Welcome!Tech Focus Virtual User Group: Identity and Access Management

Carole Mazzei

U.S. Territory & Partner Marketing Manager, Security

Micro Focus

2

Tech Focus SRG Virtual User Groups Overview

• New series of virtual user groups focused on Micro Focus security, risk and governance solutions

• Meetings are held quarterly and cover our core focus areas:

o Security Operations

o Data Security, Privacy, and Governance

o Identity & Access Management

o Application Security

• This series complements:

o Micro Focus Cybersecurity Summits – Technical Deep Dives & Technical Advisory Boards

o Micro Focus (F2F) Fortify User Groups

o Micro Focus On-line Communities

o Micro Focus Universe coming soon! – Technical Deep Dives

3

Tech Focus SRG Virtual User Groups Overview cont’d.

• Platform for you to collaborate, share feedback, ask questions, and make suggestions

• Interactive discussions with Micro Focus technical experts, as well as, customer subject matter experts

• Participate polling

• It’s not about what “we” think you want…it’s about what “you” want!

o We want to hear from you!

▪ Format, topics, length, frequency

o Volunteer to speak!

Feedback, suggestions, volunteer to speak: carole.mazzei@microfocus.com

https://community.microfocus.com/t5/Identity-Manager/ct-p/IDM

4

Get Connected!

▪ Connect with peers and share your knowledge

▪ Find solutions and answers to your technical questions

▪ Stay informed on new releases and product enhancements

▪ Access downloads, demos, videos and support tips

Micro Focus Identity Manager Online Community

5

Micro Focus Universe 2020

• One all-inclusive event! Tracks will include:

o Application Delivery

o Application Modernization & Connectivity

o Collaboration Solutions

o IT Operations Management, and

o Security, Risk & Governance

• Learn about the entire Micro Focus portfolio

o 20 Dive deep technical workshops!

o 150 breakout sessions, expert-level workshops, 50+ booths

o Presentations and demos of the latest product releases

o Unlimited peer-to-peer networking w/ 1400+ attendees

Micro Focus Universe EuropeMarch 17 – 19World ForumThe Hague, Netherlands

Micro Focus Universe North AmericaMay 19 – 21JW MarriottSan Antonio, Texas

REGISTER TODAY!

6

Session Schedule

Date Solution Play Topic Speaker

FY Q219

10/23/19 Security Operations Logger demo Will Willoughby

10/17/19 Data Security, Privacy, & GovernanceVoltage: Building on a history of innovation

Phil Sewell

FY Q120

11/07/19 Identity & Access Management Securing identities & data Shaddy Zayour

11/19/19 Application Security New Fortify release Diogo Rispoli

12/17/19 Security Operations TBD Will Willoughby

01/16/19 Data Security, Privacy, & Governance TBD TBD

Securing identities and data within your enterpriseTech Focus Virtual User Group: Identity and Access Management

Shaddy Zayour

Pre-sales Engineer, Identity & Access Management

Micro Focus

8

Identity & Access Governance

Shaddy ZayourShaddy.Zayour@microfocus.com

Securing identities and data within your enterprise

Who’s the target?

Anyone interested in managing risk associated with applications & unstructured data

Agenda

▪ Why Identity and Access Governance?

▪ Solution Overview

▪ Governance Demo

Identity

▪ Governance of Unstructured Data used to be managed as separate challenges within organizations

Data Management

Identity & Access

Management (IAM)

Identity Governance & Administration

(IGA)

Data Access Governance

(DAG)

File Analysis (FA)

Structured Data – 20%

What is Happening in the Market

Unstructured Data – 80%

Information Lifecycle

Management (ILM)

Identity

▪ Today Governance of Unstructured Data is converging to a position connected with IAM/IGA

Identity & Access

Management (IAM)

Identity Governance & Administration

(IGA)

Data Access Governance

(DAG)

File Analysis (FA)

What is Happening in the Market

Data Management

Unstructured Data – 80%Structured Data – 20%

Information Lifecycle

Management (ILM)

Governing Data Access

▪ Identity / Role

▪ Security

▪ Attestation

▪ Certification

▪ Risk Mitigation

Governing Data

▪ Location

▪ Disposition

▪ Efficiency

▪ Optimization

▪ Content

What’s the Difference?

Identity

Identity & Access

Management (IAM)

Identity Governance & Administration

(IGA)

Data Access Governance

(DAG)

File Analysis (FA)

Convergence

Information Lifecycle

Management (ILM)

Data Management

14

So how do we meld these two practices together?

DATA GOVERNANCE & PROTECTIONControl Point

Content ManagerStructured Data Manager

File DynamicsFile Reporter

APPLICATION SECURITYFortify Suite

IDENTITY & ACCESS MANAGEMENTNetIQ Products Suite ENDPOINT SECURITY

ZENworks Suite

SECURITY OPERATIONSArcSight

ANALYTICS & MACHINE LEARNINGVerticaIDOL

INFORMATION ARCHIVINGRetainDigital Safe

Security, Risk, & GovernanceMicro Focus Portfolio

APPLICATION SECURITY

Fortify Suite

DATA GOVERNANCE & PROTECTIONControl Point

Content ManagerStructured Data Manager

File DynamicsFile Reporter

APPLICATION SECURITYFortify Suite

IDENTITY & ACCESS MANAGEMENTNetIQ Products Suite ENDPOINT SECURITY

ZENworks Suite

SECURITY OPERATIONSArcSight

ANALYTICS & MACHINE LEARNINGVerticaIDOL

INFORMATION ARCHIVINGRetainDigital Safe

Security, Risk, & GovernanceMicro Focus Portfolio

Data Access GovernanceIdentity Manager

Identity Governance File DynamicsFile Reporter

APPLICATION SECURITY

Fortify Suite

Gain visibility into data access and

permissions

Quickly provision network storage &

access based on identity and role

Meet attestation requirements

through data access reviews

Visibility AutomationProtection Governance

Identity Manager

File Dynamics+ File

ReporterIdentity

Governance +File

Reporter

Automatically monitor, remediate and certify access to

high-risk data

Data Access GovernanceManaging Risks Associated with Unstructured Data

Identity-driven Data Governance

Provision Secure Folder

Identity and Role

Events in Directory Services trigger automation through policy on a lifecycle

File Dynamics

Engine

Identity Manager

Workflow & Approval

New Identity

EmployeesCustomers

Partners

Provision

Secure

ProtectHigh Risks Data

Automation

Policy

Monitor

Correct

Certify

Policy

Archive / Cleanup

Managing Risks Associated with Unstructured Data

Data Owner

File Dynamics

Data Access Governance

Provision Secure Folder

Identity and Role

Events in Directory Services trigger automation through policy on a lifecycle

File Dynamics

Engine

Identity Manager

Workflow & Approval

New Identity

EmployeesCustomers

Partners

Provision

Secure

ProtectHigh Risks Data

Policy

Monitor

Correct

Certify

Policy

Archive / Cleanup

File Reporter

Security Analysis

Managing Risks Associated with Unstructured Data

Data Owner

Automation

File Dynamics

Data Access Governance

Provision Secure Folder

Identity and Role

Events in Directory Services trigger automation through policy on a lifecycle

File Dynamics

Engine

Identity Manager

Workflow & Approval

New Identity

EmployeesCustomers

Partners

Provision

Secure

ProtectHigh Risks Data

Policy

Monitor

Correct

Certify

Policy

Archive / Cleanup

File Reporter

Security Analysis

Managing Risks Associated with Unstructured Data

Identity Governance

Business Level Access Reviews

Permissions Abstraction

• Application Entitlements

• Data Entitlements

Data Owner

Automation

File Dynamics

21

File Dynamics Policies Personal Collaborative

Set Permissions

Provision Folders / Content

Manage Quota

Manage Renames

Atlanta

Groups

Users

Computers

Provision Storage

ArchiveClean up

Active Directory

Delete User

Disabled User

Deferred Clean Up

File Management

MovesRole ChangesMigrations

Relationship BeginsEmployees,

Customers, Partners

Identity Manager

Monitor & Protect

Provision

SecureProtect

Monitor

File Dynamics Event Monitor

File Dynamics – Identity-driven Data Management

22

File Dynamics Policies Personal Collaborative

Set Permissions

Provision Folders / Content

Manage Quota

Manage Renames

Atlanta

Groups

Users

Computers

ArchiveClean up

Active Directory

Delete User

Disabled User

Deferred Clean Up

File Management

MovesRole ChangesMigrations

Relationship BeginsEmployees,

Customers, Partners

Identity Manager

Monitor & Protect

Provision

SecureProtect

Monitor

File Dynamics Event Monitor

Life-cycle Data Management / Automation

Provision Storage

Set Owner

23

Secure Projects

FD Secure Storage Policy

Head Quarters

Secure Project Form

Folder Name: Patent_XLocation: HQRead Access: Adam James, Sue Smith, etc.Write Access: Troy Davis, John Morgan, etc.

Create AD Groups

Add Members

Sub

mit

Approval

Audit Logs

Active Directory

HQ

Secure Projects

Patent_X

Patent Forms

Confidential

Identity Management and File Dynamics Use Case Secure Storage Provisioning and Access Governance

Identity Management

Engine

Event Monitor

File Dynamics

Agent

Server

Set Owner

24

Secure Projects

FD Secure Storage Policy

Patent_X-Read

Head Quarters

Secure Project Form

Patent_X-Write

Folder Name: Patent_XLocation: HQRead Access: Adam James, Sue Smith, etc.Write Access: Troy Davis, John Morgan, etc.

Create AD Groups

Add Members

Sub

mit

Approval

Audit Logs

Active Directory

HQ

Secure Projects

Patent_X

Patent Forms

Confidential

ajames

ssmith

tdavis

jmorgan

Identity Management and File Dynamics Use Case Secure Storage Provisioning and Access Governance

Identity Management

Engine

Event Monitor

File Dynamics

Agent

Server

Set OwnerProvision

25

Secure Projects

FD Secure Storage Policy

Patent_X-Read

Head Quarters

Secure Project Form

Patent_X-Write

Folder Name: Patent_XLocation: HQRead Access: Adam James, Sue Smith, etc.Write Access: Troy Davis, John Morgan, etc.

Create AD Groups

Add Members

Sub

mit

Approval

Audit Logs

Active Directory

HQ

Secure Projects

Patent_X

Patent Forms

Confidential

ajames

ssmith

tdavis

jmorgan

Identity Management and File Dynamics Use Case Secure Storage Provisioning and Access Governance

Identity Management

Engine

Event Monitor

File Dynamics

Agent

Patent_X-Read

Patent_X-Write

Set Permissions

Server

26

Secure Projects

FD Secure Storage Policy

Patent_X-Read

Secure Project Form

Patent_X-Write

Folder Name: Patent_XLocation: HQRead Access: Adam James, Sue Smith, etc.Write Access: Troy Davis, John Morgan, etc.

Create AD GroupsAdd Members

Sub

mit

Approval

Audit Logs

Active Directory

HQ

Secure Projects

Patent_X

Authorized Forms

Customer Files

ajames

ssmith

tdavis

jmorgan

Identity Management and File Dynamics Use Case Secure Storage Provisioning and Access Governance

PSecurity

Protection Policy

Identity Management

Groups

Users

Server

Head Quarters

27

Use IDM Workflows to Request Secure Folder

28

Use IDM Workflows to Request Secure Folder

Secure Storage Provisioning and Access Governance

Secure Storage Provisioning and Access Governance

Secure Storage Provisioning and Access Governance

Secure Storage Provisioning and Access Governance

Data Access Governance

Provision Secure Folder

Identity and Role

Events in Directory Services trigger automation through policy on a lifecycle

File Dynamics

Engine

Identity Governance

Business Level Access Reviews

Permissions Abstraction

Identity Manager

Workflow & Approval

New Identity

EmployeesCustomers

Partners

Provision

Secure

Protect

Policy

Monitor

Correct

Certify

Policy

Archive / Cleanup

File Reporter

Security Analysis

Managing Risks Associated with Unstructured Data

High Risks Data

Automation

File Dynamics

• Application Entitlements

• Data Entitlements

Direct Assignments

Access to Path(s)

Access for Identity

Permissions Abstraction

Data Age

File Extension

Duplicate File

Storage Cost

Owner

Directory Quota

Aggregate Reports

Historical Comparison

Volume Trends

File System Analysis Permissions Analysis

Custom Query Reports

File System

Security

SecurityMetadata

Metadata

Security

File Reporter Overview

Identity

Business Level Access Reviews

GovernancePermissions Abstraction

• Read• Write• Change Permissions

\\win-2012-r2.cctec.com\HQ

DescriptionThis report looks for any user that has direct permissions assigned to a folder on the network. Home folders managed by File Dynamics are excluded from this report.

Security ReportUsers with Direct Permissions to Folders

Users with Direct Permissions - Security Analysis ANALYSIS

36

Security ReportBroken Inheritance on Paths

Broken Inheritance – Security Analysis ANALYSIS

Data Access Governance

Secure Folder or Access Requests

Identity and Role

Events in Directory Services trigger automation through policy on a lifecycle

File Dynamics

Engine

Identity Manager

Workflow & Approval

New Identity

EmployeesCustomers

Partners

Provision

Secure

ProtectHigh Risks Data

Policy

Monitor

Correct

Certify

Policy

Archive / Cleanup

File Reporter

Security Analysis

Managing Risks Associated with Unstructured Data

Identity Governance

Business Level Access Reviews

Permissions Abstraction

• Application Entitlements

• Data Entitlements

Data Owner

File Dynamics

Automation

38

Notification

Notify data owners of security changes

Lockdown

Security is not allowed to change.

Fencing

Security is allowed to follow a free-flow evolution over

time, but within limits

File DynamicsMonitor and Protect Unstructured Data

39

File Dynamics Lockdown Policy

Finance

DirectIndirect

Group(Role)

User(Identity)

ELR

MELRW

Scan / MonitorPermission (Entitlement)

Membership (Assignment)

Policy Engine

Lockdown Policy

Data Owner

Security Changes Database

Tue 5/7/2019 … Alert: Security Change to Finance

Wed 5/8/2019 … Alert: Security Change to Finance

Thu 5/9/2019 … Alert: Security Change to Finance

Inbox

Sent

Drafts

Favorites

3

40

File Dynamics Fencing PolicyActive Directory

Marketing

Campaigns

Research

London

Specialists

Bob

Sue

Sally

cctec.org

HQ

Finance

Auditors

Budget

Project X

Jin Ling

Karen

Judy

Web Team

Finance

Juan

Groups

Legal

Oversight

Contracts

Compliance

P

Users

SEC Filings

Project X

Customers

Martina

Veronica

Francisco

NYC

Groups

Users

Policy

Groups

Users

Data Owner

41

Data Owner - Security Change Notifications

42

Data Owner - Security Change Details

Governance Demo

43

Data Access Governance

Secure Folder or Access Requests

Identity and Role

Events in Directory Services trigger automation through policy on a lifecycle

File Dynamics

Engine

Identity Manager

Workflow & Approval

New Identity

EmployeesCustomers

Partners

Provision

Secure

ProtectHigh Risks Data

Policy

Monitor

Correct

Certify

Policy

Archive / Cleanup

File Reporter

Security Analysis

Managing Risks Associated with Unstructured Data

Identity Governance

Business Level Access Reviews

Permissions Abstraction

• Application Entitlements

• Data Entitlements

Data Owner

File Dynamics

Automation

Conclusion

45

Gain visibility into data access and

permissions

Quickly provision network storage &

access based on identity and role

Meet attestation requirements

through data access reviews

Visibility AutomationProtection Governance

Identity Manager

File Dynamics+ File

ReporterIdentity

Governance +File

Reporter

Automatically monitor, remediate and certify access to

high-risk data

Data Access GovernanceManaging Risks Associated with Unstructured Data

Questions?

THANK YOU

NEXT STEPS

shaddy.zayour@microfocus.com

CONTACT YOUR MICRO FOCUS REPRESENTATIVE FOR A DETAILED DISCUSSION