Post on 02-Jun-2018
transcript
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 1/29
© 2006 IBM Corporation
Tivoli LIVE -- Identity ManagementHursley Park – 15th June 2006
Casey Plunkett
Director, WW Sales, Tivoli Security
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 2/29
IBM IT Service Management
© 2006 IBM Corporation2 2006 ITSM Partner Summit
Agenda
Identity Management Drivers
Tivoli Identity Management Overview
Deployment Proof Points
Analysts’ Perspective
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 3/29
IBM IT Service Management
© 2006 IBM Corporation3 2006 ITSM Partner Summit
Gather businesscomplianceinformation
Establ ish Trust and Comp l iance
Evaluatebusinesscompliance Report
Create SecurityControls &Compliancecriteria
Protect Systems
Build andDeploy softwarepackages
Verify installimages andrequest changes
Request Updatedinstall images
Learn aboutvulnerabilities
Windowstools
Windowsexperts
Internettools
Internetexperts
Applicationtools
Applicationexperts
Unixtools
Unixexperts
Databasetools
Databaseexperts
Integrationtools
Integrationexperts
Linuxtools
Linuxexperts
Mainframetools
Mainframeexperts
Networktools
Networkexperts
Storagetools
Storageexperts
Key processes in IT Security ManagementThe activities and processes associated with IT Security Management can be summarizedinto four patterns that will remain current as technology changes.
Manage Threats
Gather and analyzesecurity related
eventsand symptoms
Correlate eventsand InitiateResponse
Report
Process / Service
view of IT Security
Management
Access Management
Privacy Management
Identity Management
Security Controls Definition
Security Compliance
Business Risk Management
Incident Management
Threat Management
Security Event Management
Vulnerability Management
Security Configuration
Security Patch Management
Manage Users
Apply businesssecurity controls
Apply resourcesecurity controls
Gather securitycontrol information
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 4/29
IBM IT Service Management
© 2006 IBM Corporation4 2006 ITSM Partner Summit
Increased Collaboration
Collaboration
T r u s t
Legend
IsolatedOperations
1
Select ‘Trusted
Partners’
2
Value ChainVisibility
3
Industry-CentricValue Web
4
Cross-IndustryValue Coalition
5
C o s t & c o m
p l e x i t y o f
T h r e a t s a n d A d
m i n i s t r a t i o n
Eco-system integrationimproves market agility but
brings with it increased riskcosts in complexity,administration and
vulnerability.
Core Business
Subsidiary/JV
Customer
Partner/Channel
Supplier/Outsourcer
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 5/29
IBM IT Service Management
© 2006 IBM Corporation5 2006 ITSM Partner Summit
Product Life Cycle Management
Phase I Phase II Phase III Phase IV Phase V
IdeationDefinition/
Feasibility Development LaunchPost
Launch
Assessproduct,
team andprocess
performance
Produce andship product
intomarketplace
Fully developproduct/
packagingmanufacturing
process andbusiness plan
Defineconceptsbased on
new
productideas
Identifynew
productideas
The “sweet spot “occurs when process design, organization/performance management
and enabling technologies are integrated and optimized across this value chain
R&D
Packaging and Design GraphicsMarketingOperations and ProductionFinance
Engineering
Brand ManagementSales ManagementPublic Relations/AdsLegal
Key Stakeholders in the PLM Process:
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 6/29
IBM IT Service Management
© 2006 IBM Corporation6 2006 ITSM Partner Summit
PLM (Summary) Reference Architecture
Adapter Instances
Adapter Instances
Resourcesand
Relationships
(RDF store)
AdapterRegistry
Adapter Instances
Workflows
EventRegistry
EventDispatcher
Knowledge
Manager
InferenceRules
InferenceEngine
PresentationManager
Adapter Manager(run-time and monitor)
EventLog
AdminConsole
WPSportlet portlet portletView
Generator
Content
Manager
Log
Adapter Instance
Store
instantiates
WorkflowManager
DocumentRepository
CAD
Team(QuickPlace, Sametime)
ProjectSchedule
Bill ofMaterials
PDM Mktg/Adv.
portlet
Key Needs:•ESSO
•Provisioning
•Directory Integ.
•Access Control
•Root Control
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 7/29
IBM IT Service Management
© 2006 IBM Corporation7 2006 ITSM Partner Summit
Can You Answer the following Questions Across Your Core Business Processes?
1. WHO can use our IT systems?
2. WHAT can these people do on our IT systems?
3. Can I easily PROVE to the auditor what these people did?
Tivoli’s Identity and Access Management productsautomates these internal controls
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 8/29
IBM IT Service Management
© 2006 IBM Corporation8 2006 ITSM Partner Summit
Identity Management Challenges/Opportunities…
How much am I spending on routine password resets?
3-4 times per year, per user and a £14 average cost per call
How long does it take to make new employees/contractors productive?
Up to 12 days per user to create and service accounts
How many of my former employees/contractors still have access to sensitive data?
30-60% of accounts are orphans (potential security exposure)
How confident are we that only the right people have access to our Enterprise data?
70% of fraud cases involving customer data are related to an insider attack
How much time is spent on Account Management by User Community?
– 10-20% of the LoB community typically provides Account Management
How long does it take to pull together reports for an audit?
Can take weeks and some company’s have designated FTE’s for this purpose
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 9/29
IBM IT Service Management
© 2006 IBM Corporation9 2006 ITSM Partner Summit
SecurityCompliance
Manager
IdentityManager
AccessManager
PrivacyManager
IBM’s Integrated Identity Management Portfolio
Users & Applications
Federated IdentityManager
Directory Server
Directory IntegratorNeuSecure
Componentized Strategy
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 10/29
IBM IT Service Management
© 2006 IBM Corporation10 2006 ITSM Partner Summit
Tivoli Identity Manager
Tivoli Identity Manager
Identity
changerequested
Identity Stores
HR Systems
Approvals
gathered
Detect and correct local privilege settings
Access
policy
evaluated
Accounts
updated
Databases
OperatingSystems
Applications
Tivoli Identity Manager
Identity
changerequested
Identity
changerequested
Identity StoresIdentity Stores
HR SystemsHR Systems
Approvals
gathered
Approvals
gathered
Approvals
gathered
Detect and correct local privilege settingsDetect and correct local privilege settings
Access
policy
evaluated
Access
policy
evaluated
Accounts
updated
Accounts
updated
DatabasesDatabases
OperatingSystemsOperatingSystems
Applications Applications
Identity Managerprovisionsaccounts
Access Managerprovides runtime
enforcement
Integrated:: Automated provisioning/de-provisioning from anauthoritative source.
Workflow forprovisioning requests.
Additional user self-service options forpassword reset,registration etc.
Single sign-on forIdentity and Accesscombined administration.
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 11/29
IBM IT Service Management
© 2006 IBM Corporation11 2006 ITSM Partner Summit
ITIM Express 4.6
Request-based provisioning with approvalworkflow
User self-care and password management Intuitive GUI Recertification of user access rights Installed/Bundled adapters Out-of-the-box reporting Email notification HR Feeds Account reconciliation
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 12/29
IBM IT Service Management
© 2006 IBM Corporation12 2006 ITSM Partner Summit
Complete Single Sign-on Management
A
c c e s s C on t r ol
ID
Please enter your IDand password
Login
PasswordC
Flexible Authentication
139576
SECURID
User
Digital Identity Services eMail
Enterprise
Mainframe
eHR
Claims
Federated
Web
eExpenses
Portal
iBanking
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 13/29
IBM IT Service Management
© 2006 IBM Corporation13 2006 ITSM Partner Summit
Tivoli Access Manager Family
Tivoli Access Manager for e-business (TAMeB)
– Web SSO, Centralized Authentication/Authorization/Audit
Tivoli Access Manager for Enterprise Sign-On (TAMES-ESSO)
– Enterprise (or Host) SSO
Tivoli Federated Identity Manager – Federated SSO, Trust Mgmt/Brokering, Web Services Security Mgmt, Cross-
Enterprise Identity Mapping
Tivoli Access Manager for Business Integration (TAMBI)
– WMQ-based Access Control, Data Integrity and Confidentiality
Tivoli Access Manager for Operating Systems (TAMOS)
– Locking down Root in UNIX and LINUX
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 14/29
IBM IT Service Management
© 2006 IBM Corporation14 2006 ITSM Partner Summit
Tivoli XML Gateway Integration
Case in point:
Securely implement web services, secure once for manyapplications, aggregate user interactions and adhere tostrong security protection and verification
Solution:
Helps protect SOA implementations addressing XMLthreats with fine-grain access control. Integrates withTivoli Security for enterprise SOA deployments andcentralized security policy management
XS40 XML SecurityGateway
Identity, Security and
Directory Services
Centralized Security Policy
Management
DataRepository
Policy-driven securitygateway for web services
EnterpriseDirectory
Suppliers
Partners
Users
Liberty
SAML
WS-Federation
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 15/29
IBM IT Service Management
© 2006 IBM Corporation15 2006 ITSM Partner Summit
Security Compliance Management
OperatingSystems
Applications
Workstations
Databases
IT securityCxO
IT Environment
Businessissues:
regulations,standards
IT concernsSlammer,MSBlaster,OS patchespasswordviolations
Users
Checking systems and applications
– For vulnerabilities and identifiesviolations against security policies
Key benefits:
– Helps to secure corporate data and integrity
– Identifies software security vulnerabilities
– Decreases IT costs through automation,centralization, and separation of duties
– Assists in complying with legislative andgovernmental standards
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 16/29
IBM IT Service Management
© 2006 IBM Corporation16 2006 ITSM Partner Summit
Vendor integration for faster time-to-valueDesktop SSO ActivCard ActivClient Microsoft Kerberos (SPNEGO) Microsoft NTLM
Directory sync & virtualization Aelita Ent. Directory Manager IBM Tivoli Directory Integrator OctetString Virtual Directory Radiant Logic
Encryption, SSL & VPN Aventail EX-1500 Eracom ProtectServer Orange IBM 4758 IBM 4960 Ingrian Secure Transaction Appliance nCipher nForce
Neoteris IVE
Integration and Consulting 3000 trained personnel across
Business Partners worldwide
Messaging security IBM WebSphere BI Message Broker IBM WebSphere BI Event Broker IBM WebSphere MQ
Web Server Plug-in Apache IBM HTTP Server
IBM WebSphere Edge Server Microsoft IIS Sun ONE Web Server
Web Application Server BEA WebLogic Server IBM WebSphere App. Server
(Any J2EE Platform) Microsoft .NET
Web Portal Server BEA WebLogic Portal (SSO) IBM WebSphere Portal
Plumtree Portal* Sun ONE Portal Server (SSO)
XML and Web Services DataPower Digital Evolution / SOA Software Forum Systems Layer 7 SecureSpan Gateway Reactivity XML Firewall VordelSecure
Application Single Sign-On Adexa collaboration products (9) Blockade ESconnect Broadvision One to One Cash-U Pecan Centric Product Innovation (3) Citrix Metaframe / Nfuse XP Documentum Content Server/Webtop Documentum eRoom IBM Content Manager IBM Host on Demand IBM Host Publisher IBM Lotus Domino IBM Lotus iNotes IBM Lotus Quickplace IBM Lotus Sametime IBM Lotus Team Workplace Intelliden R-Series
Interwoven TeamSite Kana Platform Kintana Suite (Mercury Interactive) Microsoft Exchange (OWA) Microsoft SharePoint Portal/Services OpenConnect WebConnect Oracle Application server PeopleSoft Enterprise Application PeopleSoft Enterprise PeopleTools Rocksteady Rocknet SAP Enterprise Portal SAP Internet Transaction Server Secur-IT C-Man
Secur-IT D-Man Siebel Sourcefire ISM Sun Calendar Server* Sun Messenger Server* Vasco Digipass (via C-Man)
* By request
Platform & Traffic Mgmt. Crossbeam Security Svcs. Switch F5 Networks BIG IP Sanctum AppShield
Strong Authentication ActivCard Aladdin Knowledge Systems Daon Engine (Biometrics) Entrust TruePass VeriSign
UNIX Deployment Lockdown HP-UX IBM AIX IBM DB2 IBM HTTP Server IBM WebSphere App. Server Oracle DB Red Hat Linux Sun Solaris SuSE Linux
User repository CA eTrust Directory IBM Tivoli Directory Server Microsoft Active Directory Novell eDirectory Siemens Nixdorf DirX Directory Sun ONE Directory Server Vasco Digipass
Integration factory
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 17/29
IBM IT Service Management
© 2006 IBM Corporation17 2006 ITSM Partner Summit
Tivoli Identity Management Proof Points…
on demand Solution: – Automate user provisioning, discovery and correction of invalid access
Case Studies:
Saves $500k/year in HR Enrollment process for 20k employees
Products:
– IBM Tivoli Identity Manager (TIM)
Up to 40% of user access is invalid – IT must spend weeks manually provisioning and auditing useraccess to business systems
1 week...
3 weeks…
…to 10 minutes
…to 20 minutes andprovisioning costs cut 93%
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 18/29
IBM IT Service Management
© 2006 IBM Corporation18 2006 ITSM Partner Summit
Tivoli Identity Management Proof Points…
on demand Solution: – Automate user provisioning, discovery and correction of invalid access
Case Studies:
Deployed Provisioning for 9,000 employees across 80 endpoints,
6 countries and 20 roles within 90 days
5 days to implement Provisioning (TIM Express) across 2,500 users
Products:
– IBM Tivoli Identity Manager (TIM) or TIM Express, IDI and TAMeB
Up to 40% of user access is invalid – IT must spend weeks manually provisioning and auditinguser access to business systems
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 19/29
IBM IT Service Management
© 2006 IBM Corporation19 2006 ITSM Partner Summit
Tivoli Identity Management Proof Points…
on demand Solution: – Single sign-on and self-service for password resets
Case Studies:
Most successful IT project in 25 years – cost justified in 8 months
Orange projects savings of millions of Euros annually (4M Secure SOA users)
Product: –IBM Tivoli Access Manager for Enterprise Single Sign-On
– SOA: IBM Tivoli Federated Identity Manager
Up to 50% of help desk calls are for password resets – Every call incurs 14 in IT costs
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 20/29
IBM IT Service Management
© 2006 IBM Corporation20 2006 ITSM Partner Summit
Process Obtain a list of orphanaccounts and determinevalidity
Complianceand Audit
Issue
Link all user accounts to
an identity
BusinessProcessInefficiency
Manual processes,custom scripts
IBM on
demand Approach
Automated reconciliation
Proof Point Wall Street Example
Identity Manager
Tivoli Identity Manager
Identity
change
requested
Identity Stores
HR Systems
Approvals
gathered
Detect and correct local privilege settings
Access
policy
evaluated
Accounts
updated
Databases
OperatingSystems
Applications
Tivoli Identity Manager
Identity
change
requested
Identity
change
requested
Identity StoresIdentity Stores
HR SystemsHR Systems
Approvals
gathered
Approvals
gathered
Approvals
gathered
Detect and correct local privilege settingsDetect and correct local privilege settings
Access
policy
evaluated
Access
policy
evaluated
Accounts
updated
Accounts
updated
DatabasesDatabases
OperatingSystemsOperatingSystems
Applications Applications
Identify Orphan Accounts
Business Process: User Validation
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 21/29
IBM IT Service Management
© 2006 IBM Corporation22 2006 ITSM Partner Summit
Process Implement rules forapplication access consistently
Complianceand AuditIssue
Consistent policyimplementation
BusinessProcessInefficiency
Up to 30% ofdevelopment costs forsecurity infrastructure.Too many passwords toremember.
IBM on
demand Approach
Centralized Application
Access Control and SSOacross applications.
Proof Point T. Rowe Price – $13.5Mreduction in developmentcosts
Access Manager
Business Process: New Business Initiative
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 22/29
IBM IT Service Management
© 2006 IBM Corporation23 2006 ITSM Partner Summit
Tivoli Identity Management -- Facts of Interest
>1,500 Access Management customers
>500 Provisioning customers
~20% of IdM customers are small & medium businesses
>3,000 professionals trained and certified to deploy IBM Identity
Management solutions worldwide
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 23/29
IBM IT Service Management
© 2006 IBM Corporation24 2006 ITSM Partner Summit
Tivoli Identity Management -- Facts of Interest
IBM Tivol i Secu r i ty so ftware is used by:
•15 of the top 20 commercial Banks worldwide
•6 top Healthcare companies worldwide
•4 of the top 5 Telecommunications companies worldwide•6 of the top 10 Aerospace and Defense companies worldwide
•7 of the top 10 Computer and Data Services companies worldwide
S
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 24/29
IBM IT Service Management
© 2006 IBM Corporation25 2006 ITSM Partner Summit
IBM Identity Management SolutionsContinue to be Recognized for Leadership
2006 Provisioning Leadership Position – Gartner Magic Quadrant
2005 #1 Provisioning Vendor, Gartner Vendor Selection Tool
2005 Frost & Sullivan Global Market Leadership Award for Identity
Management
2005 Frost & Sullivan Market Leader designation for Access Management
2005 #1 Provisioning and Web SSO Vendor, IDC 2005 Web Services Leadership Position, Gartner Magic Quadrant
2004 SYS-CON Best Web Services Security Solution Award
IBM IT S i M t
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 25/29
IBM IT Service Management
© 2006 IBM Corporation26 2006 ITSM Partner Summit
Analyst View:Identity and Access Management Market Share (IDC)
Source: IDC, Worldwide [IAM] Market Forecast 2005-2009, Market Share for Web SSO and User Provisioning in 2004
IBM Tivoli 35%
CA
34%
Oracle
7%
Novell
7%
BMC
5%
Sun
4%
HP
4%
RSA
3%
Microsoft
1%
IBM IT S i M t
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 26/29
IBM IT Service Management
© 2006 IBM Corporation27 2006 ITSM Partner Summit
Frost & Sullivan- Provisioning Market Share- Feb 2006
IBM IT S i M t
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 27/29
IBM IT Service Management
© 2006 IBM Corporation28 2006 ITSM Partner Summit
Frost & Sullivan- Web Access share- Feb 2006
IBM IT Ser ice Management
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 28/29
IBM IT Service Management
© 2006 IBM Corporation29 2006 ITSM Partner Summit
Gartner- Web Services Magic Quadrant
IBM IT Service Management
8/11/2019 Tivoli Security Overview 061506test
http://slidepdf.com/reader/full/tivoli-security-overview-061506test 29/29
IBM IT Service Management
© 2006 IBM Corporation30 2006 ITSM Partner Summit