Deployment Challenges of Risk Management & IT Governance from an Identity Management Perspective Vijay [email protected] 13, 2008www.laurustech.com
Laurus Technologies Confidential
EfficiencyBusiness EnablementCompliance
Regulations SOX, GLBA,HIPAA, PCIRegulations SOX, GLBA,HIPAA, PCI
Segregation of DutiesSegregation of Duties
Approval & Audit trailApproval & Audit trail
Inappropriate accessInappropriate access
Security policy enforcementSecurity policy enforcement
Untimely terminationUntimely termination
Manage growing system portfolioManage growing system portfolio
Shrinking budgetDo more with lessShrinking budgetDo more with less
Slow on-boardingSlow on-boarding
External user experienceExternal user experience
Revenue generationRevenue generation
2
Improved Increased Enhanced
IDENTITY & ACCESS MANAGEMENT
Security
Four Benefits of IAMFour Benefits of IAM
Laurus Technologies Confidential
Identity And Access Management - ComponentsIdentity And Access Management - Components
Authoritative Source(s)
HR System(s)
Automated feed Provisioning / Deprovisioning
Reconcilation
Password Management
Centralized Auditing
Workflow Connectors
User Self-Service
Reporting / Compliance
Identity ManagerManaged Resources
Mainframe
Unix
Open Systems
Windows
ERP SystemRDBMS
Role evaluation / Role ~ Entitlements
Entitlement Management
Periodic Access Review
Unmanaged Resources
Custom Applications
Compliance and Role Manager
Role Mining and Role Engineering
Attestation
AuditingCertification
Protect User/Admin Access
Access and Federation Manager
Application Protection
Web Application
Custom Application
Policy Agents
AuthenticationAuthorization
Fed
erat
ion
Ser
vice
s
Enterprise Single Sign-On
Windows Client Apps
Provision users / groups
Directory Services
External Users
Internal Users
3
Laurus Technologies Confidential
Case StudyCase Study
4
Client: Large Business Service Provider
Background: World leader in the employment services industry, $21 billion in annual revenue, 33,000 employees worldwide, 5 million associates
Products Sold: Sun Identity Manager, Sun Access Manager, Sun Role Manager, Enterprise Single Sign-on
Services provided:
Laurus did an assessment engagement to capture strategic and tactical business goals to provide phased roadmap covering the entire solution set
Laurus is currently engaged in completing the first phase of the roadmap.
Business Drivers: Efficient attestation, Reduction in help desk calls,
Centralized on-boarding/off-boarding, Auditing/Reporting issues
Laurus Technologies Confidential
Seven Challenges in an IAMSeven Challenges in an IAM
Executive InvolvementCompromise on Strategic vision
Technical focus, not Business driven
Fragmented solutions sets
Political infighting
Business Justification
5
Laurus Technologies Confidential
Strategy & RoadmapStrategy & Roadmap
6
Cost benefit analysis
ROI Calculation
Laurus Technologies Confidential
Seven Challenges in an IAMSeven Challenges in an IAM
Executive Involvement
Enterprise Socialization
Socialize across enterprise silos
Business and IT – Bridging the gap
Program status meetings
Department, App prioritization
7
Laurus Technologies Confidential
Seven Challenges in an IAMSeven Challenges in an IAM
Executive Involvement
Enterprise Socialization
Enterprise Architecture
Architecture - Enterprise view
IAM touches enterprise wide
Directory services
User provisioning
Access Management
8
Laurus Technologies Confidential
Architecture DeliverableArchitecture Deliverable
Managed Resources/
Systems
Database ServerIdM Repository
Application 2
Application 3
Security Admin
Approver
Provision/De-Provision
Provision/De-Provision
User
Self Service
Application 5
Application 1
Feed / Active Sync
Database ServerRole Manager
Repository
Application 6Windows 2003
Su
n A
pplica
tion
Se
rver 8
.1
Su
n R
ole
M
ana
ge
r 4.0
Windows 2003S
un A
pplica
tion
Se
rver 8
.1
Su
n Id
en
tity M
ana
ge
r 8.1
Windows 2003 Su
n Id
en
tity Man
ag
er
Gate
way S
ervice
User / Entitlements Import (flat file feed)
Provision/De-Provision
With eSSO Agent
eSSO Authoritative Source
eSSO Server
Impriva
ta
Ap
plia
nce
eSSO policy / password sync
Active Directory
9
AuthoritativeSource
Profile Management
Legend:
Phase 1:
Phase 2/3:
Manual Process
Role Manager
Application Server
User Interface
Role Engineering
Identity Warehouse
Role Manager Repository
Reporting/Audit
Identity Certification
Role Management
Initial Feed Scripts
Identity Management Suite
Application Server
Workflow
User InterfacePassword
ManagementProvisioning
Reconciliation
IDM Repository
Imprivata OneSign Appliance (eSSO server)
App2
App5
App1
AD
App4
App3
App6
App7
App8
...
Conceptual and Logical Architecture
Laurus Technologies Confidential
Seven Challenges in an IAMSeven Challenges in an IAM
Executive Involvement
Enterprise Socialization
Enterprise Architecture
Project Management
Clearly defined process
Roles and responsibilities
Clear project structure
Provides internal discipline
10
Laurus Technologies Confidential
Customer Business Analyst
Customer Technical Resources
Laurus Consultant Laurus ConsultantCustomer Resources(Job Shadow)
Laurus QA
Laurus Lead Architect
Laurus Project Manager
Laurus Role Architect eSSO Architect Customer eSSO
resource
Team Structure
Project ManagementProject Management
11
Project Methodology
Laurus Technologies Confidential
Seven Challenges in an IAMSeven Challenges in an IAM
Executive Involvement
Enterprise Socialization
Enterprise Architecture
Project Management
Incremental Deployment
More complex than typical
Boil the ocean approach
Project fatigue
Discrete chucks of phases
Typical phases of 14 – 18 weeks
Quicker success stories
12
Laurus Technologies Confidential
Seven Challenges in an IAMSeven Challenges in an IAM
Executive Involvement
Enterprise Socialization
Enterprise Architecture
Project Management
Incremental Deployment
Resource Turnover
Key resource reassignment
No succession planning
Loss in momentum
Sometimes project stalls
14
Laurus Technologies Confidential
Seven Challenges in an IAMSeven Challenges in an IAM
Executive Involvement
Enterprise Socialization
Enterprise Architecture
Project Management
Incremental Deployment
Resource Turnover
Inexperienced Vendors
Experienced resources
Vendors with focus on IAM
Solution providers not pure product
implementers
15
Laurus Technologies Confidential
Seven Challenges in an IAMSeven Challenges in an IAM
Inexperienced Vendors
They chose us
16
Laurus Technologies Confidential
Systems IntegrationSystems Integration
Laurus Overview: Who are we?Laurus Overview: Who are we?
Security & ComplianceSecurity & Compliance
Bus. Apps.Bus. Apps.
Bus.Bus.StrategyStrategy
Client E
xecutives & Talent S
olutions
Client E
xecutives & Talent S
olutions
- Servers & Storage- Servers & Storage - Capacity Planning- Capacity Planning- Virtualization & Consolidation- Virtualization & Consolidation - Backup & Recovery- Backup & Recovery- Business Continuity / Disaster recovery- Business Continuity / Disaster recovery - Migrations- Migrations- Datacenter Assessments- Datacenter Assessments - High Availability- High Availability- Data Replication- Data Replication
- Audit Reporting- Audit Reporting - Identity Management- Identity Management- User Provisioning- User Provisioning - Data Protection- Data Protection- Single Sign-On- Single Sign-On - Role Based Access Control- Role Based Access Control
- SAP & Oracle ConsultingSAP & Oracle Consulting- Master Data ServicesMaster Data Services- ERP OptimizationERP Optimization
- Consultants - Consultants in Business in Business OptimizationOptimization
- Relationship M
anagement
Relationship M
anagement
- IT Recruiting services
- IT Recruiting services
- Vertically Focused
Vertically Focused
- Contract for H
ire
- Contract for H
ire
- CX
O level relationships
CX
O level relationships
- Long Term S
taff Augm
entation
- Long Term S
taff Augm
entation
17
Laurus Technologies Confidential
Questions?Questions?
Vijay Subramanian Practice Manager, Software [email protected]: 630.521.8934Cell: 847.970.1660Laurus TechnologiesToll Free: 1-877-LAURUS 1 1015 Hawthorn DriveItasca, IL 60143
18
Michelle Burger Director, Software [email protected] Office: 630.521.8944Cell: 847.977.4268Laurus TechnologiesToll Free: 1-877-LAURUS 1 1015 Hawthorn DriveItasca, IL 60143
Laurus Technologies Confidential 9/26/2008
The Laurus Advantage: Our Technical & Engineering TeamThe Laurus Advantage: Our Technical & Engineering Team
Account Mgmt.
Operations
Consultants & Engineers
1999 2005 2006 2007 Today
Steady and Substantial growth Consultants & Engineers fill our ranks
YOUR BUSINESS. EMPOWERED.
Laurus Technologies is an IT services and business consulting firm that leverages our expertise to identify and solve business challenges. Our goal of 100% referenceable clients has resulted in Laurus becoming one of the fastest growing solution providers in the US.
No other company can match our combination of business knowledge, technical talent and strong focus on customer business objectives.
19