220 likes | 342 Views
Selling Tivoli Security Portfolio Business Partner Training Presentation (for Business Partner use only). Agenda. Overview Customer issues AMOS value Identifying and qualifying opportunities What does AMOS secure? Competition. Overview. Business Drivers for Security.
E N D
Selling Tivoli Security PortfolioBusiness Partner Training Presentation(for Business Partner use only)
Agenda • Overview • Customer issues • AMOS value • Identifying and qualifying opportunities • What does AMOS secure? • Competition
Business Drivers for Security • Reduce cost of development • Avoid coding security into each application • Faster application deployment • Reduce total cost of ownership • Reduce administrative/helpdesk costs • Compliance with privacy legislation • HIPAA, GLB, COPA • Quicker time to market • Reuse user/group and policy information • Ability to securely share information
3 1 4 4 1 2 4 3 Typical 3 Tier Architecture HTTP Servers Browser Mainframes App Servers (WebSphere/BEA) Browser issues request to Web server HTTP server forwards request to application server 2 Application server performs some business logic and may forward to mainframe for additional processing 5 Most Web applications and processing are run on UNIX or the mainframe 5
2 1 3 2 4 4 How do we control what action a user can take? Browser HTTP Servers Mainframes App Servers (WebSphere/BEA) • To review insurance claim, users may go to www.insurance.com/claims/review.jsp • How do we decide which claims they can review and which ones they cannot? • Most applications servers have little or no security • Therefore, security must be coded manually by each developer: • Increase QA time • Increases deployment time • Increases overall time and cost
4 1 3 2 4 4 How do we protect individual Operating Systems? HTTP Servers Browser Mainframes App Servers (WebSphere/BEA) • Most customers run their Web applications on UNIX systems or the mainframe • The mainframe has RACF/ACF/TopSecret to protect OS/390 or z/OS resources • What about customers who run Solaris, AIX, HP-UX or z/Linux?
What is Tivoli Access Manager? • In its simplest form, Access Manager is an Authorization Engine • It decides what actions a person or application can take on a specific resource. For example: which users are allowed to read a file
What is Access Manager for OS? • Tivoli Access Manager for Operating Systems is a UNIX security tool. • It addresses typical security holes in the most common types of UNIX (Solaris, AIX, HP-UX, Linux) • Provides “RACF-Like” security for customers who run Linux on the mainframe.
Customer Issues • UNIX and Linux Security is too weak for the enterprise • Leading to accidental and deliberate data loss • UNIX systems frequently fail security audits • Delegation of ‘root’ (super user) access is problematic • Difficult to manage security policy across multiple systems • There is no RACF for Linux on the Mainframe
Access Manager for OS Value • Secure application environment protects data • Reduce administration costs • Centrally define authorization policies on heterogeneous servers across your enterprise • Securely delegate UNIX administration • Meet corporate auditing requirements • Detailed auditing showing transactions were expressly authorized and protected • Leverage existing investments • Build on an existing AM environment
How to Identify Opportunities • Identifying opportunities • Identify existing CA eTrust Access Control customers • Any customer with UNIX systems • Focus on those that are in Banking, Finance, Healthcare and Government since these all involve sensitive data that need to be protected
Pain Questions • How many UNIX boxes do you have? • How many different types of UNIX? • How do you manage security across all those boxes? • How many people officially have the ‘root’ password? • How many people have it that you don’t know about? • Can they delete files? • How do you audit ‘root’ access?
Qualifying Questions • What is driving you to look at a UNIX security solution? • Who is sponsoring this at an executive level? • Have you looked at other UNIX security solutions? Which ones? • What servers do you want to start with? • Is there money in the budget for this?
Key People • Head of UNIX/Linux Server group • UNIX/Linux Admins • Mainframe Linux security • VP on Enterprise Architecture • Chief Security Officer • CIO/CTO
What does AMOS secure? • Runs on top of UNIX security (this minimizes disruption) • All controls apply to all users – including “root” • Conditional access – Access granted only via program • Login Policy • Controls Incoming/Outgoing network services (telnet, ftp, etc)
Competitive Comparison • Single threaded product design • Performance impact to the OS – sometimes stated as averaging 5-10% • AMOS will be significantly less in most circumstances (less than 1%) • Tivoli is priced significantly lower on init purchase and maintenance • Some competitors do have broader platform support for older OS products • Some competitors claim to have a Windows product • Tivoli is faster at delivering new platform support • Products using modified operating systems • Positioned as a highly secure web server products • More complex to implement – greater level of kernel modification • Can impact standard applications
Competitive Differences • Non-intrusive (not a customized kernel – a kernel extension) • Very high performance compared to last year’s leader (CA) • Provides centralized access control services across UNIX vendor offerings • Support consolidation of security policy administration of UNIX OS with MQ and Web applications • Provides Web-based administration tool that supports multiple levels of delegation
ACL Performance - Solaris 201 4 9 Processors 103 1 7 0 100 200 300 1 4 Access Manager for OS 103 201 Leading Competitor 7 9 Test Runs Per Hour Performance of OS access control is key