flaws in identity management and how to avoid them
DESCRIPTION
At the IDC CIO Summit 2010, Singapore, Haf Saba, Senior Solutions Specialist at NetIQ, presented this session around Identity & Access Management and Security. Read the accompanying blogs at: http://community.netiq.com/blogs/TRANSCRIPT
© 2010 NetIQ Corporation. All rights reserved.
Flaws in Identity Management and How to Avoid Them
Haf SabaSenior Solutions Specialist, NetIQ, Asia-Pacific
July 2010
© 2010 NetIQ Corporation. All rights reserved.
Security in Identity ManagementFlaws IAM as an enablerCase Studies
Agenda
© 2010 NetIQ Corporation. All rights reserved.3
Security as it relates to Identity Management
People• Who has access?• What level of privilege do they have?
Data and Systems• Where is sensitive data?• Are the systems secure and compliant?
Activity• Who is accessing resources?• Are we under attack?
© 2010 NetIQ Corporation. All rights reserved.4
The Issue:− Remove the employee, but neglect their access and equipment
Need to Integrate with Human Resources− Tight integration ensures faster response− Automated workflows are the safest approach
Must ensure best practices are followed:− Remove access− If access is maintained, monitor closely− Ensure all accounts are dealt with− Watch for shared accounts− Be prepared to raise level of activity monitoring
Flaw #1 - Employee De-provisioning
© 2010 NetIQ Corporation. All rights reserved.5
The Issue:− Too many independent platforms with their own unique access
Flaw #2 – Lack of Centralised Identity ManagementLeverage Active Directory
© 2010 NetIQ Corporation. All rights reserved.6
The Issue:− Too many independent
platforms with their own unique access
Flaw #2 – Lack of Centralised Identity ManagementLeverage Active Directory
• Eliminate access controls at system & application level• Reduce inconsistency• Reduce vulnerabilities
• Consolidate access controls at the directory service• Consistent security and configuration policies • Enables business process and secure infomation sharing
© 2010 NetIQ Corporation. All rights reserved.7
The Issue:− Reduce the number of
administrators
Help eliminate the risk of accidents− More tightly manage who
can do what− Improve auditing− Streamline and simplify
compliance
Flaw #3 - No Secure Privilege Delegation
© 2010 NetIQ Corporation. All rights reserved.8
Excessive numbers of Admins remains a common audit finding
Records stolen are via credentials that were:DefaultSharedStolen
Flaw #3 - No Secure Privilege DelegationToo many admins, too little control
“Out of date and/or excessive privileged and access control rights for users are viewed as having the most financial
impact on organisations.”– IDC Insider Risk Management August 2009
© 2010 NetIQ Corporation. All rights reserved.
Centralised IAM in the Real World
COMPLIANCE
WindowsLinux
UnixMac
ESX
Active Directory
Increase Control
Detect & Resolve
Incidents
Decrease Workload
Audit & Report
© 2010 NetIQ Corporation. All rights reserved.
Company Snapshot− Growing company− Manage thousands of servers in over 2900 locations− Face many compliance mandates
Key Challenges− Consolidate vendors & securely administer Active Directory
− Too many vendors providing point solutions− Had problems with integrity of their billing (per user)− High turnover in their admin positions
NetIQ identifies the need− Achieve and maintain regulatory compliance− Streamline administration while enforcing security controls− Quickly perform forensics analysis when a problem occurs− “Minimize self-inflicted wounds”
Case Study #1 Managed IT Service Provider for Fortune 1000 Companies
© 2010 NetIQ Corporation. All rights reserved.
Company Snapshot− Focus on defense, homeland security and other markets− 73,000 employees globally− COMPLEX environment (70 domain controllers in the U.S alone, 700 GPOs, 23
AD Sites, 105k Computer Objects, 80k user accounts, 25k Groups and 100 Administrators)
Key Challenges− Lower costs of administering and securing Active Directory and Group Policy− Improve Security and Compliance of the AD and Group Policy environments
NetIQ identifies the need− Achieve efficiencies through delegation and automation− Improve security by reducing privileges and controlling Group Policy
management− Meet compliance through auditing and reporting
Case Study #2Technology and Innovation Government Contractor
© 2010 NetIQ Corporation. All rights reserved.12
Abuse and misuse of privilege is a risk Reduce risk by securely managing the identity
− Automate provisioning and de-provisioning− Consolidate identity management− Reduce unnecessary administrative privilege
Integrate identity management and security Stop by our booth for more information!
Summary
Follow NetIQ:
NetIQ, an Attachmate business.
© 2010 NetIQ Corporation. All rights reserved.
Singapore Headquarters
9 Temasek Blvd, Suntec Tower 2, #28-03
+65 6336 3122
NetIQ.com
Thank You!
For information on NetIQ’s Identity Management solutions visit www.netiq.com