Скачать презентацию Identity and Access Management Dustin Puryear Sr Consultant Скачать презентацию Identity and Access Management Dustin Puryear Sr Consultant

9d0992bdb803fc2c0946ef41350e2c9b.ppt

  • Количество слайдов: 36

Identity and Access Management Dustin Puryear Sr. Consultant, Puryear IT, LLC dustin@puryear-it. com http: Identity and Access Management Dustin Puryear Sr. Consultant, Puryear IT, LLC dustin@puryear-it. com http: //www. puryear-it. com/

Objectives o Find a common background for discussing IAM o Discuss problems and opportunities Objectives o Find a common background for discussing IAM o Discuss problems and opportunities in the field o Introduce terminology o Highlight a possible future direction

Session Agenda o o o Today’s Problems Making It All Better Now What? Viva Session Agenda o o o Today’s Problems Making It All Better Now What? Viva La Resistance! Puryear IT

This Presentation o This presentation was written with audit/compliance in mind. o Contact dustin@puryear-it. This Presentation o This presentation was written with audit/compliance in mind. o Contact dustin@puryear-it. com to have Dustin Puryear present this topic to your organization or company.

Today’s Problems Today’s Problems

Who am I? Who are you? o Networks use multiple identity systems o The Who am I? Who are you? o Networks use multiple identity systems o The Internet is no better o Users get confused with all of these IDs o Management and audit has difficulty keeping track of all these IDs o The bad guys are quite happy

So many IDs! Person Active Directory Account Online HR Info Account People. Soft User So many IDs! Person Active Directory Account Online HR Info Account People. Soft User Account …

Multiple Contexts Remote Employees Customers Suppliers Partners Multiple Contexts Remote Employees Customers Suppliers Partners

Trends o Regulation and Compliance n SOX, HIPAA, GLB o Increasing Threats n Identity Trends o Regulation and Compliance n SOX, HIPAA, GLB o Increasing Threats n Identity theft n Exposure of confidential info o Maintenance Costs n The average employee needs access to 16 applications n Companies spend an estimated $20 -30 user/year for password resets

The Real Impact End-users o. Too many IDs o. Too many passwords o. Must The Real Impact End-users o. Too many IDs o. Too many passwords o. Must wait for access to applications Administrators o. Too many IDs o. Too many end-user requests o. Difficult or unreliable ways to syncs all the accounts Audit/Compliance o. Orphaned accounts o. Limited or no audit capability o. Where are the audit trails?

Making It All Better Making It All Better

Identity and Access Management Password Management Role Management User Provisioning IAM Authorization Directories Audits Identity and Access Management Password Management Role Management User Provisioning IAM Authorization Directories Audits & Reporting

The Benefits of IAM o Save money o Improve operational efficiency o Reduce time The Benefits of IAM o Save money o Improve operational efficiency o Reduce time to deliver applications and services o Enhance security o Enhance regulatory compliance o Give more power to audit

Let’s Define IAM Terms o Authentication (Auth. N) n Verify that a person is Let’s Define IAM Terms o Authentication (Auth. N) n Verify that a person is who they claim to be n This is where multi-factor authentication comes into play n Identification and authentication are related but not the same o Authorization (Auth. Z) n Deciding what resources can be accessed/used by a user o Accounting n Charges you for what you do

IAM is a Foundation Identity Management Administration o. Account Provisioning & Deprovisioning o. Synchronisation IAM is a Foundation Identity Management Administration o. Account Provisioning & Deprovisioning o. Synchronisation o. User Management o. Password Management o. Workflow o. Delegation o. Audit and Reporting Access Management o. Auth. N o. Auth. Z

Now What? Now What?

Implement IAM! o Start Slow! n Define your Single Source of Truth (SSOT) o Implement IAM! o Start Slow! n Define your Single Source of Truth (SSOT) o Unfortunately, there may be more than one, if that makes sense. . n Implement the “big wins” o User provisioning to Active Directory o Password resets

But How? o SSOT n Work with your team, IT, and management to determine But How? o SSOT n Work with your team, IT, and management to determine the true source of user information n User Provisioning to AD o It’s already happening! o Solutions n n Microsoft ILM CA e. Trust Admin Sun IM …

The Results! o User provisioning can be automated o Password resets can be delegated The Results! o User provisioning can be automated o Password resets can be delegated to the helpdesk o And the big one: n You can now audit both the user provisioning and password resets

The Next Step o Extend User Provisioning n n To People. Soft Lawson Oracle The Next Step o Extend User Provisioning n n To People. Soft Lawson Oracle Custom/in-house applications o Begin consolidating user directories n Can you point some or all of your applications at AD or LDAP?

Authorization o This is the hard one! o Applications define their Auth. Z rules Authorization o This is the hard one! o Applications define their Auth. Z rules differently o Try to consolidate to an AD/LDAP authz landscape o Tackle this one application at a time!

The Power is Yours o You can now audit/review: n n n Who has The Power is Yours o You can now audit/review: n n n Who has what accounts? Why do they have those accounts? Who approved those accounts? Are there any orphaned accounts? Who has access to what? For how long have they had that access?

And there is more. . o You can control access to your webenabled applications And there is more. . o You can control access to your webenabled applications using a Web Access Manager (WAM) o Don’t forget about SSO! o What about federated identities and your partners and suppliers?

Viva La Resistance! Viva La Resistance!

IT Resistence o Sometimes IT resist a formalized IAM process because: n “We are IT Resistence o Sometimes IT resist a formalized IAM process because: n “We are too busy” n “We can’t afford it” n “We don’t want to give up control!”

“We are Too Busy” o This is a common response o IT is too “We are Too Busy” o This is a common response o IT is too busy. . n Because they are resetting passwords all day n Working too hard to create accounts n Learning too late that orphaned accounts are being misused/attacked

“We Can’t Afford It” o There are small and big solutions to this problem “We Can’t Afford It” o There are small and big solutions to this problem o If you are an AD-only shop with minimal applications, then you can start small o Larger enterprises have no choice, they can’t afford not to!

“We Don’t Want to Give Up Control!” o This is usually the root of “We Don’t Want to Give Up Control!” o This is usually the root of the disagreement. o They are responsible for IT o They don’t want problems in IAM to reflect poorly on them o They are used to the control, even if it’s not necessary

A Compromise o Take control without giving up control! o A middle-ground: n IAM A Compromise o Take control without giving up control! o A middle-ground: n IAM solutions can be used to explore user directories/databases n Reports can be generated n IT can still do the provisioning itself

Summary Summary

Summary o It’s becoming impossible to manage all of these accounts and rights by Summary o It’s becoming impossible to manage all of these accounts and rights by hand o You can automate controls o You can automate audit reports o You can control THE PROCESS!

Who We Are? o Puryear IT is THE IAM specialist in Louisiana o We Who We Are? o Puryear IT is THE IAM specialist in Louisiana o We help small and large companies, ranging from 100 users to well over 20, 000+ users o We are vendor-agnostic, and have worked with everyone, including: n Microsoft n CA n Sun

We Can Help IT to. . o Help you tackle your IAM needs o We Can Help IT to. . o Help you tackle your IAM needs o Integrate Linux, UNIX, and J 2 EE into Active Directory o Build out AAA solutions o Deploy Microsoft ILM, Sun IM, Novell IM, and CA IM o Deploy small and large solutions

We Can Help Audit/Compliance to. . o Build an automated user account and access We Can Help Audit/Compliance to. . o Build an automated user account and access rights tracking solution o Log changes to user accounts and access rights o Ensure passwords are changed as policies and regulations require o Help you communicate your needs to IT o Automate your manual tasks

Doing IAM Right o Puryear uses a methodical approach to: n n n Identify Doing IAM Right o Puryear uses a methodical approach to: n n n Identify organization pain points Identify organization audit requirements Work with IT and audit to prioritize needs Develop an initial pilot deployment Roll out the final solution Help you manage and extend the solution

Dustin Puryear Sr. Consultant, Puryear IT, LLC dustin@puryear-it. com http: //www. puryear-it. com/ Dustin Puryear Sr. Consultant, Puryear IT, LLC dustin@puryear-it. com http: //www. puryear-it. com/