evolving your identity management program · evolving your identity management program kelly...
TRANSCRIPT
![Page 1: Evolving Your Identity Management Program · Evolving Your Identity Management Program Kelly Manthey I&AM Practice Partner Brian Schlueter Information Security Specialist– Insurance](https://reader033.vdocuments.us/reader033/viewer/2022052713/5b9f240d09d3f26e288c5ece/html5/thumbnails/1.jpg)
Evolving Your Identity Management Program
Kelly MantheyI&AM Practice Partner
Brian SchlueterInformation Security Specialist–Insurance Industry
![Page 2: Evolving Your Identity Management Program · Evolving Your Identity Management Program Kelly Manthey I&AM Practice Partner Brian Schlueter Information Security Specialist– Insurance](https://reader033.vdocuments.us/reader033/viewer/2022052713/5b9f240d09d3f26e288c5ece/html5/thumbnails/2.jpg)
Presentation Overview
•Today’s Environment - Business Challenges•The role of Identity Management (IdM) Solutions•IdM Maturity Model•Getting There: IdM Maturity Best Practices
![Page 3: Evolving Your Identity Management Program · Evolving Your Identity Management Program Kelly Manthey I&AM Practice Partner Brian Schlueter Information Security Specialist– Insurance](https://reader033.vdocuments.us/reader033/viewer/2022052713/5b9f240d09d3f26e288c5ece/html5/thumbnails/3.jpg)
Today’s Environment is…
• Mergers & Acquisitions• Re-Organizations• Security Breaches• Regulatory Agency Requirements • Doing More with Less
KM1
![Page 4: Evolving Your Identity Management Program · Evolving Your Identity Management Program Kelly Manthey I&AM Practice Partner Brian Schlueter Information Security Specialist– Insurance](https://reader033.vdocuments.us/reader033/viewer/2022052713/5b9f240d09d3f26e288c5ece/html5/thumbnails/4.jpg)
Organization Impact: A constant state of change
![Page 5: Evolving Your Identity Management Program · Evolving Your Identity Management Program Kelly Manthey I&AM Practice Partner Brian Schlueter Information Security Specialist– Insurance](https://reader033.vdocuments.us/reader033/viewer/2022052713/5b9f240d09d3f26e288c5ece/html5/thumbnails/5.jpg)
An Identity Management Solution Helps Manage Change
• Identity Management is……• credential management• Management of user access to technology assets (HW, SW, services)• the reduction of usernames and passwords• tying usernames/passwords to real people• a defined and repeatable process for the requesting and granting of
system access• accountability for the scheduled review of access
![Page 6: Evolving Your Identity Management Program · Evolving Your Identity Management Program Kelly Manthey I&AM Practice Partner Brian Schlueter Information Security Specialist– Insurance](https://reader033.vdocuments.us/reader033/viewer/2022052713/5b9f240d09d3f26e288c5ece/html5/thumbnails/6.jpg)
An Identity Management Solution Helps Manage Change
• Getting people the right information at the right time to do their jobs
• Consistency in the granting of system access
• Automation of the administrative overhead associated with granting system access
![Page 7: Evolving Your Identity Management Program · Evolving Your Identity Management Program Kelly Manthey I&AM Practice Partner Brian Schlueter Information Security Specialist– Insurance](https://reader033.vdocuments.us/reader033/viewer/2022052713/5b9f240d09d3f26e288c5ece/html5/thumbnails/7.jpg)
Selling the Benefits in $$
Source: Forrester Research
![Page 8: Evolving Your Identity Management Program · Evolving Your Identity Management Program Kelly Manthey I&AM Practice Partner Brian Schlueter Information Security Specialist– Insurance](https://reader033.vdocuments.us/reader033/viewer/2022052713/5b9f240d09d3f26e288c5ece/html5/thumbnails/8.jpg)
Capability Maturity Model
Developing Established Optimized
Level 1
Level 2
Level 3
Level 4
Simplified &
Automated
Integrated Complianc
e
Standard & Repeatable
Ad-Hoc & Manual
Capabilities include People, Process, and Technology
Adapted from a CMM developed by David Sherry CISO, Brown University
![Page 9: Evolving Your Identity Management Program · Evolving Your Identity Management Program Kelly Manthey I&AM Practice Partner Brian Schlueter Information Security Specialist– Insurance](https://reader033.vdocuments.us/reader033/viewer/2022052713/5b9f240d09d3f26e288c5ece/html5/thumbnails/9.jpg)
Getting There: Developing
• Make IDM a strategic priority• Educate• Define your Access Request process/roles &
responsibilities• Involve stakeholders
• Identify authoritative source(s)
![Page 10: Evolving Your Identity Management Program · Evolving Your Identity Management Program Kelly Manthey I&AM Practice Partner Brian Schlueter Information Security Specialist– Insurance](https://reader033.vdocuments.us/reader033/viewer/2022052713/5b9f240d09d3f26e288c5ece/html5/thumbnails/10.jpg)
Getting There: Established
• Establish oversight• Determine information owners• Role definition and management model
• Develop a standard company architecture• Evaluate automation tools
![Page 11: Evolving Your Identity Management Program · Evolving Your Identity Management Program Kelly Manthey I&AM Practice Partner Brian Schlueter Information Security Specialist– Insurance](https://reader033.vdocuments.us/reader033/viewer/2022052713/5b9f240d09d3f26e288c5ece/html5/thumbnails/11.jpg)
Identity Management Vendor Landscape
• Major Players• Oracle, Sun, IBM, CA, Novell
• The IdM technology space has matured• Frameworks are standardized• Go with the vendor you like/are most
comfortable working with
![Page 12: Evolving Your Identity Management Program · Evolving Your Identity Management Program Kelly Manthey I&AM Practice Partner Brian Schlueter Information Security Specialist– Insurance](https://reader033.vdocuments.us/reader033/viewer/2022052713/5b9f240d09d3f26e288c5ece/html5/thumbnails/12.jpg)
Getting There: Optimized
• Delegated responsibility• Enterprise role management roadmap
• Align your architecture with open standards• Enterprise Role Management automation tool
evaluation
![Page 13: Evolving Your Identity Management Program · Evolving Your Identity Management Program Kelly Manthey I&AM Practice Partner Brian Schlueter Information Security Specialist– Insurance](https://reader033.vdocuments.us/reader033/viewer/2022052713/5b9f240d09d3f26e288c5ece/html5/thumbnails/13.jpg)
Closing Thoughts
• Educate• Focus on all three aspects
• People, Process, & Technology
• Define a roadmap; Don’t try to do it all upfront
• Start simple; accomodate complexity as your maturity grows
![Page 14: Evolving Your Identity Management Program · Evolving Your Identity Management Program Kelly Manthey I&AM Practice Partner Brian Schlueter Information Security Specialist– Insurance](https://reader033.vdocuments.us/reader033/viewer/2022052713/5b9f240d09d3f26e288c5ece/html5/thumbnails/14.jpg)
Contact Us:
Kelly Mantheyp: 312-371-9765e: [email protected]
Brian Schlueterp: 312-206-5380e: [email protected]