identity & access governance: key to security or ... · 6 software security and risk mitigation...

20
1 Software Identity & Access Governance: Key to Security or Completely Useless? Jackson Shaw Sr. Dir. of Product Management Dell Software Group

Upload: others

Post on 19-Jun-2020

1 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

1 Software

Identity & Access Governance:

Key to Security or

Completely Useless?

Jackson ShawSr. Dir. of Product ManagementDell Software Group

Page 2: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

2 Software

Dell leadership in software

2Muser community members

90%of Global 1000 are Dell

Software customers

+1Mcustomers

Highest overall protection Next-Gen Firewall

NSS LabsEMARadar Report Value Leader

for Boomi Cloud Integration

+6,000team members

Gartner

+$1.5Bsoftware revenue

(approx. based on run rate)

9 Magic Quadrants

1,600 + software engineers

2,500 + software sales

Page 3: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

3 Software

Cloud

of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years.

85%

68% of spend in private cloud solutions.

- Bain and Dell

Page 4: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

4 Software

Big data

2009 2020

Volume of data storedZettabytes

0.8

35

- IDC

Page 5: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

5 Software

Mobility

Smartphone and tablets used at work% of total customer type

Corporate

growth in smartphones and tablets used at work…

Personal

Corporate

5X

…and source shifts from 62% / 38% corporate / personal owned to 37% corporate owned and 63% personal owned- IDC, Dell internal analysis

Page 6: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

6 Software

Security and risk mitigation

of the surveyed companies experienced some type of significant security incident within the past year that resulted infinancial and/or reputational impact

average data loss impact for reactive organizations

79%

$1.1M- McAfee

Page 7: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

7 Confidential Global Marketing

Adaptive Security is Required for the New Normal

“Most of today’s security infrastructure is static – enforcing policies defined in advance in environments where IT infrastructure and business relationships are relative static. This is no longer sufficient in an environment that is highly dynamic, multisourced and virtualized, and where consumer-oriented IT is increasingly used in lieu of enterprise-owned and provisioned systems.”

- Neil MacDonald, Gartner

Page 8: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

8 Dell Software

Towards Risk-based Adaptive Authorization

Identity Manager

AuthZPolicy

Firewall

Page 9: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

9 Dell Software

Authorization Policy Attributes

Static Data from IAM Defines Risk Values

Resource identity and risk tolerance

Application Role risk tolerance

Role membership

User/Account identity

Device risk and ownership

Business hours and risk

Location Risk

Device Health

Authentication Methods risk

Dynamic Data from Firewall Determines Transaction Risks

Specific device in use

Device location

Account in use

Authentication strength

Time of day

Recent device activity

Page 10: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

10 Dell Software

Risk Evaluation and Access Allowed

Risk policy Value

During work hours 0

Outside work hours 10

On-premises 0

Remote 10

Corporate device 0

BYOD managed device

5

Unmanaged device 10

“Sales Manager” role membership

abarneydsmith

“Sales Manager” risk tolerance

25

Context item Risk value

Current time 10

Location 0

Device status 0

Account name abarney

http://acc1.foo.com/AP

Andrew Barney

Corporate desktop in the office

8:17pm

Account risk threshold

25

Total risk 10

ACCESS ALLOWED

Page 11: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

11 Dell Software

Risk Evaluation and Access Denied

Risk policy Value

During work hours 0

Outside work hours 10

On-premises 0

Remote 10

Corporate device 0

BYOD managed device

5

Unmanaged device 10

“Sales Manager” role membership

abarneydsmith

“Sales Manager” risk tolerance

25

Context item Risk value

Current time 10

Location 10

Device status 10

Account name abarney

http://acc1.foo.com/AP

Andrew Barney 8:17pm

Account risk threshold

25

Total risk 30

ACCESS DENIED

Unmanaged tablet on

public network

Page 12: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

12 Dell Software Group

Adaptive & Context-Aware Authorization

Time of day

Device

Data/app Classification

History

Location

Volume of requests

Identity

Page 13: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

13 Dell Software

Prevent Unwanted

Access

Enable Wanted Access

Page 14: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

14 Dell Software

Identity & Access Management Market Shift

Bu

sin

ess

Valu

e

2002 2006 2010 2014

Adaptive &Context-Aware

ContentAware

Identity & AccessGovernance

ProvisioningSSO

Page 15: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

15 Dell Software Group

Tying Governance to Enforcement

SonicWALLNGFW

Quest One Cloud Access Manager

Quest One Identity Manager

Identity and Access Governance

Multi-faceted SSO, Federation & Authorization

Zero Touch Context-aware Adaptive Authorization

Web, Federated & Legacy SSO, Coarse & Fine Grained Authorization with Just-in-Time provisioning, audit and access management

Controlling application access at the network layer

Policy, entitlements, role management and self-service access request

Page 16: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

16 Dell Software

What One Identity delivers

Improve visibility into who has access to business-critical information,automate provisioning and enforce access controls.

Access Governance

Centrally manage privileged accounts and provide granular control and monitoring of administrator access.

Privileged Account Management

Simplify the environment and user experience with centralized account management.

Identity Administration

Audit what the users are doing with the access they have been granted.

User Activity Monitoring

Page 17: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

17 Dell Software

The One Identity advantage

Access Governance

Privileged Account Management

Identity Administration

User Activity Monitoring

Broad portfolio that is modular & integrated

Granular access controls

Business-driven

Rapid time-to-valueSolution simplicity

Page 18: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

18 Dell Software

Complete identity & access management

Access GovernanceManage access to business-critical information• Access request and certification• Fine-grained application security• Data access management• Role engineering• Automated provisioning

Privileged Account ManagementUnderstand and control administrator activity

• Granular delegation• Enforce Separation of Duty (SoD)

• Enterprise privilege safe• Session management

• Keystroke logging

Identity AdministrationSimplify account management • Directory Consolidation• AD Administration• Virtual Directory Services• Single Sign-on• Strong Authentication

User Activity MonitoringAudit user activity

• Granular AD auditing• Permissions reporting

• Log management• Event alerting

• Crisis resolution

One Identity

Page 19: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

Security

Simplify IT

Mitigate risk

Accelerate results

Page 20: Identity & Access Governance: Key to Security or ... · 6 Software Security and risk mitigation of the surveyed companies experienced some type of significant security incident within

20 Dell Software