Upload
billy82
View
719
Download
1
Embed Size (px)
DESCRIPTION
Citation preview
Beyond the Password:Business Enablement Through IAM
Ken Williams, CISSP, CFEVice President, Technology ServicesCA, Inc.
2 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
25 years in risk management domain: Ken is Vice President for CA, Inc. in Canada with over 25 years of experience in the enterprise risk services
specializing in enterprise security architectures, information security operations, and regulatory compliance solutions globally within the banking, healthcare, government and telecommunications sector.
Ken manages CA’s Technology Services within the below sectors:HealthcareBanking & FinanceGas & OilElectricity & PowerTransportationTelecommunicationsLocal, State, FederalEmergency Services
Ken has authored technical security standards for State and Federal Government Agencies, Regional Banks, Regional Telecommunications carriers and authored technology white papers in the area of information security and regulatory compliance.
Prior to CA, Ken was a manager in the KPMG LLP Information Risk Management practice, Chief Security Officer of a international telecommunications provider, and founder of META Security Group .
Extensive past / present credentials:Certified Fraud Examiner (CFE)Certified Homeland Security Consultant (CHS)Certified Information Systems Security Professional (CISSP)Certified Protection Professional (CPP)Certified IT Infrastructure Library (ITIL)Defense Security Services – Active T/S Clearance
About Ken Williams
3 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Abstract
Enterprise security is a quality that must be embedded into all corporate functions.
We are experiencing a convergence of the need for reliability, privacy and accountability.
Commerce and IT are interconnected in ways that could not have been envisioned a generation ago.
Data security and privacy concerns are pervasive, while threats include situations that are simultaneously intentional and difficult to quantify and anticipate.
The only logical response to the requirement to maintain financial integrity, investor confidence and sustainable operations, is a program with a comprehensive approach to corporate governance as it relates to information management, security and availability.
4 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
What CSOs and CIOs are Telling Us
Costly to manage user accounts
Vulnerabilities are expensive
Security data overload is real
Must reduce corporate liability
Need to demonstrate regulatory compliance
(PIPEDA, HIPAA, Sarbanes-Oxley)
5 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
On-Demand Security Challenges…
Provision users automatically
Assess and fix vulnerabilities
Deliver instant security for regulatory compliance
Securely manage events and take action
6 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Lack of transparency into business processes, business data and IT operations leads to lack of required corporate oversight
Unavailable business-critical applications and processes
Inefficient and labor-intensive operations; insufficient information on for budgeting and planning
Security breaches; loss of critical business data; inconsistent processes
Uninformed procurement; unnecessary hardware and software
Governance
Compliance
Operating Costs
Capital Costs
Losses/Risk
Downtime
Agility and Time to Market
Slow and costly change, inflexible business processes
Fines and/or sanctions for non-compliance
These issues have been top-of-mind for the last several years, and remain so today
Today’s Business Challenges
7 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Today’s IT Challenges
IT organizations are still grappling with solving Increasing complexity Labor-intensive Underutilized assets Security incidents Lack of transparency Extended enterprise Compliance and IT governance
The result is a lack of alignment between IT and business needs
8 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
“95% of IT organizations still create IT strategic plans without fully understanding the business benefits … It is these plans that fall by the wayside … CIOs must create more focused, business-friendly, and actionable plans.”
--Meta (March 2005)
To date, CIOs have not had the tools available to: Create a business-driven IT organization Solve business challenges, and Manage IT operations like a business
This is the mandate for the next phase of IT evolution
To Meet These Challenges, IT Must Evolve
9 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Business Benefits of IAM Functionality
INFORMATION CONSOLIDATION
AUTHENTICATION & AUTHORIZATION
REGISTRATION & ENROLLMENT
SINGLE SIGN-ON
Enabling a comprehensive picture of the entire organizational data
Facilitating an easy implementation of future applications
Managing resources more effectively
Scaling security
Increasing control
Eliminating redundancy in data management
Securing the company’s reputation
Attracting prospective customers to do business online
Securing important corporate data such as branding info
Complying with regulations such HIPAA, Gramm -Leach-Bliley act, 21 CFR part 11 and the Sarbanes-Oxley act
Scaling organizational security
Reducing account management time
Streamlining business processes
Delivering better web services
Increasing productivity of help-desk and IT services
Increasing satisfaction of both internal and external users
Reducing calls to help desk
Enabling easy access with one account and one password
Reducing account management time
Improving help-desk services
Delivering a better client web experience
Increasing user satisfaction
10 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Business Benefits of IAM Functionality
PASSWORD MANAGEMENT
DELEGATED ADMINISTRATION & SELF-SERVICES
AUDIT PROVISIONING & FEDERATED IDENTITY
Increasing organizational security
Eliminating calls to help-desk regarding password reset
Closing security gaps
Reducing account management time
Increasing user satisfaction
Reducing account management time
Increasing IT & help desk productivity
Decentralizing organizational control
Complying with regulations
Increasing control and management of information flow
Maintaining security through de-provisioning on termination, user clean-up and robust auditing capabilities
Managing access rights through centralized user management and delegated administration
Providing automated workflow
Addressing e-business initiatives promptly and efficiently to gain and maintain market share
Leveraging the system across the value chain and strengthening commitment
11 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
BUSINESS FACILITATION
COST CONTAINMEN
T
OPERATIONAL EFFICIENCY
RISK MANAGMEN
T
USER SATISFACTIO
N
REGULATORY
COMPLIANCE
Information Consolidation
Authentication and Authorization
Registration & Enrollment
Single Sign-On
Password Management
Delegated Administration & Self-Service
Audit
Provisioning & Federated Identity
Business Impact of IAM Functionality
12 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Where Do Savings Come From?
Increasing revenue IAM facilitates repeat business by improving online business. IAM attracts new business by improving the organizational image. IAM facilitates new business by enabling federated identity and
convenient web access. Cutting costs
IAM streamlines business processes. IAM reduces future costs by spending less on new capabilities. IAM scales organizational security. IAM is doing more with less. IAM increases organizational productivity.
13 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Where Do Savings Come From?
Complying with regulation IAM helps avoid fines related to non-compliance with regulation.
IAM supports business opportunities by enabling the organization to work with existing or prospective customers and suppliers who have already achieved a certain security level.
IAM makes the organization competitive by matching your competitor’s existing regulation compliance.
14 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Where Do Savings Come From? (p2)
Reducing risk IAM prevents loss resulting from damage to the supply chain.
IAM prevents monetary loss resulting from an accounting system breach.
IAM keeps intellectual property and competitive information safe.
IAM provides legal protection the organization.
15 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Key Questions Every Organization Must Consider
What is the maximum capacity of your current system?
What is the average growth in application development?
What is the average impact of a reorganization?
How often does a reorganization occur?
What is the average turnover?
What menial tasks you would like to eliminate?
How long does it take to set up a new user in the current system?
16 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Key Questions Every Organization Must Consider (p2)
What is the cost associated with this process?
How many users (customers, partners) will be given access?
What is your annual application management cost?
What is the cost of new user management?
What is the annual cost of existing user management?
What is the cost by security feature, per application?
What is the financial impact of faster access to applications?
17 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Aligning To Needs
18 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Enterprise IT Management VisionTo Manage & Secure It All
Application EnvironmentsApplication Environments
AssetsAssetsUsersUsers
Business ProcessesBusiness Processes
IT ServicesIT Services
IT Processes & Best PracticesIT Processes & Best Practices
Sec
urity M
anag
emen
tS
ecu
rity Man
agem
ent
En
terprise S
ystem
s Ma
nag
emen
tE
nterp
rise Syste
ms M
an
agem
ent
Bu
siness S
ervice Op
timizatio
nB
usin
ess Service O
ptim
ization
Sto
rage
Man
agem
ent
Sto
rage
Man
agem
ent
19 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Enterprise IT Management
Enterprise IT Management (EITM) is CA’s vision and strategy for integrated IT management across traditionally distinct IT disciplines
Optimizes and automates the performance, reliability, high-availability and efficiency of enterprise IT environments.
Enables our customers to deliver IT seamlessly as a service and reduces TCO
Leverages common services and a central management database that provides a unified view of all aspects of the enterprise
EITM is supported by CA and partners and is based on industry best practices
20 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Business Enablement and protection Protect the entity’s IT assets in open
global network environment Secure current infrastructure Include security in ongoing
development Include security in ongoing
implementation Effective deployment of security
technology to increase effectiveness and efficiency of security processes
Enable privacy Protect intellectual property
The strategic business objectives should be mapped to the strategic vision, mission and service objectives
for the security organization.
Impact on Security ObjectivesBusiness Objectives
Increase sales and expand to new markets
Extend the enterprise
Technology enable the organization
Reduce cost
Increase Customer satisfaction
Enhance business processes
Step 1: Define Your Business Operations and Needs
21 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Step 2: Determine Overall Maturity
Level 2
Information Delivery Maturity Level
Centralized Access to Data content &applications
Level 1
DATA INFORMATION
Refine, analyze & sort data delivering security information
Va l
ue
(Co
st t
oo
!)
SECURITY MONITORING
Level 4Level 3
Apply business relevance to information to determine business priorities!
KNOWLEDGE ACTION
Act on real business knowledge in a single place according to business need
SECURITY MANAGEMENT
Security Command CenterPro
vid
ing
Situ
atio
na
l Aw
are
ne
ss
22 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Step 3: Align Business and IT Strategy
Focus on producing a baseline blueprint, developing a high level target state, and IS strategy alignment.
MigrationPlan
ArchitectureDocumentation
ResourcePlan
How should we get there?
Organization andCore Competencies
Where are we today?
TechnologyEnvironment
Information andProcess Support
Applications
CommunicationsNetworks
Process State
Information State
What should we look like?
Organization State
IT
TechnologyState
InformationTechnology
Architecture & Processes
BusinessOperations &
Needs
SecurityVision
& Mission
Alignment
IS StrategyExisting Baseline Target StateAlignment
Project Planning and Management
IS
BU
23 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Step 4: Define IT Processes
IIF consists of one or more stages involving different departments, roles and
responsibilities.
Every IIF has distinct stages and each stage
represents a desired result as input to the next
stage. Every activity may involve one or multiple roles. It is important to understand the
specific roles so that Sales can positioning to the right audience. Secondly it is
important understand the people required to achieve the desired outcome.
Each IIF results in desired
outcomes (e.g., cost reduced
because software licenses are re-harvested
or available assets are located and redeployed.)
Each box represent an activity in a
business process. An activity can be a
manual or automated.
This represents an external event that triggers an
IT process.
IIF consists of one or more stages involving different departments, roles and
responsibilities.
Every IIF has distinct stages and each stage
represents a desired result as input to the next
stage. Every activity may involve one or multiple roles. It is important to understand the
specific roles so that Sales can positioning to the right audience. Secondly it is
important understand the people required to achieve the desired outcome.
Each IIF results in desired
outcomes (e.g., cost reduced
because software licenses are re-harvested
or available assets are located and redeployed.)
Each box represent an activity in a
business process. An activity can be a
manual or automated.
This represents an external event that triggers an
IT process.
An IIF consists of a set of IT processes An IIF represents people, technology, and processes required to achieve a desired outcome The desired outcome should be measurable and auditable
24 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Step 5: Align Process & Roles
Internal/External Identity Mgt Processes Request
Request
Approval
Approval
Enterprise Identity Management
Develop/Acquire
Review Manage
– Develop/acquirenew application
– Validate withsecurity standards
– Integrate with common security
ImplementChangeRequest
IAM SDK - Directory
New Application
Request
Verify DeliverAndSupport
Workflow Provisioning System
Incident/
Service Metrics
Central Loggin
g
– Security review– Check
complianceto security standards
– Acceptance tests– Manage users via
Provisioning system
– Reduce application identity management costs
– Reduce application cycle times
– Enhance application security
Compliance Management and ReportingAudit Resources
GenerateReports
SupportAudit
– How many incidents have occurred?
– How many requests were self service?
– Who approved access?– Monitor usage against
security policies– Application Usage
– Identify invalid accounts
– Recertify Users– Who has access
to what resources?
– Review evidence– Of controls– Document
exceptions
Central Audit Collector and Report Generator
– Sustained Compliance
– Improved Automation
– Reduced Costs
Close Request
LogEvents
Get Request
– Identity and Access Managed
– LAN, Email, Corporate
Directory, AuthenticationTechnology, Security Web Services, Security Infrastructure, Federated Services
Create
Modify
Delete
Policy Verification
Add AccessRights
Change AccessRights
Remove Access Rights
Provisioning Business Rules Engine – Roles Engine
Standardsand policies
– Define self-registration policy
– Define delegated managers– Define federated trust
Identity Management
Internal Identity Mgt Processes
Standardsand policies
– Define authoritative sources– Map attributes
Role Management
Open Service Request
Workflow
Open Service Request
Workflow
– Delegated request– Password reset
Delegated Service
– Service request approved (if required)– Workflow Process Followed
– Separation of Duties Checked– Function/Project approved– Workflow Process Followed
Multiple Approvers (0 or many)
Multiple Approvers (1 or many)
HR Feed
Delegated mgt
Self management
SPML Request
New Hire
Transfer
Termination
– Attributes Received from Authoritative Source– Unique Identifier Established or Checked
Roles LegendApplications Developer
EndUser
InternalAudit Manager
Security Manager
ApplicationManager
HR
IT OperationsManager
BusinessManager
25 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Step 6: Develop a BlueprintC
om
po
nen
t L
evel
Tec
hn
ical
C
apab
iliti
es
IT
Org
aniz
atio
nal
C
har
acte
rist
ics
VirtualIdentity
Directory
• Focused on Traditional Services
• Slow to Handle Change
• Silo-ed Administration
• Informal and Reactive Processes
Active
EnterpriseIdentity
Inventory
PasswordPolicy
Enforcement
CentralizedPassword
Management
Self-servePassword
Reset
PasswordManagement
System
System/AppLevel
Mgt of Users
ConsistentCross-platformWeb Interface
Manual UserExport fromHR System
Efficient
• Change in Business Priorities
• IT Change Driven by Cost / Regulatory Pressure
• Commitment to Centralization and Automation
• Adopts ITIL Svc Mgt to Formalize Processes
Automated Identity
Provisioning
WorkflowProcess
Automation
Correlation withAuthoritative
Source (i.e. HR)
Entitlement &Change Report
Generation
Web/DesktopPassword
Reset
IdentityManagement
System
Workflow EngineWeb forms,
Rules
IdentityReportingSystem
DelegatedUser
Administration
Feeds fromHR Authoritative
Source
Integration With Key
Identity Systems
• IT Now Involved in Business Change Planning
• Manages to SLA and Controls
• Integrated Enterprise-wide IT Management
• Tracks Performance of Processes
Responsive
Automated Identity & Role
Processing
EntitlementsExceptionReporting
Syncs MultipleAuthoritative Srcs(e.g. Contractors)
Self-serveRegistration
Process
RoleManagement
System
Feeds fromAll Authoritative
Sources
BusinessApplicationProvisioning
Workflow forApplication
Security Review
Role-based EntitlementsManagement
ApplicationDirectory
Integration
Integration WithBusiness Apps& Infrastructure
EntitlementSynchronization
System
Business-Driven
• Ready for Business-Driven Change
• Rapidly Support New Services and Customers
• Enables Support for Growing Partner Ecosystem
• Automated Process Improvement
Web ServicesSecurity
Interoperabilityw/SPML &
Enabling SAML
AutomatedResource
Provisioning
FederatedTrust
Management
ProvisioningAuthenticationTechnologies
Web ServicesBusiness
Integration
Integration With Building
Access Systems
PartnerIdentity
Management
IntegratedBusiness
Processes
CMDBIntegration
Reduced cost in partner access and
change management
Reduced cost in business application and compliance due to automation of role and entitlement management
Administrative cost savings due to automation of processes for
identity management
Reduced helpdesk costs with automated
password management
RO I
26 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Step 7: Initiate Transition To Next Level Of Maturity EIM Components: SecurityIIF: Administration to Identity & Access Management
ROI Components & Metrics: Administration Reduction,
Enhanced Productivity
Maturity Capability Blueprint Active to Efficient
Co
nd
uct
So
luti
on
-Lea
din
g A
sses
smen
t to
Det
erm
ine
Cu
rren
t S
tate
& C
reat
e G
AP
An
alys
is
Maturity LevelActive
Maturity LevelEfficient
Additional Capabilities Needed to Advance
to Next Level
- CISO Accountable- Dedicated Security Mgt Staff- CISSP Certified Security Mgt Staff- ID administration role separated from IT Operations (either automated or handled by Sec Mgt Staff)
- Processes, workflows and owners defined for: - New hire - Password reset - Terminations - Delegated identity administration - Automated ID management - Privilege/group management (manual)
- Process defined for security management - Use of HR authoritative source - Change Report Generation - Entitlement report review (manual) - Informal security review of applications for conformance to Identity Mgt standards
People
Process
Technology
AutomatedIdentity
Provisioning
Workflow
ProcessAutomation
- Workflow Training (Employee)- CISSP Certification (Security Mgt Staff)- ID Provisioning Training (Sec Mgt Staff)
SA
O-D
efin
ed R
oad
map
an
d A
sso
ciat
ed R
OI D
eliv
ered
to
Clie
nt
to M
ove
fro
m A
ctiv
e to
Eff
icie
nt
Mat
uri
ty L
evel
- Technology Standards for: - ID formats and Password quality - Application use of Directory for Identity Mgt - Interchange format with HR system
- Virtual Directory of Users Established- Workflow engine, web forms, and rules- Policy distribution infrastructure for Identity provisioning- Reporting toolset
CA Offerings to Satisfy Need
Technology Design, Implementation, and Integration
Identity Management Architecture
Correlationwith AuthoritativeSource (i.e. HR)
Entitlement &Change Report
Generation
DelegatedUser
Administration
- CISO Accountable- End-users can reset passwords- Password administration can now be performed by helpdesk, rather than Sysadmins- IT Operations (Sysadmins) and Application Managers still perform ID/account administration\
- Processes defined for: - Password reset
- Manual processes (e.g. email/fax) for new hire and access entitlement change- Password reset requires requests to system administration- Manual process for generating change and entitlement reports- Informal process for de-provisioning users- No defined standards for application development to integrate identitymanagement
- Technology Standards for: - ID formats and Password quality
- Password management system in place- Virtual Directory of Users Established
27 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Step 8: Integrate Within The Enterprise
28 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Building Sustainability
29 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Sustaining the Program…
Once you have built the security program you must maintain it at an appropriate level while continuing to evolve it for the next business generation.
A security communication process and regular plan
“Ease of Use” and practical solutions and approaches
Process based capabilities focus versus technology/project/initiative focus
Architectural models with reusable, scalable components
Foundation built on principles Business Units actively involved in self
assessment, risk assessment and awareness Funding and resource levels appropriate with
business risk profile, with differentiation between maintaining current capabilities (IS budget) and new capabilities for new changes in BU operations (BU or IT budget)
Connection to the business units and alignment of strategies and priorities
Monitoring and feedback loop with enforcement
Measurement system focused on performance management not statistics
Executive focus, sponsorship and reinforcement
BU ownership of security and requirements with IT delivering the services
BU leadership evaluated on security performance through individual and BU results (charge units for failure to comply)
Interfaces and formalized communications among the related parties (audit, legal, compliance, technology)
30 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
ISO17799
Communicationsand
OperationsManagement
OrganizationalSecurity
Security Policy
AssetClassification
andControl
BusinessContinuity
Management
Access Control
Physicaland
EnvironmentalSecurity
PersonnelSecurity
SystemsDevelopment
andMaintenance
Compliance
COBiT
Monitorand
Support
Acquireand
Implement
Planand
Organize
Defineand
Support
COSO
Monitoring
InternalEnvironment
RiskAssessment
ControlActivities
Informationand
Communications
ITIL
ICT InfrastructureManagement
ServiceDelivery /Support
BusinessPerspective
Planning toImplement
ServiceManagement
ApplicationManagement
SecurityManagement
ObjectiveSetting
RiskResponse
EventIdentification
With Best Practices Across The Enterprise
31 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Focusing Across Key Areas of IT Security …
PrivacyIdentity and
Access Management
Threat Management
Intelligent Security
Management
32 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Alerts Correlate Align to BusinessAttack
New Attack
IDS SensorsAV Alerts
FW MessagesHost Logs
Check Assets&
Vulnerabilities
Prioritizeto
Business Level
InitiateRemediation
Actions
Resolution
Remediate
NetskyBagel
MydoomData
Provides Sustainable Security Management
Discovery
33 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Alerts Correlate Align to BusinessAttack
New Attack
IDS SensorsAV Alerts
FW MessagesHost Logs
Check Assets&
Vulnerabilities
Prioritizeto
Business Level
InitiateRemediation
Actions
Discovery Resolution
Remediate
NetskyBagel
MydoomData
Security needs to help organizations
understand what is happening
and how it relates to the business
Provides Sustainable Security Management
34 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Case Study
35 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Factor Impact Probability of Occurrence
Downtime
Loss of Reputation
Regulatory Non-Compliance
Overall Current Risk
Description: Current Maturity With Respect to Leading Practices
Impact and Probability Maturity Aggregate
Need: Identity and Access Management Analysis
Organization requires an analysis of external audit results.
Provide a gap analysis utilizing EDM - Maturity Model tools.
Develop a solution blueprint for Identity and Access Management based upon Integrated Information Technology Flows (IIF).
Develop Solution Architecture Overview (SAO).
L
H
M M
L
H
35
5 Control is in place without exceptions.
4 Control is in place with exceptions.
3 Control is partially in place with approved plans to implement.
2 Control is partially in place with no current plans to implement.
1 Control is not in place with approved plans to implement.
0 Control is not in place with no current plans to implement.
Application Access Management 1.75Operating System Access Management 2.25
Network Access Management 2.5Identity Management 1.75
Entitlement Management 1.5
0 1 2 3 4 5
Entitlement Management
Identity Management
Network Access Management
Operating System Access Management
Application Access Management
H
36 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Business-DrivenEfficient
EnterpriseRepository
• Technology Orientated
• Point Solution Focused
• Centralized Security Reporting
• Security View
• Transaction Orientated
• Enterprise Solution Focused
• Centralized Process Controls
• Operations View
• Regulatory Orientated
• Controls Solution Focused
• Integrated Process Management
• Risk Management View
• Business Orientated
• Value Solution Focused
• Integrated Corporate Management
(Operations, Risk Management & Security)
• Dynamic Entitlement Management View
Co
mp
on
ent
Lev
elT
ech
nic
al
Cap
abili
ties
Org
aniz
atio
nal
C
har
acte
rist
ics
AuditAggregation
Tools
PlatformAccess Control
Responsive
Active
PerimeterAccess Control
ApplicationAccess Control
CentralizedAudit
Management
Data & StorageAccess Control
CentralizedMonitoring
ComponentProvisioning
Enterprise-wideProvisioning
TransactionalAccess Control
IntegratedComplianceManagement
Self-ServiceEntitlements
UserMulti Factor
Authentication
CentralizedAuthoritative
Sources
TransactionalValue Approval
Control
Integration with Asset Mgt
Anti-MoneyLaunderingCapabilities
InteractivePrivilege
Management
Platform & AppSecurityControls
ProvisioningSolutions
EnterpriseReportingSystems
SecureCommonServices
Correlation &Analysis Tools
Self-ServiceTools
WorkflowEngine
TransactionalEngine
IntegratedProvisioning
Platforms
Biometric, Tokenand/or PKISolutions
PrivilegeManagement
Tools
ComplianceManagement
Tools
SAMLSolutionPlatform
ForensicsTools
ProcessMonitoring
Tools
SecureTransactional
Repository
ReportingSystems
EnterpriseUser IDs
OperationalProcessing
Engine
KnowledgeBasedEngine
RiskManagement
Engine
BusinessReporting
Engine
PersonalizationIntegratedWorkflow
Management
FederatedIdentity
Management
AutomatedForensics
Capabilities
BehavioralPattern Analysis
ProcessManagement
On-DemandResource
Management
IntegratedRegulatory
Management
ProductivityManagement
KnowledgeBased
Authentication
BusinessProcess Cost
Value Reporting
IntegratedBusiness RiskManagement
IntegratedOperations
Center
ExternalUser & 3rd PartyValue Reporting
ResourceOptimization
Tools
Operational Auditing &Compliance Phase
IdentityManagement
Access Entitlements Management
BusinessEnhancement Phase
Solution Blueprint…
37 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
To Summarize, Integrated IT Flows (IIFs) are Key
Process-centric approach to IT management Both the means and a framework for advancing an
organization’s IT maturity level Implemented through:
Industry best-practices instantiated in automated workflows that invoke management and security functions
Comprehensive management and security solutions Solutions integrated at the data, UI and process levels Blueprints and assessment services to identify an organization’s
starting points and next steps in the IT maturity model
38 © 2006, CA, Inc. Confidential and proprietary information. Do not copy or distribute without permission
Questions
Discussion