1 / 28

How to use Identity Management to be MORE productive?

How to use Identity Management to be MORE productive?. Robert Jones, Identity and RMS Architect. RMS Requires Identity Assurance to ensure security. Identity Management is core to deploying highly secure applications like RMS. Security (Deny ). Users & Devices. Permissions & Access

bendek
Download Presentation

How to use Identity Management to be MORE productive?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How to use Identity Management to be MORE productive? Robert Jones, Identity and RMS Architect

  2. RMS Requires Identity Assurance to ensure security • Identity Management is core to deploying highly secure applications like RMS Security(Deny) Users & Devices Permissions & Access with Policies Credentials Identity(Grant) Security Policies & Auditing Identity and Access Workflow Regulations Business Policies Voice People Business Process Portals Resources Email Information Collaboration

  3. Identity and Access Solutions Framework Common Services Identity Lifecycle Management Strong Authentication Information Protection Federated Identity Directory services

  4. Identity Lifecycle Manager Synchronisation Services

  5. Company (B2E) Partners (B2B) Customers B2C) Mobility Client Server Internet Mainframe Islands of Applications - Has lead to islands of identities # of Digital IDs BusinessAutomation Applications Time Pre 1980’s 1980’s 1990’s 2000’s

  6. What is Identity Management? • A system of procedures and policies to manage the lifecycle and entitlements of electronic credentials. Directory Services Identity, Access Lifecycle Management Federation

  7. The ID Lifecycle • Password Mgmt • Strong Passwords • “Lost” Password • Password Reset • Retire User • Delete/Freeze Accounts • Delete/Freeze Entitlements • Synchronize Identity • Extend lifecycle information across all identity stores • Entitlement Reporting • Audit/log any ILM changes • Keep track of Entitlements • Account Changes • Promotions • Transfers • New Privileges • Attribute Changes • New User • User ID Creation • Credential Issuance • Access Rights

  8. Identity Aggregation • Data consistency across multiple repositories • “Agentless” connection to other systems • Provides attribute-level control • Manage global address lists (GAL) • Automate group and DL management Active Directory Exchange 5.5 iPlanet Notes SQL Oracle

  9. Available Connectors (MIIS): • Active Directory & Active Directory Application Mode • Computer Associates ACF2 • IBM DB2, Lotus Domino 5.x/6.x, Tivoli Directory Server, RACF • Microsoft SQL 2000, SQL 7 • Novell eDirectory • Oracle 8i/9i • Microsoft Exchange 5.5, 2000, 2003 • Microsoft NT 4.x • Sun/iPlanet/Netscape Directory • Various flat-file formats: DSML, LDIF, CSV, fixed width • SAP, PeopleSoft • CA-ACF2 • CA-TopSecret • IBM OS/400 Active Directory iPlanet Notes SQL Oracle

  10. Identity Lifecycle Manager Certificate Services

  11. Alacris Acquisition

  12. certificates Identity and access Secure collaboration Credential Management

  13. Strong authentication and smart cards reduce password management costs Encryption with central key archival ensures encrypted content is recoverable Network access protection (NAP) protects networks from unhealthy pc’s Virtual private networks (VPNs) and secure wireless access enable secure and cost-effective network access Business Scenarios - Driving use of digital certificates

  14. CLM Architecture Logical Architecture Physical Architecture Other Services Microsoft Certificate Authority CLM Policy Module Microsoft CAs CLM Exit Module E-mail Server CLM AD Integration CLM Web App Internet Information Server Microsoft CLM Server Active Directory Internet Explorer CLM Browser Control Smart Card Middleware End User SQL Server

  15. PKI Features

  16. Information Protection

  17. Information Protection with Windows Rights Management Services Traditional solutions control initial access Authorized Users Yes Information Leakage No Access Control List Perimeter Unauthorized Users Unauthorized Users Firewall Perimeter …RMS addresses ongoing information usage

  18. Safeguard Sensitive Information with RMSProtect e-mail, documents, and Web content Outlook 2003 and 2007 Windows RMS Secure Emails • Keep corporate e-mail off the Internet • Prevent forwarding of confidential information • Templates to centrally manage policies Office 2003 and 2007 (Word, PowerPoint, Excel, Infopath) Sharepoint Server 2007 Windows RMS • Control access to sensitive info • Set access level - view, change, print... • Determine length of access • Automatically apply usage policies to documents libraries • Log and audit who has accessed rights-protected information Secure Documents IE w/RMA, Windows RMS • Users without Office 2003 can view rights-protected files • Enforces assigned rights: view, print, export, copy/paste & time-based expiration Secure Intranets

  19. Overview of RMS components • Active Directory • Authentication • Service Discovery • Group Membership • SQL Server • Configuration data • Logging • Cache • RMS Client • RMS Lockbox • Client API • Templates (XML Copy) • RMS Server • Certification • Licensing • Templates RMS-enabled Client and Server Applications

  20. Example: Rights-Protected Document - Word, Excel, or PowerPoint 2003 Pro a NOTE: Outlook E-mail EULs are stored in the local user profile directory Created when file is protected Publishing License End User Licenses Only added to the file after server licenses a user to open it Content Key Encrypted with the server’s public key Rights for a particular user Rights Info w/ email addresses Content Key (big random number) Encrypted with the server’s public key Encrypted with the user’s public key The Content of the File (Text, Pictures, metadata, etc) Encrypted with Content Key, a cryptographically secure 128-bit AES symmetric encryption key Encrypted with the user’s public key

  21. The information lifecycle Author Generate Annotate Edit Recovery Display Archive Hard disk Search Delete Memory Print Revoke Network Expiry Hosted storage USB drive E-mail Home Workflow Enterprise Peer-to-peer USB drive Instant messaging Mobile Cloud workspace Cloud USB drive PC

  22. SharePoint and RMS • Documents can be stored encrypted or non encrypted on the server • Recommendations are: • Store Documents Non Encrypted • Non encrypted documents can be searched • Let SharePoint encrypt documents on retrieval • Using SharePoint ensures the use and adoption of RMS • Enhances the SharePoint proposition • Education of users is still required

  23. What is Microsoft Forefront? • Microsoft Forefront is a comprehensive line of business security products providing greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. Server Applications Edge Client and Server OS

  24. Next steps • Receive the latest Security news, sign-up for the: • Microsoft Security Newsletter • Microsoft Security Notification Service • Assess your current IT security environment • Download the free Microsoft Security Assessment Tool • Find all your security resources here http://www.microsoft.com/uk/security/infosec2008

  25. Session Evaluation • Hand-in you session evaluation on your way out • Win one of 2 Xbox 360® Elite’s in our free prize draw* • Winners will be drawn at 3.30 today • Collect your goody bag which includes.  • Windows Vista Business (Upgrade), • Forefront Trials, • Forefront Hand-On-Labs • Security Resources CD • I’ll be at the back of the room if you have any questions * Terms and conditions apply, alternative free entry route available.

More Related