Autenticazione e

Gestione delle Identità

Giacomo Aimasso – CISM – CISA

Identity & Access ManagementThe explosion of Digital IDsThe explosion of Digital IDs

Identity & Access ManagementInternet was built so that communications are anonymous:

• In-house networks use multiple, often mutually-incompatible, proprietary identity systems.• Users are incapable of handling multiple identities.• Criminals love to exploit this mess!

Regulation and Compliance:

• SOX, HIPAA, GLB, Basel II, 21 CFR Part 1 - $15.5 billion spent in 2005 on complianceBusiness Automation and Integration:• One half of all enterprises have SOA under development, • Web services spending growing 45%Increasing Threat Landscape:• Identity theft costs banks and credit card issuers $1.2 billion in 1 yr• $250 billion lost in 2004 from exposure of confidential infoMaintenance Costs Dominate IT Budget:• On average employees access 16 apps and systems, • Companies spend $20-30 per user/yr for PW resets

Trends impacting identityTrends impacting identity

AMR Research 2006

Identity & Access ManagementMultiple contextsMultiple contexts

Identity & Access ManagementLots of users and systems required to do business:– Multiple repositories of identity information; Multiple user IDs, multiple passwords– Decentralized management, ad hoc data sharing

Environment ComplexityEnvironment Complexity

Identity & Access ManagementPain pointsPain points

Identity & Access ManagementManagement of identity:• Provisioning/De-provisioning of accounts • Workflow automation • Delegated administration • Password Synchronization • Self-Service Password Reset

Directory Service:• Identity Repository (directory services for

administration of user account attributes) • Meta-data Replication/Synchronization

Can include Access Control (I&AM):• Policy based access control • Enterprise/Legacy Single Sign On (SSO) • Web Single Sign On (SSO) • Reduced Sign On

What is an Identity System?A system (processes, rules, applications, and services) that coordinates identity information held in disparate and scattered data sources.

The concept of Identity ManagementThe concept of Identity Management

• Employee info entered in HR

• Accounts provisioned to enterprise systems & applications

• Non-digital resources assigned and/or initiated

New UsersJoin Company

Change Events &User Support

Users DepartCompany

• Job/role/status changes

• Password changes and resets

• Personal profile information changes

• Additional requests for account access or non-digital resources

• Employee status updated in HR

• Account disabled & removed

• Non-digital resources retrieved and/or cancelled

DelegationWorkflow

Role management Rule & Policy Enforcement

ReportsAudit

Identity & Access ManagementWhat is Identity Management ? IDM COREWhat is Identity Management ? IDM CORE

USER OU

ROLE ACCOUNT

RESOURCE

PROFILES - GROUPS

GROUPS ofRESOURCESSW Inventory

HRMS

VISION

Identity & Access ManagementWhat is Identity Management ?What is Identity Management ?

IAM components

10

AdministerAdminister AuthenticateAuthenticate AuthorizeAuthorize

Identity Management(Administration)

Access Management(Real-Time Enforcement)

PhysicalResources Applications Databases Security

SystemsDirectories OperatingSystems

Identity Admin

Accounting(ITSM)

NAC

Alarm/Alerting

Authentication Infrastructure

Enterprise Reduced Sign-On

User Management

Account Provisioning

Metadirectory

Role Matrix Management

Enterprise Access Management

Federated Identity Management

AUDIT

COMPLIANCE

Il nostro approccio Metodologico Organizzativo Tecnologico

Identity & Access ManagementShort term Long term

Benefits of IAMBenefits of IAM

Save money and improve operational efficiency

Save money and improve operational efficiency

Improved time to deliver applications and service

Improved time to deliver applications and service

Enhance SecurityEnhance Security

Regulatory Compliance and AuditRegulatory Compliance and Audit

New ways of workingNew ways of working

Improved time to marketImproved time to market

Closer Supplier, Customer, Partner and Employee relationships

Closer Supplier, Customer, Partner and Employee relationships

Grazie

Giacomo Aimassog.aimasso@exoservice.it