identity, governance and administration as forefront of it security model: european and north...
TRANSCRIPT
![Page 1: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/1.jpg)
Identity, Governance and Administration as forefront of IT Security model: European
and North American Experience
Vladislav ShapiroDirector of Identity Practice – IGA
Dell/Immersion Consulting
![Page 2: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/2.jpg)
Established in 1995, Orient Logic is a leading IT company and system integrator in Georgia.
![Page 3: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/3.jpg)
Discussion points
• Current state of affairs in IT Security
• Basics of Identity Governance Administration
• Connecting the dots: agile I-G-A
• Use cases – Government of Austria, Bayern Department of Justice and State of Alabama
![Page 4: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/4.jpg)
Current State of Affairs in IT Security
![Page 5: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/5.jpg)
IT Security realities of today
• Change of focus: from protection the perimeter (external only) to the governance of the whole infrastructure (internal and external)
• Change of mentality: from “castle under siege” to “enemy is already here”
• Main external goal: advanced threat protection
• Main internal goal: IGA – Identity Governance and Administration
• Shift from pure technical-based to business and human factor focused solutions
![Page 6: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/6.jpg)
WHO ARE THE “BAD GUYS”?
![Page 7: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/7.jpg)
![Page 8: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/8.jpg)
ATTACKS ALWAYS RELY ON INTERNAL PROCESS FLAWS
• No established business process for granting rights to individuals• Lack of governance, access controls and monitoring• No actionable reporting
IGA SHOULD BE READY FOR ADVANCED THREATS
![Page 9: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/9.jpg)
IGA
ATR
Best response practice: ATR+ IGA
9
Pre-Incident Preparation Detect Triage
Collect Data: - Volatile Data- Forensic Dup. - Network Traffic
Perform Analysis
Take Action: Admin and
LegalReporting
Incident Occurs: Point-In-Time or Ongoing
Remediation: Technical Recovery from the Incident
Status Reporting
Identity Governance and Administration central authority
Data feed
Data feed
Data feed
Data feed
Targets/Applications/Devices
Account checks Access freeze Risk-based provisioning
Notifications, access restore and provisioning
Identity DataSync
Data feed
![Page 10: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/10.jpg)
Basics of Identity Governance andAdministration (IGA)
![Page 11: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/11.jpg)
Three dimensions of IGA
• I - Identity Management
• G - Governance, Risk and Compliance (GRC)
• A – Administration – Access Management and Provisioning
Main challenge: Make all three components connected to work as one
![Page 12: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/12.jpg)
Three forces of IGA in your enterprise
• Identity owners (HR, Identity suppliers) - I–Responsibilities: manage identities, organization charts–Goal: make sure that identity and organization information is up to date
• Business owners (C-level managers, PM, compliance officers) - G–Responsibilities: manage all business-related matters, including
governance, risk and compliance–Goal: make business successful and customers happy
• Technology owners (System admins, DB admins, etc.) - A–Responsibilities: support business with technology–Goal: All systems should be up and running 24-7 with no downtime
![Page 13: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/13.jpg)
Identity Posture - how to evaluate
• Identity Posture is about how connected and in-sync three forces are – Three forces collaboration– Maturity of each force
• Identity Posture is about measuring maturity of– Identity model– Governance model– Administration model
• Identity Posture is about how enterprise can handle CHANGES – Identity updates – Governance processes restructuring– Administration redesigning
![Page 14: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/14.jpg)
Connecting the dots – agile IGA
![Page 15: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/15.jpg)
15
Connected I-G-A goal – be agile
• All elements are connected into one solution where each responsible person is a contributor to the system
• Each contributor has means to configure his/her own IGA elements within his knowledge • IGA project should have short length phases with clear achievable milestones
I G
GG
AA
Identity Governance Administration
![Page 16: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/16.jpg)
Managers should easily see all the entitlements of an employee in one clear view
• Actionable
• All logical, physical systems, resources and assets.
Identity - Identity Goal - Enterprise Visibility
![Page 17: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/17.jpg)
Identity goal – separate business and technical views
• Business view • Technical view
![Page 18: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/18.jpg)
Governance goal – give dashboard views for current status visibility
Managers should easily find the overall and specific status of requests and processes in the system
![Page 19: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/19.jpg)
Governance goal - Access granting history audit
People responsible for auditing should be able to see the history of assigning access and entitlements to the individuals
![Page 20: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/20.jpg)
Governance goal – Approval Workflow builder
Approval workflows should be built by the same people who are responsible for the granting process using regular tools, not scripts
![Page 21: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/21.jpg)
Use Cases
![Page 22: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/22.jpg)
Government of Austria
• Central portal for Austrian citizens requests
• Central business workflow engine for handling requests
• Monitoring automation and actionable reports
![Page 23: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/23.jpg)
Bayern Department of Justice
• Internal personnel IGA: access control, governance and attestation
• Centralized Policy engine
• Advanced threat protection: external and internal
• Constant activity monitoring and actionable reports
![Page 24: Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity](https://reader030.vdocument.in/reader030/viewer/2022032517/56649cb05503460f94974040/html5/thumbnails/24.jpg)
State of Alabama
• State of Alabama was breached in 2012
– Millions of data records were stolen – State Web site was disabled– IT operations was paralyzed
• IT Security and IGA solution– Advanced threat detection software– IGA full suite solution– Privileged access manager
• Security and IGA education of the personnel