pre-con ed: governance of privileged identities—key to breach prevention
TRANSCRIPT
World®’16
GoverningyourPrivilegedAccessPreconferenceTechnicalSessionEhudAmiri,ProductManagementMattMiller,Presales
SCX03E
SECURITY
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.
Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInformationalPurposesOnlyTermsofthisPresentation
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
EhudAmiri
MattMillerCATechnologies
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
OneStopShopforallIdentityServices
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhyPrivilegedAccessGovernanceIsNeeded?
•
•
Theoutcome•
•
•
••
TheSituationToday
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
PrivilegedAccessGovernance
•
•
•
TheCAIdentitySuiteSolution•
•
••
TheCAApproach
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AutomatedProvisioningandDe-Provisioning
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AccessCertification
Account certification
Update HR
reports
Mitigate access
risk
9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AccessRequest
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Why Now and Why CA for Privileged Access Governance?
• Compliance- Manyorganizationsarefacingcompliancepressuretoensureproperprivilegedaccess
governanceisimplemented
• BetterSecurity- Managingandgoverning“whohasaccessandwhy”forprivilegedaccessisbecomingmore
importantinthebroaderfightagainstsecuritybreaches
• EliminatingSilos- Implementingseparategovernancesolutionsforprivilegedaccessandnon-privilegedaccessmay
createunintendedweaknessesincustomers’cyber-securitystrategy
• OneStopShop- ByintegratingCAIdentitySuiteandCAPrivilegedAccessManagement,customerscaneasily
implementanenterprise-wideapproachthatisbasedontwoproven&marketleadingsolutions
Making the right choice
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TechnicalOverview
§ GranularprovisioningconnectorforCAPAM– UseofCAPAMRESTAPIsandCAPAMAPIKey– GranularmanagementofCAPAMUsers(Morethan25attributes)– MappingUserstoRoles,UserGroups,Devices,&DeviceGroups– SupportforLocalandLDAP/ADCAPAMUsers
§ CAIdentitySuiteuserexperienceforCAPAM– OutoftheboxtemplatesforUserandDevicecertifications
13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
LabPrerequisites
Thelabincludesthefollowingthreevirtualmachines:– Machine1:CAIdentityPortalplusCAIdentityManager– Machine2:CAIdentityGovernance– Machine3:CAPAM
Theenvironmentisalreadypreconfigured(wewillshowhowthiswasdone):
– CAIdentityManagerconfiguredwithCAPAMendpoint– CommunicationandtrustisestablishedusingCAPAMAPIKey– DataispopulatedinCAIdentitySuite
14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
RecommendedSessions
SESSION# TITLE DATE/TIME
SCT21S CAIdentitySuiteLaunchandRoadmap 11/17/2016at12:45pm
SCT62S TheStateofLouisianaandCATechnologies– ImprovinglivesthroughHealthcareModernization 11/17/2016at3:00pm
SCT92P CIOSummitPanel: MaximizingTheValueofYourOnPremiseandCloudEnvironments 11/17/2016at4:30pm
15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Don’tMissOurINTERACTIVESecurityDemoExperience!
SNEAKPEEK!
15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Wewanttohearfromyou!
§ ITCentralisaleadingtechnologyreviewsite.CAhasthemtohelpgenerateproductreviewsforourSecurityproducts.
§ ITCSstaffmaybeatthissessionnow!(lookfortheirshirts).Ifyouwouldliketoofferaproductreview,pleaseaskthemaftertheclass,orgobytheirbooth.
Note:§ Onlytakes5-7mins§ Youhavetotalcontroloverthereview§ Itcanbeanonymous,ifrequired
17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Questions?
18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Thankyou.
Stayconnectedatcommunities.ca.com
@CAWORLD#CAWORLD ©2016CA.AllRIGHTSRESERVED.19 @CAWORLD#CAWORLD
Security
FormoreinformationonSecurity,pleasevisit:http://cainc.to/EtfYyw