intel it's identity and access management journey
DESCRIPTION
Advances in the SMAC stack – social, mobile, analytics, and cloud – have affected every part of the enterprise. Organizations want to move more diverse data to more places, and more people need access via more services and devices. Managing all this is a big task for information security. Learn about Intel IT's approach to IDAM redesign and IT best practices for enhanced security and a better user experience.TRANSCRIPT
Copyright © 2014, Intel Corporation. All rights reserved
Intel IT’s Identity and Access Management JourneyJuly 2014
2
Legal Notices
This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Intel, and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
* Other names and brands may be claimed as the property of others.
Copyright © 2014, Intel Corporation. All rights reserved.
Copyright © 2014, Intel Corporation. All rights reserved
3
The SMAC Stack Requires Agile Security Capabilities
Copyright © 2014, Intel Corporation. All rights reserved
• Enable movement of diverse information to more places• Variety and growth in devices, internet touch points, and access
methods• More custom mobile applications and services within the enterprise• The need to adopt standard applications for SaaS in the public
cloud
MobileSocial CloudAnalytics
The increase in devices, applications and use of the cloud requires a new approach to provisioning and managing identities.
4
Copyright © 2014, Intel Corporation. All rights reserved
The IdAM Challenge
• A 20 year old custom solution • A need for a new approach:
• Building with a small set of off-the-shelf solutions • Utilizing Web Services to “wrap” solutions• Driving for a small set of businesses processes
5
IdAM Vision & Goals
Vision: Simple, easy and controlled solutions that enable access to anything, from anywhere, to any
device.Drive Business Value Program CSIs
(Critical Success Factor)
Agility
Improved UX
Flexibility
Risk Mitigation
Reduce:
Unmanaged accounts
Access approval TPT
Application Setup
Audit Excursions
Copyright © 2014, Intel Corporation. All rights reserved
6
High-Level Reference Architecture
Copyright © 2014, Intel Corporation. All rights reserved
EnterpriseDirectory
Services
Core
(M
anag
em
ent)
Peri
ph
ery
(R
unti
me)
Provisioning Third Party Applications
Services
Enterprise Login Performance Stability
User Experience
User Experience
Service Oriented Architecture
KEY Biz Value
Access Request Interface
IdentityManagement
Services
Data Quality ID
Attestation
EntitlementManagement
Services
Access Certification Business / Tech Roles
AppsAppsAppsApps
AuthN
Step-Up AuthN Inbound Federation Outbound Federation Social Login
AuthZ
Fine-Grained AuthZ
7
Copyright © 2014, Intel Corporation. All rights reserved
Co-Existence Implementation (versus Big Bang)
• The new platform will be the master system and will treat the legacy platform as a managed source• As applications are migrated to the new platform, the
management of access will also move• Ahead of migration, legacy applications can take advantage of
features in the new platform, for example, access certification
New IdAMPlatform
Old IdAMPlatform
IdAM Web Services
AGGREGATE
PROVISION
READ
CREATE, UPDATE
LegacyApplications
New/Migrated
Applications
8
Integration Principles
Purchased 3rd Party Applications:Integrate with directory directly or web services
IdAM Web Services
New IdAMPlatform Enterprise
Directory
EnterpriseApplications
Purchased Applications
Custom Written Applications:Integrate with IdAM web services
Provisioning:Outside on exception basis
Copyright © 2014, Intel Corporation. All rights reserved
9
Copyright © 2014, Intel Corporation. All rights reserved
Workers,Trading Partners
& Consumers
Any Device
Federated Identity Management in the Cloud Intel
Access Governance(Core Platform)
Intel ApplicationsAnywhere
Cloud AppsCloud AppsCloud Apps
Internal AppsInternal AppsInternal Apps
Mobile AppsMobile AppsMobile Apps
Federated Identity
Management
StrongAuthentication
Internal External
B2C(Social)
B2B
Inbound SSO
OTP
SSOProvisioning
ActiveProvisioningJIT
Provisioning
Registration
CURRENT• Multiple IT and Business Group solutions• Cannot integrate at the cadence of
business• Lacking key capabilities (multi-factor
authentication, inbound federation)
FUTURE• Unified & IT delivered solution• Single day startup of Cloud SSO in most
cases• Rich capability set proactively meeting
business needs
10
Copyright © 2014, Intel Corporation. All rights reserved
Summary• Significant progress made but this is a long journey and we are only at the beginning.
•Co-existence allows us to achieve value incrementally over time.
• Focusing on a service-oriented architecture approach allows for quick wins on which we can continue to build.
•Align and adopt industry best practices.
• Strong leadership and management is key.
11
Thank You
Copyright © 2014, Intel Corporation. All rights reserved