Loading in 2 Seconds...
Loading in 2 Seconds...
The Digital Agenda Identity and Access Management for the Real World. Employees Contractors Temporary Staff Customers. Identity and Access Management.
Employees Contractors Temporary Staff Customers
Identity and Access Management “Encapsulates people, processes and products to identify and manage the data used in an information system to authenticate users and grant or deny access rights to data and system resources. The goal of IAM is to provide appropriate access to enterprise resources.” - ISACA (http://www.isaca.org/Pages/Glossary.aspx?tid=444&char=I)
Governance “Ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives” - ISACA (http://www.isaca.org/Pages/Glossary.aspx?tid=422&char=G)
Consider each different system and application in your organisation … and outside- Windows, Unix, Oracle, SAP, Sharepoint, CRM, Shared Services, external services, etc. What is the current state of Identity and Access for each? Efficiency? And Identity and Access Governance overall? Activity
Where are we today? After three years of economic volatility — and a persistent reluctance to fund the security mission — degradation in core security capabilities continues % respondents with Identity Management Strategy in place: 2009: 48% 2010: 46% 2011: 41% - PWC 2012 Global State of Information Security Survey® http://www.pwc.com/gx/en/information-security-survey/key-findings.jhtml “Budgets are recovering” “Too often—and for too many organizations—diminished budgets have resulted in degraded security programs.” - PWC 2013 Global State of Information Security Survey® http://www.pwc.com/gx/en/information-security-survey/key-findings.jhtml
Identities Where are we today? Mobile Data Shared Services Applications Cloud Legacy Systems External Systems Virtualisation
The majority of organisations (62%) agree that confidence in Identity and Access is becoming increasingly difficult. Including 21% who are adamant that this is the case. Survey September 2012 by Vanson Bourne of CIOs in the UK, France and Germany (http://www.quest.com/news-release/corporate-data-loss-can-cost-organisations-27-million-in-revenu-122012-818962.aspx)
Data is scattered • Data is unclassified • Identity data needs cleansing • We have to change the way we think • The appropriate people in the organisation need to step up • We need to provide them with the right capability to interact • Silos of disjointed policy, process and technology • Managers need to know what their staff can see and do WHAT IS YOUR EXPERIENCE?
Traditional Identity Management • Typically, these address end-user account activities • Provisioning • Re-provisioning • De-provisioning • Managing login activities and rights to applications • Granting entitlements • Automation of IT processes • Introduction of work-flow • Reporting and Accounting
Calculate risk Understand the implications of requests Control your “keys to the kingdom” The administrators are not above the law Authorisation external? One place to say who can do what
Understand who has access to what Not just “should” or “shouldn’t” The right people makes the decisions Also be responsible for those decisions End-user self service Let them ask for what they need
Data Governance Determine who has access to the DATA
Effective Identity and Access Management “Ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives” - ISACA (http://www.isaca.org/Pages/Glossary.aspx?tid=422&char=G)
References • Vanson Bourne study of UK, France, Germany CIO’s for Quest December 2012 http://www.quest.com/news-release/corporate-data-loss-can-cost-organisations-27-million-in-revenu-122012-818962.aspx • The Impact of Governance on Identity Management Programs – Rafael Etes, Andresson Ruysam ISACA Journal Vol 5, 2011, pp.35-38. • ISACA Knowledge Centre http://www.isaca.org/Knowledge-Center/ • PWC 2012 Global State of Information Security Survey® http://www.pwc.com/gx/en/information-security-survey/key-findings.jhtml • PWC 2013 Global State of Information Security Survey® http://www.pwc.com/gx/en/information-security-survey/key-findings.jhtml • European Identity & Cloud Award 2013: Schindler Informatik AG http://www.kuppingercole.com/access/eicaward2013_schindler
Examples … • Hardcopies of several case studies using Dell Software Group to address a variety of Identity and Access challenges • Time saving • Efficiency • Security • User experience