300 likes | 471 Views
Tivoli LIVE -- Identity Management Hursley Park – 15 th June 2006. Casey Plunkett Director, WW Sales, Tivoli Security. Agenda. Identity Management Drivers Tivoli Identity Management Overview Deployment Proof Points Analysts’ Perspective. Application experts. Unix experts. Database
E N D
Tivoli LIVE -- Identity ManagementHursley Park – 15th June 2006 Casey Plunkett Director, WW Sales, Tivoli Security
Agenda • Identity Management Drivers • Tivoli Identity Management Overview • Deployment Proof Points • Analysts’ Perspective 2006 ITSM Partner Summit
Application experts Unix experts Database experts Integration experts Internet experts Linux experts Network experts Mainframe experts Storage experts Windows experts Mainframe tools Storage tools Internet tools Network tools Windows tools Linux tools Application tools Unix tools Database tools Integration tools Protect Systems Manage Users Security Event Management Learn about vulnerabilities Request Updated install images Apply resource security controls Gather security control information Incident Management Verify install images and request changes Threat Management Access Management Build and Deploy software packages Privacy Management Apply business security controls Identity Management Vulnerability Management Security Patch Management Security Configuration Gather business compliance information Security Controls Definition Create Security Controls & Compliance criteria Gather and analyze security related events and symptoms • Correlate events and Initiate Response Security Compliance Evaluate business compliance Business Risk Management Report Report Manage Threats Establish Trust and Compliance Key processes in IT Security Management The activities and processes associated with IT Security Management can be summarized into four patterns that will remain current as technology changes. Process / Service view of IT Security Management 2006 ITSM Partner Summit
Cross-Industry Value Coalition 5 Industry-Centric Value Web 4 3 Legend Value Chain Visibility 2 Select ‘Trusted Partners’ 1 Isolated Operations Increased Collaboration Eco-system integration improves market agility but brings with it increased risk costs in complexity, administration and vulnerability. Trust Cost & complexity of Threats and Administration Core Business Subsidiary/JV Customer Partner/Channel Supplier/Outsourcer Collaboration 2006 ITSM Partner Summit
Product Life Cycle Management Phase I Phase II Phase III Phase IV Phase V Definition/ Feasibility Post Launch Ideation Launch Development Define concepts based on new product ideas Fully develop product/ packaging manufacturing process and business plan Produce and ship product into marketplace Assess product, team and process performance Identify new product ideas Key Stakeholders in the PLM Process: Engineering Brand Management Sales Management Public Relations/Ads Legal R&DPackaging and Design GraphicsMarketingOperations and ProductionFinance The “sweet spot “occurs when process design, organization/performance management and enabling technologies are integrated and optimized across this value chain 2006 ITSM Partner Summit
PLM (Summary) Reference Architecture View Generator WPS portlet portlet portlet portlet Admin Console Presentation Manager Inference Rules Inference Engine Resources and Relationships (RDF store) Knowledge Manager • Key Needs: • ESSO • Provisioning • Directory Integ. • Access Control • Root Control Workflow Manager Workflows Content Manager Adapter Manager (run-time and monitor) Event Dispatcher Event Registry Adapter Registry instantiates Event Log Adapter Instance Store Adapter Instances Adapter Instances Adapter Instances Log Bill of Materials PDM Mktg/Adv. Document Repository CAD Team (QuickPlace, Sametime) Project Schedule 2006 ITSM Partner Summit
Can You Answer the following Questions Across Your Core Business Processes? • WHO can use our IT systems? • WHAT can these people do on our IT systems? • Can I easily PROVE to the auditor what these people did? Tivoli’s Identity and Access Management products automates these internal controls 2006 ITSM Partner Summit
Identity Management Challenges/Opportunities… • How much am I spending on routine password resets? • 3-4 times per year, per user and a £14 average cost per call • How long does it take to make new employees/contractors productive? • Up to 12 days per user to create and service accounts • How many of my former employees/contractors still have access to sensitive data? • 30-60% of accounts are orphans (potential security exposure) • How confident are we that only the right people have access to our Enterprise data? • 70% of fraud cases involving customer data are related to an insider attack • How much time is spent on Account Management by User Community? • 10-20% of the LoB community typically provides Account Management • How long does it take to pull together reports for an audit? • Can take weeks and some company’s have designated FTE’s for this purpose 2006 ITSM Partner Summit
Federated Identity Manager Users & Applications IBM’s Integrated Identity Management Portfolio Componentized Strategy Security Compliance Manager NeuSecure Identity Manager Access Manager Privacy Manager Directory Integrator Directory Server 2006 ITSM Partner Summit
Tivoli Identity Manager Identity Manager provisions accounts Access Manager provides runtime enforcement Integrated:: • Automated provisioning/ de-provisioning from an authoritative source. • Workflow for provisioning requests. • Additional user self-service options for password reset, registration etc. • Single sign-on for Identity and Access combined administration. 2006 ITSM Partner Summit
ITIM Express 4.6 • Request-based provisioning with approval workflow • User self-care and password management • Intuitive GUI • Recertification of user access rights • Installed/Bundled adapters • Out-of-the-box reporting • Email notification • HR Feeds • Account reconciliation 2006 ITSM Partner Summit
Flexible Authentication eExpenses Login Please enter your ID and password ID Password Portal C iBanking Web 139576 SECURID Mainframe Enterprise eMail Federated Claims eHR Complete Single Sign-on Management Access Control User Digital Identity Services 2006 ITSM Partner Summit
Tivoli Access Manager Family • Tivoli Access Manager for e-business (TAMeB) • Web SSO, Centralized Authentication/Authorization/Audit • Tivoli Access Manager for Enterprise Sign-On (TAMES-ESSO) • Enterprise (or Host) SSO • Tivoli Federated Identity Manager • Federated SSO, Trust Mgmt/Brokering, Web Services Security Mgmt, Cross-Enterprise Identity Mapping • Tivoli Access Manager for Business Integration (TAMBI) • WMQ-based Access Control, Data Integrity and Confidentiality • Tivoli Access Manager for Operating Systems (TAMOS) • Locking down Root in UNIX and LINUX 2006 ITSM Partner Summit
Suppliers Partners Users Solution: Helps protect SOA implementations addressing XML threats with fine-grain access control. Integrates with Tivoli Security for enterprise SOA deployments and centralized security policy management Tivoli XML Gateway Integration Case in point: Securely implement web services, secure once for many applications, aggregate user interactions and adhere to strong security protection and verification Liberty Policy-driven security gateway for web services SAML XS40 XML Security Gateway Data Repository WS-Federation Identity, Security and Directory Services Centralized Security Policy Management Enterprise Directory 2006 ITSM Partner Summit
Users Operating Systems Workstations Databases Applications Security Compliance Management • Checking systems and applications • For vulnerabilities and identifies violations against security policies • Key benefits: • Helps to secure corporate data andintegrity • Identifies software security vulnerabilities • Decreases IT costs through automation, centralization, and separation of duties • Assists in complying with legislative and governmental standards IT concerns Slammer, MSBlaster, OS patches password violations Business issues: regulations, standards CxO IT security IT Environment 2006 ITSM Partner Summit
Integration factory Vendor integration for faster time-to-value Application Single Sign-On • Adexa collaboration products (9) • Blockade ESconnect • Broadvision One to One • Cash-U Pecan • Centric Product Innovation (3) • Citrix Metaframe / Nfuse XP • Documentum Content Server/Webtop • Documentum eRoom • IBM Content Manager • IBM Host on Demand • IBM Host Publisher • IBM Lotus Domino • IBM Lotus iNotes • IBM Lotus Quickplace • IBM Lotus Sametime • IBM Lotus Team Workplace • Intelliden R-Series • Interwoven TeamSite • Kana Platform • Kintana Suite (Mercury Interactive) • Microsoft Exchange (OWA) • Microsoft SharePoint Portal/Services • OpenConnect WebConnect • Oracle Application server • PeopleSoft Enterprise Application • PeopleSoft Enterprise PeopleTools • Rocksteady Rocknet • SAP Enterprise Portal • SAP Internet Transaction Server • Secur-IT C-Man • Secur-IT D-Man • Siebel • Sourcefire ISM • Sun Calendar Server* • Sun Messenger Server* • Vasco Digipass (via C-Man) * By request Desktop SSO • ActivCard ActivClient • Microsoft Kerberos (SPNEGO) • Microsoft NTLM Directory sync & virtualization • Aelita Ent. Directory Manager • IBM Tivoli Directory Integrator • OctetString Virtual Directory • Radiant Logic Encryption, SSL & VPN • Aventail EX-1500 • Eracom ProtectServer Orange • IBM 4758 • IBM 4960 • Ingrian Secure Transaction Appliance • nCipher nForce • Neoteris IVE Integration and Consulting • 3000 trained personnel across Business Partners worldwide Messaging security • IBM WebSphere BI Message Broker • IBM WebSphere BI Event Broker • IBM WebSphere MQ Platform & Traffic Mgmt. • Crossbeam Security Svcs. Switch • F5 Networks BIG IP • Sanctum AppShield Strong Authentication • ActivCard • Aladdin Knowledge Systems • Daon Engine (Biometrics) • Entrust TruePass • VeriSign UNIX Deployment Lockdown • HP-UX • IBM AIX • IBM DB2 • IBM HTTP Server • IBM WebSphere App. Server • Oracle DB • Red Hat Linux • Sun Solaris • SuSE Linux User repository • CA eTrust Directory • IBM Tivoli Directory Server • Microsoft Active Directory • Novell eDirectory • Siemens Nixdorf DirX Directory • Sun ONE Directory Server • Vasco Digipass Web Server Plug-in • Apache • IBM HTTP Server • IBM WebSphere Edge Server • Microsoft IIS • Sun ONE Web Server Web Application Server • BEA WebLogic Server • IBM WebSphere App. Server (Any J2EE Platform) • Microsoft .NET Web Portal Server • BEA WebLogic Portal (SSO) • IBM WebSphere Portal • Plumtree Portal* • Sun ONE Portal Server (SSO) XML and Web Services • DataPower • Digital Evolution / SOA Software • Forum Systems • Layer 7 SecureSpan Gateway • Reactivity XML Firewall • VordelSecure 2006 ITSM Partner Summit
Tivoli Identity Management Proof Points… Up to 40% of user access is invalid – IT must spend weeks manually provisioning and auditing user access to business systems • on demand Solution: • Automate user provisioning, discovery and correction of invalid access • Case Studies: Saves $500k/year in HR Enrollment process for 20k employees • Products: • IBM Tivoli Identity Manager (TIM) 1 week... …to 10 minutes 3 weeks… …to 20 minutes and provisioning costs cut 93% 2006 ITSM Partner Summit
Tivoli Identity Management Proof Points… Up to 40% of user access is invalid – IT must spend weeks manually provisioning and auditing user access to business systems • on demand Solution: • Automate user provisioning, discovery and correction of invalid access • Case Studies: Deployed Provisioning for 9,000 employees across 80 endpoints, 6 countries and 20 roles within 90 days 5 days to implement Provisioning (TIM Express) across 2,500 users • Products: • IBM Tivoli Identity Manager (TIM) or TIM Express, IDI and TAMeB 2006 ITSM Partner Summit
Tivoli Identity Management Proof Points… Up to 50% of help desk calls are for password resets – Every call incurs 14 in IT costs • on demand Solution: • Single sign-on and self-service for password resets • Case Studies: Most successful IT project in 25 years – cost justified in 8 months Orange projects savings of millions of Euros annually (4M Secure SOA users) • Product: • IBM Tivoli Access Manager for Enterprise Single Sign-On • SOA: IBM Tivoli Federated Identity Manager 2006 ITSM Partner Summit
Business Process: User Validation Identity Manager Identify Orphan Accounts 2006 ITSM Partner Summit
Business Process: New Business Initiative Access Manager 2006 ITSM Partner Summit
Tivoli Identity Management -- Facts of Interest • >1,500 Access Management customers • >500 Provisioning customers • ~20% of IdM customers are small & medium businesses • >3,000 professionals trained and certified to deploy IBM Identity Management solutions worldwide 2006 ITSM Partner Summit
IBM Tivoli Security software is used by: • 15 of the top 20 commercial Banks worldwide • 6 top Healthcare companies worldwide • 4 of the top 5 Telecommunications companies worldwide • 6 of the top 10 Aerospace and Defense companies worldwide • 7 of the top 10 Computer and Data Services companies worldwide Tivoli Identity Management -- Facts of Interest 2006 ITSM Partner Summit
2006 Provisioning Leadership Position – Gartner Magic Quadrant 2005 #1 Provisioning Vendor, Gartner Vendor Selection Tool 2005 Frost & Sullivan Global Market Leadership Award for Identity Management 2005 Frost & Sullivan Market Leader designation for Access Management 2005 #1 Provisioning and Web SSO Vendor, IDC 2005 Web Services Leadership Position, Gartner Magic Quadrant 2004 SYS-CON Best Web Services Security Solution Award IBM Identity Management SolutionsContinue to be Recognized for Leadership 2006 ITSM Partner Summit
Microsoft 1% RSA 3% HP Sun 4% BMC 4% IBM Tivoli 5% Novell 35% 7% Oracle 7% CA 34% Analyst View: Identity and Access Management Market Share (IDC) Source: IDC, Worldwide [IAM] Market Forecast 2005-2009, Market Share for Web SSO and User Provisioning in 2004 2006 ITSM Partner Summit
Frost & Sullivan- Provisioning Market Share- Feb 2006 2006 ITSM Partner Summit
Frost & Sullivan- Web Access share- Feb 2006 2006 ITSM Partner Summit
Gartner- Web Services Magic Quadrant 2006 ITSM Partner Summit