23
Identity-aware Infrastructure Identity at the Center of Security, Compliance & IT Operations Darran Rolls, CTO & CISO

Identity-aware Infrastructure

  • Upload
    others

  • View
    0

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Identity-aware Infrastructure

Identity-aware InfrastructureIdentity at the Center of Security, Compliance & IT Operations

Darran Rolls, CTO & CISO

Page 2: Identity-aware Infrastructure

SailPoint at a Glance

World’s largest, dedicated IAM vendor• Based in Austin Texas, USA• Operations in 15 countries• 300 Partners worldwide• Customers in every vertical

The leader in identity governance

Page 3: Identity-aware Infrastructure
Page 4: Identity-aware Infrastructure

Identity Governance market leadership

GartnerMagic Quadrant for IGA, 2017

ForresterWave for IMG, 2016

KuppingerCole Report, Leadership Compass, 2017

Page 5: Identity-aware Infrastructure

Evolution #1Delegate

Administration

Generation #2Automated

Provisioning

20041998 2018

Generation #3Identity

Governance

20 Years of Identity Management Evolution

Page 6: Identity-aware Infrastructure

Evolution #1Delegate

Administration

Generation #2Automated

Provisioning

20041998 2018

Generation #3Identity

Governance

20 Years of Identity Management Evolution

ü Business user focused

ü Full lifecycle

ü Embedded controls

ü Securing & managing

all access

Page 7: Identity-aware Infrastructure

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved.

Securing & Managing Access

Page 8: Identity-aware Infrastructure

Securing & Managing Access

People Access Data

Unstructured

Structured

ApplicationPeople

Applications

Devices

Authentication

Bio-Metric

WebBased

SAMLBased

PasswordBased

PKIBased

OAuthBased

Authorization

ApplicationSpecific

AttributeBased

SystemDefined

VaultedCreds

GroupBased

RoleBased

Page 9: Identity-aware Infrastructure

Identity & Access Governance

People Access Data

Bio-Metric

WebBased

SAMLBased

PasswordBased

PKIBased

OAuthBased

ApplicationSpecific

AttributeBased

SystemDefined

VaultedCreds

GroupBased

RoleBased

Who has Access to What and Why…

Page 10: Identity-aware Infrastructure

Identity & Access Governance

People Access Data

Bio-Metric

WebBased

SAMLBased

PasswordBased

PKIBased

OAuthBased

ApplicationSpecific

AttributeBased

SystemDefined

VaultedCreds

GroupBased

RoleBased

Automation, Delegation and Self-service

Page 11: Identity-aware Infrastructure

Identity & Access Governance

People Access Data

Bio-Metric

WebBased

SAMLBased

PasswordBased

PKIBased

OAuthBased

ApplicationSpecific

AttributeBased

SystemDefined

VaultedCreds

GroupBased

RoleBased

Visibility & Control = Identity Governance

Page 12: Identity-aware Infrastructure

Identity

Governance

Program Objectives

Page 13: Identity-aware Infrastructure

NIST 800-53 Control Groups

Page 14: Identity-aware Infrastructure

Identity Governance Program Objectives

Enabling efficient & accurate user access

Protecting access to applications and data

Staying compliant amidst mounting regulations

Cloud and on-premise applications and data…

IncreasedProductivity

Lower Security Risk

SustainableCompliance

Page 15: Identity-aware Infrastructure

Objective #1: Increased Productivity

• Joiner MOVER & leaver controls…

• Fine-grained access control…

• Delegated administration…

• End-user self-service…

IncreasedProductivity

Page 16: Identity-aware Infrastructure

Objective #2: Lower Security Risk

• Understanding access risk…

• Password management…

• File & access governance…

• De-provisioning & security response…

Lower Security Risk

Page 17: Identity-aware Infrastructure

Objective #3: Sustainable Compliance

• Access reviews…

• Detective and preventive policy controls…

• Data ownership & responsibility…

• Reporting & analytics…

SustainableCompliance

Page 18: Identity-aware Infrastructure

Identity-aware Infrastructure

Page 19: Identity-aware Infrastructure

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved.

Page 20: Identity-aware Infrastructure

Understanding Key Relationships

DataEntitlementAccountIdentity

Darran Rolls

[email protected]

Group=Accounting

\\Shares\HR(read)

\\Shares\Corp(read write)

Group=Users \\Shares\doc3(read)

RACF1232123

SYSDBA

Data Profile1

Data Profile2

SYSOPER Data Profile3

Identity Account Entitlement Data

Page 21: Identity-aware Infrastructure

SIEM & DLP

Applications & Infrastructure

Mobile DeviceManagement

Identity-enabled Infrastructure

Integrated ResponsiveEcosystem

DataGovernance

User Behavior Analysis

PrivilegedUser Mgmt.

GRC

IT ServiceManagement

Shared Context& Actions

Security Infrastructure Identity Governance & AdministrationOperations Infrastructure

Page 22: Identity-aware Infrastructure

EndpointManagement

Access Management

Privileged Account Mgmt.

SIEM

Systems Management

Service Management

GRC

Enterprise Mobility Management

User Behavior Analysis

SailPoint Open Identity Platform

Page 23: Identity-aware Infrastructure

23

[email protected]


Identity Aware Synthesis for Cross Resolution Face ...iab-rubric.org/papers/cross_resolution_2018.pdf · Identity Aware Synthesis for Cross Resolution Face Recognition Maneet Singh,

Identity Aware Synthesis for Cross Resolution Face ...iab-rubric.org/papers/cross_resolution_2018.pdf · Identity Aware Synthesis for Cross Resolution Face Recognition Maneet Singh,

Documents
Developing a Socially-Aware Engineering Identity Through Transdisciplinary Learning

Developing a Socially-Aware Engineering Identity Through Transdisciplinary Learning

Education
Identity & Infrastructure Applications Development & Release Plans Tim Purkiss

Identity & Infrastructure Applications Development & Release Plans Tim Purkiss

Documents
Revisiting Privacy-aware Blockchain Public Key Infrastructure · Keywords: Blockchain · Public Key Infrastructure · privacy · RSA. 1 Introduction Nowadays, Public Key Infrastructure

Revisiting Privacy-aware Blockchain Public Key Infrastructure · Keywords: Blockchain · Public Key Infrastructure · privacy · RSA. 1 Introduction Nowadays, Public Key Infrastructure

Documents
Energy-aware VM Allocation on An Opportunistic Cloud Infrastructure

Energy-aware VM Allocation on An Opportunistic Cloud Infrastructure

Technology
SEC402 Developing Identity-aware apps on Microsoft’s Identity Platform (Part 2) David Mowers Program Manager Microsoft Security Solutions

SEC402 Developing Identity-aware apps on Microsoft’s Identity Platform (Part 2) David Mowers Program Manager Microsoft Security Solutions

Documents
Identity At The Center Of Today's IT Infrastructure

Identity At The Center Of Today's IT Infrastructure

Technology
VO Identity, Attributes, and Infrastructure: Some Basics

VO Identity, Attributes, and Infrastructure: Some Basics

Documents
Service-aware Networks over Shared Wireless Access Infrastructure

Service-aware Networks over Shared Wireless Access Infrastructure

Documents
Identity Theft - United States Army · 2018-07-18 · Identity theft is a serious matter; only by taking precautions and remaining aware can you attempt to avoid identity theft. Identity

Identity Theft - United States Army · 2018-07-18 · Identity theft is a serious matter; only by taking precautions and remaining aware can you attempt to avoid identity theft. Identity

Documents
A Performance-Aware Public Key Infrastructure For Next

A Performance-Aware Public Key Infrastructure For Next

Documents
TopBT: A Topology-Aware and Infrastructure-Independent ...web.cse.ohio-state.edu/hpcs/WWW/HTML/publications/papers/TR-10-1.pdf · TopBT: A Topology-Aware and Infrastructure-Independent

TopBT: A Topology-Aware and Infrastructure-Independent ...web.cse.ohio-state.edu/hpcs/WWW/HTML/publications/papers/TR-10-1.pdf · TopBT: A Topology-Aware and Infrastructure-Independent

Documents
The Oracle Identity Management Platform: Identity … · From IAM Suite to Controls Infrastructure In reaction to this heightened demand for IdM infrastructure, the market continues

The Oracle Identity Management Platform: Identity … · From IAM Suite to Controls Infrastructure In reaction to this heightened demand for IdM infrastructure, the market continues

Documents
TCG Infrastructure WG TPM Keys for Platform Identity for … · 3 TPM Keys for Platform Identity ... infrastructure across the different TCG solution sets ... TCG TCG Infrastructure

TCG Infrastructure WG TPM Keys for Platform Identity for … · 3 TPM Keys for Platform Identity ... infrastructure across the different TCG solution sets ... TCG TCG Infrastructure

Documents
A Context-Aware Method for Verifying User Identity in ...usir.salford.ac.uk/43659/1/Mohammed Al-Jawad.pdf · 1 A Context-Aware Method for Verifying User Identity in Pervasive Computing

A Context-Aware Method for Verifying User Identity in ...usir.salford.ac.uk/43659/1/Mohammed Al-Jawad.pdf · 1 A Context-Aware Method for Verifying User Identity in Pervasive Computing

Documents
Defining Identity and Identity Infrastructure Web viewAn identity infrastructure is a collection of processes, technologies, and policies for managing digital identities and controlling

Defining Identity and Identity Infrastructure Web viewAn identity infrastructure is a collection of processes, technologies, and policies for managing digital identities and controlling

Documents
Adaptive Deep Metric Learning for Identity-Aware …openaccess.thecvf.com/content_cvpr_2017_workshops/w6/...Adaptive Deep Metric Learning for Identity-Aware Facial Expression Recognition

Adaptive Deep Metric Learning for Identity-Aware …openaccess.thecvf.com/content_cvpr_2017_workshops/w6/...Adaptive Deep Metric Learning for Identity-Aware Facial Expression Recognition

Documents
Target Identity-aware Network Flow for Online …tvg/publications/2015/MOT_SSVM_CVPR...Target Identity-aware Network Flow for Online Multiple Target Tracking Afshin Dehghan 1Yicong

Target Identity-aware Network Flow for Online …tvg/publications/2015/MOT_SSVM_CVPR...Target Identity-aware Network Flow for Online Multiple Target Tracking Afshin Dehghan 1Yicong

Documents
SEC320 Developing Identity-aware apps on Microsoft’s Identity Platform (Part 1) David Mowers Program Manager Microsoft Security Solutions

SEC320 Developing Identity-aware apps on Microsoft’s Identity Platform (Part 1) David Mowers Program Manager Microsoft Security Solutions

Documents
An Infrastructure Approach to Context-Aware Computingjasonh/publications/hci... · In the following sections, we discuss the advantages of an infrastructure approach to context-aware

An Infrastructure Approach to Context-Aware Computingjasonh/publications/hci... · In the following sections, we discuss the advantages of an infrastructure approach to context-aware

Documents
Secure Modern Enterprise€¦ · SECURE MODERN ENTERPRISE Identity Apps and Data Infrastructure Devices Identity Embraces identity as primary security perimeter and protects identity

Secure Modern Enterprise€¦ · SECURE MODERN ENTERPRISE Identity Apps and Data Infrastructure Devices Identity Embraces identity as primary security perimeter and protects identity

Documents
EUROPEAN IDENTITY STRATEGY 1 NICOLE HARRIS e-Infrastructure Summer Workshops, Federated Identity Technology

EUROPEAN IDENTITY STRATEGY 1 NICOLE HARRIS e-Infrastructure Summer Workshops, Federated Identity Technology

Documents
Privacy-Aware Design for Physical Infrastructure

Privacy-Aware Design for Physical Infrastructure

Documents
Resource Aware GPU Scheduling in Kubernetes Infrastructure

Resource Aware GPU Scheduling in Kubernetes Infrastructure

Documents
Identity management in the European Grid Infrastructure · EGI‐InSPIRE RI‐261323 EGI‐InSPIRE Identity management in the European Grid Infrastructure Established solutions, new

Identity management in the European Grid Infrastructure · EGI‐InSPIRE RI‐261323 EGI‐InSPIRE Identity management in the European Grid Infrastructure Established solutions, new

Documents
Identity Management Infrastructure in the UAE

Identity Management Infrastructure in the UAE

Technology
Identity Management Infrastructure Protocols for …primelife.ercim.eu/images/stories/deliverables/d6.1.1-idm...Identity Management Infrastructure Protocols for ... (SAP), Gregory

Identity Management Infrastructure Protocols for …primelife.ercim.eu/images/stories/deliverables/d6.1.1-idm...Identity Management Infrastructure Protocols for ... (SAP), Gregory

Documents
Identity intelligence: Threat-aware Identity and Access Management

Identity intelligence: Threat-aware Identity and Access Management

Technology
Sun Infrastructure Solution for Network Identity

Sun Infrastructure Solution for Network Identity

Documents
Security Infrastructure for Context-Aware Middleware

Security Infrastructure for Context-Aware Middleware

Documents