Date post: | 25-Dec-2015 |
Category: |
Documents |
Upload: | myles-gordon |
View: | 221 times |
Download: | 0 times |
© 2010 Wipro Ltd - Confidential
Evolution of Identity As A Service(IDAAS)
Oct 2010
Vinod MuniyappaGeneral Manager – Application & Data SecurityEnterprise Security Solutions, Wipro Technologies
© 2010 Wipro Ltd - Confidential2
• Challenges eluding large scale success in Traditional “In-Sourced” IAM Programs
• Evolving “IDAAS” Models
• IDAAS– Principles– Components– Solution Highlights & Architecture– Roadmap– Summary of Benefits
• Evolution of Wipro’s IAM
Agenda
© 2010 Wipro Ltd - Confidential3
Challenges eluding large scale success in Traditional “In-Sourced” IAM Programs
• Cost • High Op-ex in Manual User Access• Management• Significant Capex for rolling out a • new IAM platform
IAM JourneyIAM Journey
• 3 R’s of IAM – A Customer’s View• ROI
• Seems “Utopian” - Not confident of achieving the promised returns
• Difficulty in separating the hype from reality
• Risks• Cost and time over-runs• All the Risks of an Enterprise wide initiative• Prohibitive cost of failure
• Resources• Financial and Budgetary Constraints• Right Technical and Managerial Talent
• Disparate Environments• Scalability Issues• Technology limitations
Project Initiation
Delayed Application Onboarding
Post M&A IAM Integration
• Compliance • High compliance risk due to manual
process
Technology Limitation
Program Cost Escalation
Delayed IAM Foundation
(5-6 months)
© 2010 Wipro Ltd - Confidential4
Tipping the Identity Mgmt Value Balance – The Only Mantra for IAM Program Success!
The biggest challenge of management in most YOY identity management programs is reducing the Unit Cost Per Admin Operation and at the same time increasing the associated
benefits of IAM
Identity ManagementValue Balance
Operations Technology Reporting
Identity GRC
How can the balance be
tipped favorably?
Annualized UserAdmin Op Ex
+ IdentityGRC
User Provisioning
Role Lifecycle
ManagementFederated
IdentityManagement
Annualized Capital Expenses towards User Administration Tools, AMC, Application
Integration Costs
Annual Cumulative User / Role Mgmt Service Ticket Requests
Reduce / Lighten the UnitCost of IAM (Operational / Tactical Goal)
Increase the Strategic Benefits ofIAM
Increased Employee
Productivity
Increased Access Accountability &
Security
Regulatory Compliance
© 2010 Wipro Ltd - Confidential5
Introducing Identity Service
Annualized UserAdmin Op Ex
+ IdentityGRC
User Provisioning
Role Lifecycle
ManagementFederated
IdentityManagement
Annualized Capital Expenses towards User Administration Tools, AMC, Application
Integration/Automation Costs
Annual Cumulative User / Role / Compliance Reporting Service
Ticket Requests
Layers of Identity
Assurance
An organization needs to align its IT Security governance process to achieve an optimal level of
harmony between the 3 key enabling layers of Identity Assurance: 1) Operations 2) Technology
Automation 3) GRC Reporting
Unit Cost of Identity
Management
A good indicator of this harmony and optimization is the Unit Cost of Identity Management
Unit Cost of Identity Management
The goal: to develop a Unified Service that integrates these three key enabling layers in a innovative way to deliver identity services at the lowest cost, fastest
speed with maximum value.
IdentityGRC
User Provisioning
Role Lifecycle
ManagementFederated
IdentityManagement
User ManagementOperations
Identity Automation BaseTechnology Platform
IdentityGRC, Analytics& Compliance
Layer 1
Layer 2
Layer 3
© 2010 Wipro Ltd - Confidential6
Defining IDAAS Models*
* As defined by Forrester
IDAAS for SAAS
IDAAS As SAAS
TrustedNetworks
Model Illustration Description
• Enable SSO for Enterprise users to SAAS business applications like Salesforce.com, Google Apps etc
• Companies that want to have user provisioning or single sign-on for their enterprise, internal-facing applications but can’t or don’t want to build out extensive IAM
• Federated identity and access management building the trust fabric and accompanying it with legal agreements
IDAAS
Enterprise 1
Enterprise 1
Enterprise 1
Enterprise 1
IDP
SP 1 SP 2
IDAAS
Salesforce.com
XYZ.com
Enterprise and Public Users
Enterprise 1
Enterprise 2
1
2
3
© 2010 Wipro Ltd - Confidential7
IDAAS – Principles behind Evolution
Principles behind the IDAAS Implementation Strategy
Reduce time to deploy IAM foundation & automate processes
Pre-baked 12 key IAM processes built in and ready to use
Best of Breed Technology platform coverage of IAM and associated functional areas
Integrated a mix of multi-vendor technology platforms for provisioning, SSO etc with multi-tenancy support
Predictable Costs for IAM operations and automation cycles
Standardized deployment, integration and operations model
Stronger Process Security -Pre-baked Best Practices Process implementation
Pre-baked processes
© 2010 Wipro Ltd - Confidential8
Components of IDAAS Offering
JML (Joiner, Mover, Leaver) Process
Components
Provisioning
Resource Access Request
Self Service Component
Compliance
1
2
3
4
5
Wip
ro ID
AA
S
On-boarding, Off-boarding, Update Termination, Rehire, Transfer, Processes pre-configured into solutionCertification / Attestation processes
Automated Role based Provisioning to wide variety application and platforms.Ease of integration and unique model of integration large # of instances
Ease of use self service resource requestSupport for IT, Non-IT resourcesConfigurable approval/delegationUnified request tracking
Attestation/RecertificationReports for various compliance needs
Unique Privilege user password management feature6
Unique Kiosk based password resetConfigurable Profile ManagementChange Password/Set security Q&AHelpdesk Password Reset/unlock account
Privilege User PasswordManagement
© 2010 Wipro Ltd - Confidential9
IDAAS Architecture
© 2010 Wipro Ltd - Confidential10
• Still early stages, but a lot can be done today
• Enterprises– Measure your IAM maturity level – Embrace the SOA lifestyle– Identify identity sources and virtualize an
enterprise identity profile– Document and put in place processes to
govern management and use of identity information
– Get involved!
Roadmap to IDAAS
© 2010 Wipro Ltd - Confidential11
• Identity Services will……reduce complexity through increased ability to
leverage critical identity data while removing the management and replication challenges
…increase security by providing centralized policy management and a controls framework that can dynamically mitigate risks
…create a flexible, adaptable, integrated platform on which to build applications
…makes new types of de- perimeterized, identity-based business functionality viable
IDAAS in Summary
© 2010 Wipro Ltd - Confidential12
Evolution of Wipro’s IAM Capability
Wipro-Websecure Product Vendor
Professional IAM (Type 1)
Managed IAM (Type 2)
IAM In A Rack
IDAAS (Type 3)
1999 2002 2009 2010
Productized Solutions
2006
Professional Services
IAM Transformation
al Services
Award Winning Productized Accelerator
Hosted Solution
© 2010 Wipro Ltd - Confidential13
Wipro’s Enterprise Security Solutions Practice Highlights
Full Service end to end Security Solutions Provider
Global Security Company – Ranked amongst Top 5
Award Winning Solution Frameworks
Innovation & Consulting Led Approach
3300 Security Consultants
Advisory, Implementation, Operations and Managed Services
Over 200 Satisfied Customers
Governance Risk &
Compliance
Identity & Access
Management
Application Security
Data Protection &
Privacy
Security Strategy &
Architecture
Infrastructure
Security
Physical & IT Security
Convergence