The way you implement Identity and Access Management (IAM) can make or break your security and compliance strategies. Based on Dell’s experience helping customers deploy IAM properly, we have identified common themes that run through these successful projects. In this session, one of Dell’s IAM experts will present a maturity model that will help you gauge the correct place to start your deployment, highlight the course corrections that may be necessary, and help you determine the path to IAM that’s right for you.
5. Why do you want to protect these things?
• You have some really valuable stuff.
• Your users want what they want, when they want it, and it better be easy.
• Someone says you have to do it.
• Bad people are out there.
• Good people aren’t perfect.
• You don’t want to have a security breach.
It’s just the right thing to do.
6. So you engage in
an IAM project
(in one guise or another).
7. Top reasons we see IAM projects stall.
• IAM gets run as one or more discreet IT projects
• Assuming just one technology will solve the problem
• Attempting to automate an existing process
• Assuming systems have boundaries
• Allowing scope to creep
• Trying to deliver everything at once
8. Example failed use case:
• IAM gets run as one or more discreet IT projects
• Assuming just one technology will solve the problem
• Attempting to automate an existing process
• Assuming systems have boundaries
• Allowing scope to creep
• Trying to deliver everything at once
9. Sound familiar?
• A manual process for provisioning Active Directory with native tools
• A highly customized provisioning framework for the rest of the enterprise
• A purchased solution for authentication to federated applications
• A home-grown solution for authentication to internally-developed applications
• Another purchased solution for single sign-on to legacy applications
• A manual process for privileged password management
• A dedicated Active Directory bridge for some Unix/Linux privileged account
management tasks
• A self-service solution for resetting user passwords
10. Document management company
• IAM framework for provisioning
• Another solution for PAM
• Another for AD management
• Another for single sign-on
• Another for password management
11. Example failed use case:
• IAM gets run as one or more discreet IT projects
• Assuming just one technology will solve the problem
• Attempting to automate an existing process
• Assuming systems have boundaries
• Allowing scope to creep
• Trying to deliver everything at once
12. Sound familiar?
An IAM framework that…
• Doesn’t do everything you need
• Maintains complexity
• Has made your org six years into the three-year IAM deployment
• Demands a constant stream of consultants and developers
• Has provided unfulfilled expectations
• When requirements change, it starts all over again
13. • “Traditional” IAM framework
• 16 full-time Java developers
• Two years in
• Provision 1 app (AD)
• Can’t de-provision anything
Fortune 100 company
14. Example failed use case:
• IAM gets run as one or more discreet IT projects
• Assuming just one technology will solve the problem
• Attempting to automate an existing process
• Assuming systems have boundaries
• Allowing scope to creep
• Trying to deliver everything at once
15. Sound familiar?
• How cumbersome are your “automated” processes?
• Are you actually provisioning everything you need?
• Who’s driving the bus, the business or IT?
• Governance: Attestation/re-certification
16. • Sun IAM framework
• Basic provisioning not up to par
• No access request
• No governance
• 3+ years to get to this point
Oil & gas company
17. All of them end with the same consequences…
• Inefficiency
• Audit exposure
• Inflexibility
• Cost overrun
Ultimately a project which
did not deliver as per the
expectations!
19. What we know works
• Know where you are.
• Get the basics right.
• Consider starting with provisioning.
• Involve the business; put the business in charge.
• Custom kills.
• Make it easy for users.
20. What we know works
• Know where you are.
• Get the basics right.
• Consider starting with provisioning.
• Involve the business; put the business in charge.
• Custom kills.
• Make it easy for users.
22. • Know where you are.
• Get the basics right.
• Consider starting with provisioning.
• Involve the business; put the business in charge.
• Custom kills.
• Make it easy for users.
What we know works
23. • Failed Novell and Oracle deployments
required three full-time staff just for
provisioning.
• Redirect staff to strategic IT initiatives.
• 18 weeks to value.
• Governance included.
Technology company
24. • Know where you are.
• Get the basics right.
• Consider starting with provisioning.
• Involve the business; put the business in charge.
• Custom kills.
• Make it easy for users.
What we know works
25. • Phase one deployment in 14 weeks
• Self-service access request
• Immediately automated 50% of
provisioning tasks
• Governance included
• Phase two underway
Oil & gas company
26. • Know where you are.
• Get the basics right.
• Consider starting with provisioning.
• Involve the business; put the business in charge.
• Custom kills.
• Make it easy for users.
What we know works
27. • Evolving environment (mergers)
required improvement over
manual provisioning processes
• Governance required including
data
• Reduced cost of compliance
• Drive identity from HR system
• Extend to students, staff, and
volunteers
Healthcare organization
28. • Know where you are.
• Get the basics right.
• Consider starting with provisioning.
• Involve the business; put the business in charge.
• Custom kills.
• Make it easy for users.
What we know works
29. • Modular and integrated approach to
augment IAM framework
• AD management and extend to Unix
• Privileged account management
• Single sign-on and federation
• Self-service password reset
• Finally replace custom framework with
unified provisioning and governance.
Document management company
30. What we know works
• Know where you are.
• Get the basics right.
• Consider starting with provisioning.
• Involve the business; put the business in charge.
• Custom kills.
• Make it easy for users.
31. • Provision AD also provisions Unix
access
• Went from 12 Unix passwords to 1 AD
password
• Eliminated a $1M/month helpdesk bill
• Framework customization no longer
required for Unix IAM
Major bank
33. All of them end with the same consequences…
• Focus on what matters the most
to you and your organisation
• Include external systems where
possible
• Build the team of experts
Remember IAM is
about bringing
business agility as
well as managing risk!
34. Protect Comply Enable
security for better .
User – Identity and Access Management
Endpoint
(Data center – edge)
Network
(Perimeter and beyond)
Data and Application
(On-premises – cloud)
Managed Security Services Security Intelligence and Response
Strategically connect solutions to enable better outcomes
Better security for better business.
35. Why work with Dell
The path to
governance
• Policy-based
access control
• Governance for
identities, user
access, data and
elevated access
• Privileged
account
lockdown
Business driven
• User and line-of-
business self-
service
• Unified policy,
identity and
workflow
• Complete
visibility and
control
Future-ready
• Configure, don’t
code
• Adapt to meet
changing
organizational
needs
• Minimize the shock
of constantly
changing
employee roles
Modular and
integrated
• Doesn’t demand
a rigid framework
• Start anywhere
and build from
there
• Easily plugs into
existing tools and
solutions
Rapid time to
value
• Deploy initial
functionality
quickly
• Streamline and
automate tasks
• Meet existing
business
processes