1 / 9

Information security for Access Provisioning: the Boeing Company t-bone & Tonic: Aly Boghani Joan oliver Mike

Information security for Access Provisioning: the Boeing Company t-bone & Tonic: Aly Boghani Joan oliver Mike Patrick Amol Potdar. April 26, 2009. What is Access Provisioning?. Provisioning

leann
Download Presentation

Information security for Access Provisioning: the Boeing Company t-bone & Tonic: Aly Boghani Joan oliver Mike

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information security for Access Provisioning: the Boeing Companyt-bone & Tonic:Aly Boghani Joan oliver Mike Patrick Amol Potdar April 26, 2009

  2. What is Access Provisioning? Provisioning To create and maintain a subject's digital identity, accounts, credentials, and entitlements in response to automated or interactive business processes. • Identity • A BEMSID (employee ID) and all related employee information • Account • A windows account for Jane Smith, Web Single Sign On (WSSO) • Credentials • Biometric identifier(s), Windows Password, Z-Token • Entitlement • Access to REDARS, A Boeing Badge, Access to newScale

  3. Current Problem Boeing’s developed 40+ homegrown identity management and provisioning tools over the past 10 years The Problem • Provisioning processes are redundant, inefficient, costly, and frustrating • Data requirements and dependencies are unclear and confusing

  4. Current Problem The Risks • Users access to resources is difficult to manage • Unauthorized disclosure of information requiring enhanced controls • People leaking information requiring enhanced controls • Exploitation of people vulnerabilities resulting in information disclosure

  5. Current Problem The Result • Multiple compliance controls • Long cycle times • Processing errors due to human mistakes • Millions of dollars and hours lost in productivity for airline programs, finance, et al.

  6. End-User Perspective End Users End users focus on access to target systems like Windows, REDARS, etc. They don’t focus on what accounts they need to access Windows. The goal of provisioning is to help Sally obtain access to REDARS, etc. Is A With Access To With Access To Common Ground newScale Using the Following Account(s) Using the Following Account(s) Technologists Technologists focus the accounts and permissions end users need to access Windows, etc.

  7. Enterprise Perspective HRMS EPDW CARATS EEPPI TEAMS Policies EPSS EAP 7/21/2008 SEQUENT APPREG EDS CED NBR 7/11/08 VSGATE RADIUS ATMA AccessTo RP NBAR AA BART FMS ECAR SSA Boeing Apps COGNOS DCAMS UNIX (USA-NIS) EAF/ SAPM RSS UNIX (STL) NOFRT CLAMS MAD/eAD MARS Exchange UIDR SSLVPN-FM SSLVPN BLU/RAD AD GGM WART ACF2 SSGRP Domain Tool SSGRP STAC CATIA SUITE STAR CSPR3 PLGM OARS ACF2 SUITE D1SD MARS (MESA) RACF VRA AAA ALF AIM ICS RACFQRY RACF PHILLY

  8. Solution: Enterprise Access Provisioning • Must incorporate the four cornerstones of information security: • Confidentiality, Authenticity, Integrity, Availability A successful provisioning solution ensures individuals get access to necessary resources easily and quickly while ensuring the proper security protocols are completed.

  9. Identity Management Systems - Concerns • A “metaverse” must exist that processes the rules and requests for password changes and synchronizations • The rules must be established by the business • There must be a directory of record that pushes identity changes to the other directories • Typically the HR system creates and deprovisions user accounts • Typically the Active Directory system pushes password changes to the other directories • A lot of custom scripting usually occurs to make the separate systems talk each other

More Related