Click here to load reader
Upload
techmahindra88
View
358
Download
0
Embed Size (px)
Citation preview
© Tech Mahindra Limited 2010
Identity and Access
Management An integrated solution for an
Enterprise
Nilesh Shirke
eSecurity Practice Tech Mahindra
For enterprise investment in IAM solutions,
primary driver shifts from compliance to
information protection. Additionally,
Organizations are now focusing on IAM
solution to improve infrastructure security &
providing better user experience. The IAM
solution primarily consists of three main
components, Identity Repository, Identity
Management and Access Management. The
rationale behind building an IAM solution in an
Enterprise is to achieve greater ROI at lower
TCO. It optimizes new investment for direct
benefits & frees up part of operational budget
for Innovation.
1 © Tech Mahindra Limited 2010
Table of Contents
Introduction ................................................................................................................................. 2
Increase Operating Efficiency ................................................................................................. 2
Security Efficiency .................................................................................................................. 2
Security Effectiveness ............................................................................................................. 2
Business Enablement ............................................................................................................. 2
IAM Architecture and Services .................................................................................................... 3
Identity and Access Management Technologies ......................................................................... 4
Directory Technologies ........................................................................................................... 4
Identity Management Technologies ........................................................................................ 4
Access Control Technologies .................................................................................................. 4
Summary .................................................................................................................................... 5
2 © Tech Mahindra Limited 2010
Introduction
Identity and Access Management (IAM) is a set of processes and technologies to manage users'
digital identities and ensuring that only authorized users have access to the information
resources, with access-needs based on users’ business relationship with the organization
In reality, IAM is a complex business solution that goes far beyond the IT department. It
encompasses the entire enterprise, including all business units, individual locations, systems,
access points, business partners, and customers. Organizations have been implementing
identity and Access Management on a per system and application basis through the creation of
user accounts and administering file permissions.
Identity and Access Management have evolved into independent products which provide a
centralized identity and access management services across the system and application estate.
These solutions are maturing in their capabilities and service offerings. We are gradually seeing
the emergence of IAM as a recognizable discipline within information security that encompasses
a broad range of enterprise tools and technologies within a distinct architecture supporting a
set of interrelated processes.
There are many factors driving the adoption of IAM Solution in enterprises and government
organizations which can be categorized in four broad areas.
Increase Operating Efficiency
Organizations are continually in hunt for measures to reduce cycle
time and reduce TCO while improving SLNs.
Security Efficiency
By centralization of security policy enforcement and controlling
authentication and authorization to its application infrastructure,
Organization need to exhibit how security is being enforced and
managed at all times
Security Effectiveness
Organizations are also mandated to adhere to regulatory
compliance by managing the enterprise's risk-profile better.
Business Enablement
Streamline the business processes and structuring the technology components provide
Organizations greater flexibility. It is expected to proactively support business initiatives such
as reorganizations, mergers and acquisitions, new business partnerships, new product and
system rollout.
Business Drivers
Operating Efficiency
Security Efficiency
Security
Effectiveness
Business Enablement
3 © Tech Mahindra Limited 2010
IAM Architecture and Services
An IAM solution provides secure and auditable access to systems, resources and applications. It
comprises of the people, processes, and technology collaborating for the solution. An IAM
solution mediates between identities and resources. It is able to centrally administer identity
and policy information and is able to support both centralized
and distributed policy decision points. Centralizing policy
decisions simplifies how policy changes are propagated, as well
as how the integrity of those policies is maintained. It comprises
of three core areas;
Directory services - Storing identity and its attribute data,
configuration information, and policies.
Identity Provisioning and Administration Services - Providing
identity lifecycle management services, such as ID
provisioning/de-provisioning, password management,
approval-workflows, synchronization logic.
Access Management Services - Defining and evaluating
security policies related to authentication, authorization,
auditing, and privacy through well-defined service interfaces.
The diagram below identifies various components of each of the
core layers.
IAM Architecture in an Enterprise
IAM is a set of processes
and technologies to
manage users' digital
identities and its access
privileges to systems and
information based on users
business relationship with the Organization
Benefits to the Enterprise
Reduce TCO
Improved Risk
Management
Regulatory Compliance
Increase Operational
Efficiency
Business Facilitation
4 © Tech Mahindra Limited 2010
Identity and Access Management Technologies The two major classes of IAM technology are identity Management and access management while Directory Technology provides the underlying infrastructure and interface for storage of Identity information.
Directory Technologies Users’ credentials and attributes are stored in Directories. Directory Technology provides an object-oriented, dynamically configurable repository with standards for access, security, and information management. To facilitate potentially unlimited scalability, directories organize their data hierarchically. Directories are designed for fast response times to queries as the identity information is generally queried much more often than it is updated. Some
Organizations prefer to leverage existing relational DB to store enterprise Identities as well
Identity Management Technologies Identity management technologies are designed to provide centralized capabilities for managing the Enterprise User identity lifecycle (creation, modification, self-service, synchronization, reporting, and revoking). It includes Identity Administration and Identity Auditing. The Identity administration focuses on the management of users' multiple identities, attributes and credentials across heterogeneous environment. It also includes password management and the administration of access model constructs such as roles and resource access control information Identity auditing tools focus primarily on identity-related event monitoring, reporting status auditing and enforcement of segregation of duties.
Access Control Technologies Access Control technologies are designed to provide and managing the access to an application or operating system environment with high depth of access, adequate logging, ability to implement dynamic access rules, and ability to perform authentication when accessing information. The access management tools certainly have administration capabilities, but their distinctive focus is on authorization. Access management tools enforce access control policies across heterogeneous environments It includes technologies to Authenticate and provide seamless access to organization’s application estate. Federation is an approach of authenticating users across multiple sites within the organization
SSO Technology Solutions
ESSO for Enterprise
Applications
WebSSO for Web Based
Application
Smart Token Based SSO
Federation from Cross
domain SSO
OS Access Management
Directory Technology solutions
Meta Directory
Virtual Directory
Identity Management Solutions
Centralized User
Provisioning
Process Workflow
mapping
Role Management
Centralized Password
Mgmt
Identity Auditing and
Compliance Capability
Policy based Segregation
of duties.
5 © Tech Mahindra Limited 2010
(intranet) or across independent and disparate domains (extranet) using open standards A full IAM solution requires multiple products, at least one from each technology class discussed briefly in the document. Although any major IAM vendor can provide core products, no one vendor can provide a full integrated IAM solution. Following is the brief summary of IAM technologies and their solidity in the market
Summary The Identity Solution designed around business policies should be able to revolve business issues with the help of neatly laid out standardized business processes. The IAM Solution also offers a thorough and dynamic data protection solution that can be implemented around the existing business processes and technologies. It delivers an adequate level of security through a simple set of customizable management interfaces.