Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA
description
Transcript of Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA
Autenticazione e
Gestione delle Identità
Giacomo Aimasso – CISM – CISA
Identity & Access ManagementThe explosion of Digital IDsThe explosion of Digital IDs
Identity & Access ManagementInternet was built so that communications are anonymous:
• In-house networks use multiple, often mutually-incompatible, proprietary identity systems.• Users are incapable of handling multiple identities.• Criminals love to exploit this mess!
Regulation and Compliance:
• SOX, HIPAA, GLB, Basel II, 21 CFR Part 1 - $15.5 billion spent in 2005 on complianceBusiness Automation and Integration:• One half of all enterprises have SOA under development, • Web services spending growing 45%Increasing Threat Landscape:• Identity theft costs banks and credit card issuers $1.2 billion in 1 yr• $250 billion lost in 2004 from exposure of confidential infoMaintenance Costs Dominate IT Budget:• On average employees access 16 apps and systems, • Companies spend $20-30 per user/yr for PW resets
Trends impacting identityTrends impacting identity
AMR Research 2006
Identity & Access ManagementMultiple contextsMultiple contexts
Identity & Access ManagementLots of users and systems required to do business:– Multiple repositories of identity information; Multiple user IDs, multiple passwords– Decentralized management, ad hoc data sharing
Environment ComplexityEnvironment Complexity
Identity & Access ManagementPain pointsPain points
Identity & Access ManagementManagement of identity:• Provisioning/De-provisioning of accounts • Workflow automation • Delegated administration • Password Synchronization • Self-Service Password Reset
Directory Service:• Identity Repository (directory services for
administration of user account attributes) • Meta-data Replication/Synchronization
Can include Access Control (I&AM):• Policy based access control • Enterprise/Legacy Single Sign On (SSO) • Web Single Sign On (SSO) • Reduced Sign On
What is an Identity System?A system (processes, rules, applications, and services) that coordinates identity information held in disparate and scattered data sources.
The concept of Identity ManagementThe concept of Identity Management
• Employee info entered in HR
• Accounts provisioned to enterprise systems & applications
• Non-digital resources assigned and/or initiated
New UsersJoin Company
Change Events &User Support
Users DepartCompany
• Job/role/status changes
• Password changes and resets
• Personal profile information changes
• Additional requests for account access or non-digital resources
• Employee status updated in HR
• Account disabled & removed
• Non-digital resources retrieved and/or cancelled
DelegationWorkflow
Role management Rule & Policy Enforcement
ReportsAudit
Identity & Access ManagementWhat is Identity Management ? IDM COREWhat is Identity Management ? IDM CORE
USER OU
ROLE ACCOUNT
RESOURCE
PROFILES - GROUPS
GROUPS ofRESOURCESSW Inventory
HRMS
VISION
Identity & Access ManagementWhat is Identity Management ?What is Identity Management ?
IAM components
10
AdministerAdminister AuthenticateAuthenticate AuthorizeAuthorize
Identity Management(Administration)
Access Management(Real-Time Enforcement)
PhysicalResources Applications Databases Security
SystemsDirectories OperatingSystems
Identity Admin
Accounting(ITSM)
NAC
Alarm/Alerting
Authentication Infrastructure
Enterprise Reduced Sign-On
User Management
Account Provisioning
Metadirectory
Role Matrix Management
Enterprise Access Management
Federated Identity Management
AUDIT
COMPLIANCE
Il nostro approccio Metodologico Organizzativo Tecnologico
Identity & Access ManagementShort term Long term
Benefits of IAMBenefits of IAM
Save money and improve operational efficiency
Save money and improve operational efficiency
Improved time to deliver applications and service
Improved time to deliver applications and service
Enhance SecurityEnhance Security
Regulatory Compliance and AuditRegulatory Compliance and Audit
New ways of workingNew ways of working
Improved time to marketImproved time to market
Closer Supplier, Customer, Partner and Employee relationships
Closer Supplier, Customer, Partner and Employee relationships
Grazie
Giacomo [email protected]