Contenu connexe Similaire à Introduction to Identity Management (20) Plus de Hitachi ID Systems, Inc. (20) Introduction to Identity Management1. 1 Introduction to Identity Management
Managing the User Lifecycle
Across On-Premises and
Cloud-Hosted Applications
An overview of business drivers and technology solutions.
2 Identity and Access Needs are Ever-Changing
Digital identities require frequent updates to
reflect business changes:
Complexity creates delay and reliability
problems:
• Who? (Types of users):
Employees, contractors, vendors,
partners, customers.
• Why? (Business events):
Hire, move, change job function,
terminate.
• What? (Change types:)
Create/move/disable/delete user, update
identity data and entitlements, reset
passwords.
• Where? (Applications:)
AD, Exchange, Notes, ERP, Linux/Unix,
database, mainframe, physical assets.
• Productivity:
Slow onboarding, change fulfillment.
• Cost:
Many FTEs needed to implement security
changes.
• Security:
Unreliable access termination,
inappropriate user entitlements. Enforce
SoD policies.
• Accountability:
Who has access to what? How/when did
they get it?
© 2015 Hitachi ID Systems, Inc. All rights reserved. 1
2. Slide Presentation
3 IAM in Silos
In most organizations, many processes affect many applications.
This many-to-many relationship creates complexity:
4 Identity and Access Problems
For users For IT support
• How to request a change?
• Who must approve the change?
• When will the change be completed?
• Too many passwords.
• Too many login prompts.
• Onboarding, deactivation across many
apps is challenging.
• More apps all the time!
• What data is trustworthy and what is
obsolete?
• Not notified of new-hires/terminations on
time.
• Hard to interpret end user requests.
• Who can request, who should authorize
changes?
• What entitlements are appropriate for
each user?
• The problems increase as scope grows
from internal to external.
© 2015 Hitachi ID Systems, Inc. All rights reserved. 2
3. Slide Presentation
5 Identity and Access Problems (continued)
For Security / risk / audit For Developers
• Orphan, dormant accounts.
• Too many people with privileged access.
• Static admin, service passwords a
security risk.
• Weak password, password-reset
processes.
• Inappropriate, outdated entitlements.
• Who owns ID X on system Y?
• Who approved entitlement W on system
Z?
• Limited/unreliable audit logs in apps.
• Need temporary access (e.g., prod
migration).
• Half the code in every new app is the
same:
– Identify.
– Authenticate.
– Authorize.
– Audit.
– Manage the above.
• Mistakes in this infrastructure create
security holes.
6 Externalize IAM From Application Silos
• The problem with IAM is complexity, due to silos.
• The obvious solution is to extract IAM functions from system and application silos.
• A shared infrastructure for managing users, their authentication factors and their security
entitlements is the answer.
© 2015 Hitachi ID Systems, Inc. All rights reserved. 3
4. Slide Presentation
7 Integrated IAM Processes
Business Processes
Systems and Applications
Users
Passwords
Groups
Attributes
IT Processes
Hire Retire New Application Retire ApplicationResign Finish Contract
ApplicationOperating
System
DatabaseDirectory E-mail
System
ERP Legacy
App
Mainframe
Transfer Fire Start Contract Password Expiry Password Reset
Identity and Access Management System
8 Business Drivers for IAM
Security / controls. • Reliable deactivation.
• Strong authentication.
• Appropriate security entitlements.
Regulatory
compliance.
• PCI-DSS, SOX, HIPAA, EU Privacy Directive, etc.
• Audit user access rights.
IT support costs. • Help desk call volume.
• Time/effort to manage access rights.
Service / SLA. • Faster onboarding.
• Simpler request / approvals process.
• Reduce burden of too many login prompts and passwords.
© 2015 Hitachi ID Systems, Inc. All rights reserved. 4
5. Slide Presentation
9 IAM Strengthens Security
• Reliable and prompt global access termination.
• Reliable, global answers to "Who has What?"
• Access change audit trails.
• Sound authentication prior to password resets.
• Security policy enforcement: strong passwords, regular password changes, change authorization
processes, SoD enforcement, new user standards, etc.
• Regulatory compliance: HIPAA, Sarbanes-Oxley, 21CFR11, etc.
10 Cost Savings
Cost Item Before After Savings
Help desk cost of
password resets:
New hire lost
productivity
Access change
lost productivity
10,000 x 3 x $25
= $750,000 / year
10,000 x 10% x 10 x
$400 x 50%
= $2M / year
10,000 x 2 x 2 x
$400 x 10%
= $1.6M / year
10,000 x 2 x 1 x
$400 x 10%
= $800,000 / year
10,000 x 10% x 1 x
$400 x 50%
= $200,000 / year
= $1.8M / year
= $800,000 / year
10,000 x .6 x $13
= $78,000 / year
= $672,000 / year
© 2015 Hitachi ID Systems, Inc. All rights reserved. 5
6. Slide Presentation
11 Elements of IAM
Identity and access
management solutions
may incorporate many
components, from
multiple vendors:
Resource
Access
Requests
ID
Reconciliation
Access
Certification
User
Provisioning
Password
Management
Enterprise
Single
Signon
Web
Single
Signon
Virtual
Directory
Directory
Identity
Synchronization
System of
Record
Hitachi ID Systems
Partners
Telephone
Password
Reset
Privileged
Access
Management
Strong
Authentication
Federation
Role
Management
12 Summary
• The problem with managing identities, security entitlements, passwords and related data is a
business, not a technology problem:
– Too many business events, which impact
– Too many systems and applications.
• Technology solutions are available to address these problems:
– Password synchronization and reset
– Automated user provisioning and deactivation.
– Identity synchronization.
– Enforcement of policies using segregation-of-duties and roles.
– Periodic access review and cleanup (certification).
– Various kinds of single signon.
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
Date: May 22, 2015 File: PRCS:pres