Upload
grant-hoover
View
223
Download
0
Tags:
Embed Size (px)
Citation preview
Risk Based Identity Governance
Ken Willén, Senior System Engineer NetIQ
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.2
• Identity governance is often a time-consuming necessity, of which it can be hard to prove the business value
• With Risk Based Governance, the required re-certifications will be based on the risk the different entitlements poses to the business and the employees actual use or misuse of them
3
All types of attacks misuse Identities!• Insider attacks
• Accidental disclosures• Hackers• Advanced Persistent Threats
Identity is the key
5
Focus on the basicsIdentity, Access & Security together
Enforce access controls
Monitor user
activity
Minimizerights
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.6
Minimize rights - Re-Certification
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.7
The Burden of Re-certification
• Cost: Static re-certification schema:– Re-certification of users with no change
• Security: Re-certification according to potential risk– Re-certification schema does not follow increased/de-creased
actual company risk
– Re-certification is done with no insight in real use or potential misuse of entitlements
– Too many re-certifications leads to bulk execution
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.8
Risk Based Re-Certification - Identity, Access and Security Together
Has he logged on to the application in the last 6
month?
Do he show suspicious behavior on high risk
applications?
Has his entitlements changed since the last
full review?
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.9
Context Enrichment
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.10
Summary
• Identities poses a threat to our business
• Re-certification can minimize risk - but is costly
• Risk Based Re-certification improves security and reduces costs
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.11
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
Copyright © 2014 NetIQ Corporation and its affiliates. All Rights Reserved.
ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other countries.