5. EVOLUTION OF IDENTITY AND ITS IMPACT
Employees
Perimeter
Employees
and Partners
Consumers
Perimeter-less
Federation
Cloud / SaaS
Things
Perimeter-less
Federation
Cloud / SaaS
Mobility
Relationships
Attributes
Context
Stateless
IT EFFICIENCY
IT COMPLIANCE
SECURITY
API
AI
API
BUSINESS AGILITY
UX
Perimeter
Federation
Source: Optiv
7. GOAL:
Become an independent source of education and
information on identity-centric security
strategies.
MISSION:
The Identity Defined Security Alliance is a
non-profit organization that facilitates
community collaboration to develop a
framework and practical guidance that
helps organizations put identity at the center
of their security strategy.
12. Once user roles and entitlements are
defined, high profile users should require a
level of assurance of authentication to match
the value of the protected asset.
IAM Best PracticePutting Identity-Centric Security to Work – IAM Best Practice (Sample)
13. IGA+PAM:
Aggregation of Direct & Effective Privileged Access for each
IdentityIntegrate Components:
• Identity Governance + Privileged Account
Management
What Happens:
• All privileged access provided by the PAM
system is imported and maintained in the
Identity Governance system
Value to Organization:
• Understand who has access to privileged
accounts
Putting Identity-Centric Security to Work – Security Controls
14. IGA+PAM:
SoD Policy Enforcement across Privileged Accounts
Integrate Components:
• Identity Governance + Privileged Account
Management
Pre-requisite:
• Aggregation of Direct & Effective Privileged Access
for each Identity
What Happens:
• Toxic combinations of privileged access are reduced
via detective and preventive controls
Value to Organization:
• Reduction in fraud and other access abuse scenarios
Putting Identity-Centric Security to Work – Security Controls
15. IGA+PAM:
Certification of Privileged Accounts
Integrate Components:
• Identity Governance + Privileged Account Management
Pre-requisite:
• Aggregation of Direct & Effective Privileged Access for
each Identity
What Happens:
• Supervisors and/or application owners review and
approve/deny privileged access for specific users and
groups, either periodically or as driven by a life cycle event
Value to Organization:
• Continuous pruning of unnecessary privileged access,
reducing the risk of privileged credential abuse
Putting Identity-Centric Security to Work – Security Controls
16. IGA+SIEM/UEBA:
Semi-automated Identity Governance for Incident Response
Integrate Components:
• Identity Governance + SIEM or UEBA
What Happens:
• Security incident involving a specific
identity is routed to that identity’s supervisor
for review and response
Value to Organization:
• Business context (e.g., supervisor’s
knowledge of an employee’s situation)
enables efficient incident response
Putting Identity-Centric Security to Work – Security Controls
17. IGA+SIEM/UEBA:
Automated Identity Governance for Incident Response
Integrate Components:
• Identity Governance + SIEM or UEBA
What Happens:
• Security incident involving a specific
identity automatically triggers entitlement
suspension or dynamic re-certification
Value to Organization:
• Identity- and entitlement-specific control
enables a proportional and targeted response
to security incident
Putting Identity-Centric Security to Work – Security Controls
19. LEARN FROM YOUR PEERS
Adobe Finds ZEN Using Identity-Centric Security
“Working with the IDSA is a great
opportunity to help drive innovation across
the tech industry with vendors and solution
providers alike. Adobe benefits through
exposure to vendors, use cases and
community best practices that help elevate
and strengthen our identity and security
teams.”
Den Jones
Director of Enterprise Security, Adobe