Upload
andrew-ames
View
15
Download
1
Tags:
Embed Size (px)
Citation preview
Turning Critical Regulatory Findings
Into Enterprise Organizational Wins
Andrew AmesVice President, Identity & Access Management
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Agenda
Regulatory Environment Data Explosion Shifting IT Landscape Risk Approach Enterprise Wins
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Meeting Today’s
Compliance Demands
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Information Explosion
• 50x… Growth in the Amount of Enterprise Information Managed Over the Next Decade
• 1.5X… Growth in the Number of IT and Internal Audit Professionals, over the same time period
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Yesterday…
Data (applications)
Devices
People
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Yesterday…
Data(applications)
Devices
People
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Today…
Applications
Devices
People
+ Legacy, + Cloud, + Custom
Data(applications)
Devices
People
+ iPhone, + Android, + iPad
+ Remote, + Partners, + Customers
Identity
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
8x increase compliance mandates
Summary
50x explosion in managed data
Hybrid (disruptive) IT environment
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Still Need to Demonstrate Compliance
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Root of all Risk
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Risk Level Approach
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Enterprise Wins
Improve visibility and reduce access risks
Strengthen audit controls
Spend less time/money demonstrating compliance
Improve decision making
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Enterprise Win (Role Modeling)
Enterprise Roles• Employee• Consultant• Student • Vendor
Org Unit • PO • Surgery• Acad. Affairs• Pediatric • Psych • ITS
Fund Center • Primary Care-East• Accounting• Payroll• Infrastructure• Security & IDM
Job Roles• Physician • Patient Coord.• Payroll Clerk• Engineer
Application Roles• EPIC – MR Physician• SAP – Time Administrator• GECB – Billing Acct. Receivable• AD – Surgery
Automation Review & Approve
• Data Driven• Little
Administration• Little Certification
• Access Request Driven
• Potential Automation
• Periodic Certification
• Increased Approvals
• Partial Automation
• Rule Based Cert.
Goal: Move the “automation” line as far to the right as possible.
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Enterprise Win (maturity for provisioning)
Average time to provision access for new hires:
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Enterprise Win - SSO
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Act Now…
© 2012 FishNet Security Inc. All rights reserved.© 2012 FishNet Security Inc. All rights reserved.
Questions
Andrew AmesVice President, Identity & Access ManagementFishNet [email protected]