the premier service management event may 18 - 22, 2008 | orlando, florida business partner summit...
Post on 23-Jan-2016
215 views
TRANSCRIPT
![Page 1: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/1.jpg)
THE PREMIER SERVICE MANAGEMENT EVENTMay 18 - 22, 2008 | Orlando, Florida
Business Partner Business Partner SummitSummit
Maximize Your Sales with Business Security SolutionsMaximize Your Sales with Business Security Solutions
Bob Kalka, Global Security Enablement [email protected]
![Page 2: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/2.jpg)
2
Agenda
• A Sales Perspective on Business Security
• IBM Corporate Security Strategy
• Relationship with IBM Service Management
• 1H08 Tivoli Security Sales Plays
• Top Opportunities
• Our Unique Value
• Summary
![Page 3: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/3.jpg)
3
Massive insider breach at DuPont February 15, 2007 By: Larry Greenemeier
The world is riskier than it used to be…
iTunes back to normal after holiday traffic quadruplesABC News: December 28, 2006
Bill Would Punish Retailers For Leaks of Personal Data by Joseph Pereira (February 22, 2007)
TJX data breach: At 45.6M card numbers, it’s the biggest ever March 29, 2007 By: Jaikumar Vijayan
Bill would punish retailers for leaks of personal dataFebruary 22, 2007By Joseph Pereira
Societe Generale Uncovers Massive FraudJanuary 24, 2008By: Emma Vandore
![Page 4: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/4.jpg)
4
More demands for personalized service
New standards & regulations
Improve operational efficiency – manage costs
Acquisitions &mergers
Seamless access to infrastructure – anytime/anyplace
Need for a consolidated view of information and applications
Inadequate return on investment in IT
Protect security and privacy of critical assets
Need to streamline linkages with partners and suppliers
Legacy system integration
Increasing volume of data
Increasingly mobile workforce
External system threats
Business Challenges - Sound Familiar?
![Page 5: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/5.jpg)
5
Business Challenges – The Simple View
1. Can I protect against internal and external security threats and vulnerabilities? (IT Security)
2. Can I protect my business initiatives? (Business)
• Who can come in?
• What can they do?
• Can I easily prove it to an auditor?
PHYSICAL
INFRASTRUCTURE
DATA
USERS
APPLICATIONS
![Page 6: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/6.jpg)
6
The Simple Answer is “No, I Can’t”
PHYSICAL
INFRASTRUCTURE
DATA
USERS
APPLICATIONS
Disclosures of Sensitive Business Data(IT Policy Compliance Group, 2007)
Between 3 and 2270%
More than 22 incidents
20%Less than 3
10%
![Page 7: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/7.jpg)
7
IBM Security Framework
“Marketecture”
The IBM Security Framework
Common Policy, Event Handling and Reporting
Security Governance, Risk Management and Compliance
Network, Server, & End-point
Physical Infrastructure
People and Identity
Data and Information
Application and Process
Managed Security Services
Security Hardware
and Software
Professional Services
Physical Security Solutions
Security Governance, Risk & Compliance Solutions
Threat and Vulnerability Mgmt & Monitoring Solutions
Application Security Lifecycle Mgmt Solutions
Identity and Access Management Solutions
Information Security Solutions
![Page 8: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/8.jpg)
8
People and IdentityNetwork, Server, End Point
Data & Information Process & Application
ITITB
usin
essB
usin
ess
C(I)SO
CFO/CCO LoB/App. Architecture
CSO
Market Opportunity
Overview: Protect & secure data & information
2008 Opportunity: $5.5B, 08-11 CAGR 28%
Overview: Continuously manage, monitor and audit application security
2008 Oppty: $400M, 08-11 CAGR 20%
Overview: Comprehensive threat & vulnerability management across networks, servers & end-points
2008 Oppty: $11.6B, 08-11 CAGR 12%
Overview: Enable secure collaboration with internal and external users with controlled access to information, applications and assets.
2008 Oppty: $3.7B, 08-11 CAGR 16%
![Page 9: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/9.jpg)
9
IBM Service Management (ISM)
VisibilityVisibility
See See your your
businessbusiness
Only IBM delivers integrated
visibility across Business & IT
Audiences.
ControlControl
Govern Govern your your
assetsassets
Only IBM delivers integrated control across Business
& IT Assets.
An Integrated Approach to Getting Business Results
AutomationAutomation
Build agility Build agility into into
OperationsOperations
Only IBM delivers integrated
automation across Business & IT Operations.
![Page 10: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/10.jpg)
10
The IBM Security Framework
Common Policy, Event Handling and Reporting
Security Governance, Risk Management and Compliance
Network, Server, & End-point
Physical Infrastructure
People and Identity
Data and Information
Application and Process
The IBM Security Framework
• SECURITY COMPLIANCE
• Demonstrable policy enforcement aligned to regulations, standards, laws, agreements (PCI, FISMA, etc..)
• IDENTITY & ACCESS (USERS)
Enable secure collaboration with internal and external users with controlled and secure access to information, applications and assets
• INFORMATION SECURITY (DATA)• Protect and secure your data and information
assets
• APPLICATION SECURITY
•Continuously manage, monitor and audit application security
• INFRASTRUCTURE SECURITY
• Comprehensive threat and vulnerability management across networks, servers and end-points
Compelling Reasons to Act
![Page 11: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/11.jpg)
11
Security Compliance Aligning IT security to business priorities
Our ValueOur Value
•Quickly prove that only the right people are getting access to your sensitive business data
•Effectively collect and report on all of the audit-relevant events, alerts and logs generated in your infrastructure every day
•Validate that all systems, including System z, are securely configured
Tivoli OpportunitiesTivoli Opportunities
• Tivoli Security Information & Event Management (TSIEM)
• Tivoli Compliance Insight Manager (TCIM)
• Tivoli Security Operations Manager (TSOM)
• Tivoli zSecure Suite
• Tivoli Security Compliance Mgr
Cross-Brand OpportunitiesCross-Brand Opportunities
• ISS SiteProtector and partnerships for Data Leakage Protection
• GBS and GTS/ISS Services
• IM DB2 Audit Management Expert (AME) and Entity Analytics
![Page 12: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/12.jpg)
12
Meeting Requirements of the Digital DozenThe products outlined in this chart highlight IBM capabilities. Please call your local IBM executive for a full listing of all products and services that map to PCI requirements
•Tivoli Security Compliance Manager•IBM ISS Enterprise Scanner•IBM Rational AppScan
•TSIEM
•IBM Digital Video Surveillance•IBM Biometric Access Control
•IBM Tivoli Identity Manager•IBM Tivoli Federated Identity Manager
•IBM Tivoli Access Manager•IBM Tivoli zSecure Admin
•IBM ISS Proventia •IBM ISS Enterprise Scanner
•Professional Services•TSIEM
•IBM ISS Proventia
•IBM Tivoli Access Manager•TSCM
•IBM Storage Manager•IBM PKI Services
•IBM Data Encryption of IMS and DB2•IBM Websphere•DataPower XML Security Gateway
•IBM Tivoli CCMBD•Rational Release Manager•IBM Rational AppScan•ISS Enterprise Scanner
![Page 13: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/13.jpg)
13
Our ValueOur Value
•Provisioning: Quickly setup and/or recertify user account access across all platforms, including System z
•Quickly locate and manage invalid user accounts
• Productivity: Increase user productivity through convenient yet secure single sign-on support
•Access and Audit: Control access to applications consistently, across enterprise, web, and SOA-based applications.
Tivoli OpportunitiesTivoli Opportunities
• Tivoli Identity Manager v5• including key partnerships
• Tivoli Access Manager family (TAMeb, TAM ESSO, TAMOS)
• Tivoli Federated Identity Mgr
• Tivoli zSecure Suite
Cross-Brand OpportunitiesCross-Brand Opportunities
• GBS and GTS/ISS Services
Cisco Secure
ACS
Cisco Secure
ACS
Business Applications
Authoritative Identity Source
(Human Resources, Customer Master, etc.)
TIM Trusted Identity Store
Accounts
jcd0895jdoe03
doej
John C. Doe
Sarah K. Smith
smiths17
Sarah_s4
ackerh05
nbody
Sarah’s Manager
RecertificationRequest
Access Revalidated and Audited
11
22
33
44
55
Identity & Access ManagementManage users, identities, access rights, enforce & monitor user activity on all IT systems
![Page 14: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/14.jpg)
14
Duke MedicineHealthcareTivoli Identity Manager Tivoli Business Systems Manager, Tivoli Monitoring Tivoli Enterprise Console, Tivoli Application Dependency Discovery Manager
“Disaster recovery is not an acceptable option for healthcare institutions. We wanted to focus on disaster avoidance and business continuity and achieve a goal of no downtime.”
Rafael Rodriguez, Associate CIO, Academic and
Infrastructure Services,Duke Health Technology
Solutions
Value Drivers:Value Drivers:
• Enhance healthcare delivery and build a secure foundation for patient-centric care through a Service Oriented Architecture based IT infrastructure that drives greater alignment, visibility and control of IT services.
Solution:Solution:
• An IT infrastructure transformation program that helps staff drive growth, find every efficiency and manage risk
Value Realisation:Value Realisation:
• Improved service availability enhanced compliance and security strengthened relationship between patients and care providers reduced IT management costs to redirect IT dollars to new initiatives
![Page 15: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/15.jpg)
15
Banco Mercantil do BrasilBanking, Financial MarketsIBM Tivoli Identity Manager
“We have already reduced from seven days to two days the time it takes to provide employees with access to IT resources, including human resource processes, identifications and passwords,”
Roberto Pérez Herrera,Technical Support Manager,
Value Drivers:Value Drivers:• To fine tune its business model, Banco Mercantil do Brasil needed
to automate access management processes for its internal applications.
Solution:Solution:• To fine tune its business model, Banco Mercantil do Brasil needed
to automate access management processes for its internal applications.
Value Realisation:Value Realisation:• Users can now control and synchronise their own passwords.• The calls related to password service are down 30 percent,
resulting in a savings of at least 450,000 USD annually• HR managers can create and cancel employees’ and consultants’
accounts in just two days instead of seven days• Employees and consultants have access only to applications
related to their responsibilities• Account holders can create and change their passwords faster,
increasing employee productivity and strengthening security.
![Page 16: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/16.jpg)
16
Data Security
Our ValueOur Value
•Consistently control access to both structured and unstructured data across all environments, including System z
Tivoli Access Manager (with FileNet), Tivoli Access Manager (with FileNet), Tivoli zSecureTivoli zSecure
DLP (Partnership), Records Crawler, DLP (Partnership), Records Crawler, IBM Classification ModuleIBM Classification Module
Encryption, Key Lifecycle ManagementEncryption, Key Lifecycle Management
Data & Information SecurityData & Information Security
Tivoli OpportunitiesTivoli Opportunities
• Tivoli Access Manager• IBM Unstructured Data
Security Solution-IBM Classification Module
• Strong Authentication-FileNet
• Tivoli zSecure Suite• Tivoli Key Lifecycle Manager
(2008
Cross-Brand OpportunitiesCross-Brand Opportunities
• IM IBM Classification Module
• IBM FileNet
• ISS partnerships for Data Leakage Protection
• GBS and GTS/ISS Services
Protecting a critical enterprise asset
![Page 17: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/17.jpg)
17
IBM Unstructured Data Security Solution delivers immediate benefits• Classify
• Improve visibility and organization of unstructured content• Enhance user productivity and collaboration by streamlining access to
unstructured content• Secure
• Improve security by securing the data that needs securing• Reduce administration costs by centralizing the management of privileged
user access• Monitor
• Enhance visibility and improve risk management of privileged users• Enable compliance and streamline reporting
IBM ClassificationModule
IBM Tivoli Access
Manager for Operating Systems
IBM Tivoli Compliance
Insight Manager
![Page 18: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/18.jpg)
18
Application SecuritySecurity policy management for an application from creation through production
Our ValueOur Value
• Consistently and auditably control access to all of my applications – enterprise, web, and SOA-based
• Shield developers from changes to security policy (authentication, etc.)
• Protect against the most common application-level vulnerabilities
BuildBuild
Developers
Developers
Developers
CodingCoding TestTest ProductionProduction
Provides Developers and Testers with expertise on detection and remediation ability
Enables Chief Security Officers to drive remediation back into development & QA
Ensures vulnerabilities are addressed before and after applications are put into production
Provides user access control and can help remediate known vulnerabilities
Tivoli OpportunitiesTivoli Opportunities
• Federated ESB (‘identity-aware’)• Tivoli Federated Identity
Mgr
• Application Vulnerabilities• Tivoli Access Manager
Cross-Brand OpportunitiesCross-Brand Opportunities
• SOA: WebSphere (ESB, WSRR, WAS, Portal Server, WPS
• Enterprise: Rational AppScan and WebXM
![Page 19: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/19.jpg)
19
The Federated Enterprise Service Bus (ESB)for SOA Environments
• The Federated ESB is a core application of Security as a Service• Drives ESB to become ‘identity-aware’• TFIM is a core component
Service A Service B
Enterprise Service Bus (ESB)
Security Token Service
Exchange this representation of the user from Service A for one that
Service B will understand
New representation of user identity
(for Service B)(WS-Trust)
Authorization Service
Authorized ? Yes/No
![Page 20: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/20.jpg)
20
Major Mutual Funds FirmFinancial MarketsTivoli Access Manager for e-business, Tivoli Federated Identity Manager
Value Drivers:Value Drivers:•The company needed to deploy hundreds of new Web applications to millions of customers, while at the same time integrating new corporate customers into its federated Web portal. .
Solution:Solution:•The path selected by the company to handle 400 applications protected by common access-control policy was IBM Tivoli Access Manager for e-business software. This application accommodates some 2.5 million users.
•To integrate new corporate customers into the company’s portal, the client deployed IBM Tivoli Federated Identity Manager software, a tool that offers a simple model for secure identity management and information access.
Value Realisation:Value Realisation:• The overall benefit to the
company with the new solution is the peace of mind of knowing that all of its data is secure.
• From a financial standpoint, the client saved US$60,000 per application by centralizing its security policy, in part by reducing the number of help-desk calls by 61 percent.
• Going forward, the client will be able to integrate new corporate customers in a matter of days.
![Page 21: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/21.jpg)
21
Together, Rational AppScan and Tivoli Access Manager provide enhanced application security
Site wide discovery, inventory and assessment of all web applications• Increase TAM usage by finding applications that are not registered • Show that TAM apps are more secure by comparing security of those that are not in
TAM to TAM applications.
Clean all applications of vulnerabilities before moving to TAM• Ensure all applications inside TAM are secure
Post-TAM application security monitoring• All applications inside TAM are regularly scanned to security issue to ensure ongoing
compliance with policy• TAM can help remediate vulnerabilities identified by AppScan as they attempt to bypass
access controls
3rd party orCustom App
AppScan ensures that applications TAMeb is granting access to are tested for vulnerabilities
Access Manager
Application Vulnerabilities
TAM provides centralized user access to applications & addresses key vulnerabilities tested by AppScan
Cross-site scripting &cross-site request forgery
![Page 22: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/22.jpg)
22
Aarhus KommuneGovernment, HealthcareTivoli Access Manager for e-business
Value Drivers:Value Drivers:
• The key challenge was to involve elderly citizens actively in coordinated care and improve management of the chronic ailments of this growing demographic.
Solution:Solution:
• With assistance from IBM Global Business Services, Aarhus Kommune developed a blueprint for an integrated solution based on pervasive technology that could improve the quality of healthcare and homecare division care. Eight elderly patients volunteered to test the solution through a pilot program called "Eldertech," which involved providing each test subject with IBM Personal Care Connect devices and Lenovo ThinkPad X Series Tablet devices for home use over a four-month trial period.
Value Realisation:Value Realisation:
• The Eldertech pilot demonstrated the potential of a flexible healthcare ecosystem solution to support the empowerment of elderly citizens and the coordinated delivery of care, which is essential to enable preventive chronic care.
“The city of Aarhus collaborated closely with public researchers and private companies to explore and develop technology in pervasive computing. This project will help us meet the challenge of supporting our aging population by empowering our elderly citizens and improving their quality of life.”
![Page 23: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/23.jpg)
23
Infrastructure Security ManagementComprehensive threat and vulnerability management across networks, servers and end-points
Web serverMail server
Hosted environment
Local area network
(LAN)
Perimeter
Security Information & Event ManagementSecurity Information & Event Management
Tivoli Opportunities
• Tivoli Security Information & Event Management
• Tivoli Compliance Insight Manager
• Tivoli Security Operations Manager
• Tivoli Security Compliance Mgr
Cross-Brand Opportunities
• ISS SiteProtector and partnerships for Data Leakage Protection
• GBS and GTS/ISS Services
Our ValueOur Value
•Detect and manage network, host and endpoint threats and intrusions
• Centrally manage and monitor security operations
![Page 24: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/24.jpg)
24
![Page 25: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/25.jpg)
25
From Reactive Security to a Risk-aware Enterprise
Reactive
Compliant
Consolidated
Automation
Control
Visibility
Threat and Vulnerability Management
Managed Firewall and Anti-Virus
Identity and Access Management
Change and Configuration Management
Security Information and Event Management
Risk Aware
Security Risk Measurement
Strategy
The IBM Security Framework
Common Policy, Event Handling and Reporting
Security Governance, Risk Management and Compliance
Network, Server, & End-point
Physical Infrastructure
People and Identity
Data and Information
Application and Process
![Page 26: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/26.jpg)
26
IBM Security Leadership
Marketshare: Identity and Access Management
LeaderWave: Enterprise Security Information Management ( Consul InSight)
Marketshare: Web Access Management, Worldwide,
2005 ( FIM, TAM )
LeaderWave: User Account Provisioning ( TIM )
Managed Security Services (Marketshare)
Leader
MQ: Security Information & Event Management (TSOM, Consul InSight)
MQ: User Provisioning ( TIM )
LeaderWave: Enterprise Security Information Management ( Consul )
Leader
Marketshare: Web Access Management, Worldwide, Ranked #1
MQ: Web Access Management ( TAM )
LeaderWave: User Account Provisioning ( TIM )
Identity Management ( TIM , TAM, FIM, TDI, TDS)
Managed Security Services (Marketshare)
ChallengerConsul InSight)
MQ: User Provisioning ( TIM )
Ranked #1
ISS Network Security, Firewalls and Managed Services
Leader
#1
#1
#1
#1 Ranked #1
Ranked #1
![Page 27: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/27.jpg)
27
Emerging Trend: Security Policy Management
•The days of “everybody has to choose the same access control engine” for cross-firm collaboration and integration are long gone
• How can we define security policy centrally based on standards (e.g. with WS-SecurityPolicy and XACML) and push it to the enforcement points?
• How can we effectively ensure compliance with access policy at the points of enforcement?
•Solution: Tivoli Security Policy Manager: Policy definition & provisioning, and policy audit
•Benefit: Effective deployment of security policy
![Page 28: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/28.jpg)
28
Emerging Trend: Identity Protection
• How do we apply risk management as individuals, given identity is valuable, consequential, contextual and dynamic?
• How to give ourselves a say in how much risk we’re willing to have with respect to our identity data, which is potentially shared across so many ‘consumers’?
• Solution: user-controlled identity as a service
• Like Federated Single Sign-On (FSSO), but not really – user has ultimate control as personal identity broker
• e.g. CardSpace and Higgins (wire compatible with CardSpace but supports more protocol providers such as OpenID and HTML forms, etc.)
• Benefit: not only allows us to implement our own individual risk management preferences, but lowers risks for service providers because they don’t have to store as much detailed information about us, since iCard provides needed info each time (think PCI etc.)
![Page 29: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/29.jpg)
29
Only vendor that delivers breadth of security and compliance capabilities to address infrastructure, applications, information, people and identities
Integrates with all types of business data (structured, semi-structured, and unstructured) for addressing information & data security needs and all major application types (web, legacy, and ESB for SOA) for securing business process
Open security platform and leadership in Web Services security, policy management and federated identity
Analyst attested leadership in markets for user and infrastructure security and compliance software and services.
Leadership in mainframe security with RACF, zOS security, identity & access and compliance enabling clients to leverage System z as the enterprise security hub
Security integration with key ITIL processes out of the box: Incident, Problem, Change, Release, SLA, Configuration, Availability.
IBM offers full breadth of end-to-end asset and service management solutions that operate on a common web services infrastructure.
Breadth and Depth of Breadth and Depth of SolutionSolution
Extensive IntegrationExtensive Integration
Open StandardsOpen Standards
Product LeadershipProduct Leadership
Best in class System z Best in class System z securitysecurity
A core element of A core element of IBM Service ManagementIBM Service Management
Breadth of Service Breadth of Service Management offeringManagement offering
Why IBM?
![Page 30: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/30.jpg)
30
For More InformationSales & Marketing ToolsSales & Marketing Tools
• Campaign Designer - IBM Tivoli Asset & Security Protection campaign (Translated into 12 languages!)
Partner PlaybooksPartner Playbooks• IBM Tivoli Security and Compliance Management Partner Playbook• IBM Tivoli Security for SMB • Tivoli Security Operations Manager Partner Playbook • Tivoli Identity Manager Express Partner Playbook
Channel Sales PlaysChannel Sales Plays• Facilitate Security & Audit Regulation Adherence with PCI Compliance• Security for SMB • Security Compliance and Audit Management
![Page 31: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/31.jpg)
31
Maximize Web Resources for Sales Success
Tivoli TrainingIBM offers technical training and education services to help you acquire, maintain and optimize your IT skills. For a complete Tivoli Course Catalog and Certification Exams visit www.ibm.com/tivoli/education
Tivoli SMB Customer SiteletIBM Tivoli now has a sitelet designed specifically for your SMB customers. Promote to your clients and view the latest SMB case studies, whitepapers, demos and offers. Visit www.ibm.com/tivoli/SMB
Tivoli Knowledge CenterIBM Tivoli Business Partner Portal. Get the latest information on Tivoli, Maximo and Netcool. Your source for playbooks, sales plays, training roadmaps, deployment guides, ect Visit www.ibm.com/tivoli/partners
![Page 32: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/32.jpg)
32
THANK YOUTHANK YOU
![Page 33: THE PREMIER SERVICE MANAGEMENT EVENT May 18 - 22, 2008 | Orlando, Florida Business Partner Summit Maximize Your Sales with Business Security Solutions](https://reader036.vdocuments.net/reader036/viewer/2022062807/56649d265503460f949fdc19/html5/thumbnails/33.jpg)
33
Trademarks and disclaimers
33
References to IBM products, programs, or services do not imply that IBM intends to make these available in all countries in which IBM operates. Any reference to an IBM product, program, or service is not intended to state or imply that only IBM's product, program, or service may be used.
Any functionally equivalent product, program, or service that does not infringe on any of the intellectual property rights of IBM may be used instead. The evaluation and verification of operation in conjunction with other products, except those expressly designed by IBM, are the responsibility of the user.
The customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer.
Information concerning non-IBM products was obtained from a supplier of these products, published announcement material, or other publicly available sources and does not constitute an endorsement of such products by IBM. Sources for non-IBM list prices and performance numbers are taken from publicly available information, including vendor announcements and vendor worldwide homepages. IBM has not tested these products and cannot confirm the accuracy of performance, capability, or any other claims related to non-IBM products. Questions on the capability of non-IBM products should be addressed to the supplier of those products.
All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Some information addresses anticipated future capabilities. Such information is not intended as a definitive statement of a commitment to specific levels of performance, function or delivery schedules with respect to any future products. Such commitments are only made in IBM product announcements. The information is presented here to communicate IBM's current investment and development activities as a good faith effort to help with our customers' future planning.
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput or performance improvements equivalent to the ratios stated here.
Prices are suggested U.S. list prices and are subject to change without notice. Starting price may not include a hard drive, operating system or other features. Contact your IBM representative or Business Partner for the most current pricing in your geography.
The following terms are registered trademarks or trademarks of IBM Corporation in the United States or other countries or both:
IBM, the IBM logo, ibm.com, Tivoli® , Tivoli (logo)®, Tivoli® Business Partner (logo) and Netcool®, Netcool®/OMNIbus, TotalStorage® , System z, are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. These and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol (® or ™), indicating US registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A complete and current list of IBM trademarks is available on the Web at http://www.ibm.com/legal/copytrade.shtml