Identity & Access Management Enabling e-government Ed McCarthy, Director of Global Security Sales CA www.hcca-info.org 888-580-8373 Identity & Access Management (IAM) Defined Delivers answers to key questions: Who has access to what resources? When did they access those resources? What are our access policies? What did they do while they were there? Who authorized that access? www.hcca-info.org 888-580-8373 2 1
What CIOs, CSOs and CFOs Are Telling Us It s too expensive and manual to make sure we re addressing all the necessary regulations. And then we have to do it all over again for the next time. www.hcca-info.org 888-580-8373 3 3 April 8, 2008 Improve and Enable Business Copyright 2007 CA What CIOs, CSOs and CFOs Are Telling Us 25% of my help desk calls are related to resetting forgotten passwords! www.hcca-info.org 888-580-8373 4 4 April 8, 2008 Improve and Enable Business Copyright 2007 CA 2
What CIOs, CSOs and CFOs Are Telling Us There is just no budget to hire more IT administrators, but our user population is growing, particularly as we bring more customers/partners online. www.hcca-info.org 888-580-8373 5 5 April 8, 2008 Improve and Enable Business Copyright 2007 CA What CIOs, CSOs and CFOs Are Telling Us I still have accounts in my systems for users that are long gone! www.hcca-info.org 888-580-8373 6 6 April 8, 2008 Improve and Enable Business Copyright 2007 CA 3
What CIOs, CSOs and CFOs Are Telling Us As employees and partners change responsibilities they keep acquiring new system privileges with us while none are removed. How do I fix that? www.hcca-info.org 888-580-8373 7 7 April 8, 2008 Improve and Enable Business Copyright 2007 CA What CIOs, CSOs and CFOs Are Telling Us Internal and external auditors need to see if you have sufficient control over your IT systems and access to private data. Auditors don t care generally how much it costs. www.hcca-info.org 888-580-8373 8 8 April 8, 2008 Improve and Enable Business Copyright 2007 CA 4
What CIOs, CSOs and CFOs Are Telling Us Enterprise architects hate to see the IT wheel continually reinvented. IAM should be deployed and managed as part of enterprise architecture. www.hcca-info.org 888-580-8373 9 9 April 8, 2008 Improve and Enable Business Copyright 2007 CA What CIOs, CSOs and CFOs Are Telling Us I don t want to see my organization in the news. www.hcca-info.org 888-580-8373 10 10 April 8, 2008 Improve and Enable Business Copyright 2007 CA 5
Identity & Access Management The Challenge >Difficult to admin access rights >High costs MANY USERS >Customers >Employees >Partners www.hcca-info.org 888-580-8373 11 11 April 8, 2008 Improve and Enable Business Copyright 2007 CA Identity & Access Management The Challenge > Security Silos > Inconsistent enforcement MANY USERS >Customers >Employees >Partners MANY APPLICATIONS >Logistics >Financial >Service >Production >CRM >ERP www.hcca-info.org 888-580-8373 12 12 April 8, 2008 Improve and Enable Business Copyright 2007 CA 6
Identity & Access Management The Challenge > Difficult administration > Difficult compliance > Reduced security MANY IDENTITIES >Mainframe >RDBMS >LDAP >NOS >ERP MANY USERS >Customers >Employees >Partners MANY APPLICATIONS >Logistics >Financial >Service >Production >CRM >ERP www.hcca-info.org 888-580-8373 13 13 April 8, 2008 Improve and Enable Business Copyright 2007 CA Identity & Access Management The Challenge >High Admin cost > Manual IT Processes MANY IDENTITIES >Mainframe >RDBMS >LDAP >NOS >ERP MANY USERS >Customers >Employees >Partners MANY APPLICATIONS >Logistics >Financial >Service >Production >CRM >ERP MANY ADMINS >Many tactical issues >Managing users, passwords, etc. www.hcca-info.org 888-580-8373 14 14 April 8, 2008 Improve and Enable Business Copyright 2007 CA 7
The Business Value of IAM Reduced IT Security Risk Protect your critical IT resources Centrally manage all identities and access policies Reduced Operational Expenses Lower your IT Admin and expenses Automate existing manual IT processes Enhanced Audit your complete security environment Achieve sustainable compliance Enhanced Business Enablement Deploy new online services quickly Strengthen your existing customer relationships www.hcca-info.org 888-580-8373 15 15 April 8, 2008 Improve and Enable Business Copyright 2007 CA Identity & Access Management The Solution Security Policy REDUCED MANY IDENTITIES >Easier administration >Reduced >Improved auditing for easier compliance MANY USERS > Single Sign-on > User self-service www.hcca-info.org 888-580-8373 16 16 April 8, 2008 Improve and Enable Business Copyright 2007 CA MANY APPLICATIONS >Centralized Security >Easier app dev CENTRALIZED ADMINISTRATION MANY ADMINS >Reduced admin costs >Consistent admin across platforms >Automation of IT processes 8
Identity & Access Management The Solution Security Policy REDUCED IDENTITIES Easier administration MANY USERS 17 April 8, 2008 Improve and Enable Business Copyright 2007 CA MANY APPLICATIONS CENTRALIZED ADMINISTRATION Reduced Reduced admin costs Single Sign-on Centralized Improved auditing for easier Consistent admin across User self-service Security compliance Easier app dev platforms Automation of IT processes www.hcca-info.org 888-580-8373 17 Maturity Model for Provisioning to Identity Management www.hcca-info.org 888-580-8373 18 9
What is Identity Management? User Credentials Password Management Grouping and Roles to rules Application function entitlements Separation of Duties (Segregation of Duties) Enrollment (provisioning) Termination (de-provisioning) www.hcca-info.org 888-580-8373 19 The Model Situational Analysis Mapping your success Incremental wins Leveraging the future www.hcca-info.org 888-580-8373 20 10
STAGE 1 - Password Management Increased User Productivity Reduced Helpdesk Maturity Gap Incremental Win Blueprint ACTIVE Time Password Mgmt To Be As Is www.hcca-info.org 888-580-8373 21 STAGE 2 - Consolidated Identity Mgmt On-boarding new employees MAC for functional assignments Automated Integration Maturity Gap Incremental Win Blueprint EFFICIENT Established Process ACTIVE Time Password Mgmt Id Mgmt To Be As Is www.hcca-info.org 888-580-8373 22 11
STAGE 3 - Roles and Entitlement Mgmt Business Application on-boarding Automated reporting for Governance Established Standards for new applications Reduced entitlements administration Maturity Gap Incremental Win Blueprint Established Process RESPONSIVE EFFICIENT Established Process ACTIVE Time Password Mgmt ID Mgmt Entitlements To Be www.hcca-info.org 888-580-8373 23 STAGE 4 - Federated Identity Mgmt Authoritative Credentials Applications as a Service Intranet and Extranet SLA s Standards Compliant BUSINESS DRIVEN Maturity Established Process RESPONSIVE Established Process EFFICIENT Established Process ACTIVE Time Password Mgmt ID Mgmt Entitlements Federation www.hcca-info.org 888-580-8373 24 12
Provisioning to Identity Management - Maturity Model Federated Identity Management 4 Provisioning is extended to support non-it environments Asset management integration with provisioning is supported Web services are used for integration between business applications Federated trust is implemented to enable external SPML requests CMDB changes automatically opens workflow requests into provisioning Integrated Role and Entitlement Management 3 Common Directory Infrastructure Role-based provisioning is now supported for most critical systems and applications Automated generation of entitlement exception reports Business workflows are defined Development uses an externalized security framework Consolidated Identity Management 2 Automate Basic User Management and Provisioning which mostly extends to mostly infrastructure platforms and applications (AD, MF, UNIX, Email, etc) Basic Entitlement Reporting on user access is enabled Delegated administration is offered to business units and helpdesk Password Management 1 Self Service Password Management which allow users to reset their own passwords without calling the helpdesk www.hcca-info.org 888-580-8373 25 SUMMARY - ID Mgmt Checklist Authoritative Directory(ies) What is my best source for User information? Critical Applications Which Applications have the highest Exposure? Which Applications create the most HelpDesk issues? Which Applications provide the Highest Productivity? Which Applications contain or connect to high value data? Segregation of Duties Who are the critical IT Administrators? Who are the key Security Administrators? Which business unit(s) benefit most from an automated approach? Business Agreements Business Units that deal with other departments and other companies www.hcca-info.org 888-580-8373 26 13
What CA s IAM Solution Will Do For You Secure user identities and access policies across your enterprise Provide repeatable, defendable and sustainable compliance Reduce IT expenses through automation Protect IT resources to reduce risk Enable business securely with faster time to market Manage centrally, and flexibly, to distribute across your business www.hcca-info.org 888-580-8373 27 CA is the Right Choice Broadest & most integrated suite CA CA has one of the broadest and most integrated set of identity management solutions on the market today. Few vendors have enterprise single sign-on (etrust SSO), host access control (etrust Access Control) or Web services security (etrust TransactionMinder), and CA stands alone with all three. 17.1% Forrester Research, January 2006* IBM 10.9% RSA VeriSign Novell 2.7% 8.7% 6.3% IDC, IAM 2005 Vendor Shares #1 for 6 consecutive years Sun 1.2% BMC 0.9% HP 0.6% Best of Breed Even before the acquisition of Netegrity in 2004, CA had a very broad identity management (IdM) product suite. With the acquisition of Netegrity, CA s IdM suite now includes provisioning, web access management (WAM), federation, enterprise single sign-on (SSO), Web services security, operating systems security (for mainframes, UNIX, and Windows) and directory products. Burton Group, March 2006* Sources: CA Provisioning Delivers Strong Auditing and Atop A robust Architecture, Forrester Research, Jan 30, 2006 IDC, WW Identity and Access Management 2005 Vendor Shares, Sally Hudson, Doc #203296, Sept 2006 Burton Group, CA Identity Manager r8.1, Mark Diodati, March 2006. 28 April 8, 2008 Improve and Enable Business Copyright 2007 CA www.hcca-info.org 888-580-8373 28 14
Thank You. www.hcca-info.org 888-580-8373 29 15