1 IAM Program Launch
Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications
Kickstart an IAM program with discovery of business and IT requirements
2 Agenda
• Who? Introductions.• Why? Business drivers.• What? Business processes.• Where? Integrated systems.• When? Priorities and timelines.• How? Best practices guidelines.
3 Introductions
3.1 Hitachi ID and Acme teams
Acme Hitachi ID
• name, resp• name, resp
• name, resp• name, resp
© 2019 Hitachi ID Systems, Inc. All rights reserved. 1
Slide Presentation
4 Business drivers
4.1 Examples
Security Cost Service
Audit, compliance, internalcontrols
Help desk, security admin Onboarding, changemanagement, authentication
• Complete, reliabledeactivation
• Excess, inappropriateentitlements
• Need to find, removeSoD violations
• Control access toprivileged IDs
• Stronger passwords,authentication
• Current rights, changehistory
• Password, lockout callvolumes.
• Workload to setup,change, tear downaccess.
• Frequency and cost ofaudits:
– What fraction ofadmin time is auditrelated?
• Automation replacesroutine work.
• Faster onboarding• Simpler change requests• Clear, fast approvals• Fewer passwords to
remember, type
5 Business processes
© 2019 Hitachi ID Systems, Inc. All rights reserved. 2
Slide Presentation
5.1 The user lifecycle
At a high level, the userlifecycle is essentiallythe same in allorganizations andacross all platforms.
5.2 Examples (part 1)
Onboard Change Support
• Employees• Contractors• Vendors• Customers• Partners• By business unit• By geography• New vs. rehire
• Identity info (name,address, etc.).
• Transfer
– Location.– Department.– Manager.
• Job function (role).• Current work changes
– Files/folders– Application logins.– Fine-grained
entitlements.
• Admin access
• Password, PIN problems• Recover HDD crypto
password• Locked out of VPN.• Access denied errors• At office vs. mobile.
© 2019 Hitachi ID Systems, Inc. All rights reserved. 3
Slide Presentation
5.3 Examples (part 2)
Deactivate Audit
• Building access.• Physical assets.• Network access.• Application logins.• Tombstone (rehire, audit).
• Current rights.• Change history.• Requests, approvals.• Policy violations:
– SoD– Orphan/dormant accts.– Excess/unneeded rights.– Consistently strong authentication.
• Admin activity.
6 Integrated systems
6.1 Examples
Integrate with enterprise apps – manual admin for smaller ones.
Primary login OS DB
• AD• LDAP• Exchange• Notes
• Windows• Unix/Linux.• OS400• OS390• Filesystem/homedir
• Oracle• MSSQL• DB2
App Network Other
• System of record (HR)?• SAP• Oracle EBS• PeopleSoft• Vertical• Custom
• VPN• Smart card• Token
• Building/badge• PC/installed image• Desk phone/VoIP• Mobile phone• Full disk encryption
7 Priorities and timelines
© 2019 Hitachi ID Systems, Inc. All rights reserved. 4
Slide Presentation
7.1 Incremental deployment
• Business processes change.• Infrastructure changes too (application and OS upgrades, etc.).• IAM systems link process to infrastructure• If deployment takes a long time, the delivered system will meet obsolete requirements (pointless).• Conclusion: deliver fast .• There are many possible deliverables.• Conclusion: deliver early and often .
7.2 Prioritize scope
IAM deployments have ever-growing scope:
• Which business processes?• Which integrations?• Which user communities?
Bu
sin
ess
pro
cess
:
Opera
tions:
Systems/applications:
Auto-create
Auto-disable
Synch
Request portal
Approvals
Access cert.
RBAC policy
SoD policy
Manual ful�llment
Manage creds
Processes:
Set password/PIN
Create/delete account
Join/leave group
Set attributes
Enable/disable acct.
Move/rename user (OU)
Create/manage homedir
Create/manage mailbox
Operations:
Client OS
Active Directory, LDAP
Unix/Linux
Exchange, Notes
Oracle, SAP ERP
VPN
RDBMS
Systems/applications
© 2019 Hitachi ID Systems, Inc. All rights reserved. 5
Slide Presentation
7.3 IAM program priorities worksheet
© 2019 Hitachi ID Systems, Inc. All rights reserved. 6
Slide Presentation
8 Best practices guidelines
8.1 IAM program
Hitachi ID’s most successful customers establish an IAM program :
• Permanent staff allocation (technical + PM).• Develop + retain skills.• Deliver early and often:
– Features.– Integrations.– Policies.
Evolving business+ changing IT landscape= continuous investment.
8.2 IAM best practices
Scope Articulate objectives; manage scope creep.
Needs analysis Up front investment pays off.
Incremental Phased deployment, starting with simple deliverables.
Integrations Add several at a time to minimize disruption.
Methodology Consider formal PM tools, software development lifecycle.
Engage users Plan for user education, awareness and enrollment.
Pilot Always pilot the system before rolling out.
Measurement Identify metrics and track before and after data.
© 2019 Hitachi ID Systems, Inc. All rights reserved. 7
Slide Presentation
8.3 IAM project risks
Project Characteristics Risks
• Many stake-holders:
– Business units.– Infrastructure owners.
• Long timeline:
– Long list of functions.– Processes or integrations may be
complex.
• User impact:
– Training– Enrollment– Adoption
• Sponsors may lose interest, terminatefunding.
• Stake-holder disagreements createdelays.
• Changing requirements prevent detailed,up-front design.
• Complexity can overwhelm IT.
8.4 Mitigating risks
• Program, not project:
– This is not a new business function – just a better way to do it.– Changing processes and integrations plus complex deliverables mean that implementation will
never end.
• Deliver early and often:
– Increase visibility, credibility.– Deliverables should be backed by metrics.
• Executive sponsorship:
– Motivate stake-holders.– Resolve conflicts.– Engage all stake-holders early.
• Effective project management:
– Phased approach: design/implement/test/rollout - repeat.– Think software development lifecycle (SDLC).– Communicate success, next steps to all stake-holders.
9 Project charter
© 2019 Hitachi ID Systems, Inc. All rights reserved. 8
Slide Presentation
9.1 Rough outline
• Business drivers:
– Security– Cost– Service
• Priorities:
– Processes– Integrations– User communities
• Create an IAM program:
– Assign resources.– Budget.– Responsibilities
• Periodically update priorities
hitachi-id.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 E-Mail: [email protected]
Date: 2019-11-20 | 2019-11-20 File: PRCS:pres