identity and access management
DESCRIPTION
Identity and Access Management. Patrick Hunter. EMEA IDAM Team Lead. 7 th February 2012. Creating simple, effective and lasting IDAM solutions. To explain the major differences between Africa and Europe – Let me illustrate. Africa. Europe (England). But. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/1.jpg)
©2011 Quest Software, Inc. All rights reserved.
Patrick Hunter
EMEA IDAM Team Lead
7th February 2012
Creating simple, effective and lasting IDAM solutions
Identity and Access Management
![Page 2: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/2.jpg)
2
©2011 Quest Software, Inc. All rights reserved.
To explain the major differences between Africa and Europe – Let
me illustrate...
![Page 3: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/3.jpg)
3
©2011 Quest Software, Inc. All rights reserved.
Africa
![Page 4: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/4.jpg)
4
©2011 Quest Software, Inc. All rights reserved.
Europe (England)
![Page 5: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/5.jpg)
5
©2011 Quest Software, Inc. All rights reserved.
But...
The problems with Identities remain the same
![Page 6: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/6.jpg)
©2011 Quest Software, Inc. All rights reserved.
Telling the Quest One Story
Quest One Identity Solutions
![Page 7: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/7.jpg)
7
©2011 Quest Software, Inc. All rights reserved.
Complexity ComplianceSecurity
• Internal and external threats
• Increased risk of internal breach
• Orphaned accounts
• Too many have access to privileged accounts
• Users have too much access
• Too many separate user stores
• Anomalous activity goes unnoticed
• Managing user access rights is resource-intensive
• Number of regulations continue to grow
• New requirements add more administrative tasks
• Proving compliance is labor-intensive
• Reviewing activity logs only during audits is often too late
The Challenges Fact: 96% of breaches were avoidable through simple or intermediate controls.
Source - 2011 Data Breach Investigations Report, Verizon RISK Team with cooperation from the US Secret Service
and the Dutch High Tech Crime Unit
Fact: On average, a typical enterprise end-user has 6 enterprise-issued passwords.
Source - Aberdeen Group research
Fact: 48 percent of respondents rated the odds of experiencing a compliance risk within the next 18 months as “high” or “very high.
Source – State of Compliance 2011, PWC
![Page 8: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/8.jpg)
8
©2011 Quest Software, Inc. All rights reserved.
Improve visibility into who has access to business critical information, automate provisioning and enforce access controls.
Centrally manage privileged accounts and provide granular control of administrator access.
Simplify the environment and user experience with centralized account management.
Audit what the users are doing with the access they have been granted.
Access Governance
Privileged Account Management
User Activity Monitoring
Identity Administration
What Quest One Delivers
![Page 9: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/9.jpg)
9
©2011 Quest Software, Inc. All rights reserved.
Quest One Customer Examples
Access Governance
User Activity Monitoring
Privileged Account Management
Identity Administration
![Page 10: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/10.jpg)
10
©2011 Quest Software, Inc. All rights reserved.
Broad Portfolio that is Modular & Integrated Granular Access
Controls
Business-Driven
The Quest One Advantage
simpleRapid Time-to-ValueSolution Simplicity
Access Governance
Privileged Account Management
User Activity Monitoring
Identity Administration
![Page 11: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/11.jpg)
11
©2011 Quest Software, Inc. All rights reserved.
Manage Access to Business Critical InformationAccess Request and CertificationFine Grained Application SecurityData Access ManagementRole EngineeringAutomated Provisioning
Access Governance
Access Governance
![Page 12: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/12.jpg)
12
©2011 Quest Software, Inc. All rights reserved.
Understand and Control Administrator ActivityGranular DelegationEnforce Separation of Duty Enterprise Password VaultSession ManagementKeystroke Logging
Privileged Account Management
Privileged Account
Management
![Page 13: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/13.jpg)
13
©2011 Quest Software, Inc. All rights reserved.
Identity Administration
Simplify Account Management Directory ConsolidationAD AdministrationVirtual Directory ServicesSingle Sign-onStrong Authentication
Identity Administration
![Page 14: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/14.jpg)
14
©2011 Quest Software, Inc. All rights reserved.
User Activity Monitoring
Audit User ActivityGranular AD AuditingPermissions ReportingLog ManagementEvent AlertingCrisis Resolution
User Activity
Monitoring
![Page 15: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/15.jpg)
15
©2011 Quest Software, Inc. All rights reserved.
Simplify Account Management
Manage Access to Business Critical Information
Audit User
Activity
Privileged Account
Management
AccessGovernance
Access Governance
Privileged Account
Management
Complete Identity & Access Management
Understand &Control
Administrator Activity
Identity Administration
User Activity
Monitoring
![Page 16: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/16.jpg)
16
©2011 Quest Software, Inc. All rights reserved.
Easier accountability and greater transparency throughout your business!
We simplify identity and access management.
![Page 17: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/17.jpg)
©2011 Quest Software, Inc. All rights reserved.
A closer look at the building blocks!
![Page 18: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/18.jpg)
18
©2011 Quest Software, Inc. All rights reserved.
Challenges• Who runs IAM? Who should run it?
• Audits are time consuming and expensive
• You can’t trust everyone (even your administrators)
• An IAM solution should:• Reduce risks• Reduce the cost of audit• Empower the business
• IAM should benefit both IT and the Business
![Page 19: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/19.jpg)
19
©2011 Quest Software, Inc. All rights reserved.
Quest One is….• Simpler
• Broad portfolio
• Modular & integrated
• Rapid time-to-value
• Use existing investments
• Business driven
![Page 20: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/20.jpg)
20
©2011 Quest Software, Inc. All rights reserved.
Improve visibility into who has access to business critical information, automate provisioning and enforce access controls.
Audit what the users are doing with the access they have been granted.
Simplify the environment and user experience with centralized account management.
Centrally manage privileged accounts and provide granular control of administrator access.
Where It Affects The Real World…
Access Governance
User Activity Monitoring
Privileged Account Management
Identity Administration
![Page 21: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/21.jpg)
21
©2011 Quest Software, Inc. All rights reserved.
Simplify Account Management
Manage Access to Business Critical Information
Understand &Control
Administrator Activity
Privileged Account
Management
AccessGovernance
Access Governance
Privileged Account
Management
Complete Identity & Access Management
Audit User
Activity
Identity Administration
User Activity
Monitoring
![Page 22: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/22.jpg)
©2011 Quest Software, Inc. All rights reserved.
Use Cases
![Page 23: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/23.jpg)
23
©2011 Quest Software, Inc. All rights reserved.
Use Case: Access Entitlement Review, Attestation, & Recertification
We need to understand who has access to what across our environment. And, we need to involve the business managers, but they need to understand what the access entitlements actually mean.
Topics:• Discovery of entitlements, orphaned data, & unstructured data• Attestation/recertification at the business level• Eliminate “blind” attestation• Visibility of all entitlements an employee or group has and how they got
them
![Page 24: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/24.jpg)
24
©2011 Quest Software, Inc. All rights reserved.
Use Case: Closed Loop ComplianceWe need to establish a continuous process to make sure we stay on top of compliance. We need to show our auditors that every person has only the access they need to do their jobs, and nothing more.
Topics• Applies to users and administrators• Clear, easy to understand dashboard displays• Establish regular scheduled attestations to occur going forward• Automation and control of high-impact tasks• Easy and complete attestation / recertification• Policy enforcement – execute / remediate / take action when necessary
to complete fulfillment
![Page 25: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/25.jpg)
25
©2011 Quest Software, Inc. All rights reserved.
Closed Loop Compliance with
Review/Interpret
Discover/Compile
Certify/Attest
Resulting Action
1001011000101101
Customer Database
Automated Access Governance Cycle
![Page 26: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/26.jpg)
26
©2011 Quest Software, Inc. All rights reserved.
Use Case: Privileged Account ManagementCentrally manage privileged accounts and provide granular control and complete visibility of administrator access
Topics:• Policy-based enterprise-wide• Tightly controlled release and audit of shared credentials• Least-privilege access – across systems• Session audit / keystroke logging
![Page 27: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/27.jpg)
27
©2011 Quest Software, Inc. All rights reserved.
Who knows what?
Can you be sure?
![Page 28: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/28.jpg)
28
©2011 Quest Software, Inc. All rights reserved.
How strong is a strong password?
![Page 29: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/29.jpg)
29
©2011 Quest Software, Inc. All rights reserved.
Best Practices for Identity• Strong password policy
• Procedure enforcement
• Privileged Account Management
• Multi-factor authentication
• User-to-shared account linking
• Identity management solutions
• Audited Automation
• Moving processes – account history (SoD)
• Tamper resistant audit trail
![Page 30: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/30.jpg)
30
©2011 Quest Software, Inc. All rights reserved.
![Page 31: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/31.jpg)
31
©2011 Quest Software, Inc. All rights reserved.
Use Case: Automate Administrative TasksWe need to automate common administrative tasks and reduce the burden on IT without adding complexity, or maintaining our reliance on inconsistent practices and disparate tools.
Topics• Active Directory account, password and group creation, and
modification• Single sign-on• Self-service password resets• Reducing complexity – “Get to One”
![Page 32: Identity and Access Management](https://reader035.vdocuments.us/reader035/viewer/2022062222/568163a9550346895dd4baa2/html5/thumbnails/32.jpg)
©2011 Quest Software, Inc. All rights reserved.