identity access management set: what is identity access management? • a framework of processes to...
TRANSCRIPT
![Page 1: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/1.jpg)
Mike D’Arezzo
Director of Security Services
How and Why we got here and What you need to know
Identity Access Management
![Page 2: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/2.jpg)
© 2019 ePlus inc. Confidential and Proprietary. ePlus. Where Technology Means More.®
Agenda
• What is a Mike D’Arezzo?
• How and Why did we get here?
• Evolution of Identity
• What do I need to know now?
![Page 3: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/3.jpg)
© 2019 ePlus inc. Confidential and Proprietary. ePlus. Where Technology Means More.®
Mike D’Arezzo
• 20+ year career in Information Technology and Security
• SLAIT Consulting/ ePlus as Director of Security Services
• General Electric (GE) as Software Governance Leader and Third Party Risk Compliance
• AMF Bowling/ Bowlmor – PCI Compliance and POS Analyst
• MICROS Systems Inc/ Oracle
• Bachelor’s degree in IT Management/ Security from the University of Richmond
• (ISC)² CISSP & ISACA CISA
![Page 4: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/4.jpg)
© 2019 ePlus inc. Confidential and Proprietary. ePlus. Where Technology Means More.®
Level set: What is Identity Access Management?
• A framework of processes to allow the identification of users, processes, or machines in an accepted role
• A “broker” that is accepted within a construct to manage access
• An uphill battle of legendary proportions!
Heroes are remembered but Legends never die!
![Page 5: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/5.jpg)
How and Why Did we get Here?
Role Based Access Controls and Active Directory/ Samba
• Building to the “edge” of your Network
• Web based applications
• The Cloud and multi-network/ multi-tenants
![Page 6: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/6.jpg)
Evolution of IAM
Network Perimeter
TRUSTED UNTRUSTED
The Old Approach to Security Relies on the Network Perimeter
![Page 7: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/7.jpg)
RESOURCES
Infrastructure
IaaS On Premise Servers
Applications
Cloud apps On Premise Apps
APIs
Public Private
Mobile and Cloud Have Dissolved the Traditional Perimeter
Result: We can no longer assume trust
PEOPLE
Employees Privileged Users Contractors Partners Customers
![Page 8: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/8.jpg)
PEOPLE
Employees Contractors Partners Customers Services
RESOURCES
Infrastructure
IaaS On Prem Servers
Applications
Cloud apps On Prem Apps
APIs
Public Private
LDAP, RADIUS, SAML, WS-Federation, OAuth, OpenID Connect, RDP, SSH
Network context Device context Location context
IDENTITY & ACCESS
AuthN AuthZ Audit
![Page 9: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/9.jpg)
Time for a Glossary!
RADIUS – Remote Authentication Dial-In User Service
SAML – Security Assertion Markup Language
WS-Federation / WS- Security Framework - Used to generate tokens for applications
OAuth – allows a user to delegate access to an application for another application without passing full credentials
![Page 10: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/10.jpg)
The Building BlocksAuthentication or AuthN Authorization or AuthZ Audit
User Management• Identity Provider
• SSO/MFA
• Lifecycle Management
Device Management• Fleet Management
• Endpoint Protection
• Security Keys
Access Gateway• Proxy Service
• Certificate Authority
• API & Security Brokers
Authorization Engine• Data Pipeline
• Edge Processing
• Policy Enforcement
SIEM• Audit Logs
• Monitoring
• Alerts
Behavioral Analytics• Intrusion Detection
• Machine Learning
• Threat Assessment
![Page 11: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/11.jpg)
Building Continuity
The rightpeople
That is assessed
continuously
the right level of access
With the right
resources
In the rightcontext
Least Friction Possible!
![Page 12: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/12.jpg)
PR
OT
EC
TIO
N
A D O P T I O N
• Active Directory on-
premises
• No cloud integration
• Passwords everywhere
• Single sign-on across
employees,
contractors, partners
• Modern multi-factor
authentication
• Unified policies across apps and servers
• Context-based access
policies
• Multiple factors deployed across user groups
• Automated deprovisioning for leavers
• Secure access to APIs
• Risk-based access
policies
• Continuous and
adaptive
authentication and
authorization
• Frictionless access
Stage 1:
Fragmented
identity
Zero Trust Maturity Curve
Stage 2:
Unified IAM
Stage 3:
Contextual
Access
Stage 4:
Adaptive
Workforce
![Page 13: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/13.jpg)
© 2019 ePlus inc. Confidential and Proprietary. ePlus. Where Technology Means More.®
Sounds great but where do I begin?
• “Know thyself”
• Do I know what applications and devices and people need to be connected?
• Do I know if their compatibility is available on a single platform?
• Do I know the migratory path of applications?
![Page 14: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/14.jpg)
© 2019 ePlus inc. Confidential and Proprietary. ePlus. Where Technology Means More.®
Sounds great but where do I begin?
• Preparations
• Finalize on methodology but understand that 2 methods may be required
• Pilot on 2 non-critical applications!
• Review of pilot prior to rollout
• Upgrade any components as necessary
![Page 15: Identity Access Management set: What is Identity Access Management? • A framework of processes to allow the identification of users, processes, or machines in an accepted role •](https://reader031.vdocument.in/reader031/viewer/2022041002/5ea47059f969fb364611af3f/html5/thumbnails/15.jpg)
Recap• ZTX – Zero Trust Exchange
• Know Thyself!
• Know Thyself! Seriously!
• Upgrade any components – now is the time!
• Pilot and User Acceptance Testing