Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
MT 42 Ensuring the success of
your IAM project
What is your IAM
project?
“Superusers”Mobile users
Customer dataYour IP
IAM is critical… to protect people and things
Your systems
User access
But why?
Why do you want to protect these things?
• You have some really valuable stuff.
• Your users want what they want, when the...
So you engage in
an IAM project
(in one guise or another).
Top reasons we see IAM projects stall.
• IAM gets run as one or more discreet IT projects
• Assuming just one technology w...
Example failed use case:
• IAM gets run as one or more discreet IT projects
• Assuming just one technology will solve the ...
Sound familiar?
• A manual process for provisioning Active Directory with native tools
• A highly customized provisioning ...
Document management company
• IAM framework for provisioning
• Another solution for PAM
• Another for AD management
• Anot...
Example failed use case:
• IAM gets run as one or more discreet IT projects
• Assuming just one technology will solve the ...
Sound familiar?
An IAM framework that…
• Doesn’t do everything you need
• Maintains complexity
• Has made your org six yea...
• “Traditional” IAM framework
• 16 full-time Java developers
• Two years in
• Provision 1 app (AD)
• Can’t de-provision an...
Example failed use case:
• IAM gets run as one or more discreet IT projects
• Assuming just one technology will solve the ...
Sound familiar?
• How cumbersome are your “automated” processes?
• Are you actually provisioning everything you need?
• Wh...
• Sun IAM framework
• Basic provisioning not up to par
• No access request
• No governance
• 3+ years to get to this point...
All of them end with the same consequences…
• Inefficiency
• Audit exposure
• Inflexibility
• Cost overrun
Ultimately a pr...
A recipe to make your
IAM project a success
What we know works
• Know where you are.
• Get the basics right.
• Consider starting with provisioning.
• Involve the busi...
What we know works
• Know where you are.
• Get the basics right.
• Consider starting with provisioning.
• Involve the busi...
Management
Control
Security
Access
Governance
Hierarchy of IAM needs
• Know where you are.
• Get the basics right.
• Consider starting with provisioning.
• Involve the business; put the busin...
• Failed Novell and Oracle deployments
required three full-time staff just for
provisioning.
• Redirect staff to strategic...
• Know where you are.
• Get the basics right.
• Consider starting with provisioning.
• Involve the business; put the busin...
• Phase one deployment in 14 weeks
• Self-service access request
• Immediately automated 50% of
provisioning tasks
• Gover...
• Know where you are.
• Get the basics right.
• Consider starting with provisioning.
• Involve the business; put the busin...
• Evolving environment (mergers)
required improvement over
manual provisioning processes
• Governance required including
d...
• Know where you are.
• Get the basics right.
• Consider starting with provisioning.
• Involve the business; put the busin...
• Modular and integrated approach to
augment IAM framework
• AD management and extend to Unix
• Privileged account managem...
What we know works
• Know where you are.
• Get the basics right.
• Consider starting with provisioning.
• Involve the busi...
• Provision AD also provisions Unix
access
• Went from 12 Unix passwords to 1 AD
password
• Eliminated a $1M/month helpdes...
So, where can you
turn for help?
All of them end with the same consequences…
• Focus on what matters the most
to you and your organisation
• Include extern...
Protect Comply Enable
security for better .
User – Identity and Access Management
Endpoint
(Data center – edge)
Network
(P...
Why work with Dell
The path to
governance
• Policy-based
access control
• Governance for
identities, user
access, data and...
Thanks!
Jackson.shaw@software.dell.com
eBook: Future-ready IAM at http://dell.to/1JHdVOE
software.dell.com/IAM
Upcoming SlideShare
Loading in …5
×

The Keys To A Successful Identity And Access Management Program: How Does Your Approach Compare To Industry Best Practices?

936 views

Published on

The way you implement Identity and Access Management (IAM) can make or break your security and compliance strategies. Based on Dell’s experience helping customers deploy IAM properly, we have identified common themes that run through these successful projects. In this session, one of Dell’s IAM experts will present a maturity model that will help you gauge the correct place to start your deployment, highlight the course corrections that may be necessary, and help you determine the path to IAM that’s right for you.

Published in: Software
  • Login to see the comments

The Keys To A Successful Identity And Access Management Program: How Does Your Approach Compare To Industry Best Practices?

  1. 1. MT 42 Ensuring the success of your IAM project
  2. 2. What is your IAM project?
  3. 3. “Superusers”Mobile users Customer dataYour IP IAM is critical… to protect people and things Your systems User access
  4. 4. But why?
  5. 5. Why do you want to protect these things? • You have some really valuable stuff. • Your users want what they want, when they want it, and it better be easy. • Someone says you have to do it. • Bad people are out there. • Good people aren’t perfect. • You don’t want to have a security breach. It’s just the right thing to do.
  6. 6. So you engage in an IAM project (in one guise or another).
  7. 7. Top reasons we see IAM projects stall. • IAM gets run as one or more discreet IT projects • Assuming just one technology will solve the problem • Attempting to automate an existing process • Assuming systems have boundaries • Allowing scope to creep • Trying to deliver everything at once
  8. 8. Example failed use case: • IAM gets run as one or more discreet IT projects • Assuming just one technology will solve the problem • Attempting to automate an existing process • Assuming systems have boundaries • Allowing scope to creep • Trying to deliver everything at once
  9. 9. Sound familiar? • A manual process for provisioning Active Directory with native tools • A highly customized provisioning framework for the rest of the enterprise • A purchased solution for authentication to federated applications • A home-grown solution for authentication to internally-developed applications • Another purchased solution for single sign-on to legacy applications • A manual process for privileged password management • A dedicated Active Directory bridge for some Unix/Linux privileged account management tasks • A self-service solution for resetting user passwords
  10. 10. Document management company • IAM framework for provisioning • Another solution for PAM • Another for AD management • Another for single sign-on • Another for password management
  11. 11. Example failed use case: • IAM gets run as one or more discreet IT projects • Assuming just one technology will solve the problem • Attempting to automate an existing process • Assuming systems have boundaries • Allowing scope to creep • Trying to deliver everything at once
  12. 12. Sound familiar? An IAM framework that… • Doesn’t do everything you need • Maintains complexity • Has made your org six years into the three-year IAM deployment • Demands a constant stream of consultants and developers • Has provided unfulfilled expectations • When requirements change, it starts all over again
  13. 13. • “Traditional” IAM framework • 16 full-time Java developers • Two years in • Provision 1 app (AD) • Can’t de-provision anything Fortune 100 company
  14. 14. Example failed use case: • IAM gets run as one or more discreet IT projects • Assuming just one technology will solve the problem • Attempting to automate an existing process • Assuming systems have boundaries • Allowing scope to creep • Trying to deliver everything at once
  15. 15. Sound familiar? • How cumbersome are your “automated” processes? • Are you actually provisioning everything you need? • Who’s driving the bus, the business or IT? • Governance: Attestation/re-certification
  16. 16. • Sun IAM framework • Basic provisioning not up to par • No access request • No governance • 3+ years to get to this point Oil & gas company
  17. 17. All of them end with the same consequences… • Inefficiency • Audit exposure • Inflexibility • Cost overrun Ultimately a project which did not deliver as per the expectations!
  18. 18. A recipe to make your IAM project a success
  19. 19. What we know works • Know where you are. • Get the basics right. • Consider starting with provisioning. • Involve the business; put the business in charge. • Custom kills. • Make it easy for users.
  20. 20. What we know works • Know where you are. • Get the basics right. • Consider starting with provisioning. • Involve the business; put the business in charge. • Custom kills. • Make it easy for users.
  21. 21. Management Control Security Access Governance Hierarchy of IAM needs
  22. 22. • Know where you are. • Get the basics right. • Consider starting with provisioning. • Involve the business; put the business in charge. • Custom kills. • Make it easy for users. What we know works
  23. 23. • Failed Novell and Oracle deployments required three full-time staff just for provisioning. • Redirect staff to strategic IT initiatives. • 18 weeks to value. • Governance included. Technology company
  24. 24. • Know where you are. • Get the basics right. • Consider starting with provisioning. • Involve the business; put the business in charge. • Custom kills. • Make it easy for users. What we know works
  25. 25. • Phase one deployment in 14 weeks • Self-service access request • Immediately automated 50% of provisioning tasks • Governance included • Phase two underway Oil & gas company
  26. 26. • Know where you are. • Get the basics right. • Consider starting with provisioning. • Involve the business; put the business in charge. • Custom kills. • Make it easy for users. What we know works
  27. 27. • Evolving environment (mergers) required improvement over manual provisioning processes • Governance required including data • Reduced cost of compliance • Drive identity from HR system • Extend to students, staff, and volunteers Healthcare organization
  28. 28. • Know where you are. • Get the basics right. • Consider starting with provisioning. • Involve the business; put the business in charge. • Custom kills. • Make it easy for users. What we know works
  29. 29. • Modular and integrated approach to augment IAM framework • AD management and extend to Unix • Privileged account management • Single sign-on and federation • Self-service password reset • Finally replace custom framework with unified provisioning and governance. Document management company
  30. 30. What we know works • Know where you are. • Get the basics right. • Consider starting with provisioning. • Involve the business; put the business in charge. • Custom kills. • Make it easy for users.
  31. 31. • Provision AD also provisions Unix access • Went from 12 Unix passwords to 1 AD password • Eliminated a $1M/month helpdesk bill • Framework customization no longer required for Unix IAM Major bank
  32. 32. So, where can you turn for help?
  33. 33. All of them end with the same consequences… • Focus on what matters the most to you and your organisation • Include external systems where possible • Build the team of experts Remember IAM is about bringing business agility as well as managing risk!
  34. 34. Protect Comply Enable security for better . User – Identity and Access Management Endpoint (Data center – edge) Network (Perimeter and beyond) Data and Application (On-premises – cloud) Managed Security Services Security Intelligence and Response Strategically connect solutions to enable better outcomes Better security for better business.
  35. 35. Why work with Dell The path to governance • Policy-based access control • Governance for identities, user access, data and elevated access • Privileged account lockdown Business driven • User and line-of- business self- service • Unified policy, identity and workflow • Complete visibility and control Future-ready • Configure, don’t code • Adapt to meet changing organizational needs • Minimize the shock of constantly changing employee roles Modular and integrated • Doesn’t demand a rigid framework • Start anywhere and build from there • Easily plugs into existing tools and solutions Rapid time to value • Deploy initial functionality quickly • Streamline and automate tasks • Meet existing business processes
  36. 36. Thanks! Jackson.shaw@software.dell.com eBook: Future-ready IAM at http://dell.to/1JHdVOE software.dell.com/IAM

×