Hp identity management solution suite
This presentation is the property of its rightful owner.
Sponsored Links
1 / 26

HP Identity Management Solution Suite PowerPoint PPT Presentation


  • 94 Views
  • Uploaded on
  • Presentation posted in: General

HP Identity Management Solution Suite. Eric Krol e [email protected] +31 651572233 14 september, 2006. 2005 Priorities – What are yours ?. http://www.csoonline.com/poll/results.cfm?poll=3080. Key goal for IT Moving budget from maintenance to innovation. Former IT. Future IT.

Download Presentation

HP Identity Management Solution Suite

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Hp identity management solution suite

HP Identity Management Solution Suite

Eric Krol

[email protected]

+31 651572233

14 september, 2006


2005 priorities what are yours

2005 Priorities – What are yours ?

http://www.csoonline.com/poll/results.cfm?poll=3080

HP Confidential


Key goal for it moving budget from maintenance to innovation

Key goal for ITMoving budget from maintenance to innovation

Former IT

Future IT

Applicationmaintenance 15%

Applicationmaintenance 30%

Applicationinnovation45%

Infrastructuremaintenance42%

Infrastructuremaintenance30%

Applicationinnovation23%

Infrastructureinnovation10%

InfrastructureInnovation5%

Source: HP IT department

HP Confidential


Typical enterprise current state

Employees

Customers

Partners

Partner Data

and Applications

Policy A

Policy B

Policy C

Policy D

Policy E

Policy F

Policy G

Line of Business

Line of Business

Line of Business

Line of Business

Line of Business

Line of Business

Line of Business

Typical Enterprise: Current State

Resources

Databases,Directories

Messaging

ApplicationsCRM, ERM

HR,Finance

Non ITResources

Network

Services

OperatingSystems

Administration& Approval

Process

IT Admin Directory

IT Admin OS

IT Admin Messaging

IT Admin Applications

IT Admin HR, Fin.

AdminNon IT

IT Admin Network

Security &BusinessPolicy

Governance& AuditProcess

HP Confidential


Typical enterprise actual state

Employees

Customers

Partners

Partner Data

and Applications

Policy A

Policy B

Policy C

Policy D

Policy E

Policy F

Policy G

Line of Business

Line of Business

Line of Business

Line of Business

Line of Business

Line of Business

Line of Business

Typical Enterprise: Actual State

Resources

Databases,Directories

Messaging

ApplicationsCRM, ERM

HR,Finance

Non ITResources

Network

Services

OperatingSystems

Administration& Approval

process

IT Admin Directory

IT Admin OS

IT Admin Messaging

IT Admin Applications

IT Admin HR, Fin.

AdminNon IT

IT Admin Network

Security &BusinessPolicy

Governance& AuditProcess

HP Confidential


What is identity management

What is Identity Management?

The set of people, processes and technologies supporting the creation, maintenance, and termination of digital identities to enable secure access to services, systems and applications.

Do you know who your users/customers are? And their relationships with your services or organization?

HP Confidential


Iam defined user identities transactions roles policies and privileges

Identity Management(Administration)

Access Management(Real-Time Enforcement)

Administer

Authenticate

Authorize

Alarm/

Alerting

Authentication Services

Reduced Sign-On

Password Management

NAC

Audit/Compliance

User life cycle management

Role Engineering

Service Mgt

ITSM

Identity Stores

Access Management

Federated Identity Management

Source: Gartner

IAM Defined — User Identities, Transactions, Roles, Policies and Privileges

HP Confidential


Manual provisioning

Employee moves naturally between roles

Employee Leaves Organisation

BUSINESS IMPACT ?

Employee Accepts Job Offer Privileges are applied as requested

  • Who knows what privileges you have?

  • How long torevoke?

How long?

Appropriateness of Access?

Manual Provisioning

Account Privilege

Time

HP Confidential


Hp idm digital provisioning

Employee moves naturally between roles

Employee Leaves Organisation

IT responsive to change

Employee Accepts Job Offer Privileges are applied as requested

GUARANTEED Appropriateness of Access!

HP IDM: Digital Provisioning

Account Privilege

Time

HP Confidential


Idm drivers audit compliance

IdM Drivers: Audit & Compliance

Audit

  • Only 50% of organizations attempt to audit rights on a regular basis

  • Up to 60% of access profiles are no longer valid. In high turnover industries this can be as high as 80% (IDC)

  • Regulatory issues raising stakes on audit

  • 60% of organizations need to comply to some kind of privacy regulation (11% do well) (SCC)

  • Do you have regular Audits?

    • How regular? Why?

    • How much of the audit process is automated?

  • How do you model your audit controls?

    • Both preventive and detective controls? Only detective?

    • Leverage same KPIs & KRIs for different regulatory audits?

  • What are your concerns over Identity theft and fraud?

    • What about Privacy?

    • Can you effectively distribute data subject to regulations?

  • Are you part of your partners/suppliers audit processes?

    • Do you maintain your supplier/partner user data in your IT systems? What about liability and privacy of that data?

HP Confidential


Idm drivers security risk mgmt

IdM Drivers: Security & Risk Mgmt

Security

  • At best only about 62% of a user’s access is removed upon termination (Meta). Orphan” accounts compound an organization’s risk of security breech by 23 X”

  • Over 60% of the authorization / user profiles are out to date (Meta)

  • 39% of all licenses are orphan accounts

  • 81% of security breaches come from disgruntled employees (Computer Security, Issues, & Trends)

  • Insider security lapses cost 250K per incident (FBI/CSI Computer Crime and Security Survey)

  • Is your business locking customers out, and locking employees in?

    • Is this inhibiting business?

    • What is desired?

    • What is the impact on business agility?

  • How do you utilize your partner relationships to their best?

    • E.g. partners able to interact at all stages of the supply chain in real time?

    • Can you provide just in time services?

    • How do you empower partners to self manage?

    • How do you single sign off partners?

  • How are you identifying customers today?

    • Tokens, certificates?

    • Passwords?

    • Variations and Combinations?

HP Confidential


Idm drivers cost reductions

IdM Drivers: Cost Reductions

Cost Reductions

  • Reduce Identity silos

  • 40-60% of helpdesk workload deals with password mgmt (Meta and Intl Security Forum Report)

  • $25 per call – lost productivity, cost of reset activity

  • 5 hours per year for maintaining existing user profiles up to date (Gartner)

  • 30% of dev / integration cost are security related

  • Time to usefulness of employees or partners

  • No waiting to perform job function

  • Do you have more than 5 ways of Identifying customers?

    • How Many? How many different profiles?

  • Do you have a documented Identity management strategy

    • Why did it start? Regulatory pressure, Audit, Cost?

    • What were the hurdles you overcame?

    • Who is your IdM sponsor?

  • Is your IT department burdened with manual processes?

    • The 5 O'clock problem! IT works on boring tasks….

    • What repetitive tasks should you automate?

    • Are lines of business able to manage themselves?

      • Are they averse to using IT oriented tools? What about simple web based business tools?

HP Confidential


Idm drivers efficiency and productivity

IdM Drivers: Efficiency and Productivity

  • Do you have challenges managing business or IT change in your organization?

    • Organizational changes? Restructuring? Employee Turnover? Seasonal/temp employees?

    • Cross-functional or departmental projects?

  • What is the impact of change on business continuity, user productivity and compliance?

  • What is the cost of managing partner access?

    • Do the partners manage themselves or do you manage them ?

  • How fast can you on-board a new employee/partner?

    • What about termination? Seasonal employees?

    • How much of the physical asset and user provisioning is automated?

Efficiency and Productivity

  • 15-25% of access and provisioning activities need to be redone due to paper and manual processing errors across the identity lifecycle (Intl Security Forum Report)

  • 27% of companies take greater than 5 days to grant or remove access rights (Intl Security Forum Report)

  • Externalized security increases time to market of business applications by 25%

HP Confidential


Idm drivers new business models and revenue opportunities

IdM Drivers: New Business Models and Revenue opportunities

Federated Communities

  • Solves the issue of different authenticaton methods

  • Builds on standard web security webservices

  • Covisint in automotive industry

  • SecuritiesHub in Financial industry

  • Employee Benefits (401K, Medical, Dental)

  • Wireless Service Providers

  • Do you have a single view into your customer across all your services and products?

    • Leverage cross-sell opportunities across your products and services?

    • Leverage authentication methods and security standards

  • Do you want to leverage cross-sell opportunities with your partners?

    • Loyalty programs, for example?

  • Do you want to offer ‘identity services’ to any consumer?

  • Are you taking advantages of web services to automate partner relationships ?

    • Is security and audit an inhibitor?

    • Have you standardized partner access integrations?

    • How do you Audit web services systems?

HP Confidential


Bottom line

Bottom line

Regulation conformance

  • Board responsibility for ensuring & reporting on effectiveness of internal controls

  • $10m + per company in expected fines for lack of compliance with new regulations (Sarbanes-Oxley, Basel II, EU Privacy, etc.)

  • Only 50% of companies attempt to audit rights on a regular basis

  • 60% of organisations need to comply to some kind of privacy regulation (11% do well) (SCC)

Employees

Sales

Security

  • 81% of security breaches from disgruntled employees(Computer Security)

  • At best only 62% of a user’s access is removed upon termination(Meta Group)

  • Orphan accounts increase risk of security breech by 23 times (Meta Group)

  • Insider security lapses cost 250K per incident. (FBI/CSI Computer Crime andSecurity Survey)

Customers

Finance

Data Quality

  • Inconsistent user information is spread over numerous systems.

  • Data quality is having a detrimental impact on service

  • Up to 60% of access profiles are no longer valid. In high turnover industries this can be as high as 80% (IDC)

B2B

Productivity

  • 15-25% of access /provisioning activities must be redone due to error(International Security Forum Report)

  • 27% of companies take more than 5 days to grant/remove access rights (International Security Forum Report)

  • 40- 60% of service desk calls are password related (Meta Group)

Marketing

Partners

Cost Explosion

  • The total cost of ownership for user administration is out of control

  • What is our cost for Compliance

  • What will happen if the business changes or if IT changes

  • How many unnecessary licences are we paying for?

Logistics

HP Confidential


Hp openview

BusinessExternal

Focus

IT Process

Focus

IT Operations

Focus

Point Tools

Consolidated / Integrated

Service Perspective

HP OpenView

HP Confidential


Learn to love what you have been taught to fear

Learn to love what you have been taught to fear!

Change is constant

Change is unexpected

Change is disruptive

Business

Business objectives and strategy

  • Strategic partnerships

  • Mergers and acquisitions

  • Response to competitive moves

  • Supply-chain integration

  • Gov’t regulation/compliance

  • IT consolidation

  • Security threats

  • Operating system upgrades

  • Application migration

  • System & network disruption

Organization

Computing environment

Change presents opportunities

The ability to adapt to change is a key advantage in business.

HP Confidential


Forces of change traditional idm

Forces of Change & Traditional IdM

  • User Lifecycle

  • Hiring & Terminations

  • Promotions & Transfers

  • Vacations, Leaves of Absences

  • Contractors, Part-time and Temporary workers

  • Subscriptions & Expirations

  • Business Lifecycle

  • Mergers & Acquisitions

  • Reorganizations & Restructuring

  • Cross functional/departmental initiatives or projects

  • Cross-company partner initiatives or projects

  • Regulatory Compliance

Identity& AccessManagement

  • IT Lifecycle

  • Add, upgrade or retire apps and systems

  • New access modes (remote, mobile, etc)

  • Data center consolidation

  • Outsourcing & Hosted services

HP Confidential


Automate change management across all enterprise lifecycles business it and user lifecycles

Identity& AccessManagement

Automate change management across all enterprise lifecycles –business, IT and user lifecycles

HP Identity Management

  • User Lifecycle

  • Higher level of abstraction in service model of HP: manage on the level of business processes NOT on technology components.

  • Business Lifecycle

  • Higher level of abstraction allow for business environment change:

    • Merger / acquisition

    • Product introduction

    • Organization changes

    • Business autonomy

  • IT Lifecycle

  • Efficiency gains and IT business alignment is rapidly introduced because of service model for identities.

HP Confidential


Hp idm suite

Registration

Propagation

Web &

Web Services

Authorization

Account linking

&

Cross-domain SSO

B

Accounts

& Policies

O

E

E

P

P

Single

sign-on

Trusted partnerships

Maintenance

Termination

?

.

Audit &

Reporting

Regulatory

Compliance

HP IdM Suite

Automate change management across all enterprise lifecycles –business, IT and user lifecycles

Select Identity aligns users rights with the changing environment.Select Access ensures the environment is secure through the changes. Select Federation manages partners in the change process. And Select Audit ensures change process is compliant.

HP Confidential


Hp identity management solution suite

HP OpenView

Project

HP Confidential


Identity management selection cycle hp engagement

Identity Management Selection Cycle &HP engagement

IdM Solution Selection Cycle

Requirements Analysis

Solution definition

Solution Selection

  • Organisation is new to IdM business

  • Compelling events

  • Requirements: business/operational/ security

  • Scoping

  • Commitment in organisation

  • Initial business case & budget

  • Organisation has already defined goals and drivers, and started investigating solution in market.

  • Plan

  • Team

  • Evaluate

  • Business case review

  • Budget and ROI

  • Management approval

  • Possible solutions have already been investigated, drivers and requirements are defines and issued an RFx.

  • Response to RFx

  • Demo / presentation / PoC

  • Implementation planning

  • Risk management

  • Procurement and T&C’s

HP Confidential


Need for business case

Need for business case

  • Business case is required in 75% of the identified IDM projects

  • Focus on business benefits first……. then align IT benefits

  • IDM is ERP or ITRP for IT

“At the beginning of a project you are most ignorant about the project and that is the time when you need to make the most critical decisions about the schedule and cost”

HP Confidential


Hp business case workshop

HP Business Case workshop

  • Focuses on identification and estimation of potential savings and current costs against analysts and market experience

  • Easy and quick way to approach I&AM with the stakeholders

  • Establish common ground

  • Ownership is there from the start

HP Confidential


Who participates

Who participates?

CxOCorporate Accountability

IT Director Ops costs/ ease of use

Security /Compliance ManagerRisk/Policy /Compliance

Service Desk ManagerProductivity

HROwnership of the employee profiles

BusinessData quality / ease of use / introduction of new services

According to a Forrester Research survey:

“CISO’s usually hold responsibility for compliance directives related to

system security, system integrity, or privacy-related components...”

Nevertheless, “CISO’s can lack the budget authority that is necessary to fulfill those responsibilities, and often have to turn to the CIO for budget approvals.”

Source: 2005 Forester Research

Many contact points!!

HP Confidential


Hp identity management solution suite

Questions

[email protected]

Phone: +31 651572233

Thank You!

HP Confidential


  • Login