How to solve modern integrations challenges

© 2013 IBM Corporation1

IBM Security Systems

Simplifying Identity Silos and Cloud Integrations

December 2013

Rajeev SaxenaProduct Manager

David Druker Executive Security Architect


© 2013 IBM Corporation


2

Defining the security perimeter is increasingly difficult…

People

Data

Applications

Infrastructure

Employees Attackers Outsourcers Customers

SystemsApplications

Web Applications

Web2.0

MobileApplications

Structured Unstructured At Rest In Motion

Consultants Partners Suppliers

EXAMPLE 1

Employees

Unstructured

Web2.0

EXAMPLE 2

SystemsApplications

Outsourcers

Structured

EXAMPLE 3

In Motion

Mobile Applications

Customers

Defense approach is shifting from ‘Secure the perimeter’ to ‘Think like an attacker’



3

Intelligentidentity and access

assurance

Safeguard mobile,cloud and social

interactions

Simplify identitysilos and cloud

integrations

Prevent insider threat and

identity fraud

• Validate “who is who” when users connect from outside the enterprise

• Enforce proactive access policies on cloud, social and mobile collaboration channels

• Manage shared accessinside the enterprise

• Defend applications and access against targeted web attacks and vulnerabilities

• Provide visibility into all available identities within the enterprise

• Unify “Universe of Identities” for security management

• Enable identity management for the line of business

• Enhance user activity monitoring and security intelligence across security domains

Threat-Aware Identity and Access ManagementCapabilities to help organizations secure enterprise identity as a new perimeter



4

“Untangle” identity silos to support business growth and increase efficiency

Reduce costs of integrating and maintaining multiple identity stores

Enable identity expansion into Cloud and Social environments

Simplify identity silos and cloud integrationsKey requirements

Capture user insight for audit, compliance and reporting



5

Simplify identity silosand cloud integrations

NEW

Universal directory to transform identity silos and to support “virtual directory”-like deployments

Scalable directory backbone leveraging existing infrastructure for enterprise-wide Identity and Access Management

Simplified sourcing of identities and attributes for enterprise applications, Cloud/SaaS integrations

Intelligent White Pages search with social networking feature to enable intuitive identity store browsing

In-depth user insight with out of the box reports and IBM SIEM QRadar integration

White Pages Search

Federated Directory Services*

User Management

in CloudFederate

Cache

Virtualize

IBM SecurityDirectory Server and Integrator

IBM Introducing New Directory Services



6

IBM Solutions for Key ScenariosSimplify identity silosand cloud integrations

• Federated Directory Service to bridge identity silos

• White Pages Application ready for social business

• Using SCIM for User On/Off-boarding with Cloud Environments

• Ease of use with new installer and other Directory enhancements

IAM Analytics & Security Intelligence

Federated Service

Access

Search

Directories, Databases, Files, SAP, Web Services, Applications

Federation Management



7

“Untangle” identity silos to support business expansionSimplify identity silosand cloud integrations

Migrate or co-exist

Join multiple directories

Enrich withdata from

other sources

Federate authentication back to original source

Selective“writes” of

changes to theoriginal source

FDS is a hybrid architecture that provides distributed authentication and data integration



8

Federated Directory Service – Simple to deploy, configure & useSimplify identity silosand cloud integrations

Enriched OOTB integration assets for endpoint connectivity

Data sources could be anything like v3 compliant LDAP, Data Bases, Flat Files etc.

Brand new GUI for simplified User Experience

Speed and performance of the centralized view of data is not constrained by the slowest data source



9

White pages Application ready for social businessSimplify identity silosand cloud integrations

Based on IBM Profiles.

Profiles is configured to a FDS instance to pull information from multiple repositories

Federated Service



10

Using SCIM for User On/Off-boarding with Cloud EnvironmentsSimplify identity silosand cloud integrations

REST/JSON interface for user & group management(irrespective of repository). Implementation is based on SDI and provides both a service as well as a connector (to connect to other

SCIM systems)

SCIM Connector

SaaS

Repository

SCIM Enabled Targets

IBM Security Identity Manager


SCIM Servic

e

EnterpriseRepository

SaaS

REST / JSON

SDS


IBM Security Identity Manager White PagesWhite Pages OthersOthers

IBM Security Access Manager

IBM Security Access Manager



11

Demo: FDS enables ISAM to Authenticate Against Multiple DirectoriesSimplify identity silosand cloud integrations

Federated Service

IBM Security Access Manager Reverse Proxy

Application

Active Directory 1

Active Directory 2

User Sync

Application



12

Directory Services to help Distributed CollaborationGovernment entity to grow quickly to 800K application users

Improved solution designand integration allowedthe environment to growfrom 40,000 users to

Simplify identity silosand cloud integrations

800,000+users



13

Key Themes

Safeguard mobile, cloud and social interactions

Prevent insider threat and identity fraud

Simplify identity silos and directory integrations

Deliver Intelligent Identity and Access assurance

IBM Identity and Access Management Key Themes

© 2013 IBM Corporation14


www.ibm.com/security

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages

arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the

applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in

these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are

trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered,

destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper

access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

http://www.ibm.com/security

Date post:	14-Sep-2014
Category:	Technology
View:	482 times
Download:	1 times

How to solve modern integrations challenges

Technology