docThe Who, What, When, Where and Why of IAM
download 
Report Transcription
The Who, What, When, Where and Why of IAM
The Who, What, When, Where and Why of IAM Bob Bentley Product Management Director October 2014 It’s a Jungle Out There IAM is more than just provisioning user accounts and managing access to web pages 2 © 2014 NetIQ Corporation. All rights reserved. Identity and Access Management (IAM) Key technologies to drive your digital business “Identity and access management (IAM) is the security, risk management and business discipline that enables the right individuals to have access to the right resources, at the right time, for the right reasons, enabling desired business outcomes.” - Gartner, May 23, 2014, “Roundup of Identity and Access Management Research, 1Q14”, Ant Allen & Neil Wynne 3 © 2014 NetIQ Corporation. All rights reserved. The Modern IT Challenge Empowered 4 New Expectations © 2014 NetIQ Corporation. All rights reserved. What Users Want Use Cloud/SaaS Apps • • • • • 5 Agility Autonomy Simplification Productivity Cost reduction © 2014 NetIQ Corporation. All rights reserved. Problem Access to SaaS SaaS Audit logs / Compliance Security No Access logs Manual process (“Shadow IT”) Corporate credentials in the cloud No strong authentication Cost IT Department Business user experience Business flexibility No single sign-on Business Users 6 © 2014 NetIQ Corporation. All rights reserved. What Users Want Access from Mobile • • • 7 © 2014 NetIQ Corporation. All rights reserved. Easy, straightforward access From any place/time/device To mission critical apps – New SaaS apps – Existing enterprise apps Problem Access from Mobile Organization Apps MDM Mobile Security • BYOD = no MDM • • Users store corporate passwords on their device Most SaaS apps are mobile friendly… • But what about the organization’s existing apps? (The large majority of apps used) • Users resist VPN on mobile • 8 Mobile for more than SaaS What happens when one is lost/stolen? © 2014 NetIQ Corporation. All rights reserved. The Power of Mobile Research and Thoughts from Gartner “Mobility fundamentally changes how people work and the pace at which decisions are made." “People need to think differently about security when it comes to mobility.” “If security makes mobile technology unattractive to use, then security will be left by the wayside, not the mobile technology.” Source: Gartner, “Insights Into Mobile Security From Field Research”, Eric Maiwald, Analyst. Feb 2014. 9 © 2014 NetIQ Corporation. All rights reserved. What Users Want Tie Into Social Media • • • • • 10 © 2014 NetIQ Corporation. All rights reserved. Easier to authenticate Fewer credentials to remember Less ID Information available to thieves and hackers Sites know something about me already Easy to share my experience with other people Problem Social Media Authentication LOTS of users out there… • • Billions of users are hard to ignore They expect to be able to access your web resources But how do you do it? • • • 11 © 2014 NetIQ Corporation. All rights reserved. Not easy to connect to social networks without customization Little information available about the user How do you easily manage what they should get access to? The Changing State of IAM Leveraging new innovations to drive your digital business Current State CRM ERP HR File Store Office Apps Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Access Management Tool Intranet Experience w/ Single Sign-on 13 © 2014 NetIQ Corporation. All rights reserved. The Changing State of IAM Leveraging new innovations to drive your digital business Current State Cloud Computing CRM ERP HR File Store Office Apps Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Access Management Tool Intranet Experience w/ Single Sign-on 14 © 2014 NetIQ Corporation. All rights reserved. The Changing State of IAM Leveraging new innovations to drive your digital business Current State Cloud Computing CRM ERP HR File Store Office Apps Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Access Management Tool Mobile Computing 15 © 2014 NetIQ Corporation. All rights reserved. The Changing State of IAM Leveraging new innovations to drive your digital business Current State Cloud Computing ERP Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Access Management Tool How do I deliver Single Sign-on across my new enterprise reality? Mobile Computing 16 © 2014 NetIQ Corporation. All rights reserved. The Changing State of IAM Leveraging new innovations to drive your digital business Current State Cloud Computing ERP Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Access Management Tool There a lot more web applications than SaaS applications – how can I deliver them to mobile devices – company and BYOD? Mobile Computing 17 © 2014 NetIQ Corporation. All rights reserved. The Changing State of IAM Leveraging new innovations to drive your digital business Current State ERP Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Access Management Tool 18 © 2014 NetIQ Corporation. All rights reserved. The Changing State of IAM Leveraging new innovations to drive your digital business Current State ERP Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Access Management Tool 19 © 2014 NetIQ Corporation. All rights reserved. Ultimate Challenge for IT Going Forward Match the speed of business vs. mitigating risks AGILITY & AUTONOMY CONTROL & COMPLIANCE “We have brakes on our cars not so that we can stop, but so that we can go fast” – Sara Gates 20 © 2014 NetIQ Corporation. All rights reserved. Case Study: Modern IAM challenge at Attachmate Group “Extending Access Management to BYOD Users” The Attachmate Group Information Technology • Shared resource among the 4 business units • Serves 5,000+ regular employees and contractors • Provides two main employee portals • 22 – Legacy innerweb site – New intranet portal Employee access governed by NetIQ technologies – eDirectory – Identity Manager – Access Manager © 2014 NetIQ Corporation. All rights reserved. Access Manager Securing Our Applications • 23 Protects 250+ applications – In house – COTS – SaaS • Multiple authentication methods • Hundreds of policies • Keystone of employee web access • Significant investment © 2014 NetIQ Corporation. All rights reserved. Mobile Adoption • • Two types of mobile – Corporate owned – Bring your own device (BYOD) Variety of vendors and OS – 24 Apple iOS (57%), Android (26%), Others (17%) • Employees want to use mobile for work tasks • Key business driver was mobile Salesforce.com access for worldwide field organization © 2014 NetIQ Corporation. All rights reserved. Access from Mobile Devices • • 25 Benefits – Bring anywhere – Productivity – Collaboration Challenges – Typing – Navigation on desktop oriented sites – Security © 2014 NetIQ Corporation. All rights reserved. Our Solution 26 CloudAccess • NetIQ CloudAccess 2.1 • Integrated into existing access management infrastructure • Employees have mobile SSO access to key enterprise applications and SaaS • Advanced authentication option © 2014 NetIQ Corporation. All rights reserved. Solution Benefits Using CloudAccess • Typing – • • 27 Persistent login Navigation – Mobile portal with one touch SSO AppMarks – Favorites page for iOS – Widgets for Android Security – Activity based PIN – Password is never stored on the device – Remote deactivation by employee or administrator © 2014 NetIQ Corporation. All rights reserved. CloudAccess CloudAccess at Attachmate Group CloudAccess 28 © 2014 NetIQ Corporation. All rights reserved. CloudAccess Takeaways • • 29 Integration – Relatively easy – No major changes to infrastructure Solution – Actively used by Attachmate Group – Solves real business problems – Enhanced productivity © 2014 NetIQ Corporation. All rights reserved. NetIQ CloudAccess What is CloudAccess? 31 • CloudAccess is an integrated identity and access management (IAM) appliance solution. • It delivers what business users want—easy access to SaaS, web and even native mobile apps, and freedom to use mobile devices— without the compromises. • CloudAccess can run on its own or enhance existing IAM solutions. © 2014 NetIQ Corporation. All rights reserved. Solution CloudAccess Access from Mobile SaaS Audit logs / Compliance Access logs Automated process Cost Corporate credentials secured Multi-factor authentication Single sign-on Smart mobile support Security IT Department Business user experience Business flexibility Business Users 32 © 2014 NetIQ Corporation. All rights reserved. How Does CloudAccess Work? User is presented with a customized view of available applications, on the device being used CloudAccess User launches and authenticates to CloudAccess from mobile, laptop or desktop 33 © 2014 NetIQ Corporation. All rights reserved. CloudAccess validates user’s login with the on-site corporate user store (AD, eDirectory or database) How Does CloudAccess Work? You can also make CloudAccess available to external users to give them access to what they need User launches apps with one touch Customers My Organization CloudAccess Employees, Contractors Provisioning & SSO User enjoys immediate SSO access CloudAccess can also handle provisioning of user accounts, if the target app requires it Organization Apps 34 SSO Partners © 2014 NetIQ Corporation. All rights reserved. What about Securing Sensitive Apps? CloudAccess can require multi-factor authentication using a variety of methods User launches apps with one touch, just like always My Organization CloudAccess Provisioning & SSO ! Employees, Contractors SSO ! Organization Apps 35 ! © 2014 NetIQ Corporation. All rights reserved. User is allowed access after successfully authenticating Key Features Modern End-User Experience – One-touch SSO access to SaaS, web and native mobile apps – No credentials ever leave the enterprise – Choice of device (iOS, Android or desktop browser) – Supports multi-factor authentication – Security hardened appliance with automated update channel to stay current – BYOID support (Facebook, Google, LinkedIn, etc.) Performance, Scalability & Reliability – 36 High Security Handles hundreds of authentications per second under sustained load – Scalable to 50k+ users per cluster – Clustering support for failover and disaster recovery © 2014 NetIQ Corporation. All rights reserved. Fast and Easy Setup & Management – Large catalog of pre-made connectors – Existing directory or database groups define access privileges – Simple mobile enrollment/management – Only requires typical administrator skills—not specialized consultants Customer Benefits • – SaaS/cloud – Internal web – Native mobile apps SaaS • Enables secure access from mobile devices • Protects sensitive apps with multi-factor authentication • Support for all kinds of users • 37 Powerful and secure SSO to all kinds of apps – Internal users (employees, contractors) – Partner organization users (suppliers, distributors) – External users (customers, citizens, students) Fast and easy setup and management © 2014 NetIQ Corporation. All rights reserved. How is this better than competitive IDaaS solutions? Several startups have begun selling cloud-hosted IAM solutions (“IDaaS”), offering SSO with quick time-to-value CloudAccess brings the same benefits, but adds more… The CloudAccess Difference: • Your corporate credentials never leave the enterprise – • • 38 Cloud-hosted competitors require copying or creating separate credentials CloudAccess easily integrates with on-premise resources – Identity Management, Access Management – Databases, directories, applications You own CloudAccess—much lower cost over time © 2014 NetIQ Corporation. All rights reserved. How does it integrate with IAM solutions? • CloudAccess can be easily added to your existing IAM to bring significant new capabilities your users need without disrupting what you already have • Add-on to Access Management • – Provides a convenient mobile or desktop “SSO launchpad” for applications protected by web access management – Easily extends on-premise access management to cloud/SaaS application targets – Adds BYOID capabilities for external users Add-on to Identity Management – 39 Adds SSO access from desktop or mobile devices to resources provisioned through identity management © 2014 NetIQ Corporation. All rights reserved. New in CloudAccess v2.1 41 • SSO to any cloud or web application • Multi-factor authentication – OTP included – Optional NAAF integration for many more methods • Mobile app available for Android • SSO to native mobile apps • Support for self-registering external users • Updated UI, can be branded by customer • New identity sources supported: JDBC, Federated partner © 2014 NetIQ Corporation. All rights reserved. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. Copyright © 2014 NetIQ Corporation. All rights reserved. ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other countries.
