tetris and your iam program
TRANSCRIPT
Tetris and your IAM Program
April 12th, 2015
Steve Tout @stevetout
Forte Advisory @forteadvisory
@ s t e v e t o u t @ f o r t e a d v i s o r y
About Me…
Entrepreneur, analyst, investor,
troublemaker and introvert
15+ years in enterprise IAM: PwC,
VMware, Oracle, US Bank, AT&T
Wireless
Advisor to high tech startups
Founder & Principal of Forte
Advisory
Mostly well adjusted California
boy living in the Northwest by
way of wedlock
Beatrice
@ s t e v e t o u t @ f o r t e a d v i s o r y
The Game
Boundaries
Current move
Current circumstances
Competitor Competitor Competitor
Clock
Score
Your next move
Position
Garbage
# c o r p o r a t i s m @ s t e v e t o u t @ f o r t e a d v i s o r y
“The Game” Explained
Tetris
• Boundaries
• Current circumstances
• Current move
• Next move
• Competitors
• Position
• Score
• Clock
• Garbage
You
• Cubicles
• Politics
• Damned if you do
• Damned if you don’t
• Colleagues
• Org chart
• Pay check
• Is it 5:00 yet?
• Performance reviews
My dad was right all along.
It’s how you hold your mouth.
# S h i t M y D a d S a y s @ s t e v e t o u t @ f o r t e a d v i s o r y
# B e a s t M o d e @ s t e v e t o u t @ f o r t e a d v i s o r y
Reinvent Yourself
Should I A: Go back to slangin' dope?
Or should I B: Maintain and try to cope?
Or should I C: Just get crazy and wild?
But no I chose D: Create the G-Child
Do You See, by Warren G
Invest In Yourself
• Your philosophy
• Your relationships
• Your attitude
• Your family
• Your priorities
• Your character
• Your skills
• Your knowledge
• Your communication
• Your brand
# i n v e s t i n y o u r s e l f @ s t e v e t o u t @ f o r t e a d v i s o r y
For economic safety in the future, you must invest in developing and enhancing the following:
Learn to work harder on yourself than you do
on your job. If you work hard on your job you’ll
make a living, if you work hard on yourself you
can make a fortune.
– Jim Rohn, Living An Exceptional Life
Rethink Your Strategy
@ s t e v e t o u t @ f o r t e a d v i s o r y
Your Business
• Data breach costs
jumped 23% in two years
• Productivity loss in $10s
of millions annually
• Customer attrition
• Fines & litigation
• Loss of IP
• Customer & employee
expectation of privacy
• Brand damage
• Susceptible to phishing and
social engineering
• Lack of skilled
professionals
• Politics undermine success
• Legacy systems increases risk
• Interoperability often lacking
• Shadow IT
• Emerging technologies coming
at accelerated pace
o IoT
o Micro-services
o Big data
• Complexity still a problem
Economic
Social
Technological
@ s t e v e t o u t @ f o r t e a d v i s o r y
Challenges with Managing IAM
• A hodgepodge of identity provisioning systems and processes
• End-of-life systems that need to be retired
• Provisioning that is embedded into applications
• Dependency on expensive legacy SOA frameworks
• Lack of a uniform and efficient way to audit provisioning systems
• Inconsistent policy enforcement across a disparate provisioning landscape
• A lack of executive sponsorship
Economic Impact on User Productivity
KPI Description Pre Transformation Post Transformation Impact
Total time spent logging into various enterprise applications each day
30 seconds 10 seconds Reduce time spent on login by 66%
Total time spent logging into various applications per year (using 230 working days)
115 hours 38 hoursReduce time spent on login by 77 hours
annually per user
Average hourly rate $75/hr $75/hr
Number of users affected 16000 16000
@ s t e v e t o u t @ f o r t e a d v i s o r y
($75 x 39 hours) x 16000 employees = $92.5M redirected through productivity enhancements alone
Identity Coherence
# I d e n t i t y C o h e r e n c e @ s t e v e t o u t @ f o r t e a d v i s o r y
A logical framework for composing holistic and
integrated…
• IAM solutions that identify and authorize users
within the right context
• Integrated GRC solutions that reduce risk and
automates compliance
• Approaches for automating common
administrative tasks for operational efficiency
• Plans for organizational alignment and
business transformation through innovation in
IAM architecture, strategy, integrations and
program management
How wide is your canvas?
Transform The Business
The Cloud Is Secure – Half of IT 100 Will Disappear
# w e h a v e w o r k d t o d o @ s t e v e t o u t @ f o r t e a d v i s o r y
http://bit.ly/1HAzpCE
http://bit.ly/1HAzmGS
Try Purchase Use Engage
Customer Journey - The effects of IAM transformation
Acting
Doing
Thinking
Feeling
Overall
Downloading trial softwareRegister contact profileActivate account with 2-Step registration
Online checkoutContact SalesClick to chatBuy more licensesActivate a new service subscriptionBecome a enterprise customer
Install & register softwareManage On-prem to cloudMigrate AD to cloud/SaaS portalDelegate administrationPromote user to Admin role
Register for Support ForumsContact SupportRegister for ConferenceBecome a partner
Do I have to register to download this?Does my login ID from 2 years ago still work?Does my cloud login work for this?Is this a global ID?
Do I login in order to obtain a license or activate my subscription?Will tenant cloud know who I am or do I have to register again?How will I sync or migrate my users to tenant cloud?
Do I use my local account or my enterprise credentials to login to cloud?How will I login to tenant cloud?How can I assign access to others within my organization?Can I audit who has access to my tenant?
Does my enterprise login ID work for support?Do I have to register a new account for conference attendance?How do I access my Partner content?
Consistent messaging & UI and central Login builds confidence and trustEnterprise respected my privacy and did not ask for too much information
My authentication experience is the same now as it was during Trial EvalI have visibility into new products and services that my identity is allowed to see and purchase
Happy that Enterprise recognizes my global ID and credentials across all of its products and servicesEnterprise provides me with the tools I need to monitor and manage my users
Excited that the enterprise really knows me and correctly identifies me in every context of interactionI will recommend to my colleagues based on my experiences
Trust
Helpfulness
Trust
Helpfulness
Trust
Helpfulness
Trust
Helpfulness
@ s t e v e t o u t @ f o r t e a d v i s o r y
Cloud IAM Components
IdP (ID Bridge)
• Identity provisioning
• Bi-Directional Sync
• Protocol translation (STS)
• Social identity integration
• Identity correlation & aggregation
• A secure proxy layer for AD
IDaaS
• Identity as a service (SaaS)
• Pre-integrated with popular SaaS vendors
• Cloud directory service
• Authoritative source of identity
• Policy enforcement point
@ s t e v e t o u t @ f o r t e a d v i s o r y
Your SOC In The Cloud
Cloud Access Security Broker
• Policy enforcement point
• On-prem or cloud-based proxy
• Data encryption & tokenization
• Enforce DLP policies
• User behavior analytics
Risk & Threat Services
• Behavioral & threat analytics
• Machine learning
• Security configuration management
• Predictive analytics
• Automated incident response
@ s t e v e t o u t @ f o r t e a d v i s o r y
The Identity Defined Security Alliance
Achieving the scale, security & governance
of identity and accelerating the vision of
the digitally transformed enterprise
through alliances and pre-integrated
solutions
# I d D e f S e c u r i t y @ s t e v e t o u t @ f o r t e a d v i s o r y
https://www.pingidentity.com/en/lp/ids-alliance.html
We need more alliances!
# S t e v e T o u t M a t c h m a k e r @ s t e v e t o u t @ f o r t e a d v i s o r y
Call to action…
• Create the G-Child
• Expand your Identity Coherence canvas
• Form new alliances
• Above all, have fun!
@ s t e v e t o u t @ f o r t e a d v i s o r y
Join me in January at the Seattle
Cloud Security MeetUp
http://www.meetup.com/Seattle-Cloud-
Security-Meetup