Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
Welcome!Tech Focus Virtual User Group: Identity and Access Management
Carole Mazzei
U.S. Territory & Partner Marketing Manager, Security
Micro Focus
2
Tech Focus SRG Virtual User Groups Overview
• New series of virtual user groups focused on Micro Focus security, risk and governance solutions
• Meetings are held quarterly and cover our core focus areas:
o Security Operations
o Data Security, Privacy, and Governance
o Identity & Access Management
o Application Security
• This series complements:
o Micro Focus Cybersecurity Summits – Technical Deep Dives & Technical Advisory Boards
o Micro Focus (F2F) Fortify User Groups
o Micro Focus On-line Communities
o Micro Focus Universe coming soon! – Technical Deep Dives
3
Tech Focus SRG Virtual User Groups Overview cont’d.
• Platform for you to collaborate, share feedback, ask questions, and make suggestions
• Interactive discussions with Micro Focus technical experts, as well as, customer subject matter experts
• Participate polling
• It’s not about what “we” think you want…it’s about what “you” want!
o We want to hear from you!
▪ Format, topics, length, frequency
o Volunteer to speak!
Feedback, suggestions, volunteer to speak: [email protected]
https://community.microfocus.com/t5/Identity-Manager/ct-p/IDM
4
Get Connected!
▪ Connect with peers and share your knowledge
▪ Find solutions and answers to your technical questions
▪ Stay informed on new releases and product enhancements
▪ Access downloads, demos, videos and support tips
Micro Focus Identity Manager Online Community
5
Micro Focus Universe 2020
• One all-inclusive event! Tracks will include:
o Application Delivery
o Application Modernization & Connectivity
o Collaboration Solutions
o IT Operations Management, and
o Security, Risk & Governance
• Learn about the entire Micro Focus portfolio
o 20 Dive deep technical workshops!
o 150 breakout sessions, expert-level workshops, 50+ booths
o Presentations and demos of the latest product releases
o Unlimited peer-to-peer networking w/ 1400+ attendees
Micro Focus Universe EuropeMarch 17 – 19World ForumThe Hague, Netherlands
Micro Focus Universe North AmericaMay 19 – 21JW MarriottSan Antonio, Texas
REGISTER TODAY!
6
Session Schedule
Date Solution Play Topic Speaker
FY Q219
10/23/19 Security Operations Logger demo Will Willoughby
10/17/19 Data Security, Privacy, & GovernanceVoltage: Building on a history of innovation
Phil Sewell
FY Q120
11/07/19 Identity & Access Management Securing identities & data Shaddy Zayour
11/19/19 Application Security New Fortify release Diogo Rispoli
12/17/19 Security Operations TBD Will Willoughby
01/16/19 Data Security, Privacy, & Governance TBD TBD
Securing identities and data within your enterpriseTech Focus Virtual User Group: Identity and Access Management
Shaddy Zayour
Pre-sales Engineer, Identity & Access Management
Micro Focus
8
Identity & Access Governance
Shaddy [email protected]
Securing identities and data within your enterprise
Who’s the target?
Anyone interested in managing risk associated with applications & unstructured data
Agenda
▪ Why Identity and Access Governance?
▪ Solution Overview
▪ Governance Demo
Identity
▪ Governance of Unstructured Data used to be managed as separate challenges within organizations
Data Management
Identity & Access
Management (IAM)
Identity Governance & Administration
(IGA)
Data Access Governance
(DAG)
File Analysis (FA)
Structured Data – 20%
What is Happening in the Market
Unstructured Data – 80%
Information Lifecycle
Management (ILM)
Identity
▪ Today Governance of Unstructured Data is converging to a position connected with IAM/IGA
Identity & Access
Management (IAM)
Identity Governance & Administration
(IGA)
Data Access Governance
(DAG)
File Analysis (FA)
What is Happening in the Market
Data Management
Unstructured Data – 80%Structured Data – 20%
Information Lifecycle
Management (ILM)
Governing Data Access
▪ Identity / Role
▪ Security
▪ Attestation
▪ Certification
▪ Risk Mitigation
Governing Data
▪ Location
▪ Disposition
▪ Efficiency
▪ Optimization
▪ Content
What’s the Difference?
Identity
Identity & Access
Management (IAM)
Identity Governance & Administration
(IGA)
Data Access Governance
(DAG)
File Analysis (FA)
Convergence
Information Lifecycle
Management (ILM)
Data Management
14
So how do we meld these two practices together?
DATA GOVERNANCE & PROTECTIONControl Point
Content ManagerStructured Data Manager
File DynamicsFile Reporter
APPLICATION SECURITYFortify Suite
IDENTITY & ACCESS MANAGEMENTNetIQ Products Suite ENDPOINT SECURITY
ZENworks Suite
SECURITY OPERATIONSArcSight
ANALYTICS & MACHINE LEARNINGVerticaIDOL
INFORMATION ARCHIVINGRetainDigital Safe
Security, Risk, & GovernanceMicro Focus Portfolio
APPLICATION SECURITY
Fortify Suite
DATA GOVERNANCE & PROTECTIONControl Point
Content ManagerStructured Data Manager
File DynamicsFile Reporter
APPLICATION SECURITYFortify Suite
IDENTITY & ACCESS MANAGEMENTNetIQ Products Suite ENDPOINT SECURITY
ZENworks Suite
SECURITY OPERATIONSArcSight
ANALYTICS & MACHINE LEARNINGVerticaIDOL
INFORMATION ARCHIVINGRetainDigital Safe
Security, Risk, & GovernanceMicro Focus Portfolio
Data Access GovernanceIdentity Manager
Identity Governance File DynamicsFile Reporter
APPLICATION SECURITY
Fortify Suite
Gain visibility into data access and
permissions
Quickly provision network storage &
access based on identity and role
Meet attestation requirements
through data access reviews
Visibility AutomationProtection Governance
Identity Manager
File Dynamics+ File
ReporterIdentity
Governance +File
Reporter
Automatically monitor, remediate and certify access to
high-risk data
Data Access GovernanceManaging Risks Associated with Unstructured Data
Identity-driven Data Governance
Provision Secure Folder
Identity and Role
Events in Directory Services trigger automation through policy on a lifecycle
File Dynamics
Engine
Identity Manager
Workflow & Approval
New Identity
EmployeesCustomers
Partners
Provision
Secure
ProtectHigh Risks Data
Automation
Policy
Monitor
Correct
Certify
Policy
Archive / Cleanup
Managing Risks Associated with Unstructured Data
Data Owner
File Dynamics
Data Access Governance
Provision Secure Folder
Identity and Role
Events in Directory Services trigger automation through policy on a lifecycle
File Dynamics
Engine
Identity Manager
Workflow & Approval
New Identity
EmployeesCustomers
Partners
Provision
Secure
ProtectHigh Risks Data
Policy
Monitor
Correct
Certify
Policy
Archive / Cleanup
File Reporter
Security Analysis
Managing Risks Associated with Unstructured Data
Data Owner
Automation
File Dynamics
Data Access Governance
Provision Secure Folder
Identity and Role
Events in Directory Services trigger automation through policy on a lifecycle
File Dynamics
Engine
Identity Manager
Workflow & Approval
New Identity
EmployeesCustomers
Partners
Provision
Secure
ProtectHigh Risks Data
Policy
Monitor
Correct
Certify
Policy
Archive / Cleanup
File Reporter
Security Analysis
Managing Risks Associated with Unstructured Data
Identity Governance
Business Level Access Reviews
Permissions Abstraction
• Application Entitlements
• Data Entitlements
Data Owner
Automation
File Dynamics
21
File Dynamics Policies Personal Collaborative
Set Permissions
Provision Folders / Content
Manage Quota
Manage Renames
Atlanta
Groups
Users
Computers
Provision Storage
ArchiveClean up
Active Directory
Delete User
Disabled User
Deferred Clean Up
File Management
MovesRole ChangesMigrations
Relationship BeginsEmployees,
Customers, Partners
Identity Manager
Monitor & Protect
Provision
SecureProtect
Monitor
File Dynamics Event Monitor
File Dynamics – Identity-driven Data Management
22
File Dynamics Policies Personal Collaborative
Set Permissions
Provision Folders / Content
Manage Quota
Manage Renames
Atlanta
Groups
Users
Computers
ArchiveClean up
Active Directory
Delete User
Disabled User
Deferred Clean Up
File Management
MovesRole ChangesMigrations
Relationship BeginsEmployees,
Customers, Partners
Identity Manager
Monitor & Protect
Provision
SecureProtect
Monitor
File Dynamics Event Monitor
Life-cycle Data Management / Automation
Provision Storage
Set Owner
23
Secure Projects
FD Secure Storage Policy
Head Quarters
Secure Project Form
Folder Name: Patent_XLocation: HQRead Access: Adam James, Sue Smith, etc.Write Access: Troy Davis, John Morgan, etc.
Create AD Groups
Add Members
Sub
mit
Approval
Audit Logs
Active Directory
HQ
Secure Projects
Patent_X
Patent Forms
Confidential
Identity Management and File Dynamics Use Case Secure Storage Provisioning and Access Governance
Identity Management
Engine
Event Monitor
File Dynamics
Agent
Server
Set Owner
24
Secure Projects
FD Secure Storage Policy
Patent_X-Read
Head Quarters
Secure Project Form
Patent_X-Write
Folder Name: Patent_XLocation: HQRead Access: Adam James, Sue Smith, etc.Write Access: Troy Davis, John Morgan, etc.
Create AD Groups
Add Members
Sub
mit
Approval
Audit Logs
Active Directory
HQ
Secure Projects
Patent_X
Patent Forms
Confidential
ajames
ssmith
tdavis
jmorgan
Identity Management and File Dynamics Use Case Secure Storage Provisioning and Access Governance
Identity Management
Engine
Event Monitor
File Dynamics
Agent
Server
Set OwnerProvision
25
Secure Projects
FD Secure Storage Policy
Patent_X-Read
Head Quarters
Secure Project Form
Patent_X-Write
Folder Name: Patent_XLocation: HQRead Access: Adam James, Sue Smith, etc.Write Access: Troy Davis, John Morgan, etc.
Create AD Groups
Add Members
Sub
mit
Approval
Audit Logs
Active Directory
HQ
Secure Projects
Patent_X
Patent Forms
Confidential
ajames
ssmith
tdavis
jmorgan
Identity Management and File Dynamics Use Case Secure Storage Provisioning and Access Governance
Identity Management
Engine
Event Monitor
File Dynamics
Agent
Patent_X-Read
Patent_X-Write
Set Permissions
Server
26
Secure Projects
FD Secure Storage Policy
Patent_X-Read
Secure Project Form
Patent_X-Write
Folder Name: Patent_XLocation: HQRead Access: Adam James, Sue Smith, etc.Write Access: Troy Davis, John Morgan, etc.
Create AD GroupsAdd Members
Sub
mit
Approval
Audit Logs
Active Directory
HQ
Secure Projects
Patent_X
Authorized Forms
Customer Files
ajames
ssmith
tdavis
jmorgan
Identity Management and File Dynamics Use Case Secure Storage Provisioning and Access Governance
PSecurity
Protection Policy
Identity Management
Groups
Users
Server
Head Quarters
27
Use IDM Workflows to Request Secure Folder
28
Use IDM Workflows to Request Secure Folder
Secure Storage Provisioning and Access Governance
Secure Storage Provisioning and Access Governance
Secure Storage Provisioning and Access Governance
Secure Storage Provisioning and Access Governance
Data Access Governance
Provision Secure Folder
Identity and Role
Events in Directory Services trigger automation through policy on a lifecycle
File Dynamics
Engine
Identity Governance
Business Level Access Reviews
Permissions Abstraction
Identity Manager
Workflow & Approval
New Identity
EmployeesCustomers
Partners
Provision
Secure
Protect
Policy
Monitor
Correct
Certify
Policy
Archive / Cleanup
File Reporter
Security Analysis
Managing Risks Associated with Unstructured Data
High Risks Data
Automation
File Dynamics
• Application Entitlements
• Data Entitlements
Direct Assignments
Access to Path(s)
Access for Identity
Permissions Abstraction
Data Age
File Extension
Duplicate File
Storage Cost
Owner
Directory Quota
Aggregate Reports
Historical Comparison
Volume Trends
File System Analysis Permissions Analysis
Custom Query Reports
File System
Security
SecurityMetadata
Metadata
Security
File Reporter Overview
Identity
Business Level Access Reviews
GovernancePermissions Abstraction
• Read• Write• Change Permissions
\\win-2012-r2.cctec.com\HQ
DescriptionThis report looks for any user that has direct permissions assigned to a folder on the network. Home folders managed by File Dynamics are excluded from this report.
Security ReportUsers with Direct Permissions to Folders
Users with Direct Permissions - Security Analysis ANALYSIS
36
Security ReportBroken Inheritance on Paths
Broken Inheritance – Security Analysis ANALYSIS
Data Access Governance
Secure Folder or Access Requests
Identity and Role
Events in Directory Services trigger automation through policy on a lifecycle
File Dynamics
Engine
Identity Manager
Workflow & Approval
New Identity
EmployeesCustomers
Partners
Provision
Secure
ProtectHigh Risks Data
Policy
Monitor
Correct
Certify
Policy
Archive / Cleanup
File Reporter
Security Analysis
Managing Risks Associated with Unstructured Data
Identity Governance
Business Level Access Reviews
Permissions Abstraction
• Application Entitlements
• Data Entitlements
Data Owner
File Dynamics
Automation
38
Notification
Notify data owners of security changes
Lockdown
Security is not allowed to change.
Fencing
Security is allowed to follow a free-flow evolution over
time, but within limits
File DynamicsMonitor and Protect Unstructured Data
39
File Dynamics Lockdown Policy
Finance
DirectIndirect
Group(Role)
User(Identity)
ELR
MELRW
Scan / MonitorPermission (Entitlement)
Membership (Assignment)
Policy Engine
Lockdown Policy
Data Owner
Security Changes Database
Tue 5/7/2019 … Alert: Security Change to Finance
Wed 5/8/2019 … Alert: Security Change to Finance
Thu 5/9/2019 … Alert: Security Change to Finance
Inbox
Sent
Drafts
Favorites
3
40
File Dynamics Fencing PolicyActive Directory
Marketing
Campaigns
Research
London
Specialists
Bob
Sue
Sally
cctec.org
HQ
Finance
Auditors
Budget
Project X
Jin Ling
Karen
Judy
Web Team
Finance
Juan
Groups
Legal
Oversight
Contracts
Compliance
P
Users
SEC Filings
Project X
Customers
Martina
Veronica
Francisco
NYC
Groups
Users
Policy
Groups
Users
Data Owner
41
Data Owner - Security Change Notifications
42
Data Owner - Security Change Details
Governance Demo
43
Data Access Governance
Secure Folder or Access Requests
Identity and Role
Events in Directory Services trigger automation through policy on a lifecycle
File Dynamics
Engine
Identity Manager
Workflow & Approval
New Identity
EmployeesCustomers
Partners
Provision
Secure
ProtectHigh Risks Data
Policy
Monitor
Correct
Certify
Policy
Archive / Cleanup
File Reporter
Security Analysis
Managing Risks Associated with Unstructured Data
Identity Governance
Business Level Access Reviews
Permissions Abstraction
• Application Entitlements
• Data Entitlements
Data Owner
File Dynamics
Automation
Conclusion
45
Gain visibility into data access and
permissions
Quickly provision network storage &
access based on identity and role
Meet attestation requirements
through data access reviews
Visibility AutomationProtection Governance
Identity Manager
File Dynamics+ File
ReporterIdentity
Governance +File
Reporter
Automatically monitor, remediate and certify access to
high-risk data
Data Access GovernanceManaging Risks Associated with Unstructured Data
Questions?
THANK YOU
NEXT STEPS
CONTACT YOUR MICRO FOCUS REPRESENTATIVE FOR A DETAILED DISCUSSION