Putting Identity Management
at the Center of Security
Darran Rolls, Chief Technology Officer
7The
Tenets of IAM
Magic Quadrant Leader, Gartner 2016
About SailPoint
40% International
Business
550+Customers and
Growing
95%Customer
Satisfaction &
Retention
World’s
LARGESTIndependent
Identity & Access
Management
Vendor
Challenges that drive IAM
Identity at the center of security
How to take a governance-based approach
Seven tenets of successful IAM infrastructure
Increasingly Complex Environment
DevicesMainframe InfrastructureDirectory AppsSaaS & CloudHR Systems
Contractors EMPLOYEESBusiness Partners IT STAFF Suppliers Customers
Data Assets
Complex Data
Access
• Complex effective access
• Unknown data classification
Rogue
Accounts
• Fake accounts used for attack
• Undetected access and activity
Over Entitled
Users
• Accumulated right & privileges
• Potentially toxic combinations
Privileged
Access
• Users with “keys to kingdom”
• Poor visibility & accountability
Ongoing Identity & Access Challenges
Infrastructure
as a Service
SaaS &
Cloud Apps
Platform
as a Service
Unstructured
Data
BYOD
Devices
On-Premises
Infrastructure
Corp
Applications
Authentication
Systems
People
Accounts
Relationships
Governance
User-Centric Approach to Security
Taking a Governance-based Approach
POLICY
& AUTOMATION
INVENTORY
& COMPLIANCE
Who
Did?
MONITORING
& AUDIT
Who
Should?
Who
Does?
CERTIFICATION
& ANALYTICSROLES, POLICIES &
PROVISIONING
ACTIVITY COLLECTION,
REVIEW & ALERTING
Tenets of Successful IAM
User Experience2
Identity Context3
Access Lifecycle4
Risk-based Controls5
Connectivity6
Comprehensive Approach1
Consistency7
IAM TENET 1: Comprehensive Approach
Access
Request
Password
Management
Compliance
Controls
Role Management
Single
Sign-on
Data
GovernanceIAM
Platform
Identity
Analytics
DataEntitlementAccountIdentity DataEntitlementAccountIdentity
Darran Rolls
Group=Accounting
\\Shares\HR(read)
\\Shares\Corp(read write)
Group=Users \\Shares\doc3(read)
RACF1232123
SYSDBA
Data Profile1
Data Profile2
SYSOPERData Profile3
IAM TENET 3: Identity Context
SIEM & DLP
Applications
& Infrastructure
Mobile Device
Management
IAM TENET 3: Identity Context
Integrated
Responsive
Ecosystem
Data
Governance
User Behavior
Analysis
Privileged
User Mgmt.
GRC
IT Service
ManagementIdentity Context
@ Center
Security Infrastructure Identity Governance & AdministrationOperations Infrastructure
Access
Request
Password
Management
Compliance
Controls
Role Management
Single
Sign-on
Data
Governance
Identity
Analytics
AUDIT:
Compliance
& Audit
IT :
Automation
& Controls
HR:
Joiners
Movers
Leavers
BIZ USER:
User
Self-service
GOVERNANCE
MODELS
RoleModels
“Data”Models
Risk Models
Control Models
AutomationModels
IAM TENET 4: Access Lifecycle
Scope
Imp
ac
t
IAM TENET 5: Risk-based Controls
Low Risk Profile Medium Risk Profile High Risk Profile
Identity
Risk ScoreCredit
Score
Identity & Access Management
Integration
Module
Integration
Module Connector FrameworkIntegration
Module
Mobile
Device Mgmt.
Platform
Service
Mgmt.
Platform
3rd Party
Provisioning
Platform
Identity & Access ManagementIdentity & Access Management
Access
Request
Password
Management
Compliance
ControlsRole
ManagementIdentity
AnalyticsData Access
Governance
IAM TENET 6: Connectivity
Provisioning Broker
Cloud / SaaS / Mobile
Enterprise / On-prem
Convenience Automation Controls
Structured
& Unstructured
Data & Access
Self-service Automation Controls Governance
IAM TENET 7: Consistency
Tenets of Successful IAM
User Experience2
Identity Context3
Access Lifecycle4
Risk-based Controls5
Connectivity6
Comprehensive Approach1
Consistency7