Upload File

flaws in identity management and how to avoid them

13
© 2010 NetIQ Corporation. All rights reserved. Flaws in Identity Management and How to Avoid Them Haf Saba Senior Solutions Specialist, NetIQ, Asia-Pacific July 2010

Upload: netiq

Post on 25-May-2015

1.376 views

Category:

Technology


0 download

Report

Tags:

DESCRIPTION

At the IDC CIO Summit 2010, Singapore, Haf Saba, Senior Solutions Specialist at NetIQ, presented this session around Identity & Access Management and Security. Read the accompanying blogs at: http://community.netiq.com/blogs/

TRANSCRIPT

Page 1: Flaws in Identity Management and How to Avoid Them

© 2010 NetIQ Corporation. All rights reserved.

Flaws in Identity Management and How to Avoid Them

Haf SabaSenior Solutions Specialist, NetIQ, Asia-Pacific

July 2010

Page 2: Flaws in Identity Management and How to Avoid Them

© 2010 NetIQ Corporation. All rights reserved.

Security in Identity ManagementFlaws IAM as an enablerCase Studies

Agenda

Page 3: Flaws in Identity Management and How to Avoid Them

© 2010 NetIQ Corporation. All rights reserved.3

Security as it relates to Identity Management

People• Who has access?• What level of privilege do they have?

Data and Systems• Where is sensitive data?• Are the systems secure and compliant?

Activity• Who is accessing resources?• Are we under attack?

Page 4: Flaws in Identity Management and How to Avoid Them

© 2010 NetIQ Corporation. All rights reserved.4

The Issue:− Remove the employee, but neglect their access and equipment

Need to Integrate with Human Resources− Tight integration ensures faster response− Automated workflows are the safest approach

Must ensure best practices are followed:− Remove access− If access is maintained, monitor closely− Ensure all accounts are dealt with− Watch for shared accounts− Be prepared to raise level of activity monitoring

Flaw #1 - Employee De-provisioning

Page 5: Flaws in Identity Management and How to Avoid Them

© 2010 NetIQ Corporation. All rights reserved.5

The Issue:− Too many independent platforms with their own unique access

Flaw #2 – Lack of Centralised Identity ManagementLeverage Active Directory

Page 6: Flaws in Identity Management and How to Avoid Them

© 2010 NetIQ Corporation. All rights reserved.6

The Issue:− Too many independent

platforms with their own unique access

Flaw #2 – Lack of Centralised Identity ManagementLeverage Active Directory

• Eliminate access controls at system & application level• Reduce inconsistency• Reduce vulnerabilities

• Consolidate access controls at the directory service• Consistent security and configuration policies • Enables business process and secure infomation sharing

Page 7: Flaws in Identity Management and How to Avoid Them

© 2010 NetIQ Corporation. All rights reserved.7

The Issue:− Reduce the number of

administrators

Help eliminate the risk of accidents− More tightly manage who

can do what− Improve auditing− Streamline and simplify

compliance

Flaw #3 - No Secure Privilege Delegation

Page 8: Flaws in Identity Management and How to Avoid Them

© 2010 NetIQ Corporation. All rights reserved.8

Excessive numbers of Admins remains a common audit finding

Records stolen are via credentials that were:DefaultSharedStolen

Flaw #3 - No Secure Privilege DelegationToo many admins, too little control

“Out of date and/or excessive privileged and access control rights for users are viewed as having the most financial

impact on organisations.”– IDC Insider Risk Management August 2009

Page 9: Flaws in Identity Management and How to Avoid Them

© 2010 NetIQ Corporation. All rights reserved.

Centralised IAM in the Real World

COMPLIANCE

WindowsLinux

UnixMac

ESX

Active Directory

Increase Control

Detect & Resolve

Incidents

Decrease Workload

Audit & Report

Page 10: Flaws in Identity Management and How to Avoid Them

© 2010 NetIQ Corporation. All rights reserved.

Company Snapshot− Growing company− Manage thousands of servers in over 2900 locations− Face many compliance mandates

Key Challenges− Consolidate vendors & securely administer Active Directory

− Too many vendors providing point solutions− Had problems with integrity of their billing (per user)− High turnover in their admin positions

NetIQ identifies the need− Achieve and maintain regulatory compliance− Streamline administration while enforcing security controls− Quickly perform forensics analysis when a problem occurs− “Minimize self-inflicted wounds”

Case Study #1 Managed IT Service Provider for Fortune 1000 Companies

Page 11: Flaws in Identity Management and How to Avoid Them

© 2010 NetIQ Corporation. All rights reserved.

Company Snapshot− Focus on defense, homeland security and other markets− 73,000 employees globally− COMPLEX environment (70 domain controllers in the U.S alone, 700 GPOs, 23

AD Sites, 105k Computer Objects, 80k user accounts, 25k Groups and 100 Administrators)

Key Challenges− Lower costs of administering and securing Active Directory and Group Policy− Improve Security and Compliance of the AD and Group Policy environments

NetIQ identifies the need− Achieve efficiencies through delegation and automation− Improve security by reducing privileges and controlling Group Policy

management− Meet compliance through auditing and reporting

Case Study #2Technology and Innovation Government Contractor

Page 12: Flaws in Identity Management and How to Avoid Them

© 2010 NetIQ Corporation. All rights reserved.12

Abuse and misuse of privilege is a risk Reduce risk by securely managing the identity

− Automate provisioning and de-provisioning− Consolidate identity management− Reduce unnecessary administrative privilege

Integrate identity management and security Stop by our booth for more information!

Summary

Page 13: Flaws in Identity Management and How to Avoid Them

Follow NetIQ:

NetIQ, an Attachmate business.

© 2010 NetIQ Corporation. All rights reserved.

Singapore Headquarters

9 Temasek Blvd, Suntec Tower 2, #28-03

+65 6336 3122

NetIQ.com

Thank You!

For information on NetIQ’s Identity Management solutions visit www.netiq.com

http://www.netiq.com/

Welding flaws

Submit a Winning Bid – Avoid the Fatal Flaws

Common Flaws

: CCNC Flaws:

04 Brand Identity Elements Brand Identity …2019/06/19  · 7 Brand Identity Elements The original flogo (in use through 2008) had technical flaws regarding how it was drawn. The

Ten Fatal Flaws of NIH Grant Submissions (and how to avoid them) Steffanie A. Strathdee, PhD Thomas L. Patterson, PhD

Avoid Four Common Safeguarding Flaws

What You Need to Know to Avoid Identity Theft

Identity Theft How it happens and how to avoid it

Flaws in Practice Flaws in Practice

Software Flaws

Common Flaws of Distributed Identity and Authentication Systems

Identity Theft Help Your Students Avoid This Epidemic

Fixes and flaws 2000 uneven lies for common flaws

[infographic] Ways to avoid identity theft by @zapier

Tips To Avoid Identity Theft

What You Need to Know to Avoid Identity Theft · 2010-08-06 · What You Need to Know to Avoid Identity Theft. Table of Contents Introduction 3 ... the benefits of posing as you

East Asia’s Power Shift: The Flaws and Hazards of …...East Asia’s Power Shift: The Flaws and Hazards of the Debate and How to Avoid Them Linus Hagström and Björn Jerdén The

Implementation Flaws

Thinking about Cryptography - Amazon Web Servicescybersec-prod.s3.amazonaws.com/secdev/wp-content/...IEEESecDev… · Thinking about Cryptography: Crypto Flaws and How to Avoid Them

What You Need to Know to Avoid Identity Theft · What You Need to Know to Avoid Identity Theft. Table of Contents Introduction 3 ... whose personal and financial data had been exposed

Objective 7.03 Understand ways to avoid identity theft. Identity Theft

Merits Flaws

Identity Theft How To Avoid Identity Theft When Job Searching Presented By: Mike Nicholas Identity Theft How To Avoid Identity Theft When Job Searching

MCQ’s 2: Technical Flaws to Avoid

Player’s Options: Flaws - DriveThruRPG.comwatermark.drivethrurpg.com/pdf_previews/90063-sample.pdf · Player’s Options: Flaws introduces flaws to the Pathfinder Roleplaying Game

CATION FLAWS

What You Need to Know to Avoid Identity Theft You Need to Know to Avoid Identity Theft Table of Contents Introduction 3 What is Identity Theft? 4 Important Identity Theft Facts 6 Types

Identity Theft: How to Avoid It

Has your identity been stolen? Want to avoid being a victim? · Anthem EAP’s ID Recovery can help you avoid the risk of identity theft. And if your identity does happen to be stolen,

DARREN DATTALO, CRIME WATCH UPDATE AVOID IDENTITY … · AVOID IDENTITY THEFT AT TAX TIME DARREN DATTALO, CRIME WATCH COORDINATOR April is upon us, and many of us are still slugging

Flaws Theme

Estonian Electronic Identity Card: Security Flaws in Key … · Estonian Electronic Identity Card: Security Flaws in Key Management Arnis Parsovs1,2 1Software Technology and Applications

East Asia’s Power Shift: The Flaws and Hazards of the ...780055/FULLTEXT01.pdfEast Asia’s Power Shift: The Flaws and Hazards of the Debate and How to Avoid Them Linus Hagström

Scams to Avoid - Clicklawwiki.clicklaw.bc.ca/images/3/37/Scams_to_Avoid_-_CLB_7-8.pdf · Scams to Avoid Lesson Plan: Scams ... • Describe identity theft and scams and how to avoid