identity & access governance: key to security or ... · 6 software security and risk mitigation...
TRANSCRIPT
![Page 1: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/1.jpg)
1 Software
Identity & Access Governance:
Key to Security or
Completely Useless?
Jackson ShawSr. Dir. of Product ManagementDell Software Group
![Page 2: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/2.jpg)
2 Software
Dell leadership in software
2Muser community members
90%of Global 1000 are Dell
Software customers
+1Mcustomers
Highest overall protection Next-Gen Firewall
NSS LabsEMARadar Report Value Leader
for Boomi Cloud Integration
+6,000team members
Gartner
+$1.5Bsoftware revenue
(approx. based on run rate)
9 Magic Quadrants
1,600 + software engineers
2,500 + software sales
![Page 3: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/3.jpg)
3 Software
Cloud
of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years.
85%
68% of spend in private cloud solutions.
- Bain and Dell
![Page 4: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/4.jpg)
4 Software
Big data
2009 2020
Volume of data storedZettabytes
0.8
35
- IDC
![Page 5: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/5.jpg)
5 Software
Mobility
Smartphone and tablets used at work% of total customer type
Corporate
growth in smartphones and tablets used at work…
Personal
Corporate
5X
…and source shifts from 62% / 38% corporate / personal owned to 37% corporate owned and 63% personal owned- IDC, Dell internal analysis
![Page 6: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/6.jpg)
6 Software
Security and risk mitigation
of the surveyed companies experienced some type of significant security incident within the past year that resulted infinancial and/or reputational impact
average data loss impact for reactive organizations
79%
$1.1M- McAfee
![Page 7: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/7.jpg)
7 Confidential Global Marketing
Adaptive Security is Required for the New Normal
“Most of today’s security infrastructure is static – enforcing policies defined in advance in environments where IT infrastructure and business relationships are relative static. This is no longer sufficient in an environment that is highly dynamic, multisourced and virtualized, and where consumer-oriented IT is increasingly used in lieu of enterprise-owned and provisioned systems.”
- Neil MacDonald, Gartner
![Page 8: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/8.jpg)
8 Dell Software
Towards Risk-based Adaptive Authorization
Identity Manager
AuthZPolicy
Firewall
![Page 9: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/9.jpg)
9 Dell Software
Authorization Policy Attributes
Static Data from IAM Defines Risk Values
Resource identity and risk tolerance
Application Role risk tolerance
Role membership
User/Account identity
Device risk and ownership
Business hours and risk
Location Risk
Device Health
Authentication Methods risk
Dynamic Data from Firewall Determines Transaction Risks
Specific device in use
Device location
Account in use
Authentication strength
Time of day
Recent device activity
![Page 10: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/10.jpg)
10 Dell Software
Risk Evaluation and Access Allowed
Risk policy Value
During work hours 0
Outside work hours 10
On-premises 0
Remote 10
Corporate device 0
BYOD managed device
5
Unmanaged device 10
“Sales Manager” role membership
abarneydsmith
“Sales Manager” risk tolerance
25
Context item Risk value
Current time 10
Location 0
Device status 0
Account name abarney
http://acc1.foo.com/AP
Andrew Barney
Corporate desktop in the office
8:17pm
Account risk threshold
25
Total risk 10
ACCESS ALLOWED
![Page 11: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/11.jpg)
11 Dell Software
Risk Evaluation and Access Denied
Risk policy Value
During work hours 0
Outside work hours 10
On-premises 0
Remote 10
Corporate device 0
BYOD managed device
5
Unmanaged device 10
“Sales Manager” role membership
abarneydsmith
“Sales Manager” risk tolerance
25
Context item Risk value
Current time 10
Location 10
Device status 10
Account name abarney
http://acc1.foo.com/AP
Andrew Barney 8:17pm
Account risk threshold
25
Total risk 30
ACCESS DENIED
Unmanaged tablet on
public network
![Page 12: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/12.jpg)
12 Dell Software Group
Adaptive & Context-Aware Authorization
Time of day
Device
Data/app Classification
History
Location
Volume of requests
Identity
![Page 13: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/13.jpg)
13 Dell Software
Prevent Unwanted
Access
Enable Wanted Access
![Page 14: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/14.jpg)
14 Dell Software
Identity & Access Management Market Shift
Bu
sin
ess
Valu
e
2002 2006 2010 2014
Adaptive &Context-Aware
ContentAware
Identity & AccessGovernance
ProvisioningSSO
![Page 15: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/15.jpg)
15 Dell Software Group
Tying Governance to Enforcement
SonicWALLNGFW
Quest One Cloud Access Manager
Quest One Identity Manager
Identity and Access Governance
Multi-faceted SSO, Federation & Authorization
Zero Touch Context-aware Adaptive Authorization
Web, Federated & Legacy SSO, Coarse & Fine Grained Authorization with Just-in-Time provisioning, audit and access management
Controlling application access at the network layer
Policy, entitlements, role management and self-service access request
![Page 16: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/16.jpg)
16 Dell Software
What One Identity delivers
Improve visibility into who has access to business-critical information,automate provisioning and enforce access controls.
Access Governance
Centrally manage privileged accounts and provide granular control and monitoring of administrator access.
Privileged Account Management
Simplify the environment and user experience with centralized account management.
Identity Administration
Audit what the users are doing with the access they have been granted.
User Activity Monitoring
![Page 17: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/17.jpg)
17 Dell Software
The One Identity advantage
Access Governance
Privileged Account Management
Identity Administration
User Activity Monitoring
Broad portfolio that is modular & integrated
Granular access controls
Business-driven
Rapid time-to-valueSolution simplicity
![Page 18: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/18.jpg)
18 Dell Software
Complete identity & access management
Access GovernanceManage access to business-critical information• Access request and certification• Fine-grained application security• Data access management• Role engineering• Automated provisioning
Privileged Account ManagementUnderstand and control administrator activity
• Granular delegation• Enforce Separation of Duty (SoD)
• Enterprise privilege safe• Session management
• Keystroke logging
Identity AdministrationSimplify account management • Directory Consolidation• AD Administration• Virtual Directory Services• Single Sign-on• Strong Authentication
User Activity MonitoringAudit user activity
• Granular AD auditing• Permissions reporting
• Log management• Event alerting
• Crisis resolution
One Identity
![Page 19: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/19.jpg)
Security
Simplify IT
Mitigate risk
Accelerate results
![Page 20: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within](https://reader036.vdocuments.us/reader036/viewer/2022062922/5f091dc67e708231d4254e45/html5/thumbnails/20.jpg)
20 Dell Software