tetris and your iam program

Tetris and your IAM Program

April 12th, 2015

Steve Tout @stevetout

Forte Advisory @forteadvisory

@ s t e v e t o u t @ f o r t e a d v i s o r y

About Me…

Entrepreneur, analyst, investor,

troublemaker and introvert

15+ years in enterprise IAM: PwC,

VMware, Oracle, US Bank, AT&T

Wireless

Advisor to high tech startups

Founder & Principal of Forte

Advisory

Mostly well adjusted California

boy living in the Northwest by

way of wedlock

Beatrice


The Game

Boundaries

Current move

Current circumstances

Competitor Competitor Competitor

Clock

Score

Your next move

Position

Garbage

# c o r p o r a t i s m @ s t e v e t o u t @ f o r t e a d v i s o r y

“The Game” Explained

Tetris

• Boundaries

• Current circumstances

• Current move

• Next move

• Competitors

• Position

• Score

• Clock

• Garbage

You

• Cubicles

• Politics

• Damned if you do

• Damned if you don’t

• Colleagues

• Org chart

• Pay check

• Is it 5:00 yet?

• Performance reviews

My dad was right all along.

It’s how you hold your mouth.

# S h i t M y D a d S a y s @ s t e v e t o u t @ f o r t e a d v i s o r y

# B e a s t M o d e @ s t e v e t o u t @ f o r t e a d v i s o r y

Reinvent Yourself

Should I A: Go back to slangin' dope?

Or should I B: Maintain and try to cope?

Or should I C: Just get crazy and wild?

But no I chose D: Create the G-Child

Do You See, by Warren G

Invest In Yourself

• Your philosophy

• Your relationships

• Your attitude

• Your family

• Your priorities

• Your character

• Your skills

• Your knowledge

• Your communication

• Your brand

# i n v e s t i n y o u r s e l f @ s t e v e t o u t @ f o r t e a d v i s o r y

For economic safety in the future, you must invest in developing and enhancing the following:

Learn to work harder on yourself than you do

on your job. If you work hard on your job you’ll

make a living, if you work hard on yourself you

can make a fortune.

– Jim Rohn, Living An Exceptional Life

Rethink Your Strategy


Your Business

• Data breach costs

jumped 23% in two years

• Productivity loss in $10s

of millions annually

• Customer attrition

• Fines & litigation

• Loss of IP

• Customer & employee

expectation of privacy

• Brand damage

• Susceptible to phishing and

social engineering

• Lack of skilled

professionals

• Politics undermine success

• Legacy systems increases risk

• Interoperability often lacking

• Shadow IT

• Emerging technologies coming

at accelerated pace

o IoT

o Micro-services

o Big data

• Complexity still a problem

Economic

Social

Technological


Challenges with Managing IAM

• A hodgepodge of identity provisioning systems and processes

• End-of-life systems that need to be retired

• Provisioning that is embedded into applications

• Dependency on expensive legacy SOA frameworks

• Lack of a uniform and efficient way to audit provisioning systems

• Inconsistent policy enforcement across a disparate provisioning landscape

• A lack of executive sponsorship

Economic Impact on User Productivity

KPI Description Pre Transformation Post Transformation Impact

Total time spent logging into various enterprise applications each day

30 seconds 10 seconds Reduce time spent on login by 66%

Total time spent logging into various applications per year (using 230 working days)

115 hours 38 hoursReduce time spent on login by 77 hours

annually per user

Average hourly rate $75/hr $75/hr

Number of users affected 16000 16000


($75 x 39 hours) x 16000 employees = $92.5M redirected through productivity enhancements alone

Identity Coherence

# I d e n t i t y C o h e r e n c e @ s t e v e t o u t @ f o r t e a d v i s o r y

A logical framework for composing holistic and

integrated…

• IAM solutions that identify and authorize users

within the right context

• Integrated GRC solutions that reduce risk and

automates compliance

• Approaches for automating common

administrative tasks for operational efficiency

• Plans for organizational alignment and

business transformation through innovation in

IAM architecture, strategy, integrations and

program management

How wide is your canvas?

Transform The Business

The Cloud Is Secure – Half of IT 100 Will Disappear

# w e h a v e w o r k d t o d o @ s t e v e t o u t @ f o r t e a d v i s o r y

http://bit.ly/1HAzpCE

http://bit.ly/1HAzmGS

http://bit.ly/1HAzpCE

http://bit.ly/1HAzmGS

Try Purchase Use Engage

Customer Journey - The effects of IAM transformation

Acting

Doing

Thinking

Feeling

Overall

Downloading trial softwareRegister contact profileActivate account with 2-Step registration

Online checkoutContact SalesClick to chatBuy more licensesActivate a new service subscriptionBecome a enterprise customer

Install & register softwareManage On-prem to cloudMigrate AD to cloud/SaaS portalDelegate administrationPromote user to Admin role

Register for Support ForumsContact SupportRegister for ConferenceBecome a partner

Do I have to register to download this?Does my login ID from 2 years ago still work?Does my cloud login work for this?Is this a global ID?

Do I login in order to obtain a license or activate my subscription?Will tenant cloud know who I am or do I have to register again?How will I sync or migrate my users to tenant cloud?

Do I use my local account or my enterprise credentials to login to cloud?How will I login to tenant cloud?How can I assign access to others within my organization?Can I audit who has access to my tenant?

Does my enterprise login ID work for support?Do I have to register a new account for conference attendance?How do I access my Partner content?

Consistent messaging & UI and central Login builds confidence and trustEnterprise respected my privacy and did not ask for too much information

My authentication experience is the same now as it was during Trial EvalI have visibility into new products and services that my identity is allowed to see and purchase

Happy that Enterprise recognizes my global ID and credentials across all of its products and servicesEnterprise provides me with the tools I need to monitor and manage my users

Excited that the enterprise really knows me and correctly identifies me in every context of interactionI will recommend to my colleagues based on my experiences

Trust

Helpfulness

Trust

Helpfulness

Trust

Helpfulness

Trust

Helpfulness


Cloud IAM Components

IdP (ID Bridge)

• Identity provisioning

• Bi-Directional Sync

• Protocol translation (STS)

• Social identity integration

• Identity correlation & aggregation

• A secure proxy layer for AD

IDaaS

• Identity as a service (SaaS)

• Pre-integrated with popular SaaS vendors

• Cloud directory service

• Authoritative source of identity

• Policy enforcement point


Your SOC In The Cloud

Cloud Access Security Broker

• Policy enforcement point

• On-prem or cloud-based proxy

• Data encryption & tokenization

• Enforce DLP policies

• User behavior analytics

Risk & Threat Services

• Behavioral & threat analytics

• Machine learning

• Security configuration management

• Predictive analytics

• Automated incident response


The Identity Defined Security Alliance

Achieving the scale, security & governance

of identity and accelerating the vision of

the digitally transformed enterprise

through alliances and pre-integrated

solutions

# I d D e f S e c u r i t y @ s t e v e t o u t @ f o r t e a d v i s o r y

https://www.pingidentity.com/en/lp/ids-alliance.html

https://www.pingidentity.com/en/lp/ids-alliance.html

We need more alliances!

# S t e v e T o u t M a t c h m a k e r @ s t e v e t o u t @ f o r t e a d v i s o r y

Call to action…

• Create the G-Child

• Expand your Identity Coherence canvas

• Form new alliances

• Above all, have fun!


Join me in January at the Seattle

Cloud Security MeetUp

http://www.meetup.com/Seattle-Cloud-

Security-Meetup

http://www.meetup.com/Seattle-Cloud-Security-Meetup

tetris and your iam program

Technology