The document summarizes Dell's Identity as a Service (IDaaS) offering, which provides identity and access management solutions delivered as a cloud service. It addresses challenges organizations face with on-premises IAM solutions, such as growing access needs outpacing staff capabilities. Dell's IDaaS offering provides modules for provisioning, governance, and access control that can be implemented individually. The modules help with tasks like provisioning/deprovisioning users, access requests, role-based access control, and compliance reporting. The service is delivered through a partnership with Simeio and leverages their expertise and cloud platform. Benefits highlighted include moving IAM from a capital to operational expense and reducing the burden on IT staff.
So You Need To Build A Private Cloud. What Now? Best Practices For Building Y...
Mt26 identity management as a service
1. Dell World 2014
Identity and Access Management
MT26 Identity management as a service
Jackson Shaw, Senior Director of Product Management, November, 2014
Dell World
2014
2. Dell World 2014
IAM challenges in the real world
• For many growing organizations, access control needs have grown beyond their
staff’s ability to efficiently and securely enforce them
• More applications are moving to the cloud
• With the “jack-of-all-trades” approach to IAM, efficiency, security and compliance
inevitably suffer. The smaller the IT staff, the more broadly their skill set is required
to spread.
• The further the line-of-business moves away from provisioning, governance and
access management, the more likely it is that their “real world” of IAM is a mess.
• The skills, time, and tools needed to execute enterprise provisioning and
governance are not there
• The possibility of a big capital investment to address these problems isn’t realistic
4. Dell World 2014
Dell One Identity as a Service
• Addresses your most pressing security, provisioning/de-provisioning, access
control, governance and compliance needs as an operational expense not a capital
investment.
• Delivered through a partnership with Simeio, an end-to-end IAM services and
solutions provider, leveraging Simeio’s Identity as a Service expertise and DirectAxs
cloud computing platform
• Technology
• Sales
• Marketing
• Branding
• Hosting
• Integration/customization
• Support
5. Dell World 2014
Three modules available
Dell One Identity as a Service
For Provisioning For Governance For Access Control
• Enterprise provisioning
• Access request portal
• Business-driven access
decisions
• Unified workflow and policy
• Self-service password resets
• Reporting
• Attestation/recertification
• Separation of duties
• Role management
• Role-based access control
• Compliance reporting
• Web SSO
• Just-in-time cloud provisioning
• Access control for web apps
• Self-service password resets
• Reporting on WAM rights and
activity
7. Dell World 2014
Provisioning use cases
Use Cases Description
Identity Origination
External user self registration
Integration with HR/Authoritative source
User created in IAM solution
Self Service & Password Management
• User sets password & challenge response questions
• User forgets password and is able to reset password to all
provisioned applications
• Help desk is able to reset password for user based on
shared secret
Access Request Catalogue
Application access request process
2 Level approval Workflow
Provisioning & Deprovisioning
Creates, modifies and deletes accounts on applications and
infrastructure following the completion of workflow
Supports on-premises and SAAS applications
Provisions based on roles defined by customer
Reporting
Out of the box “who has access to what reports”
Custom reports based on requirements
12. Dell World 2014
Governance use cases
Use Cases Description
Identity Seeding
Integration with HR/Authoritative source
User created in IAM solution
Application & Entitlement Synch
• Integration with applications through connector or flat file synch
• Load account and entitlements and correlate to users
• Define risk level for entitlements
Risk Based Access Certification
User – Manager access certification
Risk based view
Ability for reviewer to certify/revoke access
Mark accounts for termination
Segregation of Duties
Define segregation of duty policies
Enforce SOD compliant provisioning
Run detective SOD checks
Role Mining
Role mining using top down and bottom up attributes
Reporting
Out of the box “who has access to what reports”
Custom reports based on requirements
17. Dell World 2014
Access control use cases
Use Cases Description
Identity Seeding
Integration with HR/Authoritative source
User created in IAM solution
AD/LDAP Integration
• Integration with On Premise Authentication Directory
Self Service & Password Management
• User sets password & challenge response questions
• User forgets password and is able to reset password to all
provisioned applications
• Help desk is able to reset password for user based on shared secret
Web Single Sign On & Federation
Integrations with On Premise and SAAS Applications for providing
Single Sign On
Support for SAML, Form Fill, LDAP, Kerberos Authentication
mechanisms
Reporting
Out of the box “who has access to what reports”
Out of the box “Who accessed what reports”
Custom reports based on requirements
21. Dell World 2014
Why Identity as a Service (SaaS) make sense
• Operational vs. capital expenditures
• With the subscription model for SaaS, the payment for IAM services moves from a capital
expenditure to an operational expense. Approvals and accounting for operational spending is
often faster and smoother than capital investments.
• Solution management and maintenance
• No need for an organization to manage on-premises software. Critical tasks such as software
patches, updates, and more fall to the service provider, not your IT team.
• Staff expertise
• Burden on IT staff to learn and become experts on new software is dramatically reduced. In
fact, with IAMaaS, IT can be entirely removed from some tasks, such as provisioning, access
management, and governance.
• Near-immediate deployment
• Most SaaS options can be deployed quickly, delivering value in a fraction of the time of their
on-premises counterparts
22. Dell World 2014
Why chose Dell One Identity as a Service?
• Built to help organizations move from the tactical to the
strategic and agility-enabling ideal of governance
• Place visibility and control required of IAM in the hands of
those that know “why” things should happen (line-of-
business personnel) not simply those that know “how” to
make them happen (IT)
• Designed with simplicity in mind. Modules are simple to
deploy and use, but also decrease the overall complexity
• Modular and integrated, so you can start where needed and
build from there. There’s no need for a heavy investment in
an underlying technology framework, or extensive
customization to make solutions work together
23. Dell World 2014
Validation
• By the end of 2017, 20% of IAM purchases will use the IDaaS delivery model, up from less than 10%
in 2014.
• Gartner, “Magic Quadrant for IDaaS,” June 2, 2014, Gregg Kreizman
• The average user must access 27 different applications to do his or her job, and has an average of
six enterprise-issued passwords. The same survey concluded that, on average, it takes more than a
day and a half to provision a new user, and more than half a day to de-provision a user.
• Aberdeen Group
• “We recognize Dell’s leadership when it comes to delivering a comprehensive IAM solution, and we
are pleased to partner with an industry leader to offer a full-featured Identity as a Service solution
to organizations that typically struggle to address IAM needs. The Simeio Business-Ready IAM
Cloud delivered via the industry's first and only Identity Intelligence Center, provides our clients
with a higher level of security and reliability.”
• Hemen Vimadalal, Simeio Solutions, CEO
27. Dell World 2014
Access control module
DEFENDER
DELL INTERCEPTOR
Primary
ON PREMISE ENTERPRISE
APPLICATIONS
ACTIVE DIRECTORY
Oracle
EBS
MAINFRAME
SAP
DB NODE 1 DB NODE 2
DELL
INTERCEPTOR
Disaster Recovery
Customer Data Centre
SECURED VPN TUNNELS
Cloud
SAAS
APPS
SAM
L
DELL IDaaS
ACCESS CONTROL
SERVICE
CAM PM
DATABASE
CLUSTER
(Load
Balancer)
28. Want to learn more about Dell’s
identity protection solutions?
Learn more via email. Start here.
Sign me up!