IBM Global Services
© Copyright IBM Corporation 2004
Security in a Global WorldIdentity Management Trends
ITSM and Security ConferenceHong Kong, July 19th, 2006
Michel BobillierGlobal Offering ExecutiveIBM Security and Privacy Services
Security in a Global World - Identity management trends | 10-Aug-062
IBM Global Services
© Copyright IBM Corporation 2006
Agenda
1. Illustrate the Business Challenge created by security
2. Highlight the transformation underway
3. Review trends in identity management
Security in a Global World - Identity management trends | 10-Aug-063
IBM Global Services
© Copyright IBM Corporation 2006
Some important current market dynamics impacting security
Increasingly serious and more rapid cyber threats
New technologies drive new/different risks
Integration of physical and logical security
Increasing interest for outside help (skill availability, focus on the core business)
Increasing interest in integrated solutions versus point technologies
Regulatory compliance includes a dependency on security (data management)
Security and privacy are now boardroom issues
Security in a Global World - Identity management trends | 10-Aug-064
IBM Global Services
© Copyright IBM Corporation 2006
Security breaches published regularly demonstrate the spread of the menace
Phishing attacks against over two dozen European banks were detected by security firm Websense last weekendThe Register, Sept. 20, 2005
Dutch suspects arrested earlier this month controlled some 1.5 million computers as part of a worldwide bot net, not 100,000 as first thought.Associated Press, Oct. 20th, 2005
Fraudsters use iPodsto steal company informationThe Guardian, June 14, 2005
About 1 in 4 Internet users are hit with e-mail scams every month that try to lure sensitive personal information fromunsuspecting consumersCNN.com, Dec. 7th, 2005MasterCard says 40 million
files are put at risk. New Your Times, May 18, 2005
The number of bank accounts accessed illegally by a New Jersey cybercrime ring has grown to 676,000, according to police investigators.ComputerWorld, May 20, 2005
Estimated number of infected PCs = 47 million or 7% worldwidesecurityfocus.com, April 25, 2006
Security in a Global World - Identity management trends | 10-Aug-065
IBM Global Services
© Copyright IBM Corporation 2006
Security threats are growing in numbers and sophisticationIncidents reported
0
20'000
40'000
60'000
80'000
100'000
120'000
140'000
1994 1995 1996 1997 1998 1999 2000 2001 2002 2003
(Source:www.cert.org/stats/cert_stats.html)
• The incidents reported are growing exponentially years after years
• The focus, creativity and sophistication of these attacks has reached unprecedented levels
• The weaker point of the chain is often the target. Today: the end user and wireless networks
• Active reported Phishing sites are sharply on the rise
Financial Impact of Major Malware Attacks 1999-2004 ($B)
0123456789
10
1999
Exp
lorer
Meliss
a
2000
Lov
e Bug
1001
SirC
amCod
e Red
Nimda
2002
Klet
zBug
Bear
Badtra
nds
2003
Slam
merNac
hiSoB
ig20
04 K
orgo
Sober
Bagle
NetSck
ySas
ser
MyDoo
m
Financial Impact of Major Virus Attacks 1995-2004 ($B)
0
2
4
6
8
10
12
14
16
18
20
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
(Source: Computer Economics, May 2005
Security in a Global World - Identity management trends | 10-Aug-066
IBM Global Services
© Copyright IBM Corporation 2006
Phishing is up according to IBM Security Index and other sources
Phishing, Pharming, Spyware, Malware, Ransomware, Phrauding, Botnets, Zombies…
• Based on 237 million security attacks during one semester last year • Resurgence of targeted phishing attacks for money laundering and identity fraud purposes• More and more astute in the creation and delivery of such attacks• Hackers have turned toward more criminal and lucrative areas • Email stays a major infection vehicle• During one quarter, 35 million attacks specifically designed to steal critical data for financial gains
(Source: Network World, May 22, 2006) (Source: MessageLabs Intelligence, May 2006)
Security in a Global World - Identity management trends | 10-Aug-067
IBM Global Services
© Copyright IBM Corporation 2006
Real losses are encountered. Amount by category according to 2006 FBI/CSI survey
Dollar Amount of Losses by Type (M$)
0 2 4 6 8 10 12 14 16 18
Web site defacement
Sabotage
Misuse of public web apps
Instand messaging misuse
Phishing (you represented as sender)
System penetration from ousider
Bots (zombie) withing org
Telecome fraud
Insider Net abuse
Financial Fraud
Denial of service
Theft of Proprietary Info
Laptop or mobile HW theft
Unauthorized access
Virus contamination
Source: Computer Security Institute, CSI/FBI Spring 2006 Computer Crime and Security Survey, N = 313
Likely Sources of Attack:11% 10%
32%16%
31%
Foreign GvtForeign CorpIndep HackersCompetitorsEmployees
(Source:2003 CSI/FBI survey, n=488)
Security in a Global World - Identity management trends | 10-Aug-068
IBM Global Services
© Copyright IBM Corporation 2006
Why is this happening today? 1) Adoption of new business models provide key benefits as well as new security challenges
Businessprocesses
consumer organization IT consumer organization
Increasing need for:FlexibilityResponsivenessAvailabilitySecurity
• IT is key interface with outside
•Faster pace, less predictable
•Realtime linkage (IT/business)
• IT was insulated within business
•Slower, more predictable
•After the fact linkage (IT/business)
ITIT
Businessprocesses
IT
Security in a Global World - Identity management trends | 10-Aug-069
IBM Global Services
© Copyright IBM Corporation 2006
Why is this happening today? 2) Increased collaboration brings greater business rewards… and greater business risks
Collaboration
Trus
t
Isolated Operations
Select ‘Trusted Partners’
Value Chain Visibility
Industry-Centric Value Web
Cross-Industry Value Coalition
Core Business
Subsidiary/JV
Customer
Partner/Channel
Supplier/Outsourcer
Legend
11
22
33
44
55
Security in a Global World - Identity management trends | 10-Aug-0610
IBM Global Services
© Copyright IBM Corporation 2006
Why is this happening today? 3) Technology developments fuel provide a moving technical environment
Doubles every 12 month
Doubles ever 12 month (fiber), but access to home much less
CPUStorage
BandwidthDisplay
New Technologies
wired
wirelessOLED
NanoQuantum
fiber Broadband
Gadgets
Super-computing
Memory
Doubles ever 12 month
Doubles ever 18 month
More gadgets than PCs
250 Pixels per inch
Better, Faster, Cheaper !
Security in a Global World - Identity management trends | 10-Aug-0611
IBM Global Services
© Copyright IBM Corporation 2006
How will the security challenges evolve?
Identity management and theft
Integration of physical and logical security
Wireless and Nanotechnology leverage
Compliance
Intrusion detection is morphing into intrusion prevention
Focus on the “internal threat” and/or data movement inside the perimeter
Skills shortages
Organized crime and industrial espionage
Security in a Global World - Identity management trends | 10-Aug-0612
IBM Global Services
© Copyright IBM Corporation 2006
There is a need to approach security in a holistic manner. Our Security Capabilities and Offerings are organized by client themes
IBM Information Security Framework
GovernanceGovernance
PrivacyPrivacy
Threat mitigationThreat mitigation Transaction and data integrity
Transaction and data integrity
Identity andaccess management
Identity andaccess management Application securityApplication security
Physical securityPhysical security Personnel securityPersonnel security
Security in a Global World - Identity management trends | 10-Aug-0613
IBM Global Services
© Copyright IBM Corporation 2006
IBM uses the ISF to facilitate security strategy planning, and to organized its broad security portfolio on both the traditional core security issues …
Identity managementProcesses for recognizing and monitoring users,
and granting or restricting their access to business assets or resources
Application securityThis includes addressing the Systems
Development Life Cycle and helping organizations build secure applications and testing them around the world
Network, Host, End Node securityProcesses for managing access and threats to
networking capabilities, including wireless networks & Host, end user systems
Organizations are typically focusing in four key areas to enhance enterprise security:
Data securityProcesses for data / back-up encryption, content
security, as well as protecting the security of information about the business and its customers, employees and partners
Security in a Global World - Identity management trends | 10-Aug-0614
IBM Global Services
© Copyright IBM Corporation 2006
…. and the linkage to the broader security issues that many organizations are struggling to address across the enterprise
Personnel SecurityProcesses for ensuring workforce and employee
security including awareness programs and security guards and coverage
Physical SecurityThis includes the consulting and design of the
solution such as digital video surveillance, as well as integration of the pieces that includes storage, networks, cameras & surveillance
PrivacyProcesses for implementing privacy policies and
enforcing them across the enterprise, including identifying data and its classification
Effective Security programs also integrate these additional security areas:
GovernanceApproach for developing management processes
for the overall Security, Risk, & Privacy posture of the organization. Includes Security Advisory, Health Check, and Compliance services
Security in a Global World - Identity management trends | 10-Aug-0615
IBM Global Services
© Copyright IBM Corporation 2006
The IBM Information Security Framework (ISF) provides an approach to addressing security that is holistic, complete and differentiating
IBM addresses the entirety of an organization’s security challenges:Across the capabilities needed for each security requirement:
IBM Information Security Framework
GovernanceGovernance
PrivacyPrivacy
Threat mitigationThreat mitigation Transaction and data integrity
Transaction and data integrity
Identity andaccess management
Identity andaccess management Application securityApplication security
Physical securityPhysical security Personnel securityPersonnel security
And at the appropriate maturity level of each
security capability:Across all attributes of
security capability:
Security in a Global World - Identity management trends | 10-Aug-0616
IBM Global Services
© Copyright IBM Corporation 2006
Effective Identity Management programs address the lifecycle activities of Identity Proofing, Provisioning, & Access Control
Security Policies
Applications
Authentication Methods
Identity Credentials
Users
Identity Information
ProofProof
ProvisionProvision
AccessAccess
Security in a Global World - Identity management trends | 10-Aug-0617
IBM Global Services
© Copyright IBM Corporation 2006
And in turn are linked to an overall information security framework to provide enterprisewide best practices and implementation guidance.
IBM Information Security FrameworkGovernanceGovernance
PrivacyPrivacy
Threat mitigationThreat mitigation Transaction and data integrity
Transaction and data integrity
Identity andaccess management
Identity andaccess management Application securityApplication security
Physical securityPhysical security Personnel securityPersonnel security
Identity andaccess management
Identity andaccess management
• Identity proofing• Background screening• Identity establishment
• Lifecycle management• User provisioning• Other entity provisioning• Identity credentials
• Access management• Authentication services• Access control services• Single sign-on
• Identity proofing• Background screening• Identity establishment
• Lifecycle management• User provisioning• Other entity provisioning• Identity credentials
• Access management• Authentication services• Access control services• Single sign-on
IBM Information Security Framework
How do I successfully implement my identity management program?
Security in a Global World - Identity management trends | 10-Aug-0618
IBM Global Services
© Copyright IBM Corporation 2006
The ideal IDM Process implements provisioning in a seamless fashion across the corporation
• Automated process based on user role authorization and predefined policies
• Established workflow and response/ escalation criteria when human intervention required
• Consistent policy administration and enforcement
New user
Online request for
access • For new
employees, may be fed by automated HR processes
Policy and role verified
• Pre-established access and authorization policy, based on user role
• Integrated user identity directory
Approval routing
• Policy and role-based approval
• Workflow engine routes to approvers and tracks response, per set criteria
User with accounts
Hours, not weeks!
Systemcreates accounts
• Single sign-on user ID and password generated automatically, based on established policies
Elapsed activation time: hours, not weeks
Scalability not constrained by administrative staffing
New initiatives define access policies, leverage established process
Security in a Global World - Identity management trends | 10-Aug-0619
IBM Global Services
© Copyright IBM Corporation 2006
The challenge of implementing an IDM program is developing the technical and procedural links to the many systems that require identity & access integration
401K
DesktopID
VPN ID
HR ID
Health Provider ID
NotesID
CorporateTravel ID
SupplyChain ID
IRAAccount
SAP IDSiebel ID
MS AdminNetwork ID
OnlineBank
Account
Financial ServicesAccount
Everyone has to manage everyone’susers!
Each user ID adds cost and complexity.
How to ensure compliance with legislation and regulations?
Each ID adds business risk to compliance with business, regulatory,
legal and security requirements.
Security in a Global World - Identity management trends | 10-Aug-0620
IBM Global Services
© Copyright IBM Corporation 2006
IDM Lifecycle Solution Context
PLAN & DESIGNPLAN & DESIGNPLAN & DESIGN IMPLEMENTIMPLEMENTIMPLEMENT RUN & MANAGERUN & MANAGERUN & MANAGE
IDM Strategy
IDM Solution Architecture &Design
Role-Based Access Control Strategy
IDM Pilot, Phase I target implementation
IDM Phase II Broader SystemRollout & Deployment
IDM Managed Service
Business Strategy & Technical Implementation
IDM Phase III RBAC Implementation
IDM User & Operational ProcessesHR & User Account Administration Processes
Program Management across Identity and Access Management LifecycProgram Management across Identity and Access Management Lifecycle le
Security in a Global World - Identity management trends | 10-Aug-0621
IBM Global Services
© Copyright IBM Corporation 2006
New Approaches: IBM Smart Surveillance SystemA unique management, search, and retrieval of surveillance information
The ChallengeSecuring facilities needs defense against multiple threats
- Outsider threat – people breaching the perimeter.- Insider threat – employees tailgating or bringing in
packages.
The typical approach –silo systemsAdd video cameras with preprogrammed real-time alerting capability – “movement in restricted area”
Our approach – unified searchable indexAllow plug and play of video analytics and biometrics technologies through an extendable interface.Extract generic object movement meta-data from surveillance video and enable searching through standards based interfaces, SQL & Web services in an open architecture.
S3 Features.Real-Time Alerts: tripwire, abandoned objectEvent Searching: Find events by
- time – (start time, end time)- object type – (vehicle, person, group), object size,
object velocity- region – (events occurring in a specified window)- Duration
Event Statistics – when is the peak activity in this store
Meta-data for activity over a 24 hour period
Embedded Privacy can beinvoked
Security in a Global World - Identity management trends | 10-Aug-0622
IBM Global Services
© Copyright IBM Corporation 2006
New Approaches: Cancelable BiometricsEnhancing Privacy & Security in biometric applications
The ChallengeA single biometric (e.g., right index finger) used with several applications (bank ATM, building access, Internet commerce,...)
- If compromised at one place, other applications become vulnerable
• A credit card number can just be reassigned, not a biometric
Cross matching: biometrics collected for one application, can be also shared with agencies to retrieve past history (health care, law-enforcement, financial background)
- What if a biometric is compared?- Credit card account to old immigration
record
Our SolutionIntentional repeatable distortion alters signal but still in correct format generates a similar signal each time
Compromised scenario:
- a new distortion creates a new biometric
Comparison scenario:
- different distortions for different accounts
Original Biometric –Never Revealed
Distorted Biometric –Used in applications
Security in a Global World - Identity management trends | 10-Aug-0623
IBM Global Services
© Copyright IBM Corporation 2006
Thank YouThank You
[email protected]/services/security