of 34
8/8/2019 Identity Management Trends Best Practices NYC
1/34
Jonathan PennVP & Research Director, Security & Risk ManagementForrester Research
June 4, 2008
Identity & Access Management:Trends & Best Practices
8/8/2019 Identity Management Trends Best Practices NYC
2/34
2 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Agenda
Identity and Access Management (IAM) today
What people are doing about IAM
Where IAM is going
Recommendations
8/8/2019 Identity Management Trends Best Practices NYC
3/34
3 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Agenda
Identity and Access Management (IAM) today
What people are doing about IAM
Where IAM is going
Recommendations
8/8/2019 Identity Management Trends Best Practices NYC
4/34
4 Entire contents 2008 Forrester Research, Inc. All rights reserved.
IAM is a big market, but still in its adolescence
Source: Forrester report, Identity Management Market Forecast: 2007 To 2014, February 2008
Total IAM market (license vs. service revenue): 2006 to 2014
8/8/2019 Identity Management Trends Best Practices NYC
5/34
5 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Business drivers for Identity Management
Identity& Access
Management
Business
Oversight
UserProductivity
CostReduction
BusinessRelationships
ServiceDelivery
BusinessAgility
Security
RegulatoryCompliance
8/8/2019 Identity Management Trends Best Practices NYC
6/34
6 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Identity & access management evolution
19951995
Business
Drivers
Technologies,Practices
& Processes
SecurityAttributesAuthN AuthZ Admin Audit AuthN AuthZ
20052005 2010201020002000
VendorStrategies
eBusiness
Directories
Web SSO
PurePlay
8/8/2019 Identity Management Trends Best Practices NYC
7/34
7 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Identity & access management evolution
19951995
Business
Drivers
Technologies,Practices
& Processes
SecurityAttributesAuthN AuthZ Admin Audit AuthN AuthZ
20052005 2010201020002000
VendorStrategies
eBusiness
Directories
Web SSO
PurePlay
Cost Cutting
Pwd Mgmt
RBAC
Portfolio& Partners
ProvisioningMetadirectory
8/8/2019 Identity Management Trends Best Practices NYC
8/34
8 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Identity & access management evolution
19951995
Business
Drivers
Technologies,Practices
& Processes
SecurityAttributesAuthN AuthZ Admin Audit AuthN AuthZ
20052005 2010201020002000
VendorStrategies
eBusiness
Directories
Web SSO
PurePlay
Cost Cutting
Pwd Mgmt
RBAC
Portfolio& Partners
ProvisioningMetadirectory
Compliance
Attestation
Strong AuthN
VerticalIntegration
HorizontalIntegration
RBAC
8/8/2019 Identity Management Trends Best Practices NYC
9/34
9 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Identity & access management evolution
19951995
Business
Drivers
Technologies,Practices
& Processes
SecurityAttributesAuthN AuthZ Admin Audit AuthN AuthZ
20052005 2010201020002000
VendorStrategies
eBusiness
Directories
Web SSO
PurePlay
Cost Cutting
Pwd Mgmt
RBAC
Portfolio& Partners
ProvisioningMetadirectory
Compliance
Attestation
Strong AuthN
VerticalIntegration
HorizontalIntegration
RBAC Entitlement Mgmt
E-SSO
Information
Protection
Federation
Contextual AuthZ
Identity & PolicyServices
Role Mgmt
Strong AuthN
HorizontalIntegration
8/8/2019 Identity Management Trends Best Practices NYC
10/34
10 Entire contents 2008 Forrester Research, Inc. All rights reserved.
The expanding IAM ecosystem
IdentityAudit
Access Management
Identity AdministrationWorkflow
Privileged User Mgmt
Provisioning
Identity Data Infrastructure
Meta Directories Virtual Directories
Enterprise Single Sign-On
Federation
DelegatedAdministration
Self-Service&Passw
ordMgmt
Role
Man
agem
ent
Entitle
men
t
Mgm
t
Web Single Sign-On
Strong Authentication
Directories
8/8/2019 Identity Management Trends Best Practices NYC
11/34
11 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Agenda
Identity and Access Management (IAM) today
What people are doing about IAM
Where IAM is going
Recommendations
8/8/2019 Identity Management Trends Best Practices NYC
12/34
12 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Case Study 1: Credit Union Service Provider
Problem:
Web initiatives were way off track
Unmet promises made to 160 business partners Too many logins for users
Excessive overhead for internal operations
Unable to deliver new services
Solution: Web Single Sign-On
Centralized authentication and authorization Single sign-on access to multiple systems
Delegated administration and self-service for managers andend users at partner companies
8/8/2019 Identity Management Trends Best Practices NYC
13/34
13 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Case Study 1: Credit Union Service Provider
Benefits from Identity Management
Accelerated delivery of services
Centralized security framework saving $2,000-$5,000 perapplication in development costs
Single sign-on reduced Support Center calls by over 20%
Reduced by 50% their administrative burden for usermanagement
Accelerated access to newly-enrolled services from two weeks totwo days
Platform for growth: adding more transaction systems
Customer satisfaction rose from 81% to 92%
Project paid for itself within one year
8/8/2019 Identity Management Trends Best Practices NYC
14/34
14 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Case Study 2: Large government agency
Problem
Quality and expiration policies made passwords hard to remember
Help desk overwhelmed with password calls: 30,000 a month, each acost charged by Help Desk outsourcer
Lockouts and delays lowered user productivity
Employees would write their passwords on pieces of paper
Solution: Enterprise Single Sign-On
Users just get network login challenge; all other logins are automated
Rolled out to over 150,000 employees
Supporting Web, Windows, Java, mainframe, Citrix applications over7,000 in all
Less than 1 FTE dedicated to the project after initial deployment phase
8/8/2019 Identity Management Trends Best Practices NYC
15/34
15 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Case Study 2: Large government agency
Benefits from Identity Management
Help desk calls dropped from 30,000 to 300 a month
Millions of dollars saved each year
Employees were more productive
Stronger passwords everywhere made for bettersecurity
Technology paid for itself within six months
8/8/2019 Identity Management Trends Best Practices NYC
16/34
16 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Case Study 3: Top Ten US Bank
Problem:
Compliance-driven security requirements
Federal Reserve, Basel II, SOX, SAS-70, GLBA
No one could answer who has access to what
Security training needed to be tied to new hire process
Must immediately enforce termination policies
IT responsiveness to M&A activity was disruptive to business
Solution: User Account Provisioning
Enforce access control policies to ensure constant compliance
Quickly integrate employees brought in through M&A
8/8/2019 Identity Management Trends Best Practices NYC
17/34
17 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Case Study 3: Top Ten US Bank
Benefits from Identity Management
Automated provisioning ensured integration of new employees
through merger: productive on Day-One SLAs for granting new access right is now < 2 days vs. 2 weeks
Integrates security & privacy training into on-boarding process
Security administration overhead reduced by 70%
Saving $2m in operating costs per year
Defined roles for 80% of company (150 roles for more than30,000 employees)
Reduced risk posture freed up additional $3 billion for lending
Achieved positive ROI in 6 months
8/8/2019 Identity Management Trends Best Practices NYC
18/34
18 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Agenda
Identity and Access Management (IAM) today
What people are doing about IAM
Where IAM is going
Recommendations
8/8/2019 Identity Management Trends Best Practices NYC
19/34
19 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Dominance of provisioning will grow
Source: Forrester report, Identity Management Market Forecast: 2007 To 2014, February 2008
8/8/2019 Identity Management Trends Best Practices NYC
20/34
20 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Externalization of business drives IAM evolution
Externalized business User &data mobility
Changing ITinfrastructures
BusinessChannels
Supply ChainsSupply Chains
Business HubsBusiness HubsOffOff--shoringshoring
OutsourcingOutsourcingCollaborationCollaboration
& Innovation& Innovation
SocialSocial
NetworksNetworks
8/8/2019 Identity Management Trends Best Practices NYC
21/34
21 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Externalization of business drives IAM evolution
Externalized business User &data mobility
Changing ITinfrastructures
CommunicationNetworks
VPNsVPNsMobile NetworksMobile Networks Collaboration ToolsCollaboration Tools
ExtranetsExtranetsIntranetsIntranetsInternetInternet
FederationFederationCorporate WANCorporate WAN
Web ServicesWeb Services Web 2.0Web 2.0
BusinessChannels
Supply ChainsSupply Chains
Business HubsBusiness HubsOffOff--shoringshoring
OutsourcingOutsourcingCollaborationCollaboration
& Innovation& Innovation
SocialSocial
NetworksNetworks
8/8/2019 Identity Management Trends Best Practices NYC
22/34
22 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Externalization of business drives IAM evolution
Externalized business User &data mobility
CommunicationNetworks
VPNsVPNsMobile NetworksMobile Networks Collaboration ToolsCollaboration Tools
ExtranetsExtranetsIntranetsIntranetsInternetInternet
FederationFederationCorporate WANCorporate WAN
Web ServicesWeb Services Web 2.0Web 2.0
Changing ITinfrastructures
Access PolicyConsiderations
IP protectionIP protection
Trust & BrandTrust & Brand SOXSOX PCIPCI OMB MOMB M--0606--1616
FFIECFFIEC Rogue usersRogue users SOXSOX PrivacyPrivacy
HIPAAHIPAA LiabilityLiability IT RiskIT Risk
Single SignSingle Sign--OnOn
BusinessChannels
Supply ChainsSupply Chains
Business HubsBusiness HubsOffOff--shoringshoring
OutsourcingOutsourcingCollaborationCollaboration
& Innovation& Innovation
SocialSocial
NetworksNetworks
8/8/2019 Identity Management Trends Best Practices NYC
23/34
23 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Emerging trends to watch
Role lifecycle management, identity audit andautomated compliance
Identity management as a service (IDaaS)
IAM outsourcing
Contextual authorization
Information centric identity
E-SSO and strong authentication
8/8/2019 Identity Management Trends Best Practices NYC
24/34
24 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Agenda
Identity and Access Management (IAM) today
What people are doing about IAM
Where IAM is going
Recommendations
8/8/2019 Identity Management Trends Best Practices NYC
25/34
25 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Recommendations
1. Develop a strategy
Have an identity management strategy road map: currentstate, two-year plan, gaps, key priorities, ROI
Enlist CIO/CISO sponsorship
Work with business: IAM is not just an IT project
Identify stakeholders
Help desk, enterprise architecture, application development,HR, Compliance & audit, lines of business
Establish governance structure for standards andprioritization of initiatives
8/8/2019 Identity Management Trends Best Practices NYC
26/34
26 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Recommendations
2. Go slow
Start with yourbusiness processes
Break your IM strategyinto 3-6 month projects
Minimize customizationin the first phases
Implementincrementally, slowlyexpanding scope
Show immediate wins
Source: Forrester report, User Account Provisioning For The Midmarket, August 2007
8/8/2019 Identity Management Trends Best Practices NYC
27/34
27 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Recommendations
3. Seek visible and quantifiable payback
IT and IT Security process metrics
Time/cost to manage identityand account lifecycle events
Reduction in identity & accessrelated support calls
Time to develop / integratenew applications
8/8/2019 Identity Management Trends Best Practices NYC
28/34
28 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Recommendations
3. Seek visible and quantifiable payback
IT and IT Security process metrics
Time/cost to manage identityand account lifecycle events
Reduction in identity & accessrelated support calls
Time to develop / integratenew applications
User satisfaction metrics
Number of passwords andlogons
Time users spend logging inevery day
Time spent on session switching
8/8/2019 Identity Management Trends Best Practices NYC
29/34
29 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Recommendations
3. Seek visible and quantifiable payback
IT and IT Security process metrics
Time/cost to manage identityand account lifecycle events
Reduction in identity & accessrelated support calls
Time to develop / integratenew applications
User satisfaction metrics
Number of passwords andlogons
Time users spend logging inevery day
Time spent on session switching
Audit and compliance metrics
Number of violations detectedand remediated
Reduction in unexpected violations Costs of information gathering
for audits
8/8/2019 Identity Management Trends Best Practices NYC
30/34
30 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Recommendations
3. Seek visible and quantifiable payback
IT and IT Security process metrics
Time/cost to manage identityand account lifecycle events
Reduction in identity & accessrelated support calls
Time to develop / integratenew applications
User satisfaction metrics
Number of passwords andlogons
Time users spend logging inevery day
Time spent on session switching
Audit and compliance metrics
Number of violations detectedand remediated
Reduction in unexpected violations Costs of information gathering
for audits
Business process & agility metrics
Process flow SLAs Costs / time to on-board a partner
SLAs for processes supportingM&A, re-organizations
8/8/2019 Identity Management Trends Best Practices NYC
31/34
31 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Recommendations
4. Choose a vendor for the long haul
Flexibility for customization and integration
Ease of deployment
Suite: breadth of identity management portfolio
Integration of components
Vision for identity management / product roadmaps Market share
Technology partnerships
Integrator and consultant partnerships
8/8/2019 Identity Management Trends Best Practices NYC
32/34
32 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Recommendations
5. Avoid the pitfalls
Our data is pretty clean.
Data cleansing is always a bigger issue than expected
Lets figure out all our roles first. Roles are important, but dont put role definition on the critical
path of your project
We need this function now.
Opt for stability and scalability over the latest bells and whistles
Vendors catch up on features in pace with market demand
Well do this ourselves.
Dont go it alone; select an experienced consultant
8/8/2019 Identity Management Trends Best Practices NYC
33/34
33 Entire contents 2008 Forrester Research, Inc. All rights reserved.
Recommendations
6. Plan for the coming IAM technology changes
Past patterns show where IAM is headed
Changing business drivers
From cost effectiveness to compliance to information protection
Shifting interests in technology; new solutions emerging
Role management, strong authN & E-SSO, identity audit, federation,context-based authorization, entitlement management
Greater relevance of Identity to the IT infrastructure
Identity management tying to network security, data security, physical
security, IT GRC
Emerging architectures: an opportunity to build this right
Identity management as a Service (IDaaS)
8/8/2019 Identity Management Trends Best Practices NYC
34/34
34 Entire contents 2008 Forrester Research Inc All rights reserved
Jonathan [email protected]
For this presentation and related material, visit:www.forrester.com/sunspeechseries
Thank you