1
www.hcca-info.org | 888-580-8373
Identity & Access Management – Enabling e-Government
Ed McCarthy,
Director of Global Security Sales
CA
www.hcca-info.org | 888-580-8373 2
Identity & Access Management (IAM) Defined
Delivers answers to key questions:
– Who has access to what resources?
– When did they access those resources?
– What are our access policies?
– What did they do while they were there?
– Who authorized that access?
2
www.hcca-info.org | 888-580-8373 3
3 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
What CIOs, CSOs and CFOs Are Telling Us
“It’s too expensive and manual to make sure we’re addressing all the necessary
regulations. And then we have to do it all over again for the
next time.”
ContinuousCompliance
Negative Security-Related
Publicity
Help Desk Overload
Escalating Administration
Costs
Ghost User Accounts
Accumulating& Inappropriate
Privileges
Auditors’Requirements
Leverage-able It Infrastructure
www.hcca-info.org | 888-580-8373 4
4 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
What CIOs, CSOs and CFOs Are Telling Us
ContinuousCompliance
Negative Security-Related
Publicity
Help Desk Overload
Escalating Administration
Costs
Ghost User Accounts
Accumulating& Inappropriate
Privileges
Auditors’Requirements
Leverage-able It Infrastructure
“25% of my help desk calls are related to resetting forgotten
passwords!”
3
www.hcca-info.org | 888-580-8373 5
5 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
What CIOs, CSOs and CFOs Are Telling Us
ContinuousCompliance
Negative Security-Related
Publicity
Help Desk Overload
Escalating Administration
Costs
Ghost User Accounts
Accumulating& Inappropriate
Privileges
Auditors’Requirements
Leverage-able It Infrastructure
“There is just no budget to hire more IT administrators, but our
user population is growing, particularly as
we bring more customers/partners
online.”
www.hcca-info.org | 888-580-8373 6
6 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
What CIOs, CSOs and CFOs Are Telling Us
ContinuousCompliance
Negative Security-Related
Publicity
Help Desk Overload
Escalating Administration
Costs
Ghost User Accounts
Accumulating& Inappropriate
Privileges
Auditors’Requirements
Leverage-able It Infrastructure
“I still have accounts in my systems for users that are long gone!”
4
www.hcca-info.org | 888-580-8373 7
7 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
What CIOs, CSOs and CFOs Are Telling Us
ContinuousCompliance
Negative Security-Related
Publicity
Help Desk Overload
Escalating Administration
Costs
Ghost User Accounts
Accumulating& Inappropriate
Privileges
Auditors’Requirements
Leverage-able It Infrastructure
“As employees and partners change responsibilities they keep acquiring new system privileges with us while none are removed. How do I fix that?”
www.hcca-info.org | 888-580-8373 8
8 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
What CIOs, CSOs and CFOs Are Telling Us
ContinuousCompliance
Negative Security-Related
Publicity
Help Desk Overload
Escalating Administration
Costs
Ghost User Accounts
Accumulating& Inappropriate
Privileges
Auditors’Requirements
Leverage-able It Infrastructure
“Internal and external auditors need to see if you have sufficient control over your IT systems and access to private data. Auditors don’t care generally how much it costs.”
5
www.hcca-info.org | 888-580-8373 9
9 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
What CIOs, CSOs and CFOs Are Telling Us
ContinuousCompliance
Negative Security-Related
Publicity
Help Desk Overload
Escalating Administration
Costs
Ghost User Accounts
Accumulating& Inappropriate
Privileges
Auditors’Requirements
Leverage-able It Infrastructure
“Enterprise architects hate to see the IT ‘wheel’ continually
reinvented. IAM should be deployed and managed as part of enterprise architecture.”
www.hcca-info.org | 888-580-8373 10
10 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
What CIOs, CSOs and CFOs Are Telling Us
ContinuousCompliance
Negative Security-Related
Publicity
Help Desk Overload
Escalating Administration
Costs
Ghost User Accounts
Accumulating& Inappropriate
Privileges
Auditors’Requirements
Leverage-able It Infrastructure
“I don’t want to see my organization in the news.”
6
www.hcca-info.org | 888-580-8373 11
11 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
Identity & Access Management The Challenge
MANY USERS>Customers >Employees>Partners
>Difficult to admin access rights
>High Help Desk costs
www.hcca-info.org | 888-580-8373 12
12 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
Identity & Access Management The Challenge
MANY USERS>Customers >Employees>Partners
MANY APPLICATIONS>Logistics>Financial >Service>Production>CRM>ERP
> Security “Silos”
> Inconsistent enforcement
7
www.hcca-info.org | 888-580-8373 13
13 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
Identity & Access Management The Challenge
MANY USERS>Customers >Employees>Partners
MANY APPLICATIONS>Logistics>Financial >Service>Production>CRM>ERP
MANY IDENTITIES>Mainframe>RDBMS>LDAP>NOS>ERP…
> Difficult administration
> Difficult compliance
> Reduced security
www.hcca-info.org | 888-580-8373 14
14 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
Identity & Access Management The Challenge
MANY USERS>Customers >Employees>Partners
MANY APPLICATIONS>Logistics>Financial >Service>Production>CRM>ERP
MANY ADMINS>Many tactical issues>Managing users, passwords, etc.
>High Admin cost
> Manual IT Processes
MANY IDENTITIES>Mainframe>RDBMS>LDAP>NOS>ERP…
8
www.hcca-info.org | 888-580-8373 15
15 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
The Business Value of IAM
• Reduced IT Security Risk– Protect your critical IT resources
– Centrally manage all identities and access policies
• Reduced Operational Expenses– Lower your IT Admin and Help Desk expenses
– Automate existing manual IT processes
• Enhanced Compliance– Audit your complete security environment
– Achieve sustainable compliance
• Enhanced Business Enablement– Deploy new online services quickly
– Strengthen your existing customer relationships
www.hcca-info.org | 888-580-8373 16
16 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
REDUCED IDENTITIES>Easier administration>Reduced Costs>Improved auditing for easier compliance
MANY USERSMANY IDENTITIES
Identity & Access Management The Solution
CENTRALIZED ADMINISTRATION
>Reduced admin costs
>Consistent admin across platforms
>Automation of IT processes
MANY ADMINS
> Single Sign-on
> User self-service
>Centralized Security
>Easier app dev
SecurityPolicy
MANY APPLICATIONS
9
www.hcca-info.org | 888-580-8373 17
17 April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
CENTRALIZED ADMINISTRATION
• Reduced admin costs
• Consistent admin across platforms
• Automation of IT processes
Identity & Access Management The Solution
MANY USERS MANY APPLICATIONS
• Single Sign-on
• User self-service
• Centralized Security
• Easier app dev
SecurityPolicy
REDUCED IDENTITIES• Easier administration
• Reduced Costs
• Improved auditing for easier compliance
www.hcca-info.org | 888-580-8373 18
Maturity Model for
Provisioning to
Identity Management
10
www.hcca-info.org | 888-580-8373 19
What is Identity Management?
– User Credentials
– Password Management
– Grouping and Roles to rules
– Application function entitlements
– Separation of Duties (Segregation of Duties)
– Enrollment (provisioning)
– Termination (de-Provisioning)
www.hcca-info.org | 888-580-8373 20
The ROI Model
• Situational Analysis
• Mapping your success
• Incremental wins
• Leveraging the future
11
www.hcca-info.org | 888-580-8373 21
STAGE 1 - Password Management
• Increased User Productivity
• Reduced Helpdesk Costs
AC
TIV
E
Incremental WinBlueprint
Matu
rity
Gap
Password Mgmt To Be As Is
ROI
Time
www.hcca-info.org | 888-580-8373 22
• On-boarding new employees
• MAC for functional assignments
• Automated Integration
EFFIC
IEN
T
AC
TIV
E
Matu
rity
Gap
Password Mgmt Id Mgmt To Be As Is
ROI
ROI
EstablishedProcess
Incremental WinBlueprint
Time
STAGE 2 - Consolidated Identity Mgmt
12
www.hcca-info.org | 888-580-8373 23
STAGE 3 - Roles and Entitlement Mgmt
• Business Application on-boarding
• Automated reporting for Governance
• Established Standards for new applications
• Reduced entitlements administration
EFFIC
IEN
T
RE
SP
ON
SIV
E
AC
TIV
E
Matu
rity
TimeG
ap
Password Mgmt ID Mgmt Entitlements To Be
ROI
ROI
ROI
Incremental WinBlueprint
EstablishedProcess
EstablishedProcess
www.hcca-info.org | 888-580-8373 24
• Authoritative Credentials
• Applications as a Service
• Intranet and Extranet SLA’s
• Standards Compliant
EFFIC
IEN
T
RE
SP
ON
SIV
E
AC
TIV
E
Matu
rity
Time
ROI
ROI
ROI
EstablishedProcess
EstablishedProcess
EstablishedProcess
Password Mgmt ID Mgmt Entitlements
Federation
BU
SIN
ES
S
DR
IVE
N
STAGE 4 - Federated Identity Mgmt
13
www.hcca-info.org | 888-580-8373 25
Provisioning to Identity Management - Maturity Model
Federated Identity Management
4
• Provisioning is extended to support non-IT environments• Asset management integration with provisioning is supported• Web services are used for integration between business applications• Federated trust is implemented to enable external SPML requests• CMDB changes automatically opens workflow requests into
provisioning
Integrated Role and Entitlement Management
3
• Common Directory Infrastructure• Role-based provisioning is now supported for most critical systems
and applications • Automated generation of entitlement exception reports• Business workflows are defined Development uses an externalized
security framework
Password Management 1 • Self Service Password Management which allow users to reset their own passwords without calling the helpdesk
ConsolidatedIdentity Management 2
• Automate Basic User Management and Provisioning which mostly extends to mostly infrastructure platforms and applications (AD, MF, UNIX, Email, etc)
• Basic Entitlement Reporting on user access is enabled• Delegated administration is offered to business units and helpdesk
www.hcca-info.org | 888-580-8373 26
SUMMARY - ID Mgmt Checklist
• Authoritative Directory(ies)
– What is my best source for User information?
• Critical Applications
– Which Applications have the highest Exposure?
– Which Applications create the most HelpDesk issues?
– Which Applications provide the Highest Productivity?
– Which Applications contain or connect to high value data?
• Segregation of Duties
– Who are the critical IT Administrators?
– Who are the key Security Administrators?
– Which business unit(s) benefit most from an automated approach?
• Business Agreements
– Business Units that deal with other departments and other companies
14
www.hcca-info.org | 888-580-8373 27
What CA’s IAM Solution Will Do For You
• Secure user identities and access policies across your enterprise
• Provide repeatable, defendable and sustainable compliance
• Reduce IT expenses through automation
• Protect IT resources to reduce risk
• Enable business securely with faster time to market
• Manage centrally, and flexibly, to distribute across your business
www.hcca-info.org | 888-580-8373 28
28April 8, 2008 Improve Compliance and Enable Business Copyright © 2007 CA
“CA has one of the broadest and most integrated set of identity management solutions on the market today. Few vendors have enterprise single sign-on (eTrust SSO), host access control (eTrust Access Control) or Web services security (eTrust TransactionMinder), and CA stands alone with all three.”
Forrester Research, January 2006*
IDC, IAM 2005 Vendor Shares
“Even before the acquisition of Netegrity in 2004, CA had a very broad identity management (IdM) product suite. With the acquisition of Netegrity, CA’s IdM suite now includes provisioning, web access management (WAM), federation, enterprise single sign-on (SSO), Web services security, operating systems security (for mainframes, UNIX, and Windows) and directory products.”
Burton Group, March 2006*
Sources:•“CA Provisioning Delivers Strong Auditing and Administration Atop A robust Architecture,” Forrester Research, Jan 30, 2006• IDC, “WW Identity and Access Management 2005 Vendor Shares,” Sally Hudson, Doc #203296, Sept 2006 • Burton Group, “CA Identity Manager r8.1”, Mark Diodati, March 2006.
Broadest & most integrated
suite
#1 for 6 consecutive years
Best of Breed
0.6%
0.9%
1.2%
2.7%
6.3%
8.7%
10.9%
17.1%
HP
BMC
Sun
Novell
VeriSign
RSA
IBM
CA
CA is the Right Choice
15
www.hcca-info.org | 888-580-8373 29
Thank You.