Upload
inframatix
View
37
Download
1
Tags:
Embed Size (px)
Citation preview
Courtesy of InfraMatix
http://www.IDMChecklist.com
The 4 Web Access Management
Problems that Lead to Regulatory Fines
The legislation reads, in part,
that a company must verify
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
“…company transactions are
properly authorized, recorded,
and reported according
to GAAP, and that assets
are safeguarded from
unauthorized use.”
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
The optimal word here is
“authorized”
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Web access management
tools, like Oracle Access
Manager or CA Single Sign-On,
check two items:
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Credentials
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Credentials are the user ID
and password
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Authorization
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Authorization is the process
of checking the user for
proper authority to access
the application
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
In identity management (IDM)
systems, this authorization
is usually driven by “roles”
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Roles are an abstraction
that sets the attributes, groups,
and DN (Distinguished Name)
of the user in LDAP (Lightweight
Directory Access Protocol)
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
or Active Directory
(e.g., title=VP; cn=banking;
ou=operations, dc=company,
dc=com)
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Web Access Management
Mistakes
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
There are two general areas
where a single sign-on,
web access system can
go wrong with regards
to granting access:
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
(1) problems in the access
management tool itself
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
(2) problems with user
provisioning
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Replication and Sync Issues
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
In a high-availability
environment, the web access
manager load balances
between LDAP or Active
Directory user stores
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
These can have latency issues
with replication
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
A change made in one server
might not make it to another
server for several hours
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Offboarding
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Any technical or procedural
problems with the IDM system
will leave people with access
they should not have
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Lack of a Common Approach
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
When the web access
manager is responsible for
authorization,
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
risks can be prevented unless
the policies in the access
manager are driven by roles
granted by an IDM system
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Proprietary Provisioning
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
If the web access manager
handles authorization for those,
then these ERP systems need
to replicate the roles in those
systems to the common
user store
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Bottom Line
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
The take away message here
is that a web access
management system should
be coupled with some kind of
IDM system in order to reduce
the kinds of errors listed above
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
and, ultimately, regulatory fines
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
This gives one system control
over the data used as the
source for web access
management
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
What is your experience
with web access
management products?
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Please share your thought
in the Comments box below.
Sponsored by http://www.IDMChecklist.com
Veera Sandiparthi Founder of InfraMatix
Copyright © InfraMatix
Is Your Company Adequately
Protected from Security Risks?
Download the Free
8 Point Identity Management
Checklist Now at
http://www.IDMChecklist.com