© 2006 ibm corporation tivoli live -- identity management hursley park – 15 th june 2006 casey...
Post on 26-Mar-2015
216 Views
Preview:
TRANSCRIPT
© 2006 IBM Corporation
Tivoli LIVE -- Identity ManagementHursley Park – 15th June 2006
Casey PlunkettDirector, WW Sales, Tivoli Security
IBM IT Service Management
© 2006 IBM Corporation2 2006 ITSM Partner Summit
Agenda
Identity Management Drivers
Tivoli Identity Management Overview Deployment Proof Points Analysts’ Perspective
IBM IT Service Management
© 2006 IBM Corporation3 2006 ITSM Partner Summit
Gather business compliance information
Establish Trust and Compliance
Evaluate business compliance Report
Create SecurityControls &Compliancecriteria
Protect Systems
Build and Deploy software packages
Verify install images and request changes
Request Updated install images
Learn aboutvulnerabilities
Windowstools
Windowsexperts
Internettools
Internetexperts
Applicationtools
Applicationexperts
Unixtools
Unixexperts
Databasetools
Databaseexperts
Integrationtools
Integrationexperts
Linuxtools
Linuxexperts
Mainframetools
Mainframeexperts
Networktools
Networkexperts
Storagetools
Storageexperts
Key processes in IT Security ManagementThe activities and processes associated with IT Security Management can be summarized into four patterns that will remain current as technology changes.
Manage Threats
Gather and analyzesecurity related
eventsand symptoms
Correlate events and Initiate Response
Report
Process / Service view of IT Security
Management
Access Management
Privacy Management
Identity Management
Security Controls Definition
Security Compliance
Business Risk Management
Incident Management
Threat Management
Security Event Management
Vulnerability Management
Security Configuration
Security Patch Management
Manage Users
Apply business security controls
Apply resource security controls
Gather security control information
IBM IT Service Management
© 2006 IBM Corporation4 2006 ITSM Partner Summit
Increased Collaboration
Collaboration
Tru
st
Legend
Isolated Operations
11
Select ‘Trusted Partners’
22
Value Chain Visibility
33
Industry-Centric Value Web44
Cross-Industry Value Coalition
55
Co
st &
co
mp
lexi
ty o
f
Th
reat
s an
d A
dm
inis
trat
ion
Eco-system integration improves market agility but brings with it increased risk
costs in complexity, administration and
vulnerability.
Core Business
Subsidiary/JV
Customer
Partner/Channel
Supplier/Outsourcer
IBM IT Service Management
© 2006 IBM Corporation5 2006 ITSM Partner Summit
Product Life Cycle Management
Phase I Phase II Phase III Phase IV Phase V
IdeationDefinition/ Feasibility Development Launch
PostLaunch
Assess product,
team and process
performance
Produce and ship product
into marketplace
Fully develop product/
packaging manufacturing process and
business plan
Define concepts based on
new product ideas
Identify new
product ideas
The “sweet spot “occurs when process design, organization/performance management and enabling technologies are integrated and optimized across this value chain
R&DPackaging and Design GraphicsMarketingOperations and ProductionFinance
Engineering Brand Management Sales Management Public Relations/Ads Legal
Key Stakeholders in the PLM Process:
IBM IT Service Management
© 2006 IBM Corporation6 2006 ITSM Partner Summit
PLM (Summary) Reference Architecture
Adapter InstancesAdapter Instances
Resources and
Relationships(RDF store)
Adapter Registry
Adapter Instances
Workflows
Event Registry
Event Dispatcher
Knowledge Manager
Inference Rules
Inference Engine
Presentation Manager
Adapter Manager(run-time and monitor)
Event Log
Admin Console
WPSportlet portlet portletView
Generator
Content Manager
Log
Adapter Instance Store
instantiates
Workflow Manager
Document Repository
CADTeam
(QuickPlace, Sametime)
Project Schedule
Bill of Materials
PDM Mktg/Adv.
portlet
Key Needs:•ESSO•Provisioning•Directory Integ.•Access Control•Root Control
IBM IT Service Management
© 2006 IBM Corporation7 2006 ITSM Partner Summit
Can You Answer the following Questions Across Your Core Business Processes?
1. WHO can use our IT systems?
2. WHAT can these people do on our IT systems?
3. Can I easily PROVE to the auditor what these people did?
Tivoli’s Identity and Access Management productsautomates these internal controls
IBM IT Service Management
© 2006 IBM Corporation8 2006 ITSM Partner Summit
Identity Management Challenges/Opportunities…
How much am I spending on routine password resets? 3-4 times per year, per user and a £14 average cost per call
How long does it take to make new employees/contractors productive? Up to 12 days per user to create and service accounts
How many of my former employees/contractors still have access to sensitive data? 30-60% of accounts are orphans (potential security exposure)
How confident are we that only the right people have access to our Enterprise data? 70% of fraud cases involving customer data are related to an insider attack
How much time is spent on Account Management by User Community?– 10-20% of the LoB community typically provides Account Management
How long does it take to pull together reports for an audit? Can take weeks and some company’s have designated FTE’s for this purpose
IBM IT Service Management
© 2006 IBM Corporation9 2006 ITSM Partner Summit
Security Compliance
Manager
Identity Manager
Access Manager
PrivacyManager
IBM’s Integrated Identity Management Portfolio
Users & Applications
Federated Identity Manager
Directory Server
Directory IntegratorNeuSecure
Componentized Strategy
IBM IT Service Management
© 2006 IBM Corporation10 2006 ITSM Partner Summit
Tivoli Identity Manager
Tivoli Identity Manager
Identitychange
requested
Identity Stores
HR Systems
Approvals gathered
Detect and correct local privilege settings
Access policy
evaluated
Accounts updated
Databases
OperatingSystems
Applications
Tivoli Identity Manager
Identitychange
requested
Identitychange
requested
Identity StoresIdentity Stores
HR SystemsHR Systems
Approvals gathered
Approvals gathered
Approvals gathered
Detect and correct local privilege settingsDetect and correct local privilege settings
Access policy
evaluated
Access policy
evaluated
Accounts updatedAccounts updated
DatabasesDatabases
OperatingSystemsOperatingSystems
ApplicationsApplications
Identity Manager provisions accounts
Access Manager provides runtime enforcement
Integrated::Automated provisioning/ de-provisioning from an authoritative source.
Workflow for provisioning requests.
Additional user self-service options for password reset, registration etc.
Single sign-on for Identity and Access combined administration.
IBM IT Service Management
© 2006 IBM Corporation11 2006 ITSM Partner Summit
ITIM Express 4.6
Request-based provisioning with approval workflow
User self-care and password management Intuitive GUI Recertification of user access rights Installed/Bundled adapters Out-of-the-box reporting Email notification HR Feeds Account reconciliation
IBM IT Service Management
© 2006 IBM Corporation12 2006 ITSM Partner Summit
Complete Single Sign-on Management
Access C
ontrol
ID
Please enter your ID and password
Login
PasswordC
Flexible Authentication
139576
SECURID
UserDigital Identity Services eMail
EnterpriseMainframe
eHR
Claims
Federated
Web
eExpenses
Portal
iBanking
IBM IT Service Management
© 2006 IBM Corporation13 2006 ITSM Partner Summit
Tivoli Access Manager Family
Tivoli Access Manager for e-business (TAMeB)
– Web SSO, Centralized Authentication/Authorization/Audit
Tivoli Access Manager for Enterprise Sign-On (TAMES-ESSO)
– Enterprise (or Host) SSO
Tivoli Federated Identity Manager
– Federated SSO, Trust Mgmt/Brokering, Web Services Security Mgmt, Cross-Enterprise Identity Mapping
Tivoli Access Manager for Business Integration (TAMBI)
– WMQ-based Access Control, Data Integrity and Confidentiality
Tivoli Access Manager for Operating Systems (TAMOS)
– Locking down Root in UNIX and LINUX
IBM IT Service Management
© 2006 IBM Corporation14 2006 ITSM Partner Summit
Tivoli XML Gateway IntegrationCase in point:
Securely implement web services, secure once for many applications, aggregate user interactions and adhere to strong security protection and verification
Solution:
Helps protect SOA implementations addressing XML threats with fine-grain access control. Integrates with Tivoli Security for enterprise SOA deployments and centralized security policy management
XS40 XML Security Gateway
Identity, Security and Directory Services
Centralized Security Policy Management
Data Repository
Policy-driven security gateway for web services
Enterprise Directory
Suppliers
Partners
Users
Liberty
SAML
WS-Federation
IBM IT Service Management
© 2006 IBM Corporation15 2006 ITSM Partner Summit
Security Compliance Management
OperatingSystems
Applications
Workstations
Databases
IT securityCxO
IT Environment
Business issues:
regulations, standards
IT concernsSlammer,
MSBlaster, OS patchespassword violations
Users
Checking systems and applications
– For vulnerabilities and identifies violations against security policies
Key benefits:
– Helps to secure corporate data and integrity
– Identifies software security vulnerabilities
– Decreases IT costs through automation, centralization, and separation of duties
– Assists in complying with legislative and governmental standards
IBM IT Service Management
© 2006 IBM Corporation16 2006 ITSM Partner Summit
Vendor integration for faster time-to-valueDesktop SSO ActivCard ActivClient Microsoft Kerberos (SPNEGO) Microsoft NTLM
Directory sync & virtualization Aelita Ent. Directory Manager IBM Tivoli Directory Integrator OctetString Virtual Directory Radiant Logic
Encryption, SSL & VPN Aventail EX-1500 Eracom ProtectServer Orange IBM 4758 IBM 4960 Ingrian Secure Transaction Appliance nCipher nForce Neoteris IVE
Integration and Consulting 3000 trained personnel across Business Partners worldwide
Messaging security IBM WebSphere BI Message Broker IBM WebSphere BI Event Broker IBM WebSphere MQ
Web Server Plug-in Apache IBM HTTP Server IBM WebSphere Edge Server Microsoft IIS Sun ONE Web Server
Web Application Server BEA WebLogic Server IBM WebSphere App. Server
(Any J2EE Platform) Microsoft .NET
Web Portal Server BEA WebLogic Portal (SSO) IBM WebSphere Portal Plumtree Portal* Sun ONE Portal Server (SSO)
XML and Web Services DataPower Digital Evolution / SOA Software Forum Systems Layer 7 SecureSpan Gateway Reactivity XML Firewall VordelSecure
Application Single Sign-On Adexa collaboration products (9) Blockade ESconnect Broadvision One to One Cash-U Pecan Centric Product Innovation (3) Citrix Metaframe / Nfuse XP Documentum Content Server/Webtop Documentum eRoom IBM Content Manager IBM Host on Demand IBM Host Publisher IBM Lotus Domino IBM Lotus iNotes IBM Lotus Quickplace IBM Lotus Sametime IBM Lotus Team Workplace Intelliden R-Series Interwoven TeamSite Kana Platform Kintana Suite (Mercury Interactive) Microsoft Exchange (OWA) Microsoft SharePoint Portal/Services OpenConnect WebConnect Oracle Application server PeopleSoft Enterprise Application PeopleSoft Enterprise PeopleTools Rocksteady Rocknet SAP Enterprise Portal SAP Internet Transaction Server Secur-IT C-Man Secur-IT D-Man Siebel Sourcefire ISM Sun Calendar Server* Sun Messenger Server* Vasco Digipass (via C-Man)
* By request
Platform & Traffic Mgmt. Crossbeam Security Svcs. Switch F5 Networks BIG IP Sanctum AppShield
Strong Authentication ActivCard Aladdin Knowledge Systems Daon Engine (Biometrics) Entrust TruePass VeriSign
UNIX Deployment Lockdown HP-UX IBM AIX IBM DB2 IBM HTTP Server IBM WebSphere App. Server Oracle DB Red Hat Linux Sun Solaris SuSE Linux
User repository CA eTrust Directory IBM Tivoli Directory Server Microsoft Active Directory Novell eDirectory Siemens Nixdorf DirX Directory Sun ONE Directory Server Vasco Digipass
Integration factory
IBM IT Service Management
© 2006 IBM Corporation17 2006 ITSM Partner Summit
Tivoli Identity Management Proof Points…
on demand Solution:– Automate user provisioning, discovery and correction of invalid access
Case Studies:
Saves $500k/year in HR Enrollment process for 20k employees
Products:– IBM Tivoli Identity Manager (TIM)
Up to 40% of user access is invalid – IT must spend weeks manually provisioning and auditing user access to business systems
1 week...
3 weeks…
…to 10 minutes
…to 20 minutes and provisioning costs cut 93%
IBM IT Service Management
© 2006 IBM Corporation18 2006 ITSM Partner Summit
Tivoli Identity Management Proof Points…
on demand Solution:– Automate user provisioning, discovery and correction of invalid access
Case Studies:
Deployed Provisioning for 9,000 employees across 80 endpoints,
6 countries and 20 roles within 90 days
5 days to implement Provisioning (TIM Express) across 2,500 users
Products:– IBM Tivoli Identity Manager (TIM) or TIM Express, IDI and TAMeB
Up to 40% of user access is invalid – IT must spend weeks manually provisioning and auditing user access to business systems
IBM IT Service Management
© 2006 IBM Corporation19 2006 ITSM Partner Summit
Tivoli Identity Management Proof Points…
on demand Solution:– Single sign-on and self-service for password resets
Case Studies:
Most successful IT project in 25 years – cost justified in 8 months
Orange projects savings of millions of Euros annually (4M Secure SOA users)
Product:–IBM Tivoli Access Manager for Enterprise Single Sign-On– SOA: IBM Tivoli Federated Identity Manager
Up to 50% of help desk calls are for password resets – Every call incurs 14 in IT costs
IBM IT Service Management
© 2006 IBM Corporation20 2006 ITSM Partner Summit
Process Obtain a list of orphan accounts and determine validity
Compliance and Audit Issue
Link all user accounts to an identity
Business Process Inefficiency
Manual processes, custom scripts
IBM on demand Approach
Automated reconciliation
Proof Point Wall Street Example
Identity Manager
Tivoli Identity Manager
Identitychange
requested
Identity Stores
HR Systems
Approvals gathered
Detect and correct local privilege settings
Access policy
evaluated
Accounts updated
Databases
OperatingSystems
Applications
Tivoli Identity Manager
Identitychange
requested
Identitychange
requested
Identity StoresIdentity Stores
HR SystemsHR Systems
Approvals gathered
Approvals gathered
Approvals gathered
Detect and correct local privilege settingsDetect and correct local privilege settings
Access policy
evaluated
Access policy
evaluated
Accounts updatedAccounts updated
DatabasesDatabases
OperatingSystemsOperatingSystems
ApplicationsApplications
Identify Orphan Accounts
Business Process: User Validation
IBM IT Service Management
© 2006 IBM Corporation22 2006 ITSM Partner Summit
Process Implement rules for application access consistently
Compliance and Audit Issue
Consistent policy implementation
Business Process Inefficiency
Up to 30% of development costs for security infrastructure. Too many passwords to remember.
IBM on demand Approach
Centralized Application Access Control and SSO across applications.
Proof Point T. Rowe Price – $13.5M reduction in development costs
Access Manager
Business Process: New Business Initiative
IBM IT Service Management
© 2006 IBM Corporation23 2006 ITSM Partner Summit
Tivoli Identity Management -- Facts of Interest
>1,500 Access Management customers
>500 Provisioning customers
~20% of IdM customers are small & medium businesses
>3,000 professionals trained and certified to deploy IBM Identity
Management solutions worldwide
IBM IT Service Management
© 2006 IBM Corporation24 2006 ITSM Partner Summit
Tivoli Identity Management -- Facts of Interest
IBM Tivoli Security software is used by:
•15 of the top 20 commercial Banks worldwide
•6 top Healthcare companies worldwide
•4 of the top 5 Telecommunications companies worldwide
•6 of the top 10 Aerospace and Defense companies worldwide•7 of the top 10 Computer and Data Services companies worldwide
IBM IT Service Management
© 2006 IBM Corporation25 2006 ITSM Partner Summit
IBM Identity Management SolutionsContinue to be Recognized for Leadership
2006 Provisioning Leadership Position – Gartner Magic Quadrant 2005 #1 Provisioning Vendor, Gartner Vendor Selection Tool 2005 Frost & Sullivan Global Market Leadership Award for Identity Management 2005 Frost & Sullivan Market Leader designation for Access Management 2005 #1 Provisioning and Web SSO Vendor, IDC 2005 Web Services Leadership Position, Gartner Magic Quadrant 2004 SYS-CON Best Web Services Security Solution Award
IBM IT Service Management
© 2006 IBM Corporation26 2006 ITSM Partner Summit
Analyst View: Identity and Access Management Market Share (IDC)
Source: IDC, Worldwide [IAM] Market Forecast 2005-2009, Market Share for Web SSO and User Provisioning in 2004
IBM Tivoli35%
CA34%
Oracle7%
Novell7%
BMC5%
Sun4%
HP4%
RSA3%
Microsoft1%
IBM IT Service Management
© 2006 IBM Corporation27 2006 ITSM Partner Summit
Frost & Sullivan- Provisioning Market Share- Feb 2006
IBM IT Service Management
© 2006 IBM Corporation28 2006 ITSM Partner Summit
Frost & Sullivan- Web Access share- Feb 2006
IBM IT Service Management
© 2006 IBM Corporation29 2006 ITSM Partner Summit
Gartner- Web Services Magic Quadrant
IBM IT Service Management
© 2006 IBM Corporation30 2006 ITSM Partner Summit
top related