Click here to load reader
Upload
lamthien
View
214
Download
2
Embed Size (px)
Citation preview
Is Your Identity Management Program Protecting Your Federal Systems?With the increase in integrated, cloud and remote technologies, it is more challenging
than ever for federal government agencies to fully protect their sensitive networks
and comply with the numerous federal compliance regulations. External threats are
always top of mind but the threats posed by internal security breaches pose an equal
risk. Due to large contractor and global workforce, extending proper access privileges
without heightening risk is a fine line often difficult to manage. Administration,
compliance, governance, cyber security and budgets must all be considered. This
whitepaper serves to help government agencies understand the full breadth of Identity
and Access Management, and how the proper strategy can help reduce cyber security
exposure and costs while providing additional operational, compliance and risk
management benefits.
BEST PRACTICESWHITE PAPER
2 FED ERAL
BEST PRACTICESWHITE PAPER
Executive Summary
Cyber security threats are increasing as the world and
IT technologies are becoming more integrated. Shared
services, cloud-based virtual systems, and remote and
mobile device access create an intricate and complex
web of connectivity that challenges all organizations to
keep their networks secure.
Government agencies are particularly vulnerable,
due in part to their large global user base and use of
transient contractors. Costly cyber security defense
investments not only fail to provide protection from
most insider-based threats, but they produce almost
no offsetting gains in operational efficiency or cost
reductions. They also do little to ease the governance,
audit and compliance administrative burden levied on
most federal organizations.
While federal organizations have implemented Identity
and Access Management to automate the issuance of
user IDs and passwords, newer technology and a fresh
approach can provide practical mitigation of insider
threat, operational efficiency gains and cost reductions,
and improved governance and compliance.
This whitepaper serves to help government agencies
understand the full breadth of Identity and Access
Management (IAM or IdAM) or what Gartner terms
Identity Governance and Administration (IGA). True IAM is
an opportunity for federal IT and cyber security organiza-
tions to centralize on a single technology to reduce cyber
security exposure and costs while providing additional
operational, compliance and risk management benefits.
False Security
Government agency leaders have a reason to be on
heightened alert. Security threats are only getting more
numerous, brazen and complex. The risk of external
threats by nefarious entities around the world is only
eclipsed by the insider threats. While some of these
security breaches are unintentional, an increasing number
are from patient, persistent insiders who have learned
the networks, the security gaps and where to hide their
activity. These types of threats can cause severe damage
to the network or cause high-profile embarrassments that
the media is all too ready to publicize on a global scale.
Even worse, they can cause damage to national security,
compromising and threatening the safety of American
citizens here and abroad.
Many federal agencies are under the false assumption
they are protected if they have implemented standard
Identity Management (IM) as outlined in federal directives
like HSPD-12, FICAM, and DOD 8500. IM is only a
credential-issuing program (Smart Cards), however, and
does not mitigate the increasingly dangerous insider
threats once a person is on the network. Tracking and
controlling user access privileges across multiple systems
is virtually impossible. When left unchecked, costs
escalate, administration becomes unmanageable and
the network remains vulnerable, particularly to existing
authorized users with approved access.
Many federal agencies are under the false assumption they are protected if they have implemented standard Identity Management (IM) as outlined in federal directives like HSPD-12, FICAM, and DOD 8500.
3FE DE RAL
BEST PRACTICESWHITE PAPER
A Modern IAM Solution for a Modern World
Federal agencies must approach identity management
from different perspective, one that considers much
more than credential management. A practical
solution is found through an integrated, simplified, and
centralized IAM program. Modern IAM encompasses
four essential components:
1. Authentication - proving users are who they claim
to be. This is the only portion of IAM a credential-
issuing or Smart Card program addresses.
2. Authorization - ensuring authenticated users have
access only to authorized resources and applications
3. Audit and Governance - ensuring the entire archi-
tecture and its function can be monitored, controlled
and proved
4. Administration - ensuring processes are automated
and interoperability with existing enterprise IT ap-
plications, assets and other existing cyber security
systems.
SailPoint offers a comprehensive solution that
addresses all four components of IAM. Its IAM product
suite manages the complete user lifecycle to rapidly
mitigate security threats and improve governance, risk
management and regulation compliance - all while
bringing significant operational efficiencies and return
on investment.
How Does a Centralized IAM Solution Address Specific Federal Government Challenges
Federal agencies have unique challenges that require a
tailored solution. When government agencies embrace
IAM with a centralized, integrated tool, the four essential
components are simplified and streamlined. Centralized
IAM solves the most prevalent challenges federal
agencies face:
Cyber Security – Authentication and Authorization
The large, transient contractor workforce makes cyber
security a unique challenge for federal agencies.
Authentication and onboarding can be time consuming
and contractors’ credentials are often not shared between
or within agencies. Their constant joining, moving and
leaving generates a large amount of administrative
paperwork often resulting in a directory of unmonitored
users who are authorized on multiple networks.
IAM improves cyber security, both external and
internal, by allowing agencies to set identity policies
around authentication, provisioning, authorizations and
certifications. Assessing risk across the agency becomes
easier when there is a single Role Model, Policy
Model, Risk Model, Identity Repository, and Workflow
Engine that improves visibility into who is doing what.
Automated, continuous monitoring across the IT infra-
structure enables supervisors to know what is going on
in their environment, proactively prevent potential issues
and rapidly respond to current threats.
IAM includes credential management to prevent the
wrong people from accessing government buildings or
computers, but goes much further by assigning a risk
profile for employees and automatically flagging privilege
escalation requests to deter inadvertent or intentional
access to restricted networks without proper authoriza-
tion. When any activity is outside of standard operating
procedures, an automated alert is generated.
4 FED ERAL
BEST PRACTICESWHITE PAPER
SailPoint’s product suite addresses and streamlines
complete IAM, helping federal agencies identify, map,
set and modify the rights and roles applicable for each
person in the agency. Those rights extend to remote
users accessing cloud, web and mobile applications
from any device for increased productivity. The products
are browser-based to solve modern security and IT
issues immediately without lengthy software or product
upgrades. SailPoint simplifies the process of granting
and modifying user access for improved network
security, but greatly enhances regulation compliance and
governance as well.
Federal Regulation Compliance –
Audit and Governance
As a result of HSPD12, FISMA, FICAM and other
government compliance regulations, government
agencies must manage and comply with a host of
requirements around the constant governance over
identities, access privileges and sensitive IT systems -
without additional budget. Even with these controls in
place, insider threats remain, especially when combined
with old or piecemealed provisioning technology.
These federal regulations, as well as DHS CDM, DOD
8500 Risk Management, NIST Risk Management and
many FIPS PUBS and SPs require modern, automated
IAM for practical and cost-effective implementation.
When data collection, monitoring and reporting are
automated, compliance and audits are simplified and
systems are better protected. IAM drives transparency,
providing visibility into the access and certification of
direct reports and on-demand audit reports.
SailPoint allows agencies to operate from a single
repository, enabling a significant number of controls and
requirements to be consolidated and integrated. The
common framework covers multiple functional risk areas
and provides full traceability to hundreds of mandates.
Managers and supervisors gain automated, real-time
insight and reporting into the level and appropriate-
ness of access for each person for complete identity
management regulation compliance and significant
process efficiencies.
Process Efficiencies –
Administration and Governance
Current operational and administrative processes are
often still manual, particularly around provisioning
systems for issuing user IDs and passwords. The heavy
resource requirements delays implementation of security
products, onboarding new employees and contractors,
provisioning and de-provisioning transient workers,
monitoring access privileges, and audit reporting. When
resources are strained, systems are overly complex and
access privileges cannot be continuously monitored,
risks for security breaches rise.
IAM enforces policy governance and automates
processes, including audit reporting, on/off boarding
and provisioning, separation of duty and access by job
function. IAM is also an opportunity for federal agencies
to centralize their disparate systems for better under-
standing of where applications reside and who has
access. This enables simpler continuous monitoring and
regulation compliance.
SailPoint believes automation is the critical factor
federal agencies need in order to reduce many admin-
istrative hassles. By automating processes, centralizing
management and streamlining the execution of
compliance controls, productivity increases while
support costs and risk decrease. The simple step of
allowing users to manage their own passwords and
access applications remotely means employees and
contractors get to work faster with appropriate access
privileges for the job. Any requests for access to
previous systems or networks for which they have not
been granted continued access is denied and an alert
sent to a supervisor.
5FE DE RAL
BEST PRACTICESWHITE PAPER
Cost Savings
Budgets are always a challenge for federal agencies. A
number of security offerings, often based on numerous
components purchased from various manufacturers,
can cost millions of dollars in multiple product and
coding requirements, integration configurations and
ongoing maintenance. Implementation of these complex
systems can take years to fully deploy. Agencies that
have already spent money on cyber security will need
to have demonstrable ROI to justify the purchase of any
new product.
A comprehensive IAM solution can ease budget
constraints and provide rapid ROI in several ways:
• Complete IAM has all of the necessary components
included in a single product to reduce acquisition,
ongoing maintenance and upgrade costs.
• If the solution is based on single-code architecture,
coding and customization costs decrease.
• Automation immediately reduces administrative
labor costs.
• Onboarding costs decrease when workers can begin
their jobs more quickly.
SailPoint offers a flexible, customizable product with a
unitary code base that integrates with any provisioning
system and most business operation systems. All of
its out-of-the-box connectors are included, eliminating
the need for multiple product purchases and configu-
rations while scaling to meet the changing needs of
federal agencies. With one interface, SailPoint’s software
is relatively uncomplicated to acquire, configure,
implement, deploy and use.
SailPoint Is a Leader in Identity Management
SailPoint leads the industry with its IdentityIQ product suite, which includes IdentityIQ Compliance Manager, IdentityIQ
Lifecycle Manager and IdentityIQ Governance Platform. SailPoint’s sole focus has been on governance and identity
management since 2005, with its founders in the industry since 1992. Gartner places SailPoint as a market leader in
its Magic Quadrant for Identity Governance and Administration (IGA) and mentions some vendors base their products
on OEM technology from SailPoint, further highlighting SailPoint’s influence on the market.
SailPoint IdentityIQ – Complete Identity Management
SailPoint addresses the challenges federal agencies face with a full identity management suite of products that
seamlessly integrate with other systems and applications. All are based on a unified governance framework that can
be fully functional within months or even faster with its cloud-based SaaS IdentityNow option. IdentityIQ consists of:
• IdentityIQ Compliance Manager automates access certifications, policy management, access request and pro-
visioning, password management, identity intelligence and audit reporting, particularly around FICAM and FISMA,
and NIST.
• IdentityIQ Lifecycle Manager manages changes to access through self-service request and password manage-
ment interfaces and automated lifecycle events. Its scalability is ideal for the dynamic nature of federal agencies
and their workforce.
• IdentityIQ Governance Platform ensures the right policies are established with workflows, reporting and role
modeling. It stores identity and log information in a centralized repository which can be aggregated and scaled
without additional costs.
SailPoint’s proprietary IAM product suite gives federal agencies the right level of protection against today’s biggest
security threats while solving many of the most pressing challenges unique to the government. Through strict
governance over the authentication, authorization, auditing and administration processes, federal agencies can better
mitigate cyber security risk, obtain transparency to ease regulatory compliance, and improve operational efficiencies
to achieve rapid ROI.
BEST PRACTICESWHITE PAPER
© 2014 SailPoint Technologies, Inc. All rights reserved. SailPoint, the SailPoint logo and all techniques are trademarks or registered trademarks of SailPoint Technologies, Inc. in the U.S. and/or other countries. All other products or services are trademarks of their respective companies. 0914-4356
Corporate Headquarters
11305 Four Points DriveBuilding 2, Suite 100Austin, Texas 78726
512.346.2000USA toll-free 888.472.4578
www.sailpoint.com
Global Offices
UKNetherlands
GermanySwitzerland
AustraliaSingapore
Africa
+44 (0) 845 273 3826+31 (0) 20 3120423
+49 (0) 69 50956 5434+41 (0) 79 74 91 282
+61 2 82498392+65 6248 4820
+27 21 403 6475
Corporate Headquarters
11305 Four Points DriveBuilding 2, Suite 100Austin, Texas 78726
512.346.2000USA toll-free 888.472.4578
www.sailpoint.com
Global Offices
UKNetherlandsGermanySwitzerlandAustraliaSingaporeAfrica
+44 (0) 845 273 3826+31 (0) 20 3120423+49 (0) 69 50956 5434+41 (0) 79 74 91 282+61 2 82498392+65 6248 4820+27 21 403 6475
Corporate Headquarters
11305 Four Points DriveBuilding 2, Suite 100Austin, Texas 78726
512.346.2000USA toll-free 888.472.4578
www.sailpoint.com
Global Offices
UKNetherlandsGermanySwitzerlandAustraliaSingaporeAfrica
+44 (0) 845 273 3826+31 (0) 20 3120423+49 (0) 69 50956 5434+41 (0) 79 74 91 282+61 2 82498392+65 6248 4820+27 21 403 6475
Corporate Headquarters
11305 Four Points DriveBuilding 2, Suite 100Austin, Texas 78726
512.346.2000USA toll-free 888.472.4578
www.sailpoint.com
Global Offices
UKNetherlands
GermanySwitzerland
AustraliaSingapore
Africa
+44 (0) 845 273 3826+31 (0) 20 3120423
+49 (0) 69 50956 5434+41 (0) 79 74 91 282
+61 2 82498392+65 6248 4820
+27 21 403 6475
About SailPoint
As the fastest-growing, independent identity and access management (IAM) provider, SailPoint helps hundreds of the
world’s largest organizations securely and effectively deliver and manage user access from any device to data and
applications residing in the datacenter, on mobile devices, and in the cloud. The company’s innovative product portfolio
offers customers an integrated set of core services including identity governance, provisioning, and access management
delivered on-premises or from the cloud (IAM-as-a-service). For more information, visit www.sailpoint.com.