ncu business development on netiq idm
TRANSCRIPT
Business Development on NetIQ IDM
By Novell Consulting Ukraine (NCU)
Overview on value add of NCU
• Built new integration modules (drivers)• Build a Risk Assesment System inside NetIQ IDM• Enhanced user interface features of the portal IDM
UserApplication• Comprehensive Separation of Duties management on
the application request stage.
• Other examples of enhancements made to NetIQ IDM
Built new drivers
Why ?
Customers demands:Automation of access permissions and objects management for Microstrategy (provider of enterprise software platforms for Data Analytics & Audits).Who uses Microstrategy: SWIFT, 1st Financial Bank USA, Adidas, First National Bank, Bayer Healthcare, BNP Paribas, UniCredit, Deutsche Bank AG, DHL, Samsung Electronics, eBay, Facebook, Hyundai Mortor Company etc.http://www.microstrategy.com/us/about-us/customers/customer-list
Current NetIQ Deliverables:None: There are no off shelf integration modules for the leader in analytic and audit industry: MicroStrategy.
IDM integration module for Microstrategy
IDM integration module for Microstrategy
NCU developments:• Fully-functional driver, built according to IDM and SDK architecture from NetIQ• Complete Java implementation, uses Java Web API from MicroStrategy SDK• Allows bi-directional synchronization of User, Group, Report data and other
MicroStrategy metadata with NetIQ IDM• Delivered with built-in policy set, that lets achieve a result out of box• Tested with MicroStrategy version 9.x in an actual project in Ukraine
Future NetIQ Deliverables:Off shelf integration modules for the leader in analytic and audit industry: MicroStrategy.
• components: IDM 4.x
• deliverables: .jar, .xml
• services: installation, configuration, documentation
• support: updates & upgrades, 2nd line support
IDM integration module for Microstrategy Deliverables by NCU
Risk Assessment System inside NetIQ IDM
Why ?
Risk Assessment for applied and authorized permissions
Customers demands:Pro-active reaction to redundant permissions risks (do not allow to apply for the critical permission set on the access request stage). Receive comprehensive authorized permissions assessment for damages forecast and re-assessment planning.
Current NetIQ Deliverables:There are no Risk Assessment components inside NetIQ IDM. The feature is arranged in an off-line mode through reporting - and a refined version through Access Review.
Risk Assessment for applied and authorized permissions
NCU developments:• Data and Permissions Risk Assessment module for NetIQ IDM
(Abuse of permissions risk, Permissions loss risk, Permissions delegation risk, Information distortion risk, Data breach risk etc.)
• Pro-active analysis of risk level feature during access request application stage
• Worlds best practices in Risk Assessment reports• Administration setting tools
Future NetIQ Deliverables:Pro Active Risk Assessment for applied and authorized permissions inside NetIQ IDM
Risk Assessment System module Features
● Risk Assessment based on complex evaluations of object (User, System, Role, Activity)
● Operational risk evaluation during role permission assignment in the request application (form dashboards)
● Risk Analysis and Assessment (parameterized linked reports/sub-reports in JasperReport©)
● Risk Forecasting based on evaluations and executed activities (permissions assignment and revocation)
Permissions Request Form with Risk Indicator
Permissions Request Form with Risk Indicator
Risk Assessment (HeatMap)
Risk Assessment (HeatMap)
Risk Assessment (HeatMap subreport)
Critical Level Analysis
Critical Level Analysis
Critical Level Analysis
Critical Level Analysis
Risk Assessment System module Conclusion
● Risk Assessment based on characteristics of the objects used in access approval and maintenance
● Prevention/notification during assignment of roles associated with risks
● Risk Analysis and Forecasting● Assessment Indicator settings according to Customer demands● Analysis visualization for critical areas retrieval and assessment● “Heat Map” building for analysis acceleration● Assessment engine scaling according to object characteristics, risks,
object evaluations
• components: IDM 4.x UserApplication, EAS; Jasper Report 5.6/6.0 (community edition), jqgrid (opensource js-framework)
• deliverables: .war (.jar, .js), .xml (PRD), database schema (postgresql), report templates
• services: installation, configuration, documentation
• support: updates & upgrades, 2nd line support
Risk Assessment System module Deliverables by NCU
Enhanced user interface features of the portal IDM UserApplication
IDM User Application interface features extension
Customers demands:The ability not only to manage user group/target system role membership though IDM, but also to manage (create, edit) roles/access-groups in target systems WITHOUT system administrator's help.
Current NetIQ deliverables:Building tools for Simple forms, suitable for requests with short number of controls (fields, checkboxes etc.)
Example: User Application + jqGrid
Example: User Application + jqGrid
User Application + jqGrid
• Open Source jqGrid solution integration with UserApplication Interface.
• jgGrid controls binding with IDM role-based system.• As a result — ability to build more robust target system
permission management interfaces.
When need such features:• Integration with systems that does not have native
interfaces for permission grouping or systems with inconvenient interfaces.
• Demand to create and transfer to business the interfaces for target system object creation (particularly topical in banking).
Comprehensive Separation of Duties management
Customers demands:Prevent the registration request on conflict roles (SoD), having invested the role of the lower levels.
Current NetIQ Deliverables:NetIQ IDM does not check SoD policies in online forms and between role model levels. NetIQ IDM does not communicate with the user in case of policy violation.
Avoiding conflict of roles order
SoD Online control from UserApplication forms
• SoD validation on all built-in levels in UserApplication forms.• SoD violation notification.• SoD policies creation
interface stays unchanged.
BusinessBusinessRole 1Role 1
BusinessBusinessRole 2Role 2
CommonCommonRole 1Role 1
CommonCommonRole 2Role 2
CommonCommonRole 3Role 3
Prohibitedroles combi-nation (SoD)
Other examples of enhancements made to NetIQ IDM
• Optimized existing drivers (ActiveDirectory, Lotus Notes)• Digital Signature solution made inside the approval
processes stage• Extended and customized IDM reports