Embed Size (px)
Citation preview
Identity and Access Identity and Access ManagementManagement
Strategy and SolutionStrategy and Solution
AgendaAgenda
Business Needs Microsoft’s Strategy Customer Scenarios Solution Accelerators IdM Roadmap Next Steps
Business NeedsBusiness Needs
ExtendedExtendedEnterpriseEnterpriseExtendedExtendedEnterpriseEnterprise
Integrate Partners in Supply ChainIntegrate Partners in Supply Chain Connect with CustomersConnect with Customers Empower the information workersEmpower the information workers
Integrate Partners in Supply ChainIntegrate Partners in Supply Chain Connect with CustomersConnect with Customers Empower the information workersEmpower the information workers
Improve SecurityImprove SecurityImprove SecurityImprove Security Reduce number of userid/passwordReduce number of userid/password Reduce De-provisioning risksReduce De-provisioning risks Enforce policies and improve audit capabilityEnforce policies and improve audit capability
Reduce number of userid/passwordReduce number of userid/password Reduce De-provisioning risksReduce De-provisioning risks Enforce policies and improve audit capabilityEnforce policies and improve audit capability
Regulatory Regulatory ComplianceComplianceRegulatory Regulatory ComplianceCompliance
HIPAAHIPAA Sarbanes Oxley ActSarbanes Oxley Act Gramm-Leach-Bliley Gramm-Leach-Bliley
HIPAAHIPAA Sarbanes Oxley ActSarbanes Oxley Act Gramm-Leach-Bliley Gramm-Leach-Bliley
Reduce Operational Reduce Operational CostsCosts
Reduce Operational Reduce Operational CostsCosts
Provide self-service capabilityProvide self-service capability Decrease IT Security and Management Costs Decrease IT Security and Management Costs Lower application development costsLower application development costs
Provide self-service capabilityProvide self-service capability Decrease IT Security and Management Costs Decrease IT Security and Management Costs Lower application development costsLower application development costs
Consider the factsConsider the facts Too Many User RepositoriesToo Many User Repositories
Enterprises have 68 internal and 12 external account storesEnterprises have 68 internal and 12 external account stores 75% of internal users and 38% of external users are in multiple stores75% of internal users and 38% of external users are in multiple stores
Inefficient Account Provisioning/De-ProvisioningInefficient Account Provisioning/De-Provisioning User management consumes 34% of the total time IT spends on IdMUser management consumes 34% of the total time IT spends on IdM Users gets provisioned in 16 systems and de-provisioned in 10.Users gets provisioned in 16 systems and de-provisioned in 10.
Impact on User Productivity Impact on User Productivity On average IT is managing access to 73 unique applications requiring On average IT is managing access to 73 unique applications requiring
user access.user access. Average user spends 16 minutes a day for loginsAverage user spends 16 minutes a day for logins SSO increases user productivity by 15% and efficiency by 18%SSO increases user productivity by 15% and efficiency by 18%
Increasing IT Operational costsIncreasing IT Operational costs 45% of all help desk calls are for p/w resets45% of all help desk calls are for p/w resets 15% of users will call help desk for p/w reset15% of users will call help desk for p/w reset Organisations are managing on average 46 suppliers, spending over Organisations are managing on average 46 suppliers, spending over
1380 hours managing changes to access privilege.1380 hours managing changes to access privilege.
Source: META Group research conducted on behalf of PricewaterhouseCoopers, June 2002, MSFT InternalSource: META Group research conducted on behalf of PricewaterhouseCoopers, June 2002, MSFT Internal
IAM Adoption DriversIAM Adoption DriversReduce Identity
Related Operational
Costs
Reduce Identity Related
Operational Costs
• Reduce help desk costs for user management and password resets• Reduce cost of provisioning and de-provisioning customers• Reduce the cost of managing multiple user-repositories
• Reduce help desk costs for user management and password resets• Reduce cost of provisioning and de-provisioning customers• Reduce the cost of managing multiple user-repositories
E-Business EnablementE-Business Enablement
• Increase efficiency with supply chain with partner integration• Improve customer experience• Employee portal/personalisation
• Increase efficiency with supply chain with partner integration• Improve customer experience• Employee portal/personalisation
Reduce Risk of Unauthorised
Access
Reduce Risk of Unauthorised
Access
• Auditing and reporting• Rapid revocation of access• Enforcement of security and privacy policy across the enterprise
• Auditing and reporting• Rapid revocation of access• Enforcement of security and privacy policy across the enterprise
Comply with Regulatory
Compliances
Comply with Regulatory
Compliances
• Sarbannes-Oxley Act• GLB Act• HIPAA
• Sarbannes-Oxley Act• GLB Act• HIPAA
IAM Solution RequirementsIAM Solution RequirementsDirectory ServicesDirectory Services
Brings multiple data stores together to form a single digital identity. It includes security and profile information.
ProvisioningProvisioningHow identities are created, modified and retired using taking advantage of user information in the directory infrastructure.Authenticati
onAuthenticati
onProving an identity to a network application or resource. This includes user-id/password log-ons and public key certificates.
Authorisation
Authorisation
Determine the entitlements of the digital identity once it is authorised for access and action performance.
PrivacyPrivacyProvide precise control of access rights and privileges, digital information is secured and privacy is protected.
ApplicationsApplicationsUltimate consumers of digital identity and the enforcers of the entitlements derived from the identity.
Active Directory &Microsoft Identity Integration Server
Active Directory &Microsoft Identity Integration Server
Microsoft Identity Integration ServerMicrosoft Identity Integration Server
Security Services in Windows Server 2003
Security Services in Windows Server 2003
Role Based Access Control in
Windows Server 2003
Role Based Access Control in
Windows Server 2003
Active Directory & Microsoft Identity Integration Server
Active Directory & Microsoft Identity Integration Server
Microsoft Applications
Microsoft Applications
Key Solution ScenariosKey Solution Scenarios
Business to Enterprise
Business toBusiness
Business to Consumer
• Required level of authorisation security• Elimination of multiple sign-ins for all
client platforms• Synchronisation of digital identity
across multiple platforms• Application integration and business
process automation across multiple platforms
• Access to host based systems and management of digital assets located on other platforms
• Secure management of information assets
• Active Directory
• MIIS• Biztalk Server
2004• Host
Integration Server
• Unix, Netware & Mac Services• Establish and maintain trust between
separate but trusted business partners• Federate systems with a single trust
relationship to provide a seamless authentication and authorisation experience
• Active Directory
• Windows Server 2003
• Oblix and OpenNetwork partner products• Extend information systems and
applications to consumer • Outsource consumer authorisation tasks
but still maintain control of authorisation
• Integration with a system or platform that is not supported by a Microsoft product
• Active Directory
• Windows Server 2003
• Microsoft .NET Passport
• Oblix and OpenNetwork
Microsoft IAM ArchitectureMicrosoft IAM Architecture
AD/AMWeb appsWeb apps
.NET Passport.NET PassportWebWebusersusers
UsersUsers
Windows basedInfrastructure
Directory Services Opportunity
Active Directory Sale:• Required level of
authorisation security• Extend information systems
and applications to consumer• Outsource consumer
authorisation tasks but still maintain control of authorisation
Microsoft IAM ArchitectureMicrosoft IAM Architecture
AD/AMWeb appsWeb apps
.NET Passport.NET PassportWebWebusersusers
Windows basedInfrastructure
Multi-Platform Integration Opportunity
BizTalk/HIS/Platform Services• Synchronisation of digital
identity across multiple platforms
• Application integration and business process automation across multiple platforms
• Access to host based systems and management of digital assets located on other platforms
LegacyLegacySystemsSystems
NovellNovell
Unix/LinuxUnix/LinuxBizTalkBizTalk
HISHISSFU/SFNSFU/SFN
UsersUsers
Microsoft IAM ArchitectureMicrosoft IAM Architecture
AD/AMWeb appsWeb apps
.NET Passport.NET PassportWebWebusersusers
Windows basedInfrastructure
Role/Workflow OpportunityMIIS/Trusted Partner Sale:• Elimination of multiple sign-ins
for all client platforms• Establish and maintain trust
between separate but trusted business partners
• Federate systems with a single trust relationship to provide a seamless authentication and authorisation experience
• Integration with a system or platform that is not supported by a Microsoft product
XMLiPlanetDatabases
XMLiPlanetDatabases
NT DomainsNovellLotusOthers
MIISMIIS
UsersUsers
Microsoft IAM Product MappingMicrosoft IAM Product Mapping Directory ServicesDirectory Services Access ManagementAccess Management
AuthenticationAuthentication AuthorizationAuthorization
ProvisioningProvisioning Identity InteroperabilityIdentity Interoperability Account ProvisioningAccount Provisioning Password ManagementPassword Management Application Provisioning/WorkflowApplication Provisioning/Workflow Policy ManagementPolicy Management
Password SynchronizationPassword Synchronization Web Single Sign OnWeb Single Sign On PrivacyPrivacy
-Active Directory-MIIS-Windows Server
-MIIS
-BizTalk-Group Policy
-MIIS-Partners-Windows Rights Management
Consulting OpportunityConsulting OpportunityWillingness to Use Non-Product Vendor
Consulting
On a scale of 1 to 5, where 1 is low willingness and 5 is high willingness
Key TakeawaysKey Takeaways Participants are most Participants are most
willing to use non-willing to use non-product vendor product vendor consulting for consulting for assessment assessment capabilities, followed capabilities, followed by design capabilitiesby design capabilities
1.00 2.00 3.00 4.00 5.00
Assess
Design
Staff Augmentation
Implementation
Post—Implementation Support
Source: 2002 Gartner IAM Final Report21 Executive Interviews with:•Large Enterprises (over 5000 employees)•3 Verticals (Financial, Healthcare and Manufacturing)
Opportunity SummaryOpportunity SummaryProvisioning Applications with Education and ServiceProvisioning Applications with Education and Service
Gartner study showed that enterprises span a continuum in Gartner study showed that enterprises span a continuum in understanding and implementation of IAM enterpriseunderstanding and implementation of IAM enterprise solutions, associated best practices, and relative ROIssolutions, associated best practices, and relative ROIs
Service providers (SPs) that can assist enterprises to architect Service providers (SPs) that can assist enterprises to architect and implement the IAM “solution road map” and help and implement the IAM “solution road map” and help prioritise and assemble the puzzle pieces offer a great value prioritise and assemble the puzzle pieces offer a great value propositionproposition Role-based provisioning Role-based provisioning Workflow Workflow Directory strategiesDirectory strategies
Vendors who can assemble the full solution suite will become Vendors who can assemble the full solution suite will become market leadersmarket leaders User provisioning solutions will perform all user account and User provisioning solutions will perform all user account and
privilege management functionality for both internal and privilege management functionality for both internal and external users for web and non-web applicationsexternal users for web and non-web applications
EAM solutions will perform the real-time enforcement of EAM solutions will perform the real-time enforcement of privileges for the userprivileges for the user
SPs need to help their clients understand the business value of SPs need to help their clients understand the business value of implementing these EAM solutions: increasing end user implementing these EAM solutions: increasing end user productivity, increase focus on business process, and productivity, increase focus on business process, and decrease focus on cumbersome IT processesdecrease focus on cumbersome IT processes
Source: 2002 Gartner IAM Final Report
IdM Solution AcceleratorIdM Solution Accelerator Planning and Implementation GuidePlanning and Implementation Guide Scenarios – Implementation focusScenarios – Implementation focus
Identity aggregation and integrity (multi-systems)Identity aggregation and integrity (multi-systems) Provisioning and de-provisioningProvisioning and de-provisioning Web portal self-provisioningWeb portal self-provisioning Delegated administrationDelegated administration Web SSOWeb SSO SAP integrationSAP integration UNIX workstation Kerberos integrationUNIX workstation Kerberos integration
TechnologiesTechnologies DirectoryDirectory Certificate AuthorityCertificate Authority Kerberos (Windows and UNIX)Kerberos (Windows and UNIX) 33rdrd party Web Single Sign On (OpenNetwork, party Web Single Sign On (OpenNetwork,
Oblix)Oblix)
MS QuickStart Program: MS QuickStart Program: OverviewOverview
Program GoalProgram Goal
Rapidly move customers through Rapidly move customers through evaluation and early planning into evaluation and early planning into product purchase and end-to-end product purchase and end-to-end
implementation servicesimplementation services
Deploy Microsoft software fasterDeploy Microsoft software faster Integrate sales and servicesIntegrate sales and services Predictable partner engagementPredictable partner engagement
MS QuickStart ProgramMS QuickStart Program
Suite of packaged consulting offeringsSuite of packaged consulting offerings Powerful combination of 3 elements:Powerful combination of 3 elements:1.1. Service packagingService packaging
Fixed price, length, scope simplifies saleFixed price, length, scope simplifies sale High value start leads to larger sales High value start leads to larger sales
2.2. Microsoft service delivered by partnersMicrosoft service delivered by partners Microsoft best practices and involvementMicrosoft best practices and involvement Subject matter expert partners primeSubject matter expert partners prime
3.3. Detailed, prescriptive contentDetailed, prescriptive content Deliver higher value at lower riskDeliver higher value at lower risk Allows more customer face timeAllows more customer face time
Customer Solution RoadmapCustomer Solution Roadmap
Evaluate PhaseEvaluate PhasePre-sales Pre-sales coordination of coordination of sales and servicessales and services
MicrosoftSolutions
Framework
CommonDisciplines
&SharedFocus
MicrosoftOperationsFramework
Pla
n
Build
Dep
loy
Operate
Customer ready implementation roadmapCustomer ready implementation roadmap
Implement PhaseImplement PhaseMSF / MOFMSF / MOF
MS QuickStart Plan MS QuickStart Plan services accelerate services accelerate implementationimplementation
MS QuickStartMS QuickStartEvaluate PhaseEvaluate Phase Goal: Convince customer to purchase Goal: Convince customer to purchase
product and consulting to deployproduct and consulting to deploy Support the Server Solutions CampaignSupport the Server Solutions Campaign Use one or more offerings as needed:Use one or more offerings as needed:
Idm BriefingIdm Briefing Architecture Design SessionArchitecture Design Session Proof of Concept WorkshopProof of Concept Workshop Technical environment and business needs Technical environment and business needs
mapped to MS solutionmapped to MS solution
Customer ValueCustomer Value Focused and timely deliveryFocused and timely delivery
Rigorous schedule avoids scope creepRigorous schedule avoids scope creep Low cost, high value starting pointLow cost, high value starting point
Predictable resultsPredictable results Well-documented deliverables help Well-documented deliverables help
customer champion solution internallycustomer champion solution internally Risk assessment flags costly obstacles Risk assessment flags costly obstacles
earlyearly Best practicesBest practices
Experience from many other customersExperience from many other customers Early planning decisions greatly impact Early planning decisions greatly impact
later deploymentlater deployment
Partner ValuePartner Value Easy to sell entry-point servicesEasy to sell entry-point services
Leverage Microsoft brand and IPLeverage Microsoft brand and IP Coordinate with MS salesCoordinate with MS sales
Profitable engagementsProfitable engagements Low cost of saleLow cost of sale Detailed materials lower cost of deliveryDetailed materials lower cost of delivery Good margins in fixed priceGood margins in fixed price
Demonstrate valueDemonstrate value High value, low risk entry-point serviceHigh value, low risk entry-point service Up sell customer on larger engagementUp sell customer on larger engagement
Microsoft ValueMicrosoft Value
MS QuickStart speeds deploymentsMS QuickStart speeds deployments Customer satisfaction = license renewalCustomer satisfaction = license renewal
Predictable way to engage partnersPredictable way to engage partners Defined expectations and resultsDefined expectations and results Joint selling opportunitiesJoint selling opportunities
Clear role for MS ServicesClear role for MS Services Develop and package IP early in product Develop and package IP early in product
lifecyclelifecycle Support partners in deliverySupport partners in delivery
Consultant Resource KitConsultant Resource Kit Consultant Delivery GuideConsultant Delivery Guide
How to structure the engagementHow to structure the engagement Deliverable TemplateDeliverable Template
Starting point for customer deliverableStarting point for customer deliverable Pre-written text key to timely deliveryPre-written text key to timely delivery
Consultant Template GuideConsultant Template Guide Topic-by-topic guide matching deliverable Topic-by-topic guide matching deliverable
templatetemplate Consultant guide, examples, and resourcesConsultant guide, examples, and resources
Resource Planning GuideResource Planning Guide Team members and meeting scheduleTeam members and meeting schedule
TrainingTraining Video of lead author explaining how to deliverVideo of lead author explaining how to deliver
Microsoft IAM RoadmapMicrosoft IAM RoadmapLonghorn Wave
MIIS 3.0 Active Directory Application Mode
2004
XML Web Services Specifications
Jupiter
TrustBridge
2003
SummarySummary Identity management essential part of Identity management essential part of
business strategybusiness strategy Highly leveraged – simultaneously Highly leveraged – simultaneously
increase security and productivity while increase security and productivity while reducing costsreducing costs
Competitive advantage - quickly enable Competitive advantage - quickly enable new scenarios, business opportunitiesnew scenarios, business opportunities
Microsoft and partners deliver Microsoft and partners deliver complete solutioncomplete solution Get more from investment in Active Get more from investment in Active
DirectoryDirectory Cross-platform capableCross-platform capable
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
