IDM & IAM 2012

IDM/IAM

Identity & Access

Management

Tell me and I’ll forgetShow me and I may rememberInvolve me and I’ll understand

Sigal Russin ,

VP & Senior Analyst

Sigal Russin’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic

2

Is it identity?


3

Identity and Access Management

AccessControl

DirectoryServices

IdentityAdministration

Strong Authentication & Authorization

Risk Based AccessControl

Single Sign-OnFederation

Web Services Security

Identity & OrganizationLifecycle

AdministrationEnterprise Role Mng

Provisioning &Reconciliation

Compliance Automation

Virtualization

Synchronization

Storage

Service Levels Risk Analysis Forensics Configuration Performance Automation

Management

Audit Data Attestation Fraud Detection Segregation of Duties Controls

Audit & Compliance


4

Where to start ?!


5

Explosion of IDs

# of

Digital IDs

Time

Mainframe

Client Server

Internet

Business

Automation

Company

(B2E)

Partners

(B2B)

Customers

(B2C)

Mobility

Pre 1980’s 1980’s 1990’s 2000’s


6

“Identity Chaos”

Lots of users and systems required to do business

Multiple repositories of identity

information;

Multiple user IDs, multiple passwords

Decentralized management, ad hoc data

sharing


IDM – Identity Management

7


8

5 Core Elements of ID Management

FederatedFederatedIdentity


9



10



11

What’s next…


12

Before Implementing Access Management


13

After Implementing Access Management


14

Trends Impacting IAM and privacy management sectors

Gartner, Egham, UK, January 31, 2012, Summit 2012, March 12-13, London

Tactical identity

• IAM projects will generally be limited in scope and schedule to help ensure success.

Identity assurance

• Demands for stronger authentication and more mature identity provider infrastructures will raised.

• You need to know which providers you are trusting, why, and for what.


15



The identity bridge

• A new architectural component is needed to manage the flowof identity information between cooperating organizations.

• The edge of the organization is to look inward and outward simultaneously.

Authorization

• It will grow more complex and more urgent due to continuing regulatory pressure.

• Authorization will assume a place as a first-class business function.


16



The sea of tokens

• The new tokens-and-transformers architecture is more

modular, more flexible and more loosely coupled.

Policy battles

• Privacy and identity theft are having a serious impact on business operations and viability.

• The business community, law enforcement and national security communities will continue to fight over identification,

privacy laws and regulations.


Identity Management Market

17

Overlap without integration causes consternation and cost

� Around 60 vendors in IDM

Directory

Meta-directory

Appliances

Access Management

Virtual Directory

Provisioning

Password Management

Authentication


18

IAM's Biggest Concerns

HP Research Report, Security & Risk Management Survey Conducted by Coleman Parkes

Research, 2012


19

Be Aware - Most of IDM projects failed

1

• Allocating human resources for maintenanceIDM project

• Allocating human resources for maintenanceIDM project

2• Project Leaders: HR with cooperation of IT • Project Leaders: HR with cooperation of IT

3• Support from organization's high management• Support from organization's high management

4

• Sharing and training of all organization departments

• Sharing and training of all organization departments


20

Most of IDM projects failed - Be Aware!

5

• Data Cleansing: job definitions include user authorizations

• Data Cleansing: job definitions include user authorizations

6

• Mirroring to organization processes – workflows will maximize ROI

• Mirroring to organization processes – workflows will maximize ROI

7

• If you choose a product make sure about the integration to all organization systems -Learn the product!

• If you choose a product make sure about the integration to all organization systems -Learn the product!

8

• Step by Step-integration special groups on AD with one organizational system (SAP, billing, CRM etc.)

• Step by Step-integration special groups on AD with one organizational system (SAP, billing, CRM etc.)


21

Market Overview

Vendor Access ProvN Passwd Meta AuthN

IBM � � � � �

Novell � � � � �

Oracle � � � � �

CA � � � �

Microsoft � � � � �

Netegrity � � � �

Oblix � � � �

RSA � � � �

Entrust � � � �

� = Partner provided


22

Identity & Access Management- Israeli Market Positioning 1Q10-11

Lo

cal S

up

po

rt

Market Presence

IDM\IAM Player

This analysis should be used with its

supporting documents

Worldwide Leader

Prominent WAM Player

CANovell

BMCMicrosoft Velo (OS)

IBM

Oracle-Sun

Quest

SAP

Using this

technolog

y

27%

Evaluating

\Not using

73%

Estimated Technology

Penetration


23

2012 World Leaders in Cloud Identity Management

Market Presence

Forrester Survey


24

IDM Benefits

Centralize Security

Enforce Audit

Policies

Enhance Visibility

Detect Security,

Regulatory

Automate Auditing

Procedures

Maintain Control

Over Data Assets


25

2013 Will Change Enterprise IDM

By UCStrategies Staff November 14, 2012

�The rise of stateless identity

�ID standards

�Dissolving internal/external

boundaries

�Identity assurance

“It’s tough to pull your

head up from the static

world of on-premises user

management to the more

dynamic world.”2013 Planning Guide: Identity and Privacy, by Ian Glazer


26

Recommendations

Organization should translate the business world into project specification process

Do not try to fit the IDM system to your organization

Before starting – define SOW -> Consider alternatives-> POC for business process

Organization limits – try to start IDM inside the organization

Matching expectations of project initiators, users and

decision makers

Marketing the project to show the meanings and painful problems


27

Recommendations

Small steps such as Gradual connection to organization systems, initial provisioning, role based access control etc.

Standardization- you don’t need to update the system all the time

Organization password policy can take a part on IDM project – SSO on the last stage

Workflows- pay attention for duplication or conflict in organizational identities

Organizational Tree - reflect the organizational structure in HR and IT

Each department has a manager (referant) who responsible for management permissions to the same department


28

Scan Me To Your Contacts:

Thank You!

Documents

IDM & IAM 2012