2. Agenda
Introduction
Ground Reality
Cases
Real-world impacts
Vulnerabilities
Building the Business Case
What is IAM?
Demystifying IAM
Implementation Challenges
www.niiconsulting.com
3. Speaker Introduction
Founder & Principal Consultant, Network
Intelligence
Certified as CISA, CISSP and CISM
Speaker at Blackhat 2004, Interop 2005, IT
Underground 2005, OWASP Asia 2008,2009
Co-author of book on Metasploit Framework
(Syngress), Linux Security & Controls (ISACA)
Author of numerous articles on SecurityFocus,
IT Audit, IS Controls (ISACA)
Conducted numerous pen-tests, application
security assessments, forensics, etc.
www.niiconsulting.com
17. What does it stand for?
Identity & Access Management
“Identity management is the set of business
processes, and a supporting infrastructure, for the
creation, maintenance, and use of digital identities.”
The Burton Group
But then what are Solutions for:
User Provisioning
Single Sign On
Web Access Management
Multi-Factor Authentication
Identity Lifecycle Management
www.niiconsulting.com
20. IAM Solutions
User Provisioning
Enterprise Single
Sign On
Web Access
Management
www.niiconsulting.com
21. Features to look out for
Critical Decision Criteria
www.niiconsulting.com
22. Top 5 Critical Success Factors
1. Identify Business Unit Champions
Foundation of IAM Project
Enterprise Applications or BU’s most likely to improve
(SAP, Core Banking, etc.) through IAM
Business owner who has fully bought into the project
2. Perform Vendor Analysis
Vendor’s Financial Stability
Usability without Vendor Presence
Revenue Growth
Customer Base – Similar Size/Industry
Strategic Partners
Product Vision & Roadmap
www.niiconsulting.com
23. Top 5 Critical Success Factors
3. Define project Non-Functional Requirements
requirements Non-Functional Requirements
Functional Requirements Scalability & Performance (#
User administration of users per server)
Delegation of user Fault Tolerance
administration Disaster Recovery –
Role-based access control Geographically Diversified
User self-service Solution configuration
Customization of user Training – Administrator &
interface End-User
Workflow
Auditing & reporting
Extensibility
Applications interface with
Security of the product itself
www.niiconsulting.com
24. Top 5 Critical Success Factors
4. Thorough Knowledge of Technical Features
Architecture –
Does it fit with your architecture
Is it cohesive or put together
Ability to adapt and improve your business processes
Integration with your technology – AS400, SAP, Core
Banking Solution, Windows, Unix, etc.
Password Management capabilities
Policy Management – Canned policies, policy wizards
TCO –money, FTEs to administer the product
Tiered, delegated, self-serviced administration
Deployability
Reporting & Auditing – Regulatory/Privacy
New Features – Virtual Directory Support, Web Access
Management
www.niiconsulting.com
25. Top 5 Critical Success Factors
5. Bring business into the picture centrally
Did it meet the business requirements
Can you quantify the benefits from the solution
Constantly communicate project expectations
and benefits to business units
Not just another vendor/solution
www.niiconsulting.com
31. 5 Key Benefits
Improved user experience
Help users control their online identities
Enables simplified sign-on
Create a "circle of trust" in which participating organizations can
verify the authenticity of users in a federated model.
Enhanced integration
Enable organizations to manage digital identities across their
diverse and expanding infrastructure.
A standards-based approach ensures investment protection and
dramatically reducing the risk of custom integration.
Multipurpose platform
Manage multiple authentication options from a single platform,
providing choice in any environment.
Varying levels of authorization functionality
www.niiconsulting.com
32. 5 Key Benefits
Centralized administration
Simplify the management of digital identities and security policies
with one administrative model.
Delegated administration of users and user self-service across
different identity and access management applications (i.e.,
authentication and authorization).
Lower administrative costs and a reduced resource burden.
Enhanced security
Ensure greater levels of security to match the growing risk of
exposure and high stakes involved in e-business.
Shift fluidly with an organization's perimeter, protecting the
business at the application level.
Be the cornerstone to security enforcement, providing a basis for
consistent enforcement, audit and reporting of policies across the
e-business environment.
Ensure regulatory and legal compliance
www.niiconsulting.com
33. Conclusion
Benefits
Improved user experience
Enhanced integration
Multipurpose platform
Centralized administration
Enhanced security
Critical Success Factors
Identify Business Unit Champions
Thorough Vendor Analysis
Well-defined Project Requirements
Thorough Product Feature Understanding
Taking Business On the Journey
www.niiconsulting.com
34. Questions?
Thank you! kkmookhey@niiconsulting.com
Information Security Information Security
Consulting Services Training Services
www.niiconsulting.com