1 / 23

The Digital Agenda Identity and Access Management for the Real World

The Digital Agenda Identity and Access Management for the Real World. Employees Contractors Temporary Staff Customers. Identity and Access Management.

cayla
Download Presentation

The Digital Agenda Identity and Access Management for the Real World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Digital Agenda Identity and Access Management for the Real World

  2. Employees Contractors Temporary Staff Customers

  3. Identity and Access Management “Encapsulates people, processes and products to identify and manage the data used in an information system to authenticate users and grant or deny access rights to data and system resources. The goal of IAM is to provide appropriate access to enterprise resources.” - ISACA (http://www.isaca.org/Pages/Glossary.aspx?tid=444&char=I)

  4. Governance “Ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives” - ISACA (http://www.isaca.org/Pages/Glossary.aspx?tid=422&char=G)

  5. Consider each different system and application in your organisation … and outside- Windows, Unix, Oracle, SAP, Sharepoint, CRM, Shared Services, external services, etc. What is the current state of Identity and Access for each? Efficiency? And Identity and Access Governance overall? Activity

  6. Where are we today? After three years of economic volatility — and a persistent reluctance to fund the security mission — degradation in core security capabilities continues % respondents with Identity Management Strategy in place: 2009: 48% 2010: 46% 2011: 41% - PWC 2012 Global State of Information Security Survey® http://www.pwc.com/gx/en/information-security-survey/key-findings.jhtml “Budgets are recovering” “Too often—and for too many organizations—diminished budgets have resulted in degraded security programs.” - PWC 2013 Global State of Information Security Survey® http://www.pwc.com/gx/en/information-security-survey/key-findings.jhtml

  7. Identities Where are we today? Mobile Data Shared Services Applications Cloud Legacy Systems External Systems Virtualisation

  8. The majority of organisations (62%) agree that confidence in Identity and Access is becoming increasingly difficult. Including 21% who are adamant that this is the case. Survey September 2012 by Vanson Bourne of CIOs in the UK, France and Germany (http://www.quest.com/news-release/corporate-data-loss-can-cost-organisations-27-million-in-revenu-122012-818962.aspx)

  9. WHY?

  10. Data is scattered • Data is unclassified • Identity data needs cleansing • We have to change the way we think • The appropriate people in the organisation need to step up • We need to provide them with the right capability to interact • Silos of disjointed policy, process and technology • Managers need to know what their staff can see and do WHAT IS YOUR EXPERIENCE?

  11. How can we play a role to change this?

  12. Traditional Identity Management • Typically, these address end-user account activities • Provisioning • Re-provisioning • De-provisioning • Managing login activities and rights to applications • Granting entitlements • Automation of IT processes • Introduction of work-flow • Reporting and Accounting

  13. The Next Steps

  14. Calculate risk Understand the implications of requests Control your “keys to the kingdom” The administrators are not above the law Authorisation external? One place to say who can do what

  15. Understand who has access to what Not just “should” or “shouldn’t” The right people makes the decisions Also be responsible for those decisions End-user self service Let them ask for what they need

  16. Data Governance Determine who has access to the DATA

  17. Data Governance – Keep it Simple

  18. Understand the Risks – Make the right people responsible

  19. Allow the right people to interact - Visibility

  20. Effective Identity and Access Management “Ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives” - ISACA (http://www.isaca.org/Pages/Glossary.aspx?tid=422&char=G)

  21. Thank you

  22. References • Vanson Bourne study of UK, France, Germany CIO’s for Quest December 2012 http://www.quest.com/news-release/corporate-data-loss-can-cost-organisations-27-million-in-revenu-122012-818962.aspx • The Impact of Governance on Identity Management Programs – Rafael Etes, Andresson Ruysam ISACA Journal Vol 5, 2011, pp.35-38. • ISACA Knowledge Centre http://www.isaca.org/Knowledge-Center/ • PWC 2012 Global State of Information Security Survey® http://www.pwc.com/gx/en/information-security-survey/key-findings.jhtml • PWC 2013 Global State of Information Security Survey® http://www.pwc.com/gx/en/information-security-survey/key-findings.jhtml • European Identity & Cloud Award 2013: Schindler Informatik AG http://www.kuppingercole.com/access/eicaward2013_schindler

  23. Examples … • Hardcopies of several case studies using Dell Software Group to address a variety of Identity and Access challenges • Time saving • Efficiency • Security • User experience

More Related