Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Compliance Management Solutions from Novell
Insert Presenter's Name (16pt)Insert Presenter's Title (14pt)
Issues Driving the Compliance Management Need
© Novell, Inc. All rights reserved.3
ControlFlexibility• Move at the speed ofbusiness requirements
• Less compliance costburden
• Confidence in meeting compliance objectives
Dealing with Compliance RequirementsIt's All about Balance
© Novell, Inc. All rights reserved.4
Different Stakeholders Different Needs to Balance
Needs to protect sensitive data, enforce regulations,stay aligned to business needs
IT
CIO/CTO
Needs to manage the cost and resources of required audits
Internal Audit
Needs toprevent financial and reputation damage
CFO
Finance Audit
CISO
Security
Needs to have enterprise-wide visibility to threats that may impact the business
What keeps me up at night?
© Novell, Inc. All rights reserved.5
Percent of enterprise workloads that will run in physical, virtual and cloud environments by 2015
Novell estimates based on IDC and Gartner data
Moving to the Cloud Makes It HarderTo Balance Flexibility/Control while Staying Compliant
© Novell, Inc. All rights reserved.6
“Governance, Risk and Compliance (GRC) remains an intensely human effort. Two-thirds of budget are earmarked for people-related expenses (services plus head count).”
– AMR Research
Striking the Balance Is Hard EnoughFixing Manual Processes Needs to Be Done First
© Novell, Inc. All rights reserved.7
Manually Managed ComplianceDrives Questions on How to Improve Operations
How do I move away from “spreadsheet-driven” compliance and audits?
Is there a better way to collect all the logs I need for an audit?
How do I monitor access to critical systems, particularly in UNIX/Linux environments?
Solution Capabilities and BenefitsAddress Customer Challenges
© Novell, Inc. All rights reserved.9
Identity and Security Capabilities
Identity and Access Management
Compliance Management
SecurityManagement
Compliance Assurance
Continuous Compliance
Real-time Security and User Activity Monitoring
Log Management
Secure Cloud Access
User Provisioning and Management
Simplified Secure Access
© Novell, Inc. All rights reserved.10
Identity and Security Capabilities
Identity and Access Management
Compliance Management
SecurityManagement
Compliance Assurance
Continuous Compliance
Real-time Security and User Activity Monitoring
Log Management
Secure Cloud Access
User Provisioning and Management
Simplified Secure Access
© Novell, Inc. All rights reserved.11
11
The Identity-Infused EnterpriseCore to Enterprise Security and Compliance
UserProvisioning
SecurityMonitoring and
Remediation
LogManagement
Continuous Compliance
ComplianceAssurance
SecureAccess Identity
Management
© Novell, Inc. All rights reserved.12
Novell® Compliance ManagementCapabilities to Fit Your Needs
Manual Processes
• Spreadsheet-driven compliance
• Manually collectedaudit logs
Compliance Assurance
• Identity and security integration with access controls
• Tight integration with access control and identity management
Continuous Compliance
• Full visibility to IT risks• No infrastructure holes
or silos• Identity and security
integration• Compatibility with IT
GRC management for “big picture” view
Drive to Compliance Assurance
Achieve Continuous Compliance
• Novell Access Governance Suite
• Novell Sentinel™ Log Manager
• Novell Privileged User Manager
• Novell Compliance Management Platform
• Novell Compliance Management Platform extension for SAP environments
© Novell, Inc. All rights reserved.13
Novell® Compliance Management Capabilities Address Customer Challenges
Efficiently address short-term auditing and reporting requests
Automate system logs for compliance
Operate across heterogeneous environments
Compliance AssuranceChallenges Addressed
Man
ual
Proc
esse
s
Com
plia
nce
Ass
uran
ce
Con
tinuo
us
Com
plia
nce
© Novell, Inc. All rights reserved.14
Compliance AssuranceAre You Ready for Your Next Audit?
Novell Sentinel™ Log Manager
Novell Privileged User Manager
Novell Access Governance Suite
Major Audit Flags
Inability to certify that the right people have the right access to sensitive information
Inability to track who is logged into sensitive accounts, and when they log in
Inability to track the activities of people once they are logged into sensitive accounts or applications
Novell® Solution
© Novell, Inc. All rights reserved.15
Novell® Access Governance Suite
Novell Compliance Certification Manager
Novell Roles Lifecycle Manager
Simplifies how access to information resources is governed and certified, helping enterprises strike the balance between agility and control
Novell Access Request and Change Manager
Provides a complete, enterprise-wide view of access data, so you know
exactly who has access to what
Provides an automated process to ensure access is appropriate
and compliant
Streamlines the review, certification and reporting process
Simplifies how user access is managed, giving visibility to patterns and logical groupings
Provides access metrics to ensure roles are used effectively
Provides a single business-friendly interface with embedded governance (approvals, policy checks, escalations) through which organizations can request and approve access rights
By enabling self-service access requests to the line of business, enterprises can lower IT administration costs and streamline access delivery while maintaining compliance
© Novell, Inc. All rights reserved.16
Novell® Compliance Management Capabilities Address Customer Challenges
Management, monitoring and enforcement of IT controls
Visibility to “who has access to what”
Ability to manage and mitigate risks before they impact business objectives
Continuous ComplianceChallenges Addressed
Man
ual
Proc
esse
s
Com
plia
nce
Ass
uran
ce
Con
tinuo
us
Com
plia
nce
© Novell, Inc. All rights reserved.17
Continuous ComplianceKnowing and Responding to What Is Going on in Your Enterprise
Who is doing an activity?
What is the activity?
Knowing who is doing what is key to answering the questions “Should they be doing it?”, and if not, “Can I stop them?
Security Information and
Event Monitoring
Who is doing what?
Identity Management +
Security Information and
Event MonitoringIdentity
Management
© Novell, Inc. All rights reserved.18
Continuous ComplianceWhy Does It Matter to You?
45% of security breaches are from
those with no existing relationship with the
enterprise…
…the other 55% come from insiders or business partners
From people you have to give some
level of trust
GovernanceProcessesControls
Roles / Relationships
But how do you manage these?Through continuous compliance—by knowing who's doing what
Notes: Statistics derived from Verizon Business breach report, 2008
…to strike the balance, you need to put in place…
© Novell, Inc. All rights reserved.19
Continuous ComplianceMultiple Paths to Meeting Your Strategic Goals
Novell SentinelLog Manager
Novell Identity Manager Advanced EditionNovell Sentinel™
Novell Identity Manager Standard Edition
Novell® Compliance Management Platform
© Novell, Inc. All rights reserved.20
Continuous CompliancePartnering with GRC Management Firms Like SAP
• Enterprise-wide control enforcement (passwords, rights, roles)
• Automated and enforced business security process
• Continuous controls monitoring of user access to enterprise resources
• Provides risk analysis and compliance processes across the enterprise
• Control user access within SAP applications
• Manage process for compliance and risk remediation
• Continuous controls monitoring for applications
Compliance Management
Platform
The joint solution extends identity and security information across the enterprise
SAP Business Objects
© Novell, Inc. All rights reserved.21
Efficiently address short-term auditing and reporting requests
Automate system logs for compliance
Operate across heterogeneous environments
Compliance AssuranceChallenges Addressed
Management, monitoring and enforcement of IT controls
Visibility to “who has access to what”
Ability to manage and mitigate risks before they impact business objectives
Continuous ComplianceChallenges Addressed
Novell® Compliance Management Capabilities Address Customer Challenges
Man
ual
Proc
esse
s
Com
plia
nce
Ass
uran
ce
Con
tinuo
us
Com
plia
nce
© Novell, Inc. All rights reserved.22
Novell® Compliance SolutionsCustomer Testimonials
“Novell Access Governance Suite will help us dramatically improve security with the ability to display complex reports in a user-friendly web interface. Too much information is overwhelming. When we make reports easier to review, we make it easy for business managers to certify users' access rights on much more regular basis.”
Mark W. Pfefferman, Assistant Vice President and Director, Identity and Access Management, Western and Southern Financial Group
“
“To make an SAP hosting solution viable, we absolutely needed to make the security watertight. Novell Compliance Management Platform enabled us to integrate powerful identity and security management capabilities, allowing customers to manage access rights for their own users with ease”
Warren Small, Managing Director, Basis One
“
© Novell, Inc. All rights reserved.23
Novell® Compliance ManagementOverall Solution Benefits
Turn risk management into a strategic asset• Manage risk with real-time proactive prevention• Bridge business processes and IT, including SAP environments• Improve internal and external transparency across the enterprise• Minimize security breaches, especially from privileged users• Create a legally defensible environment
Drive higher ROI with streamlined compliance efforts• Automate compliance-related processes • Leverage existing investments in SAP systems• Better manage privileged users to avoid costly audit violations• Lower cost implementation
An Industry-Trusted Solution
© Novell, Inc. All rights reserved.25
Novell is a recognized leader in:• Provisioning• Enterprise single sign-on• Security information and
event management (SIEM)
Web Access Management
User Provisioning
Enterprise Single Sign On
SIEM
An Industry Leader
© Novell, Inc. All rights reserved.26
“Novell’s individual products in IAM, SIEM, and security management can be effectively combined to create solutions to solve business problems. Companies will find that this approach can be very effective in meeting regulatory compliance demands.”
– Sally Hudson, IDC
An Industry Leader
© Novell, Inc. All rights reserved.27
Nearly 6,000 Customers Agree
A Complete Solution
© Novell, Inc. All rights reserved.29
• More than 500 training partners• Classroom training and self-study kits • Online and on-demand training• Customized training
• Industry awards and recognition • More than 25 years of experience • Global support centers and field teams • High level, customizable services
World-Class PartnersAnd Services Support Deployment
• Risk and compliance assessment• Identity and security strategy• Customized development• Project management
Training Partners
Systems Integrators
Support Partners
© Novell, Inc. All rights reserved.30
Systems Integrators
Key PartnershipsGlobal Strategic Partners
© Novell, Inc. All rights reserved.31
www.novell.com/identityandsecurity
Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.
Appendix
© Novell, Inc. All rights reserved.35
Challenge Solution Results
“Novell Sentinel gives us all the tools we need to identify anomalies, detect intrusions and meet the log monitoring and auditing requirements of the PCI-DSS. Novell Sentinel has improved our ability to monitor and correlate security incidents, enabling us to take a more proactive approach to network security and helping us to demonstrate compliance.”
Oliver Eckel, Head of Corporate Security
bwinGlobal Gaming and Entertainment Website
A leading provider of online gaming entertainment in 27 different languages
Millions of customers, hundreds of applications and databases
Inefficient PCI-DSS compliance management on a departmental basis
Needed an automated, centralized solution for monitoring and managing multiple security log files
Deployed Novell® Sentinel™ across Microsoft Windows, Sun Solaris and Oracle environmentCentralized monitoring into a single corporate function
Created a single viewpoint for all security events
Implemented Sentinel Advisor module for centralized security intelligence
Centralized and automated network security monitoring and reporting
Reduced time and effort involved in PCI-DSS compliance initiatives
Enabled more proactive response to emerging security threats
© Novell, Inc. All rights reserved.36
Challenge Solution Results
“As well as the identity management engine itself, we needed a solution that would enable us to create a repository to handle roles and provisioning. Of all the solutions on the market, only Novell Identity Manager was sufficiently mature in both of these areas.”
Qamilla Syk, Operations Manager
HandelsbankenMajor Nordic Corporate and Consumer Bank
One of the largest banks in the Nordic region with 10,770 employeesNo central repository for user informationIdentity information stored across multiple systemsNeeded to comply with financial regulations such as Basel II
Deployed Novell® Identity Manager to create a master repository of all user dataSynchronized user data across multiple systems, including legacy mainframe applicationsNovell Sentinel™ provides holistic view of all security and compliance activities
Created a structured approach to identity management
Increased control of roles and access rights throughout the organization
Enabled employee self-service via a portal, reducing IT workload
Improved IT auditing capabilities, facilitating regulatory compliance
© Novell, Inc. All rights reserved.37
“Novell Sentinel has given us for the first time the ability to monitor our entire network infrastructure. With the ability to channel all security events into a single view, it is much easier to analyse the root causes of problems and respond with the most appropriate actions.”
Giovanni Ciminari, Security Solutions Manager
Telecom ItaliaItaly's Largest Telecommunications Service Provider
Company provides telecommunications services to more than 20 million customers
Five different systems providing security monitoring for different parts of the company
Standardizing processes across all group companies to increase efficiency, reduce costs and facilitate regulatory compliance
Deployed Novell® Sentinel™ on clustered Sun servers, capable of processing 3,000 events per second
Deployed Novell Sentinel agents to monitor firewalls, anti-virus software and operating systems
Built custom agents to monitor its GSM mobile networks and protect against denial of services attacks
Comprehensive security coverage with a single point of control
Faster response to security issues across the network
In a single month, Novell Sentinel registered 120 million events and managed 800 security incidents
Reduced workload for security monitoring team by 50 percent
Simplified compliance with Italian government regulations
Challenge Solution Results
© Novell, Inc. All rights reserved.38
Challenge Solution Results
“Before implementing the Novell solution, we provisioned users in a hundred different ways. We didn't think we could streamline this process without substantially increasing our staff. With the Novell solution, we have a high quality, yet cost-effective solution that actually frees up much of our staff to work on other projects.”
Eric Leader, Chief Technology Architect
Catholic Healthcare WestEighth Largest Hospital System in the US
40,000 employees across 40 locationsUser identities in 1,400 separate applications on multiple platformsImprove speed of user accessIncrease security and compliance with regulatory requirements
Consolidated its directories to centralize user managementEnabled provisioning to grant users immediate access to applicationsSynchronized passwords between applications
Laid the foundation for complying with Sarbanes-Oxley, HIPAA and other regulatory requirements
Centralized and automated identity management for 20,000 usersReduced user administration time by 70 percentSimplified user access with a single ID and password
Improved regulatory compliance with timely audits and immediate deprovisioning
Anticipated cost savings of US$1.5 million
© Novell, Inc. All rights reserved.39
Solutions
Novell® Compliance Management Platform
Tightly integrated compliance and governance solutions
NovellAccessManager™
NovellIdentity Manager
Novell Sentinel™
© Novell, Inc. All rights reserved.40
Novell® Access Governance Suite
Novell Compliance Certification Manager
Novell Roles Lifecycle Manager
Business-driven accountability, visibility and certification
Novell Access Request and Change Manager
© Novell, Inc. All rights reserved.41
Novell® Privileged User Manager
Cross-platform Privileged User Management
Allows enterprises to control, track and audit superuser accessto UNIX, Linux and Windows hosts.
Real-time Risk Analysis
Allows organizations to centrally define what commands users are authorized to run, at what time and from what location
Ensures consistent enforcement of security policies across UNIX, Linux and
Windows systems
Simplifies rule and policy creation through a flash-based, drag-and-drop interface
Allows enterprises to manage their entire UNIX, Linux and Windows server infrastructure with a single, easy-to-use tool
Generates detailed logs of user activity for proving compliance
Seamlessly integrates with Novell Identity Manager, Novell Access Governance Suite and Novell Sentinel
Conducts a real-time risk analysis of user commands as they are typed, reducing the time between command execution and discovery
Provides color-coded risk ratings of all typed commands for easy identification of potentially harmful activity
Gives auditors a system-wide view of user activity through key stroke logs and recorded session play back
Centralized Policy Management
© Novell, Inc. All rights reserved.42
The Two TechnologiesThat Really Matter
Identity Cloudand
© Novell, Inc. All rights reserved.43
Risk to the Enterprise Is Rising
Security Breaches
Compliance Violations
Growth Challenges
Significant Risk, Cost and Exposure
Identity Theft
Privacy Concerns
© Novell, Inc. All rights reserved.44
SecurityThe Primary Concern for Cloud Computing
Security
Performance
Availability
Hard to integrate with in-house IT
Not enough ability to customize
Worried cloud will cost more
Bringing back in-house may be difficult
Not enough major suppliers yet
Source: Frank Gens and IDC Enterprise Panel, 2009
Question: Rate the challenges/issues of the cloud/on-demand model(1=not significant, 5=very significant) Percent Responding 3, 4 or 5
© Novell, Inc. All rights reserved.45
Novell® Identity and Security ManagementIntegrating with SAP Infrastructure
Access Governance
Identity Management
Access Management
Security Informationand Event Management
Access Certification Role LifecycleManagement
Access Request andChange Management
IdentityVault
Provisioning and Workflows
DelegatedAdministration
Identity Integrationand Synchronization
Reporting
Self-serviceAdministration
Privileged User Management
Authentication
Authorization
User Activity Monitoring
Remediation
Event Correlation and Reporting
Business ApplicationsIT GRC ManagementAp
plic
atio
nLa
yer
Infr
astr
uctu
re L
ayer
© Novell, Inc. All rights reserved.46
Intelligent Workload Management
Intelligent workload management enables IT organizations to manage and optimize heterogeneous computing resources in a policy-driven, secure and compliant manner across physical, virtual and cloud environments to deliver business services for end customers.
IntelligentWORKLOADManagement
© Novell, Inc. All rights reserved.47
Business Service Management
Business Service Management
Business Service Management
IT Service Management
IT Service Management
IT Service Management
Physical Virtual Cloud
The Customer Challenge:Manage a Siloed Infrastructure
Governance and Compliance
Governance and Compliance
Governance and Compliance
Internal Cloud (On-Premise) External Cloud (Off-Premise)
Firewall
© Novell, Inc. All rights reserved.48
Business Service Management
IT Service Management
Governance and Compliance
Intelligent Workload Management:From Silos to Services
Internal Cloud (On-Premise) External Cloud (Off-Premise)
Build
Secure
Manage
Measure
Firewall
Physical Virtual Cloud
© Novell, Inc. All rights reserved.49
Isolated Identity Awareness
Business Service
Management
IT ServiceManagement
Security andComplianceManagement
Purpose-Built Operating
System
Business Service
Management
IT ServiceManagement
Security andComplianceManagement
GeneralPurpose
Operating System
WorkloadIQ™:Integrating Identity to Turn Silos into Services
© Novell, Inc. All rights reserved.50
NovellServices
and Partners
WorkloadIQ: Services