Securely Yours LLC. Identity and Access Management (IAM) IAM in a Cloud Auditing Guidelines IIA Detroit Chapter September 8, 2009

Similar documents
Identity & Access Management Enabling e-government. Identity & Access Management (IAM) Defined

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

An Introduction to Oracle Identity Management. An Oracle White Paper June 2008

Utilizing Oracle Standard Functionality and other Oracle tools to comply with Sarbanes- Oxley By Olga Johnson City of Detroit

Neues von der Oracle Identity Governance Suite. Dr. Stephan Hausmann

Jeff Carpenter Authentication and Access Specialist RSA, The Security Division of EMC. Copyright 2015 EMC Corporation. All rights reserved.

RSA Identity Management & Governance

Employee Lifecycle Management in an R12 World

IT Service Delivery And Support

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Identity Governance and Administration

<Insert Picture Here> Externalizing Identity

Take Identity and Access Management to the Next Level Securely. Matthew Pecorelli

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Identity and Access Management

Business Driven Identity Management at ICBC

I N F I N I T Y Z U C C H E T T I ACCESS MANAGEMENT

Identity & Access Management Unlocking the Business Value

Identity Management Solutions for Oracle E-Business Suite. An Oracle White Paper January 2008

Build a Future-Ready Enterprise With NTT DATA Modernization Services

Corporate Communication & Collaborative Portal

Secure information access is critical & more complex than ever

Oracle Identity & Access Management

Howto Approach Identity Management?

Securing the Mobile, Cloud-connected Enterprise

SUNSERVERS. Enterprise Computing. Sun Microsystems,

Learn to streamline User Provisioning process in Oracle Applications with workflows

Buyer s Guide for a User Provisioning Solution. An Oracle White Paper April 2007

Security and Compliance: Taking a Business Perspective. Yolanda Ma, Senior Product Marketing Manager, RSA Professional Strategies S24

Entitlement Management

Identity and Access Governance. Buyer s Guide. By Felicia Thomas

Contents. About Us. Domain, Technology & Services. Global Presence. Value Proposition. Success Stories. Technology Offerings.

The Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaS

3 Solutions in 1 Box. ERP Solution Guide. BiGuard SSL VPN Security Appliance Series. April 2008 Updated

SERVICES AND CAPABILITIES. Technology and Management Consulting

CONTROL-SA. The Foundation for Secure Identity Management

Computers Are Your Future

HP OpenView Select Identity software

INFORMATION STREAMLINES

Risk-based Assessment of User Access Controls and Segregation of Running Oracle Applications Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars

Enabling Cross-University Collaboration with Harvard IAM: TIER, InCommon, and Grouper. IT Summit 2015 June 4, 2015 Thursday 1:10-2:00 p.m.

Securely Yours LLC. Compliance made easy

Implementing Microsoft Azure Infrastructure Solutions

CASE STUDIES PREPARED BY:

UNIFIED SECURITY SERVICE (USS)

Managing FTI Data Compliance. Addressing Publication 1075

Oracle s GRC Strategy is Flawed and Failing their Customers

STREAMLINING USER PROVISIONING WITHIN JIVE USING ACTIVE DIRECTORY

CHOOSE THE RIGHT IDENTITY & ACCESS MANAGEMENT SOLUTION

Simplify and Secure: Managing User Identities Throughout their Lifecycles

INTEGRATING PING IDENTITY SOLUTIONS WITH GOOGLE IDENTITY SERVICES

An Oracle White Paper March Access Certification: Addressing and Building On a Critical Security Control

The Cloud at Your Service

Streamlining Access Control for SAP Systems

HYBRID CLOUD MANAGEMENT WITH. ServiceNow. Research Paper

En Pointe Technologies

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Create Experiences. Build Customers. Drive Sales.

ERP Overview Comparison Guide

5 Pitfalls and 5 Payoffs of Conducting Your Business Processes in the Cloud

IAM: Key concepts and predictions for 2011

SafeNet Authentication Service:

ORACLE ADVANCED ACCESS CONTROLS CLOUD SERVICE

Position Description. Job Summary: Campus Job Scope:

InSight DMS Basic Insight Suite InSight DMS Basic

Beyond ERP Transformation

Identity and Access Managementas-a-Service: Protecting Digital Relationships

Western & Southern Financial Group And Novell

Automating On-Boarding and Off-Boarding Through ServiceNow and Provisioning Portals for Avaya and Skype for Business

Security solutions White paper. Effectively manage access to systems and information to help optimize integrity and facilitate compliance.

XtraNet Technologies Private Limited

FINACLE SERVICES: API MANAGEMENT USING CA API GATEWAY

How to Ignite More Value

Leverage T echnology: Turn Risk into Opportunity

Policy Outsourcing and Cloud-Based File Sharing

Emerging & disruptive technology risks

Oracle Identity Governance 11g R2: Essentials

IBM WebSphere Information Integrator Content Edition Version 8.2

SOTI ONE NOVEMBER 2018 UPDATE

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

THE CLOUD, RISKS AND INTERNAL CONTROLS. Presented By William Blend, CPA, CFE

Oracle Cloud for the Enterprise John Mishriky Director, NAS Strategy & Business Development

Major Computer Systems & Upgrades. DWP-NC MOU Committee Meeting August 4, 2018

Building an IAM Program at Portland State University. Polling URL:...

IBM IoT Continuous Engineering on Cloud and IBM Collaborative Lifecycle Management on Cloud

Case Study: Broadcom Limited

The Migration of Web Applications to the Cloud Environment By. Pethuru Raj PhD Enterprise Architect Sify Software Ltd. Chennai

Optimizing Security Practices Among Employees

Oracle Identity und Access Management

Title: Leveraging Oracle Identity Manager (OIM) to Improve Costs and Control. An Oracle White Paper March 2009

Service Centric IT Integration. Chris Flynn Service Level Manager BMC Software, Inc

Product Research Note: Quest One Identity Manager

Optimized Business Processes in the Age of Cloud Computing

DAM Requirements Checklist

Chapter 7. E-Supply Chains, Collaborative Commerce, Intrabusiness EC, and Corporate Portals

Press Release. NetSpring introduces new Non-Intrusive Enterprise Single Sign-on Appliance SSOcube Ver. 1.3 Windows10, Google Chrome & ios supported

Independent Software Vendor. Established in A company of Greek interests (Societe Anonyme, privately held)

Transcription:

Securely Yours LLC Identity and Access Management (IAM) IAM in a Cloud Auditing Guidelines IIA Detroit Chapter September 8, 2009

Challenge of growing identities 2

IAM Manages explosion of ID s 3

What does IAM involve New Users (On boarding) Adding users Provisioning Access Existing Users (Entitlement Management) Manage Transfers Verify appropriate access Manage Passwords Manage remote access Manage physical assets (cell phone, laptops etc) Optional Terminated Users (Off boarding) Removing access Deleting Users Acquiring assets back from users

What is the market According to Forrester, February 2008 Identity Management Market Forecast: 2007 To 2014 IAM market will grow from nearly $2.6 billion in 2006 to more than $12.3 billion in 2014 Provisioning accounts for half of IAM market revenues today, but it will account for nearly two-thirds of all IAM revenues by 2014 The IAM market is actually just beginning its trajectory toward broad adoption and deep penetration Trend - migrating from point products to identity suites from products to managed services Vendors will decompose products into service-oriented architecture (SOA)-enabled functions, repackaged in the form of identity-as-aservice (IDaaS).

Ideal IAM solution - streamlined processes Identity & Access Management Governance & Administration Identity On Boarding Entitlement Management Off Boarding Centralized Administration Text Employee Contract Employee BPO JV Consistent Identity Established via Standard Processes Control Optional Role-Based Inter Application SoD Entitlement Provisioning & De-provisioning Appropriate Access Reviews Intra- Application SoD Disable Or Suspend Identity Physical Asset Recovery Automated Access Deprovision Employee Contract Employee BPO JV Delegated Administration Text Supplier Dealer With Support for Lifecycle Events (e.g. Transfers, Leave of Absence) Standard Workflow Enabled Processes Manual Access Deprovision Supplier Dealer Identity and Access Data Administration Architecture

IAM Services Typical implementation of IAM Services Mainframe Linus/Unix AD Managed Resources Organization Network Infrastructure Internet ERP Email Database User Approver User Application Server LDAP Intranet Portal Approver Database 7

IAM Implementation challenges Current budget constraints not allowing organizations to implement tools and technologies Current market conditions is forcing organizations to cut cost but lack of efficient processes prohibit cost cutting Inefficient processes prohibit organizations to be nimble and change as the business needs change, causing further frustration within the organization

Managed Services IAM Services managed by the Managed Service Provider Mainframe Linux/Unix AD Managed Resources Organization Network Infrastructure Internet ERP Email Database User Approver User Application Server LDAP Intranet Portal Approver Database 9

IAM Services managed by the Outsource Service Provider Identity and Access Management SP Client Login URL: www.iam-sp.com Client 1 Enterprise Directory IAM Service Provider Load Balancer LDAP Adapter Mysql Adapter Oracle Adapter Mysql Applications Oracle Applications Client 2 App Server1 App Server2 App Server3 LDAP Adapter Enterprise Directory Web Server Application Server Oracle Identity Manager Mysql Adapter Load Balancer Database Connection Oracle Adapter Mysql Applications Oracle Applications IAM Database

Benefits of the IAM Cloud Minimum or no updates to organization s systems Headache of IAM implementation passed to the service provider Reduced FTE requirements to support Administration Reduced cost structure through Software as a Service (SaaS) approach as much as 25% cost reduction Organization positioned for future enhancement Automated Segregation of Duties (SOD) checks during approval process Ease of Audit compliance as Continuous Control Monitoring becomes reality

Role Of Internal Audit Auditing IAM Environment

Three elements to Audit Client Environment Provider Environment The Cloud

Auditing a Client Environment - Scope Process IAM process from on-boarding to termination Approval process Workflow management Technology Servers managed by IAM Applications managed by IAM Network infrastructure used for IAM Access Control for all servers, applications, network resources and workflow

Auditing a Client Environment - Scope People Segregation of Duties (SOD) Hierarchy of organization for approvals Others Proxy repositories Regulatory reports

Auditing a Provider Environment - Scope Technology IAM servers residing in provider s environment Access control of provider s infrastructure Access Control of client s data Process Security operations process SAS 70 Type II reports Periodic reports from the provider People SOD and privacy

Auditing the cloud - Scope Security of tunnel between provider and client Segregation of clients data with other clients data

Security in a Cloud Internal Auditor 8/09

Questions and Answers Sajay Rai CEO, Securely Yours LLC sajayrai@securelyyoursllc.com www.securelyyoursllc.com 248-723-5224

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback