Identity and Access Management Playbook CISO Platform 2016
2 likes1,297 views
The document outlines a playbook for identity and access management (IAM) programs, detailing benefits, challenges, and key steps for successful implementation. It emphasizes the importance of aligning IAM initiatives with organizational needs, conducting readiness assessments, and building a strong business case to gain management buy-in. The playbook also highlights common pitfalls to avoid and provides guidance on technology evaluation and implementation strategies for access governance, single sign-on, and privileged identity management.
Identity and Access Management Playbook CISO Platform 2016
- 1. IDENTITY AND ACCESS MANAGEMENT PLAYBOOK DEEPAK SIMON IAM SOLUTION ADVISOR, CISO PLATFORM 2016 [email protected]
- 2. WHAT IS YOUR EXPERIENCE WITH IAM PROGRAMS Advantages Challenges Advise 2
- 3. PLAYBOOK FOR IAM PROJECTS Map Vision to a Specific Organizational Need or Pain Point Readiness Assessment and Planning Build a Business Case for Management Buy-in Technology and Product Evaluation Implementation Roadmap Avoid Common Pitfalls 3
- 4. BROAD CATEGORIES FOR DISCUSSION Access Governance and Identity Administration Access Certification, Centralized User Administration Single Sign-On Reduce Password Stress Privileged Identity Management Control and Track Shared Access 4
- 5. IDENTITY AND ACCESS GOVERNANCE Map Vision to a Specific Organizational Need or Pain Point Compliance – Auditor paints us in the red Knowing Who has access to What Readiness Assessment and Planning Who are the Users – Employees, Third Parties, Customers What are the current User Management Processes Where do applications reside – on-premise, cloud What effort is needed by Stakeholders TCO – Include effort by Stakeholders and benefit accruing to them Build a consensus with stakeholders Prioritize to ensure a positive first impression Who will drive the program, build an inclusive governance team 5
- 6. IDENTITY AND ACCESS GOVERNANCE Build a Business Case for Management Buy-in Start Small and show Incremental Business value Focus on Soft Benefits such a Productivity, Efficiency, Time Saved Show Hard Benefits as the IAM program Matures over time Identify high-quality stakeholders who will benefit Technology and Product Evaluation Be mindful of changing business processes and application landscape over the years Where do applications reside – on-premise, cloud Prefer extensible solutions that can be scaled up over time Should have availability of skilled and experienced resources in market OEM presence and support should be available in local geography 6
- 7. IDENTITY AND ACCESS GOVERNANCE Implementation Roadmap Prioritize Features and Applications on low cost, maximum impact Identify Early Adopters and use them as advocates Prepare a framework to categorize applications and adopters Avoid Common Pitfalls Lack of planning and prioritizing Overly ambitious in scope, scale and effort IT drives the project without stakeholder involvement and buy-in Trying to implement complex IAM technology on their own Reusing bad processes in new systems Product selection based only on license cost or free deals 7
- 8. SINGLE SIGN-ON Map Vision to a Specific Organizational Need or Pain Point User Convenience – Too Many Passwords to Remember Reducing the Helpdesk Cost Readiness Assessment and Planning Who are the Users – Employees, Third Parties, Customers Where do applications reside – on-premise, cloud, etc. What type of applications – WebApp, Thick, Terminal Access Mechanisms – Within Network, Outside Network What effort is needed by Stakeholders TCO – Include effort by Stakeholders and benefit accruing to them Build a consensus with stakeholders Prioritize to ensure a positive first impression 8
- 9. SINGLE SIGN-ON Build a Business Case for Management Buy-in Focus on Soft Benefits such a User Convenience Show Hard Benefits as savings on Helpdesk costs Identify high-quality stakeholders who will benefit Technology and Product Evaluation Be mindful of changing usage patterns of users over the years Extensible solutions that can be scaled up over time Should have availability of skilled and experienced resources in market OEM presence and support should be available in local geography 9
- 10. SINGLE SIGN-ON Implementation Roadmap Prioritize Applications and Features on low cost, maximum impact Identify Early Adopters and use them as advocates Prepare a framework to categorize applications and adopters Avoid Common Pitfalls Lack of planning and prioritizing Overly ambitious in scope, scale and effort IT drives the project without stakeholder involvement and buy-in Trying to implement complex IAM technology on their own Reusing bad processes in new systems Product selection based only on license cost or free deals 10
- 11. PRIVILEGED IDENTITY MANAGEMENT Map Vision to a Specific Organizational Need or Pain Point Compliance – Auditor paints us in the red Who is using Shared Id’s and What are they doing with it Readiness Assessment and Planning Identify the Users – Internal IT, Outsourced IT, OEM, Shadow IT Identify the Types of devices, servers and databases and how they are accessed TCO – Include effort by Stakeholders and benefit accruing to them Build a consensus with stakeholders Prioritize to ensure a positive first impression 11
- 12. PRIVILEGED IDENTITY MANAGEMENT Build a Business Case for Management Buy-in Focus on Compliance and Reducing Risk of Vendor/Third Party Access Show highly sensitive data at Risk of Breach Show Hard Benefits as savings on manual audit and forensics Technology and Product Evaluation Flexibility to accommodate variety of access mechanisms and remote access tools Storage requirements for data retention for audit purposes and features to minimize size of recordings What features are there to quickly search and playback point in time recording instead of viewing hours of recordings Are there features for real time alerting or blocking of high risk commands. Should have availability of skilled and experienced resources in market OEM presence and support should be available in local geography 12
- 13. PRIVILEGED IDENTITY MANAGEMENT Implementation Roadmap Prioritize High Risk devices, servers and databases Prioritize High Risk users Avoid Common Pitfalls Lack of planning and prioritizing Overly ambitious in scope, scale and effort IT drives the project without stakeholder involvement and buy-in Trying to implement complex IAM technology on their own Product selection based only on license cost or free deals 13
- 14. 14 AUJAS INFORMATION RISK SERVICES (AUJAS.COM) 400+ Customers served across 22 countries 340+ Employees globally with more than 190 specialists 290+ Certified employees across standards, technologies & industry certifications Aujas helps organizations manage information security risks by protecting data, software, people and identities in line with compliance requirements and best practices; we also help strengthen security governance and intelligence frameworks. Investors: • Seed Funding • IDG Ventures – Boston, MA • Series B Funding • IDG Ventures – Boston, MA • IvyCap Ventures – Bay Area, CA • RVCF - India Global Presence: