, Risk and Compliance
(GRC) remains an intensely human
effort. Two-thirds of budget are
earmarked for people-related
expenses (services plus head count).”
– AMR
Research
7 © Novell, Inc. All rights reserved.
8. Access Governance is Dynamic
Exceptions and Access Requests
Conditions and Changes
Provide Visibility Regular
for Modeling Continuous Review and
Access Lifecycle Certification
Management
Metrics for
Management and Access Rights
Maintenance Remediation
and Validation
8 © Novell, Inc. All rights reserved.
10. Role of Identity Management
Automation and Validation
10 © Novell, Inc. All rights reserved.
11. Motivating Factors
• Government Regulation
• External Auditor Pressure
– “The Ding List”
• Reduce Direct Expense
• Organizational Impact
• Increasing Accountability and Engagement
• Manual models consistently fail
11 © Novell, Inc. All rights reserved.
12. Some Opening Questions...
• Business Model
– B2B, B2C, Multinational
• Annual Revenue
• Employee Count
• Business unit manager engagement
– Review and re certification
• Number of annual access reviews
– Number of users reviewed per review cycle
– Number of unique certification reviews
• Is the data easy to understand?
• Is there rubber-stamping?
12 © Novell, Inc. All rights reserved.
13. Regulatory Scope Assessment
• Financial Reporting
– SOX, CA 52-313, Turnbull, LSF, Transparency Directive, JSOX,
MAR
• Industry Mandated Initiatives
– Basel II, GLBA, FERC/NERC, FFIEC, FISMA, HIPAA/HITECH,
ITAR
• Privacy Mandates
– PCI, State Based (CA 1386, MA Privacy 201), Country Based
(Pipeda)
13 © Novell, Inc. All rights reserved.
14. Cost Containment
• Compliance Audit Cost
– Internal Staff Costs
– External Fees
• Corporate Loss of Productivity
– Can be significant
• Staff Reduction/Redeployment
– Put the right people on the right tasks
14 © Novell, Inc. All rights reserved.
15. Cost Containment Example
Expense
Automation Savings
Cost Containment Department Function Cost Reduction Annually
Compliance Audit
Cost Audit 25 Applications $250,000 25% $62,500
150 BU,
Corporate Loss of Certification and
Productivity Business Access Reviewers $90 50% $202,500
IT 7 FTEs doing data
Compliance gathering, assessment
Staff Reduction and Security and reporting $55 33% $264,264
Total $529,264
15 © Novell, Inc. All rights reserved.
16. Cost Avoidance
• Fines and Penalties
• Operational Impact
– Response and Notification
– Customer Revenue Loss
– Customer Replacement Cost
– Service Availability
– Brand
16 © Novell, Inc. All rights reserved.
17. Cost Avoidance Example
Cost Avoidance Potential
(Loss of 100,000 Cost to
Customer Records) Actual Loss Unit Cost Impact Inherent Risk Business
Fines and Penalties
(SOX, Privacy, PCI et.
al.) $1,000,000 33% $330,000
Operational Impact –
Response and
Notification 100,000 $50 $5,000,000 33% $1,650,000
Operational Impact –
Customer Revenue
Loss 7000 $54/mth x 12 months $4,536,000 33% $1,496,880
Operational Impact –
Customer
Replacement Cost
(Marketing) 7000 $280 $1,960,000 33% $646,800
Operational Impact – System $23,000/hr revenue
Service Availability Outage 6 hrs. loss $138,000 100% $138,000
Operational Impact –
Brand $3,000,000 33% $990,000
Total $5,251,680
17 © Novell, Inc. All rights reserved.
18. Risk Avoidance
• Inappropriate access to systems and data
• Aged entitlements and entitlement creep
• Orphaned accounts and entitlements
– “User” gone but access remains
• Reduces data entry errors
• Manage data location/copies
• Breach preparedness
18 © Novell, Inc. All rights reserved.
19. Positive Financial Outcomes
• Reduction in operational costs going forward
• Reduction in “firedrill effects”
• Increased corporate confidence
– Reduces the “are you sure?”
– Creates real-time reporting and dashboards
• Better positioned for future demand
19 © Novell, Inc. All rights reserved.
20. Call to Action
• Visit the Access Governance Suite (AGS) table (#A14)
in IT Central to view a demo
• Work with your Novell Client Executive, Product Sales
®
Specialist or Novell Partner to:
– Arrange an private AGS assessment using these tools
– Build your corporate business case based upon the report
– Secure budget to proceed
– Engage with the first phase of the Access Governance Project
> Measure consistently
> Keep the loop closed and feedback coming
> Strengthen the case for follow-on phases
20 © Novell, Inc. All rights reserved.
22. Novell ®
Making IT
Work As One™
+ Reduce Cost
+ Manage Complexity
+ Mitigate Risk
22 © Novell, Inc. All rights reserved.
24. Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.