+ All Categories
Home > Documents > The Tenets of IAM - CSO50...

The Tenets of IAM - CSO50...

Date post: 17-Jun-2018
Category:
Upload: letram
View: 217 times
Download: 0 times
Share this document with a friend
22
Putting Identity Management at the Center of Security Darran Rolls, Chief Technology Officer 7 The Tenets of IAM
Transcript

Putting Identity Management

at the Center of Security

Darran Rolls, Chief Technology Officer

7The

Tenets of IAM

Magic Quadrant Leader, Gartner 2016

About SailPoint

40% International

Business

550+Customers and

Growing

95%Customer

Satisfaction &

Retention

World’s

LARGESTIndependent

Identity & Access

Management

Vendor

Challenges that drive IAM

Identity at the center of security

How to take a governance-based approach

Seven tenets of successful IAM infrastructure

Increasingly Complex Environment

DevicesMainframe InfrastructureDirectory AppsSaaS & CloudHR Systems

Contractors EMPLOYEESBusiness Partners IT STAFF Suppliers Customers

Data Assets

Complex Data

Access

• Complex effective access

• Unknown data classification

Rogue

Accounts

• Fake accounts used for attack

• Undetected access and activity

Over Entitled

Users

• Accumulated right & privileges

• Potentially toxic combinations

Privileged

Access

• Users with “keys to kingdom”

• Poor visibility & accountability

Ongoing Identity & Access Challenges

RIGHT PEOPLE?

RIGHT ACCESS?

RIGHT DATA?

Appropriate use?

SECURITY PARADIGMS ARE

SHIFTING FROM NETWORK-CENTRIC

TO USER-CENTRIC

Infrastructure

as a Service

SaaS &

Cloud Apps

Platform

as a Service

Unstructured

Data

BYOD

Devices

On-Premises

Infrastructure

Corp

Applications

Authentication

Systems

People

Accounts

Relationships

Governance

User-Centric Approach to Security

Taking a Governance-based Approach

POLICY

& AUTOMATION

INVENTORY

& COMPLIANCE

Who

Did?

MONITORING

& AUDIT

Who

Should?

Who

Does?

CERTIFICATION

& ANALYTICSROLES, POLICIES &

PROVISIONING

ACTIVITY COLLECTION,

REVIEW & ALERTING

Tenets of Successful IAM

User Experience2

Identity Context3

Access Lifecycle4

Risk-based Controls5

Connectivity6

Comprehensive Approach1

Consistency7

IAM TENET 1: Comprehensive Approach

Access

Request

Password

Management

Compliance

Controls

Role Management

Single

Sign-on

Data

GovernanceIAM

Platform

Identity

Analytics

IAM TENET 2: User Experience

DataEntitlementAccountIdentity DataEntitlementAccountIdentity

Darran Rolls

[email protected]

Group=Accounting

\\Shares\HR(read)

\\Shares\Corp(read write)

Group=Users \\Shares\doc3(read)

RACF1232123

SYSDBA

Data Profile1

Data Profile2

SYSOPERData Profile3

IAM TENET 3: Identity Context

SIEM & DLP

Applications

& Infrastructure

Mobile Device

Management

IAM TENET 3: Identity Context

Integrated

Responsive

Ecosystem

Data

Governance

User Behavior

Analysis

Privileged

User Mgmt.

GRC

IT Service

ManagementIdentity Context

@ Center

Security Infrastructure Identity Governance & AdministrationOperations Infrastructure

Access

Request

Password

Management

Compliance

Controls

Role Management

Single

Sign-on

Data

Governance

Identity

Analytics

AUDIT:

Compliance

& Audit

IT :

Automation

& Controls

HR:

Joiners

Movers

Leavers

BIZ USER:

User

Self-service

GOVERNANCE

MODELS

RoleModels

“Data”Models

Risk Models

Control Models

AutomationModels

IAM TENET 4: Access Lifecycle

Scope

Imp

ac

t

IAM TENET 5: Risk-based Controls

Low Risk Profile Medium Risk Profile High Risk Profile

Identity

Risk ScoreCredit

Score

Identity & Access Management

Integration

Module

Integration

Module Connector FrameworkIntegration

Module

Mobile

Device Mgmt.

Platform

Service

Mgmt.

Platform

3rd Party

Provisioning

Platform

Identity & Access ManagementIdentity & Access Management

Access

Request

Password

Management

Compliance

ControlsRole

ManagementIdentity

AnalyticsData Access

Governance

IAM TENET 6: Connectivity

Provisioning Broker

Cloud / SaaS / Mobile

Enterprise / On-prem

Convenience Automation Controls

Structured

& Unstructured

Data & Access

Self-service Automation Controls Governance

IAM TENET 7: Consistency

Tenets of Successful IAM

User Experience2

Identity Context3

Access Lifecycle4

Risk-based Controls5

Connectivity6

Comprehensive Approach1

Consistency7


Recommended