The 7 Tenets of Successful Identity & Access Management

Similar documents
Identity is Everything

Fulfilling CDM Phase II with Identity Governance and Provisioning

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

Identity Governance and Administration

Secure information access is critical & more complex than ever

Oracle Cloud for the Enterprise John Mishriky Director, NAS Strategy & Business Development

GO BEYOND MOBILE DEVICE MANAGEMENT WITH A DIGITAL WORKSPACE WHITE PAPER

An Introduction to Oracle Identity Management. An Oracle White Paper June 2008

Case Study: Broadcom Limited

The Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaS

Keep pace with change.

An Oracle White Paper March Access Certification: Addressing and Building On a Critical Security Control

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Delivering the Unified Workspace. Automate: Deliver: Manage. October 2017 Peter von Oven End User Computing SME

Workforce Dimensions

Modernizing Cyber Defense: Embracing CDM. Okta Inc. 301 Brannan Street, Suite 300 San Francisco, CA

TOP 20 QUESTIONS TO ASK BEFORE SELECTING AN ENTERPRISE IAM VENDOR

CHOOSE THE RIGHT IDENTITY & ACCESS MANAGEMENT SOLUTION

Enterprise Mobility Suite

INTELLIGENT IAM FOR DUMMIES. SecureAuth Special Edition

FUJITSU Cloud Services Management

The business owner s guide for replacing accounting software

Moving to the cloud: A guide to cloud business management technology

Neues von der Oracle Identity Governance Suite. Dr. Stephan Hausmann

Your Business. The Cloud. Business Cloud.

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

Your Future With Content Manager OnDemand

RSA Identity Management & Governance

Drive success for your business and IT with workplace flexibility

Identity and Access Managementas-a-Service: Protecting Digital Relationships

WHITEPAPER. Mobile SSO & the Rise of Mobile Authentication

Microsoft 365 Migration

Managing Privileged Access Security In A Hybrid IT World The Case For Privileged Identity Management As-A-Service

Data Integration for the Real-Time Enterprise

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

ARE YOU GOING DIGITAL WITHOUT A NET?

SAP Product Road Map SAP Identity Management

SAP BusinessObjects Business Intelligence

Believe in a higher level of IT Security SECUDE Business White Paper. How to Improve Business Results through Secure Single Sign-on to SAP

Brainwave USER ACCESS REVIEW CERTIFICATION AND RECERTIFICATION IN A NUTSHELL

Mobility at a Crossroads

SOLUTION BRIEF CA MANAGEMENT CLOUD FOR MOBILITY. Overview of CA Management Cloud for Mobility

Identity and Access Management

Certified Identity Governance Expert (CIGE) Overview & Curriculum

5 Pitfalls and 5 Payoffs of Conducting Your Business Processes in the Cloud

Oracle Identity & Access Management

THINK YOU NEED A BYO STRATEGY? THINK AGAIN. Shift to a Digital Workspace Strategy in 5 Steps

Identity Administration Needs Governance

Moving to the Cloud: Benefits, Risks & a Case Study What is this Cloud thing?

SailPoint + Microsoft: Better Together

WebFOCUS: Business Intelligence and Analytics Platform

Sean P. McDonough National Office 365 Solution Manager Cardinal Solutions Group

Securely Enabling the Enterprise of Things

Managing Change and Complexity with Identity and Access Governance

MEETS MOBILE MAINFRAME. Access information anytime, anywhere

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Hardware. This white paper will discuss the realities of IIoT and review the 7 key success factors for software monetization, including:

The Top 5 Questions CIOs Ask About Moving to the Cloud

The Economic Benefits of Puppet Enterprise

Pega Upstream Oil & Gas Capabilities Overview

SuccessFactors Employee Central Side-by-Side Deployment with SAP ERP. White Paper

Epicor Financial Services Overview

Capgemini Cloud Platform. Migrate, operate, and innovate every aspect of your business in the cloud

Evidian. Shared IAM Solutions

Investor Deck. May 2018

INTEGRATING HORIZON AND CITRIX APPS IN A DIGITAL WORKSPACE

Extending Access Control to the Cloud

Driving Greater ROI From ITSM with The Future of SAM. Martin Prendergast, CEO Concorde

Simple, Scalable, Real-time Protection

BUSINESS DRIVERS AND USE CASES REVISED 5 NOVEMBER 2018

GDPR and Microsoft 365: Streamline your path to compliance

Conference summary report

QLIKVIEW IN THE ENTERPRISE

GDPR COMPLIANCE: HOW AUTOMATION CAN HELP

A UNIFIED APPROACH TO DELIVERING EXCEPTIONAL CUSTOMER EXPERIENCES

Compliance Management Solutions from Novell Insert Presenter's Name (16pt)

VISION MANAGEMENT SOLUTION

Ways to Transform. Big Data Analytics into Big Value

For more information visit ncr.com or contact us at

Prepare for GDPR today with Microsoft 365

Embracing the Digital Workplace with Unified Endpoint Management (UEM)

Service Catalog ATTOSOL TECHNOLOGIES.

Investor Deck. February 2018

IBM Balanced Warehouse Buyer s Guide. Unlock the potential of data with the right data warehouse solution

8 Minute Overview REAL-TIME SOFTWARE INVENTORY & USAGE. Modern IT & The Importance of Software Asset Management

TREASURY. INTEGRITY SaaS

WHITE PAPER Migrating to the Cloud

MANAGE BUDGET AND SPEND IN A MULTI-CLOUD ENVIRONMENT THE CLOUD IS VAST, YOUR BUDGET IS LIMITED WHAT IS YOUR PLAN?

BUYER S GUIDE: MFA BUYER S GUIDE. Evaluating and getting started with modern MFA solutions

Securing SaaS at Scale

SafeNet Authentication Service:

Embedded Analytics: Turning Data-Driven Apps into Actionable Insights

Identity and Access Governance. Buyer s Guide. By Felicia Thomas

Grow Your Business with Confidence

ipass Enterprise Mobility Services

Informatica Cloud Application Integration

IBM QRadar SIEM. Detect threats with IBM QRadar Security Information and Event Management (SIEM) Highlights

The Cloud at Your Service

Key capabilities for mastering the cloud

A Case Study in Multi-tiered Distributed Environmental Compliance Information Management in the Air Force

Transcription:

The 7 Tenets of Successful Identity & Access Management

Data breaches. The outlook is not promising. Headlines practically write themselves as new breaches are uncovered. From Home Depot to the US Government s Office of Personnel Management to Ashley Madison, targeted attacks are on the rise. They have increased 91% since 2013 which was known as the year of the Mega Breach1. The total number of breaches themselves have increased 62% since that same time and the role of insiders in these breaches is significant. According to Verizon s Data Breach report, 88% of insider breaches are due to privilege abuse. In fact, according to SailPoint s own survey, 1 in 7 employees would be willing to sell their login credentials for as little as $150. The insider risk remains. The external and internal risk are real. 1 According to Symantec 1 SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management

The Disappearing Perimeter The relationship between enterprises and their data is much more complex than ever before. In a regular workday, the average employee touches a massive number of systems each with different levels of privilege demands. A head of HR needs high levels of privilege access to the HR system but low privilege to the IT infrastructure, product intellectual property or sales database. Product managers need almost the opposite access. How do you know each only has access to the level they are authorized? And while everyone thinks about employees and IT staff access, what about the contractors and suppliers? And while many may not consider customers as needing access, they leverage product support, partner portals and all sorts of semiprivileged data. Then there are the ex-employees who still have their personal phones, computers and data sources they accessed while still on the inside. Were their access rights revoked timely? With all these scenarios and complexity, the notion of network and perimeter is becoming irrelevant. Data is in the cloud and on mobile devices; it is accessed not just by employees but also external parties. Enterprise security is in need of a new paradigm and evolving from network-centric to identitycentric. The increasingly complex relationships between people and data is redefining perimeter defenses and making us think about access management in a very different way. The primary controls provided by network security are just not enough anymore. SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management 2

Enterprise Security Has Become Identity-Centric Security starts with a subject (an employee or a program) gaining access to a resource (an application or data file) via access controls. Access controls are the system-level constraints that make sure that the right people have the right access and the bad guys are kept out. Application services now support a vast array of internal customers from employees to contractors to partners. In addition, it is common today to host applications on-premises and in the cloud in true hybrid environments. Between mobile platforms and data hosted in multiple clouds, system-to-system data flows are complex. The Identity Access Management (IAM) job is simple in principle: give the right people the right access to the right data. To do this, trusted and properly managed identity access has to become the primary control. It comes down to three basic questions to govern access: 1. Who has access today? This is a question of inventory and compliance. It starts with understanding the current state. It is about cataloging and understanding access in order to ensure it is correct. 2. Who should have access? Models and automation are the cornerstones to determining who should have access. For us to answer the question should Joe have access to this file, we must first know who Joe is. We then have to understand and classify the data he is attempting to access. We have to establish a model that defines if Joe s access conforms to his pre-defined policy. While partitioning data this way may be more complex, it is critical to implementing any form of preventive controls. 3. Determining who did have access is a question of monitoring and audit. It is no longer enough to understand who does and who should have access. It is vital for IT security forensics and auditing to surface who was actually granted access, in addition to when and where it was last used. DATA ACCESS RIGHTS PEOPLE 3 SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management

Know the Points of Weakness in your IAM When looking at the post-incident forensic reports from any high-profile data breach, there are always basic identity and access management errors at the root cause. Simple things like overly complex data access and unknown data classification are usually a factor. Some others include: 1. Can you tell what files have been stolen? What kind of data inventory do you have to help you find out? 2. How many separate login systems are you managing between Product, Sales, Ops, Finance and Support and are they all on-premises or are some hosted in the cloud? 3. Are your data pools in large repositories and how finely have you partitioned access? 4. What is the difference in access level to your employees, contractors, partners and customers? Are they all accessing the same networks at different levels or do you host duplicate but separate networks for each? 5. Can you tell the difference between a valid account and a rogue account? There are obviously many more factors and the identity access questions get complex quickly. At SailPoint, we have had the privilege to be invited into a wide range of customer environments and witnessed an even wider range of identity management challenges. We have assembled the knowledge we gained from these experiences into 7 basic tenets of best practices enterprises should use when designing and integrating a next generation Identity Access Management system. Complex Data Access Overentitled Users Corporate IT & Data Assets Rogue Accounts Privileged Access SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management 4

The 7 Tenets of Successful Identity & Access Management 5 SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management

Consider Everything 1 Identity and access management is no longer a do it yourself project. The sheer number of users, data applications, interfaces and platforms in the modern enterprise requires an integrated IAM system. From password management across multiple data repository platforms to compliance to role management to audit, misalign one interface and at best your system will fail. At worst, your identity access system ends up with a vulnerability that does not surface immediately, but that a cybercriminal might exploit later. A single integrated IAM platform can coordinate all rules, all compliance and all monitoring into one place ensuring that nothing is missed. Patching together an enterprise-level IAM solution by stitching the embedded identity control systems of multiple SaaS and enterprise software vendors leaves your network open to potential gaps in coverage and creates fragile links between systems. An integrated enterprise solution will control and monitor all your users, all your applications, all your data, and all access rights. Role Management Password Management Identity Analytics Compliance Controls IAM Platform Data Governance Single Sign-On Access Request SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management 6

2 Remember your Customer The enterprise has to service a wide range of internal customers with different data access needs from different locations using different access devices. The IAM solution must be adaptable across all this. Whether a user is accessing a sales database from a hotel in Europe via their smartphone, an ERP system from a tablet on a production floor or a finance system from a desktop at the corporate headquarters, each access needs to be authenticated quickly, transparently and accurately. This includes an internal contractor requesting simple access via single sign-on, a business user adjusting data ownership rights, a high-level compliance officer monitoring compliance or a road warrior asking for a password reset behind the corporate firewall. Any user, any platform, any time. In a friendly, easy way. 7 SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management

Be Context Aware 3 Understanding users and, most importantly, the data and resources they should and typically access is critical. Identity context is about sharing and understanding these relationships and translating them into entitlements or rights. That context model needs to sit in the center of the security and operations infrastructure as the identity governance and administration engine. It is a model of known relationships between people, accounts, privileges and data. For example, when a security event is generated out of a SIEM or DLP system, a context-aware identity management system can use its knowledge of people, their accounts and the data they are allowed to access and take remediation actions. If an access request is outside the boundaries of their approved access levels, a good IAM system may suspend their account or even lock their mobile container. Identity context is about sharing and understanding the relationship among people, accounts, privilege and data. SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management 8

4 Govern by Model Managing the access of thousands of users requires governance models. These models are what make the IAM engine effective. They consist of a set of Automation Models, Role Models, Change Models, Risk Models, and Control Models. They each drive individual compliance and groupings interactions which as a group drive common policy. Models often start in HR and monitor new employees, employee changes and employee terminations. These are called Joiner/Mover/Leaver events. From there, access models are created for the bulk of users who operate in self-service modes. In addition, IT security requires models for automation and control to closely monitor access activity, and the IT audit department needs special compliance and audit actions that wrap around the core of the enterprise s data protection strategy. Placing governance models at the center creates a stable, repeatable and scalable approach to enterprise identity control. Role Models Policy Models Risk Models IAM Platform Entitlement Models 9 SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management

Managing Risk is a Verb 5 Managing risk is the mechanism for how you know when an action falls outside of normal usage. Identity risk scoring can be accomplished by model in an advanced IAM system. Risk scoring allows for faster access authentication and tracking strategies. For instance, a low risk account may have only read privileges, no policy violations and no access to high risk data or applications. A high risk profile may have orphaned accounts, system administrative access to highly sensitive data with lots of privileges, or has been associated with active policy violations. These accounts may require event-based certification whenever something changes in their environments for logins rather than a simple quarterly review audit. Low Risk Medium Risk High Risk And in between are accounts upgraded from low risk or downgraded from high risk. For these, a series of failed login attempts may prompt immediate event-based certification, restrict their access request environments or other actions. In any case, knowing a user s risk profile helps in assessing how closely their online activities need to be monitored. Magnitude Vulnerability SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management 10

6 Connect to Everything When considering an integrated IT system such as identity access management, the most difficult decision an enterprise needs to make is determining how much of an existing platform to keep and how much needs to be replaced. Some parts of their internal IT architecture will stay the same and so the IAM system needs to be flexible enough to connect to everything and anything. Effective identity and access management requires connectivity from any kind of platform to any kind of data repository. This may mean working with older 3rd party provisioning platforms as well as more recent infrastructure like Mobile Device Management software managing mobile security or Service Management Platforms that may still be using manual fulfillment processes. Accomplishing this requires a direct connector framework with the ability to manage databases, directories and servers. Also important is the ability to provide out-of-the-box connectors for enterprise applications like SAP and Oracle Fusion, mainframe security managers, cloud and SaaS apps. Agent-less technology that makes each connector easier to deploy and maintain over time is key for a successful IAM platform deployment. IAM Provisioning MIM Mobile Device Management Platform SIM Service Management Platform PIM 3rd Party Provisioning Platform Connector Framework 11 SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management

Be Consistent 7 This may sound intuitive but consistency in all these actions and approaches is key. The business user wants access regardless of where the apps are served. The auditor only cares about compliance, not where data is stored. The IAM solution needs to bridge gaps like these seamlessly and consistently to secure the business in a scalable way. Regardless of where the data resides, one-off connections or patched provisioning should be excluded from the IAM implementation design, otherwise scalability will be impacted whether data is structured or unstructured. Structured Data Cloud / SaaS / Mobile Unstructured Data Enterprise / On-prem SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management 12

Summary The modern enterprise is more complex than ever and identity and access management is at its core. While it is possible for enterprises to piece together their own solutions, the number of rules, number of best practices, and number of intricacies involved with implementing a secure IAM solution is huge. There is a lot at stake. It only takes one misconfiguration to open your enterprise to anyone wanting in. Only SailPoint offers all these 7 tenets in one solution. Since our inception, SailPoint has been integrating complex IAM solutions for a wide range of customers in a wide range of markets. SailPoint is the IAM market leader and has been a Gartner Magic Quadrant market leader for several years with over 500 customers around the world. We are innovators in the area of identity and access management and have helped a lot of customers navigate through exactly the obstacles we have shared in the 7 tenets. We understand business users, business complexities and most of all, we understand what is at stake when it comes to accurate identity monitoring and compliance. You spent your life s work on your business. We have done the same in identity and access management. We have refined the mechanisms for fast and effective IAM strategy and are ready to share our vision, solutions and knowledge with your organization. Visit SailPoint.com for more information and to schedule a demonstration. 13 SailPoint White Paper: The 7 Tenets of Successful Identity & Access Management

About SailPoint Corporate Headquarters 11305 Four Points Drive Building 2, Suite 100 Austin, Texas 78726 512.346.2000 USA toll-free 888.472.4578 www.sailpoint.com As the fastest-growing, independent identity and access management (IAM) provider, SailPoint helps hundreds of global organizations securely and effectively deliver and manage user access from any device to data and applications residing in the datacenter on mobile devices and in the cloud. The company s innovative product portfolio offers customers an integrated set of core services including identity governance, provisioning and access management delivered on-premises or from the cloud (IAM-as-a-service). For more information, visit www.sailpoint.com. 2015 SailPoint Technologies, Inc. All rights reserved. SailPoint, the SailPoint logo and all techniques are trademarks or registered trademarks of SailPoint Technologies, Inc. in the U.S. and/or other countries. All other products or services are trademarks of their respective companies.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback