Compliance Management Solutions from Novell · 2015-05-11 · Certification Manager Novell Roles ... Partnering with GRC Management Firms Like SAP • Enterprise-wide control enforcement

Compliance Management Solutions from Novell

Insert Presenter's Name (16pt)Insert Presenter's Title (14pt)

Issues Driving the Compliance Management Need

© Novell, Inc. All rights reserved.3

ControlFlexibility• Move at the speed ofbusiness requirements

• Less compliance costburden

• Confidence in meeting compliance objectives

Dealing with Compliance RequirementsIt's All about Balance


Different Stakeholders Different Needs to Balance

Needs to protect sensitive data, enforce regulations,stay aligned to business needs

IT

CIO/CTO

Needs to manage the cost and resources of required audits

Internal Audit

Needs toprevent financial and reputation damage

CFO

Finance Audit

CISO

Security

Needs to have enterprise-wide visibility to threats that may impact the business

What keeps me up at night?


Percent of enterprise workloads that will run in physical, virtual and cloud environments by 2015

Novell estimates based on IDC and Gartner data

Moving to the Cloud Makes It HarderTo Balance Flexibility/Control while Staying Compliant


“Governance, Risk and Compliance (GRC) remains an intensely human effort. Two-thirds of budget are earmarked for people-related expenses (services plus head count).”

– AMR Research

Striking the Balance Is Hard EnoughFixing Manual Processes Needs to Be Done First


Manually Managed ComplianceDrives Questions on How to Improve Operations

How do I move away from “spreadsheet-driven” compliance and audits?

Is there a better way to collect all the logs I need for an audit?

How do I monitor access to critical systems, particularly in UNIX/Linux environments?

Solution Capabilities and BenefitsAddress Customer Challenges


Identity and Security Capabilities

Identity and Access Management

Compliance Management

SecurityManagement

Compliance Assurance

Continuous Compliance

Real-time Security and User Activity Monitoring

Log Management

Secure Cloud Access

User Provisioning and Management

Simplified Secure Access


Identity and Security Capabilities

Identity and Access Management


SecurityManagement



Real-time Security and User Activity Monitoring

Log Management

Secure Cloud Access

User Provisioning and Management

Simplified Secure Access


11

The Identity-Infused EnterpriseCore to Enterprise Security and Compliance

UserProvisioning

SecurityMonitoring and

Remediation

LogManagement


ComplianceAssurance

SecureAccess Identity

Management


Novell® Compliance ManagementCapabilities to Fit Your Needs

Manual Processes

• Spreadsheet-driven compliance

• Manually collectedaudit logs


• Identity and security integration with access controls

• Tight integration with access control and identity management


• Full visibility to IT risks• No infrastructure holes

or silos• Identity and security

integration• Compatibility with IT

GRC management for “big picture” view

Drive to Compliance Assurance

Achieve Continuous Compliance

• Novell Access Governance Suite

• Novell Sentinel™ Log Manager

• Novell Privileged User Manager

• Novell Compliance Management Platform

• Novell Compliance Management Platform extension for SAP environments


Novell® Compliance Management Capabilities Address Customer Challenges

Efficiently address short-term auditing and reporting requests

Automate system logs for compliance

Operate across heterogeneous environments

Compliance AssuranceChallenges Addressed

Man

ual

Proc

esse

s

Com

plia

nce

Ass

uran

ce

Con

tinuo

us

Com

plia

nce


Compliance AssuranceAre You Ready for Your Next Audit?

Novell Sentinel™ Log Manager

Novell Privileged User Manager

Novell Access Governance Suite

Major Audit Flags

Inability to certify that the right people have the right access to sensitive information

Inability to track who is logged into sensitive accounts, and when they log in

Inability to track the activities of people once they are logged into sensitive accounts or applications

Novell® Solution


Novell® Access Governance Suite

Novell Compliance Certification Manager

Novell Roles Lifecycle Manager

Simplifies how access to information resources is governed and certified, helping enterprises strike the balance between agility and control

Novell Access Request and Change Manager

Provides a complete, enterprise-wide view of access data, so you know

exactly who has access to what

Provides an automated process to ensure access is appropriate

and compliant

Streamlines the review, certification and reporting process

Simplifies how user access is managed, giving visibility to patterns and logical groupings

Provides access metrics to ensure roles are used effectively

Provides a single business-friendly interface with embedded governance (approvals, policy checks, escalations) through which organizations can request and approve access rights

By enabling self-service access requests to the line of business, enterprises can lower IT administration costs and streamline access delivery while maintaining compliance



Management, monitoring and enforcement of IT controls

Visibility to “who has access to what”

Ability to manage and mitigate risks before they impact business objectives

Continuous ComplianceChallenges Addressed

Man

ual

Proc

esse

s

Com

plia

nce

Ass

uran

ce

Con

tinuo

us

Com

plia

nce


Continuous ComplianceKnowing and Responding to What Is Going on in Your Enterprise

Who is doing an activity?

What is the activity?

Knowing who is doing what is key to answering the questions “Should they be doing it?”, and if not, “Can I stop them?

Security Information and

Event Monitoring

Who is doing what?

Identity Management +

Security Information and

Event MonitoringIdentity

Management


Continuous ComplianceWhy Does It Matter to You?

45% of security breaches are from

those with no existing relationship with the

enterprise…

…the other 55% come from insiders or business partners

From people you have to give some

level of trust

GovernanceProcessesControls

Roles / Relationships

But how do you manage these?Through continuous compliance—by knowing who's doing what

Notes: Statistics derived from Verizon Business breach report, 2008

…to strike the balance, you need to put in place…


Continuous ComplianceMultiple Paths to Meeting Your Strategic Goals

Novell SentinelLog Manager

Novell Identity Manager Advanced EditionNovell Sentinel™

Novell Identity Manager Standard Edition

Novell® Compliance Management Platform


Continuous CompliancePartnering with GRC Management Firms Like SAP

• Enterprise-wide control enforcement (passwords, rights, roles)

• Automated and enforced business security process

• Continuous controls monitoring of user access to enterprise resources

• Provides risk analysis and compliance processes across the enterprise

• Control user access within SAP applications

• Manage process for compliance and risk remediation

• Continuous controls monitoring for applications


Platform

The joint solution extends identity and security information across the enterprise

SAP Business Objects


Efficiently address short-term auditing and reporting requests

Automate system logs for compliance

Operate across heterogeneous environments

Compliance AssuranceChallenges Addressed

Management, monitoring and enforcement of IT controls

Visibility to “who has access to what”

Ability to manage and mitigate risks before they impact business objectives

Continuous ComplianceChallenges Addressed


Man

ual

Proc

esse

s

Com

plia

nce

Ass

uran

ce

Con

tinuo

us

Com

plia

nce


Novell® Compliance SolutionsCustomer Testimonials

“Novell Access Governance Suite will help us dramatically improve security with the ability to display complex reports in a user-friendly web interface. Too much information is overwhelming. When we make reports easier to review, we make it easy for business managers to certify users' access rights on much more regular basis.”

Mark W. Pfefferman, Assistant Vice President and Director, Identity and Access Management, Western and Southern Financial Group

“

“To make an SAP hosting solution viable, we absolutely needed to make the security watertight. Novell Compliance Management Platform enabled us to integrate powerful identity and security management capabilities, allowing customers to manage access rights for their own users with ease”

Warren Small, Managing Director, Basis One

“


Novell® Compliance ManagementOverall Solution Benefits

Turn risk management into a strategic asset• Manage risk with real-time proactive prevention• Bridge business processes and IT, including SAP environments• Improve internal and external transparency across the enterprise• Minimize security breaches, especially from privileged users• Create a legally defensible environment

Drive higher ROI with streamlined compliance efforts• Automate compliance-related processes • Leverage existing investments in SAP systems• Better manage privileged users to avoid costly audit violations• Lower cost implementation

An Industry-Trusted Solution


Novell is a recognized leader in:• Provisioning• Enterprise single sign-on• Security information and

event management (SIEM)

Web Access Management

User Provisioning

Enterprise Single Sign On

SIEM

An Industry Leader


“Novell’s individual products in IAM, SIEM, and security management can be effectively combined to create solutions to solve business problems. Companies will find that this approach can be very effective in meeting regulatory compliance demands.”

– Sally Hudson, IDC

An Industry Leader


Nearly 6,000 Customers Agree

A Complete Solution


• More than 500 training partners• Classroom training and self-study kits • Online and on-demand training• Customized training

• Industry awards and recognition • More than 25 years of experience • Global support centers and field teams • High level, customizable services

World-Class PartnersAnd Services Support Deployment

• Risk and compliance assessment• Identity and security strategy• Customized development• Project management

Training Partners

Systems Integrators

Support Partners


Systems Integrators

Key PartnershipsGlobal Strategic Partners


www.novell.com/identityandsecurity

Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Appendix


Challenge Solution Results

“Novell Sentinel gives us all the tools we need to identify anomalies, detect intrusions and meet the log monitoring and auditing requirements of the PCI-DSS. Novell Sentinel has improved our ability to monitor and correlate security incidents, enabling us to take a more proactive approach to network security and helping us to demonstrate compliance.”

Oliver Eckel, Head of Corporate Security

bwinGlobal Gaming and Entertainment Website

A leading provider of online gaming entertainment in 27 different languages

Millions of customers, hundreds of applications and databases

Inefficient PCI-DSS compliance management on a departmental basis

Needed an automated, centralized solution for monitoring and managing multiple security log files

Deployed Novell® Sentinel™ across Microsoft Windows, Sun Solaris and Oracle environmentCentralized monitoring into a single corporate function

Created a single viewpoint for all security events

Implemented Sentinel Advisor module for centralized security intelligence

Centralized and automated network security monitoring and reporting

Reduced time and effort involved in PCI-DSS compliance initiatives

Enabled more proactive response to emerging security threats



“As well as the identity management engine itself, we needed a solution that would enable us to create a repository to handle roles and provisioning. Of all the solutions on the market, only Novell Identity Manager was sufficiently mature in both of these areas.”

Qamilla Syk, Operations Manager

HandelsbankenMajor Nordic Corporate and Consumer Bank

One of the largest banks in the Nordic region with 10,770 employeesNo central repository for user informationIdentity information stored across multiple systemsNeeded to comply with financial regulations such as Basel II

Deployed Novell® Identity Manager to create a master repository of all user dataSynchronized user data across multiple systems, including legacy mainframe applicationsNovell Sentinel™ provides holistic view of all security and compliance activities

Created a structured approach to identity management

Increased control of roles and access rights throughout the organization

Enabled employee self-service via a portal, reducing IT workload

Improved IT auditing capabilities, facilitating regulatory compliance


“Novell Sentinel has given us for the first time the ability to monitor our entire network infrastructure. With the ability to channel all security events into a single view, it is much easier to analyse the root causes of problems and respond with the most appropriate actions.”

Giovanni Ciminari, Security Solutions Manager

Telecom ItaliaItaly's Largest Telecommunications Service Provider

Company provides telecommunications services to more than 20 million customers

Five different systems providing security monitoring for different parts of the company

Standardizing processes across all group companies to increase efficiency, reduce costs and facilitate regulatory compliance

Deployed Novell® Sentinel™ on clustered Sun servers, capable of processing 3,000 events per second

Deployed Novell Sentinel agents to monitor firewalls, anti-virus software and operating systems

Built custom agents to monitor its GSM mobile networks and protect against denial of services attacks

Comprehensive security coverage with a single point of control

Faster response to security issues across the network

In a single month, Novell Sentinel registered 120 million events and managed 800 security incidents

Reduced workload for security monitoring team by 50 percent

Simplified compliance with Italian government regulations




“Before implementing the Novell solution, we provisioned users in a hundred different ways. We didn't think we could streamline this process without substantially increasing our staff. With the Novell solution, we have a high quality, yet cost-effective solution that actually frees up much of our staff to work on other projects.”

Eric Leader, Chief Technology Architect

Catholic Healthcare WestEighth Largest Hospital System in the US

40,000 employees across 40 locationsUser identities in 1,400 separate applications on multiple platformsImprove speed of user accessIncrease security and compliance with regulatory requirements

Consolidated its directories to centralize user managementEnabled provisioning to grant users immediate access to applicationsSynchronized passwords between applications

Laid the foundation for complying with Sarbanes-Oxley, HIPAA and other regulatory requirements

Centralized and automated identity management for 20,000 usersReduced user administration time by 70 percentSimplified user access with a single ID and password

Improved regulatory compliance with timely audits and immediate deprovisioning

Anticipated cost savings of US$1.5 million


Solutions

Novell® Compliance Management Platform

Tightly integrated compliance and governance solutions

NovellAccessManager™

NovellIdentity Manager

Novell Sentinel™


Novell® Access Governance Suite

Novell Compliance Certification Manager

Novell Roles Lifecycle Manager

Business-driven accountability, visibility and certification

Novell Access Request and Change Manager


Novell® Privileged User Manager

Cross-platform Privileged User Management

Allows enterprises to control, track and audit superuser accessto UNIX, Linux and Windows hosts.

Real-time Risk Analysis

Allows organizations to centrally define what commands users are authorized to run, at what time and from what location

Ensures consistent enforcement of security policies across UNIX, Linux and

Windows systems

Simplifies rule and policy creation through a flash-based, drag-and-drop interface

Allows enterprises to manage their entire UNIX, Linux and Windows server infrastructure with a single, easy-to-use tool

Generates detailed logs of user activity for proving compliance

Seamlessly integrates with Novell Identity Manager, Novell Access Governance Suite and Novell Sentinel

Conducts a real-time risk analysis of user commands as they are typed, reducing the time between command execution and discovery

Provides color-coded risk ratings of all typed commands for easy identification of potentially harmful activity

Gives auditors a system-wide view of user activity through key stroke logs and recorded session play back

Centralized Policy Management


The Two TechnologiesThat Really Matter

Identity Cloudand


Risk to the Enterprise Is Rising

Security Breaches

Compliance Violations

Growth Challenges

Significant Risk, Cost and Exposure

Identity Theft

Privacy Concerns


SecurityThe Primary Concern for Cloud Computing

Security

Performance

Availability

Hard to integrate with in-house IT

Not enough ability to customize

Worried cloud will cost more

Bringing back in-house may be difficult

Not enough major suppliers yet

Source: Frank Gens and IDC Enterprise Panel, 2009

Question: Rate the challenges/issues of the cloud/on-demand model(1=not significant, 5=very significant) Percent Responding 3, 4 or 5


Novell® Identity and Security ManagementIntegrating with SAP Infrastructure

Access Governance

Identity Management

Access Management

Security Informationand Event Management

Access Certification Role LifecycleManagement

Access Request andChange Management

IdentityVault

Provisioning and Workflows

DelegatedAdministration

Identity Integrationand Synchronization

Reporting

Self-serviceAdministration

Privileged User Management

Authentication

Authorization

User Activity Monitoring

Remediation

Event Correlation and Reporting

Business ApplicationsIT GRC ManagementAp

plic

atio

nLa

yer

Infr

astr

uctu

re L

ayer


Intelligent Workload Management

Intelligent workload management enables IT organizations to manage and optimize heterogeneous computing resources in a policy-driven, secure and compliant manner across physical, virtual and cloud environments to deliver business services for end customers.

IntelligentWORKLOADManagement


Business Service Management



IT Service Management



Physical Virtual Cloud

The Customer Challenge:Manage a Siloed Infrastructure

Governance and Compliance



Internal Cloud (On-Premise) External Cloud (Off-Premise)

Firewall





Intelligent Workload Management:From Silos to Services

Internal Cloud (On-Premise) External Cloud (Off-Premise)

Build

Secure

Manage

Measure

Firewall

Physical Virtual Cloud


Isolated Identity Awareness

Business Service

Management

IT ServiceManagement

Security andComplianceManagement

Purpose-Built Operating

System

Business Service

Management

IT ServiceManagement

Security andComplianceManagement

GeneralPurpose

Operating System

WorkloadIQ™:Integrating Identity to Turn Silos into Services


NovellServices

and Partners

WorkloadIQ: Services

Documents

Compliance Management Solutions from Novell · 2015-05-11 · Certification Manager Novell Roles ... Partnering with GRC Management Firms Like SAP • Enterprise-wide control enforcement