Date post: | 16-May-2015 |
Category: |
Education |
Upload: | vdhendrikse |
View: | 574 times |
Download: | 0 times |
Identity & Access GovernanceMitigate Risk, Ensure Compliance, Empower User Access
2 © 2011 NetIQ Corporation. All rights reserved.
Agenda
• Identity and Access Governance‒ Industry trends
• Identity Manager‒ Markt, ontwikkelingen en opportunities
• Access Governance ‒ Architecture
‒ Product Overview
‒ Technical Details
3 © 2011 NetIQ Corporation. All rights reserved.
Identity Management Automatiseren
LoB Manager
CIO, CSO, Compliance Mgr, Auditor
Systemen waar veel gebruikers in bestaan
AutomationDirect Management• Identity Management• User Provisioning• Access Management• Single Sign On
VoorbeeldIdentity Lifecycle Management•Koppelen bron-systemen o.a. SAP HR•Opzetten Identiteiten register – central view•Provisioning naar basis systemen
4 © 2011 NetIQ Corporation. All rights reserved.
Access Governance Toezichthouders
LoB Manager
CSO, Compliance Mgr, Auditor
Meest risicovolle applicaties en systemen
Beheren en valideren van autorisatiesPeriodieke controle• Inlezen en analyse van toegang (risico)• Rapportages• Valideren van autorisaties (certificering) • Verbeter akties inititeren
5 © 2011 NetIQ Corporation. All rights reserved.
Future State
User Provisioning and Access Governance markets are converging
User Provisioning (IDM 4)
Access Governance (AGS)
Next Generation Identity and Access Governance “Business Interface – Trusted
Fulfillment”
Demanding business-centric user interfaces
Demanding better
Provisioning
6 © 2011 NetIQ Corporation. All rights reserved.
LoB Manager
CSO, Compliance Mgr, Auditor
Applications, Databases, Infrastructure
MonitoringReal-time Activity Detection• Security Event Management • Log Management• Access Monitoring
Real-time inzicht in gebruik Monitoring
7 © 2011 NetIQ Corporation. All rights reserved.
Maturity Roadmap
Identity Manager
9 © 2011 NetIQ Corporation. All rights reserved.
Identity Manager
Bron systemen
Centraal ID register
IdM Integration Modules
Identity Manager
Identiteiten, regels, rollen, beleid etc.
Id services: zelfservice, workflow etc
Gedelegeerd beheergegevens distributie
Basis rapportage en monitoring
IdM Integration Modules
Gebruikers GUIzelf service, zelf registratie etc.User Application
Rapportages
SAP HR Handmatig directe invoerof systeem
HR administratie Overige administratie
Informatie systemen
ExchangeMail
Windowsnetwerk
Active Directory
Eigenapplicaties
Fysiekebeveiliging
OverigeMicrosoftSQL
FIle systemHome
Directories
10 © 2011 NetIQ Corporation. All rights reserved.
Klanten
Province Noord-Brabant
Red Spider
ROC
11 © 2011 NetIQ Corporation. All rights reserved.
Product Support Lifecycle
12 © 2011 NetIQ Corporation. All rights reserved.
IdM 4Standard
IdM 4A.E.
13 © 2011 NetIQ Corporation. All rights reserved.
IdM 4Standard
IdM 4Adv
14 © 2011 NetIQ Corporation. All rights reserved.
Nieuwste versie IdM
• Identity Manager 4.02 – juli / aug‒ Minor upgrade / refresh components
‒ Ondersteuning voor RedHat Enterprise Server
‒ Updates on reports, performance, drivers, AD passwords policy, digital signatures.... etc
15 © 2011 NetIQ Corporation. All rights reserved.
Upsell
• IdM 4 Advanced Edition‒ roles based provisioning
‒ Reporting etc
• Access Manager 3.2 (mei)
• Sentinel LogManager
• Identity tracking for Idm ( * NIEUW *)
• Access Governance
BYODsharepoint
Toegang klanten
Toegang partners
eolCloud
BYODsharepoint
Toegang klanten
Toegang partners
eolCloud Toezichthouders
risico inzicht
16 © 2011 NetIQ Corporation. All rights reserved.
Identity tracking for Identity Manager
16
NetIQ Access Governance Suite 6Mitigate Risk, Ensure Compliance, Empower User Access
18 © 2011 NetIQ Corporation. All rights reserved.
Agenda
• Identity and Access Governance‒ The what and why
‒ Key Functions
‒ Convergence
• Access Governance Suite 6‒ Architecture
‒ Product Overview
‒ Technical Details
19 © 2011 NetIQ Corporation. All rights reserved.
Why Does the Business Care?
InsiderThreats
User Demands
Identity Theft
Regulations
Confidentiality
Governance
Risk Management
Business Continuity
Compliance
Audits
Data protection
Agility
Protect I.P.
20 © 2011 NetIQ Corporation. All rights reserved.
What does the Business want?
AutomatedProvisioning
BusinessEnablement
FlexibleFulfillment
Help Desk Manual
Lifecycle
Event Mgmt
• Business intelligence and user experience
• Business process management
• Business policy enforcement and risk management
Access
Request
Access
Certification
Role
Management
Policy
Definition
BPM/
Workflow
Risk
Modeling
Audit &
Reporting
Access GovernanceKey functions
22 © 2011 NetIQ Corporation. All rights reserved.
Effective Governance of AccessKey Functions
Discovery and collection of user access data
• Enterprise-wide collection and organization of millions of IT entitlements and role memberships
• Translation of IT terminology into business-relevant terms
● For example: RACF 54-RS93 is translated toPay Invoice
Discover Certify Model
23 © 2011 NetIQ Corporation. All rights reserved.
Effective Governance of AccessKey Functions
Discovery and collection of user access data
Application of policy analytics for decision
support
Regular review and certification of user access
• Business reviewers review and certify access of users they are responsible for
• Automated notifications
• Business-relevant presentation
• Enforce fulfillment policy
• All actions are logged for audit purposes
Discover Certify Model
24 © 2011 NetIQ Corporation. All rights reserved.
Effective Governance of AccessKey Functions
Discovery and collection of user access data
Application of policy analytics for decision
support
Regular review and certification of user access
Orchestration of automated controls for remediation
• Approved change requests are automatically fed to IT systems to make the changes, including
● User Provisioning
● Helpdesk/ Service Request Mgmt
• All change actions are logged for audit purposes
Discover Certify Model
25 © 2011 NetIQ Corporation. All rights reserved.
Effective Governance of AccessRequires a Dynamic, Ongoing Process
Regular Review and Certification of User AccessAnalytics for
Decision Support
Orchestration of Controls to Remediate Inappropriate AccessRole Design and
Maintenance
Change Management for
User AccessDiscovery and
Collection of User Access Information
Identity and Access Governance (IAG) Convergence
27 © 2011 NetIQ Corporation. All rights reserved.
Current State
IT and Business focused solutions led to two market segments within Identity Management
User Provisioning
Access Governance
Driven by IT
Driven by the Business
28 © 2011 NetIQ Corporation. All rights reserved.
Future State
User Provisioning and Access Governance markets are converging
User Provisioning (IDM 4)
Access Governance (AGS)
Next Generation Identity and Access Governance “Business Interface – Trusted
Fulfillment”
Demanding business-centric user interfaces
Demanding better
Provisioning
29 © 2011 NetIQ Corporation. All rights reserved.
Questions
+1 713.548.1700 (Worldwide)888.323.6768 (Toll-free)[email protected]
Worldwide Headquarters1233 West Loop South Suite 810 Houston, TX 77027 USA
http://community.netiq.com
30 © 2011 NetIQ Corporation. All rights reserved.
31 © 2011 NetIQ Corporation. All rights reserved.
Wie en Waar
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
Copyright © 2011 NetIQ Corporation. All rights reserved.
ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States.