Force Cyber Criminals to Shop Elsewhere

1 © Copyright 2015 EMC Corporation. All rights reserved.

Force Cyber Criminals to Shop Elsewhere

2 © Copyright 2015 EMC Corporation. All rights reserved.

Introductions - Our Presenters

Rob Sadowski Director, Technology Solutions

Kimberlee Bachman Senior Product Marketing Manager, IAM Solutions

3 © Copyright 2015 EMC Corporation. All rights reserved.

• Cyber Security Challenges in Retail

• Identity Challenges in Retail

• Solution Best Practices

• RSA Identity Management and Governance

• Use Cases

• Q&A

Agenda

4 © Copyright 2015 EMC Corporation. All rights reserved.

Security Concerns in Retail

Need to protect customer data and intellectual

property

Need to secure critical

systems

Cyber criminals

focusing on retailers Recent wave

of retailer breaches

5 © Copyright 2015 EMC Corporation. All rights reserved.

• Payment card data

• Emphasis on compliance

• High employee turnover

Why Are Retailers an Attractive Target?

6 © Copyright 2015 EMC Corporation. All rights reserved.

Payment Card

Information

Customer Purchase

and Loyalty Information

Intellectual Property

Cyber criminals do not discriminate against data, they’ll take it all

Concern: More Than Just Payment Card Data

7 © Copyright 2015 EMC Corporation. All rights reserved.

Retailers’ Identity Specific Concerns

Compliance Access to

Data

Role Management

Access Governance

Managing Identity Lifecycle

8 © Copyright 2015 EMC Corporation. All rights reserved.

Employee Timeline Highlights Identity Concerns

Review Joins Leaves Request Review & Revoke

Roles & Suggested Entitlements

Roles & Suggested Entitlements

Moves

9 © Copyright 2015 EMC Corporation. All rights reserved.

Regular Access Reviews Put process in place to stay audit compliant and know who has access to what

Business Driven Access Reviews

Fine Grained Entitlement Visibility

Remain Audit Compliant

Lower Organizational Risk

10 © Copyright 2015 EMC Corporation. All rights reserved.

Governing Access With Policies Policies help automate access governance and improve workforce management

Joiner Mover Leaver

Time Based

Segregation of Duties

11 © Copyright 2015 EMC Corporation. All rights reserved.

Many People in Small Number of Roles

Corporate Users Hourly Workers Contractors

12 © Copyright 2015 EMC Corporation. All rights reserved.

Governing Privileged Access (PAM)

Know what accounts have extra privilege and make sure that’s appropriate

Avoid any one admin or user having too much access to valuable information

Manage employees, vendors and contractors

Review who has privileged access

13 © Copyright 2015 EMC Corporation. All rights reserved.

Keeping Compliant

PCI DSS

HIPAA

SOX

Data Privacy

14 © Copyright 2015 EMC Corporation. All rights reserved.

RSA Identity Management and Governance (IMG)

15 © Copyright 2015 EMC Corporation. All rights reserved.

RSA IAM Enabling trusted interactions between identities and information

Applications/Data/Resources

Identity Lifecycle

Compliance

Access Platform Governance Platform

Federation/SSO

Authentication

Employees/Partners/Customers

Provisioning

Identity Intelligence

16 © Copyright 2015 EMC Corporation. All rights reserved.

Shift Decision Making and Accountability to the Business

Centralized Identity & Business Context

Business Process-Driven

Policy-Based Automation

Business-Driven Approach to Governance

17 © Copyright 2015 EMC Corporation. All rights reserved.

A Phased Approach Role & Group Management

Access Request Policy Management

Provisioning

Visibility & Certification

Account & Entitlement Collection

Access Reviews

Segregation of Duties

Role Discovery & Definition

Role Maintenance

Group Analysis & Cleanup

Access Request Portal

Policy-Based Change

Management

Joiners, Movers, and

Leavers

Task Notification

Service Desk Integration

Data Visibility

Automated Provisioning

Compliance Controls

18 © Copyright 2015 EMC Corporation. All rights reserved.

RSA IMG Retail Use Cases

19 © Copyright 2015 EMC Corporation. All rights reserved.

Point of Sale Monitoring

IMG Helps Retail Customers Achieve Success

Challenge Solution

No way of knowing which Point of Sale

kiosk is being used and when

Grant entitlements to individual POS kiosks and name them by

region

20 © Copyright 2015 EMC Corporation. All rights reserved.

Unowned Accounts

IMG Helps Retail Customers Achieve Success

Challenge Solution

There are many unowned accounts

Removed orphaned accounts

21 © Copyright 2015 EMC Corporation. All rights reserved.

Seasonal Workers & Contractors

IMG Helps Retail Customers Achieve Success

Challenge Solution

Concerned with seasonal workers and

contractors having access for the right

period of time

Policies allow access to be granted for a set

amount of time to the right applications

22 © Copyright 2015 EMC Corporation. All rights reserved.

Operational Challenges

IMG Helps Retail Customers Achieve Success

Challenge Solution

There is operational inefficiency at the

store level

Can put workflow in place to manage

operations

23 © Copyright 2015 EMC Corporation. All rights reserved.

Q&A

EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.