SlideShare a Scribd company logo
© 2014 IBM Corporation
IBM Security Systems
1© 2014 IBM Corporation
IBM Security Identity & Access Manager
Product Overview
Henrik Nelin Certified Security IT-Architect
henrik.nelin@se.ibm.com
January 2015
© 2014 IBM Corporation2
IBM Security Systems
2
Agenda
 Overview IBM Security IAM
 IBM Security Identity Manager
 IBM Security Privileged Identity
Manager
 IBM Security Identity Governance
 IBM Security Access Manager
 IBM Security IAM Cloud
IBM Security Framework
© 2014 IBM Corporation3
IBM Security Systems
Part of IBM’s comprehensive portfolio of security products
© 2014 IBM Corporation4
IBM Security Systems
Identity and Access Management (IAM)
Securing extended enterprise with Threat-aware Identity and Access Management
Deliver
actionable identity intelligence
Safeguard
mobile, cloud and social access
Simplify
cloud integrations and identity
silos
Prevent
advanced
insider threats
• Validate “who is who”
especially when users connect from
outside the enterprise
• Proactively enforce access
policies on web, social and mobile
collaboration channels
• Manage and audit privileged
access across the enterprise
• Defend applications and data
against unauthorized access
• Provide federated access to enable
secure online business collaboration
• Unify “Universe of Identities”
for efficient directory management
• Streamline identity management across all
security domains
• Manage and monitor user entitlements
and activities with security intelligence
4
© 2014 IBM Corporation5
IBM Security Systems
IBM Identity Management Product
IBM Security Identity Manager (ISIM)
© 2014 IBM Corporation6
IBM Security Systems
Addressing Customer Challenges
IBM Identity Management
Manage users and their access rights
• Securely enroll, manage and terminate user
profiles and access rights throughout lifecycle
• Flag expired accounts and role conflicts
Streamline user access to protected
resources
• Reduce costs and improve user productivity with
password management and single sign-on
• Support strong authentication devices for extra
security
Safeguard access in Cloud / SaaS
environments
• Monitor shared and privileged accounts to
manage risk
• Secure user single sign-on in cloud
environments
Address regulatory mandates
• Produce audit reports to demonstrate
compliance with security regulations
• Monitor, identify and correct security violations
© 2014 IBM Corporation7
IBM Security Systems
Identity Manager automates, audits, and remediates user access
rights across your IT infrastructure
Identity Manager
Identity
change
(add/del/mod)
HR Systems/
Identity Stores
Approvals
gathered
Accounts
updated
Accounts on 70+ different
types of systems managed.
Plus, In-House Systems &
portals
Databases
Operating
Systems
DatabasesDatabases
Operating
Systems
Operating
Systems
ApplicationsApplications
Networks &
Physical Access
Access
policy
evaluated
Detect and correct local privilege settings
Cost
Complexity
Compliance
Reduce Costs
• Self-service
password reset
• Automated user
provisioning
• Self-service
access request
Manage
Complexity
• Consistent
security policy
• Quickly integrate
new users & apps
Address
Compliance
• Closed-loop
provisioning
• Access rights
audit & reports
• Know the people behind
the accounts and why they
have the access they do
• Fix non-compliant accounts
• Automate user privileges
lifecycle across entire IT
infrastructure
• Match your workflow processes
© 2014 IBM Corporation
IBM Security Systems | Technical Sales Enablement
Identity Service Center UI
 Request Access
 View Access
 Approvals -
Manage Activities
 The launch page
for all Identity
activities
8
© 2014 IBM Corporation9
IBM Security Systems
Identity Service Center for business users: Access Request
© 2014 IBM Corporation10
IBM Security Systems
Simplified policy, workflow, and configuration reduces setup time
 Wizards helps users build:
• Approval workflows
• Request for Information
Nodes
• Email Nodes
• Adoption Policies
• Recertification Policies
• Identity Feeds
• Service Definitions
 No need for programming or
scripting for simple configuration
options
• Defaults to “simple”
configuration
• Toggle to “advanced”
option to meet complex
needs
© 2014 IBM Corporation11
IBM Security Systems
Centralized password management - enhances security and reduces help
desk costs
 Customer Challenge:
• High Help Desk costs to support employee
forgotten password requests
• Need to expire passwords regularly and
enforce password format for security
• Account breach may raise awareness of
weaknesses
 SIM solution:
• Self-service password management across all
systems
- Apply targeted or global password rules
- Verify compliance with target systems
• Password synchronization
- Propagate and intercept
• Challenge/response questions for forgotten
user ids and/or passwords
- User or site defined questions
- Email notification
• Integration with SAM E-SSO
- Desktop password reset/unlock at Windows
logon prompt
- Provisioning user access to SAM E-SSO
© 2014 IBM Corporation12
IBM Security Systems
Account reconciliation – enforcing access policy
 Customer Challenge:
• When employees leave or change jobs, their
application and system accounts are not
terminated
• Dormant and “orphan” accounts result in higher
license costs, and expose organization to
security breaches
• Compliance audit failure could result
 IBM Solution:
• SIM can automatically reconcile “known good”
SIM users to accounts on target applications
and systems.
• Orphan accounts are recognized and can be
automatically suspended.
 Benefit: accounts available only for valid users –
lower IT admin costs, improved security
Managed
Endpoint
(accounts)
SIM
Reconciliation
User repository
with approved privileges
© 2014 IBM Corporation13
IBM Security Systems
Access recertification - facilitates compliance
Customer challenge
• Compliance – ensuring account access remains updated and valid
IBM Security Identity Governance capabilities
• Attestation: Provides an access validation process to those who can responsibly and
accurately make that decision
• 3 types of recertification policies to validate continued need for resources
- Account recertification policies
• Account recertification policies target accounts on specific services
- Access recertification policies
• Access recertification policies target specific accesses (in decipherable terms, i.e. AD group
UK3g8saleww_R = sales pipeline portlet)
- User recertification policies
• A type of certification process that combines recertification of a user's role, account and group
membership into
a single activity
© 2014 IBM Corporation14
IBM Security Systems
Identity Management On-the-Go!
Identity Manager Mobile
 Native Android and iPhone
app/interface
 Allows business managers to review
and approve employee requests
• also view history/status
 Supports password change, forgotten
password reset
(with challenge/ response)
 Support for OAuth authentication
for Android and iOS applications
© 2014 IBM Corporation15
IBM Security Systems
Adapter portfolio: integration breadth and depth to achieve rapid value
Applications & Messaging
Blackberry Ent. Server
Cognos
Command line-based
applications
Documentum eServer
Google Apps
LDAP-based applications
Lotus Notes/Domino
Microsoft Lync
Microsoft Office365
Microsoft Sharepoint
Novell eDirectory
Novell Groupwise
Oracle E-Business Suite
Oracle PeopleTools
Rational Clearquest
Rational Jazz Server
Remedy
Salesforce.com
SAP GRC
SAP Netweaver
SAP AS Java
DB2/UDB
Oracle
MS SQL Server
Sybase
CA Top Secret
CA ACF2
Cisco UCM
Desktop Password
Reset Assistant
Entrust PKI
IBM Security Access Mgr.
IBM Security Access
Manager for ESSO
RACF zOS
RSA Authentication Mgr.
HP-UX
IBM AIX
IBM i/OS
Red Hat Linux
Solaris
Suse Linux
Windows Local
Approva BizRights
Citrix Pwd Mgr
Cryptovision PKI
ActivIdentity
Lawson
SecurIT R-Man
JD Edwards
Epic
Meditech
Tandem
BMC Remedy
Zimbra Mail
• Quickly integrate with
home-grown applications
• Easy wizard-driven
templates reduces
development time by 75%
• Requires fewer specialized
skills
Siebel
Windows AD/
Exchange
Fast, adaptable tooling for
custom Adapters
Broad Support for Prepackaged Adapters
Deep support, beyond a ‘check box’, for critical infrastructure and business applications
Applications and Messaging
Partner
Offered
Integrations
Databases
Operating SystemsAuthentication
and Security
Application adapter
Host adapter
Requires local adapter
© 2014 IBM Corporation16
IBM Security Systems
Cognos-based reporting system facilitates audit requirements
 Full Cognos Reporting capabilities included
• Report Administration
- Report scheduling
- Distribution via email (PDF) and URL
• Report customization
• Web-based Report Viewer
• Dashboards
16
© 2014 IBM Corporation17
IBM Security Systems
Identity Management
IBM Security Privileged Identity Manager (PIM)
© 2014 IBM Corporation18
IBM Security Systems
IBM Security Privileged Identity Manager
Centrally manage, audit and control shared identities across the enterprise
Key release highlights
 Control shared access to sensitive user IDs
– Check-in / check-out using secure credential vault
 Track usage of shared identities
– Provide accountability
 Automated password management
– Automated checkout of IDs, hide password from
requesting employee, automate password reset to
eliminate password theft
 Request, approve and re-validate privileged access
– Reduce risk, enhance compliance
 Optional Privileged Session Recorder
– Visual recording of privileged user activities with on
demand search and playback of stored recordings
 Optional Application ID governance
– Replace hardcoded and clear text embedded credentials
IBM security solution
 Privileged Identity Management (PIM) solution providing
complete identity management and enterprise single sign-on
capabilities for privileged users
Prevent advanced
insider threats
Databases
Admin
ID
Credential
VaultPrivileged
Session
Recorder
Pwd
PIM for Apps
IBM Security
Privileged Identity Manager
© 2014 IBM Corporation19
IBM Security Systems
Identity Management
IBM Security Identity Governance (ISIG)
© 2014 IBM Corporation20
IBM Security Systems
Challenges with Identity Governance today …
Roles
Groups
Accounts
Actual
Usage
Business
Need
Risk
Privileges
The Problem: “Identity explosion” across the enterprise increasing
security risks, insider threats, and audit exposures
 Difficult to tie business activities to enterprise risk
 Auditors are unable to review access risk
and compliance without a lot of help from IT
 Business users lack insight that help them to
properly certify user accesses and entitlements
 Ongoing, automated controls to ensure continued compliance
– Multiple point tools to make it difficult to tie compliance processes to
governance and user provisioning activities
© 2014 IBM Corporation21
IBM Security Systems
IBM Security Identity Governance and Administration solution:
offers integrated governance and user lifecycle management
IBM Security Identity Governance and Administration
 SIM collects entitlement data from managed resources
 SIG allows business to certify access rights, model roles, manage SoD
 SIM performs write-back to target systems for closed-loop fulfillment
IBM SIG
© 2014 IBM Corporation
IBM Security Systems
22
22
Identity and Access
Management
Access
Management
Safeguard
mobile, cloud and social access
© 2014 IBM Corporation
IBM Security Systems
23
Helping achieve secure transactions and risk-based enforcement
Safeguarding mobile,
cloud and social access
Consumer / Employee
Applications
Manage consistent
security policies
Consumers
Employees
BYOD
Security Team Application
Team
DataApplications
On/Off-premise
Resources
Cloud Mobile
Internet
Threat-aware application access across multiple channels
Strong Authentication, SSO, session management for secure B2E, B2B and
B2C use cases
Context-based access and stronger assurance for transactions from partners
and consumers
Transparently enforce security access policies for web and mobile
applications
Enforce security access polices without modifying the applications
Access Management
23
© 2014 IBM Corporation
IBM Security Systems
24
ISAM for Web and ISAM for Mobile Packages
ISAM for Web
• Layer 7 Load Balancer
• Web Threat Protection
ISAM for Mobile
• Context based access control
• Device registration/fingerprinting
• Multi-factor Authentication
• API Protection (OAuth)
• Web Reverse Proxy
• Policy Server
• Embedded LDAP
• Distributed Session Cache
ISAM Appliance
• Base Services
© 2014 IBM Corporation
IBM Security Systems
25
SSO
Enterprise
Applications/Data
User accesses data from inside
the corporate network1
User is only asked for Userid and
Password to authenticate2
Corporate Network
User accesses confidential data from
outside the corporate network3
User is asked for Userid /Password and
OTP based on risk score4 Outside the Corporate NetworkStrong
Authentication
 Built-in Risk scoring engine using user attributes and real-time context (e.g. Risk Scoring and Access policy based on Device
registration, Geo-political location, IP reputation, etc. )
 Support mobile authentication with built-in One-Time Password (OTP) and ability to integrate with 3rd party strong authentication
vendors, as needed. Example of supported OTPs are MAC OTP (email & SMS), HMAC OTP (TOTP & HOTP using client
generators like Google Authenticator), RSA SecurID Soft and Hard tokens
 Offer Software Development Kit (SDK) to integrate with 3rd party authentication factors and collect additional contextual attributes
from the device and user session
ISAM for Mobile
Stronger identity assurance for high risk access
25
© 2014 IBM Corporation26
IBM Security Systems
Identity Management
IBM Security Identity & Access Management Cloud
© 2014 IBM Corporation27
IBM Security Systems
IAM Cloud Service – Capabilities overview
•Bluemix
Securing infrastructure
& workloads
Secure usage of
business applications
Secure service
composition & apps
Manage cloud administration & workload access
Integrate identity & access into services & apps
Enable employees to connect securely to SaaS
• Protect applications and workloads
in private Cloud stacks (e.g. FIM)
• Deploy in VMware based on-prem clouds today; add
support for additional hypervisors and cloud platforms
• Support for applications to invoke service API’s on
behalf of a user
• Integration with cloud platforms (i.e. BlueMix) to
externalize identity from applications
• Provide Web and Federated SSO (i.e. SAML) to both
on/off-premises applications
• Provide self-service and portal based
experience/access for enterprise, business and
personal applications
IaaS
SaaS
PaaS
27
© 2014 IBM Corporation28
IBM Security Systems
Integration
© 2014 IBM Corporation29
IBM Security Systems
Identity enriched security intelligence:
 QRadar Device Support Module for
Identity Manager (including PIM vault
functions)
• Centrally reports in QRadar, the activities of
the SIM admin users
 Collect identity attribute info from SIM
registry. Use data in conjunction with log
events and network flow data in rules to
provide “identity context aware’ security
intelligence
• Map SIM identities and groups to activities
in QRadar-monitored applications. Help
correlate enterprise-wide user activities.
Generated reports can assist with SIM user
recertification or role planning
 User ID Mappings: multiple user ids from
systems are mapped to a common ID, i.e.
SKumar and SureshKumar are the same
person - for comprehensive activity
correlation
Identity
Repository
Security Identity
Manager
Databases
Operating
Systems
DatabasesDatabases
Operating
Systems
Operating
Systems
ApplicationsApplications
Networks &
Physical Access
SIM and QRadar Integration
• Identity mapping data
and user attributes
• SIM Server logs
• Application logs
© 2014 IBM Corporation30
IBM Security Systems
30
Implementing identity and access management can address these
challenges and drive positive results
IT
Business
Decreases risk of internal fraud, data leak,
or operational outage
Streamline Compliance costs by providing
automated compliance reports
Can reduce the time to onboard and de-
provision identities from weeks to minutes
Can significantly reduce Help Desk costs
resulting from password reset calls
Improves end-user experience with Web-
based business applications by enabling
such activities such as single sign-on
© 2014 IBM Corporation
IBM Security Systems
31
www.ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response
to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated
or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure
and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to
be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,
products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

More Related Content

What's hot (20)

PPTX
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
PPT
Building Your Roadmap Sucessful Identity And Access Management
Government Technology Exhibition and Conference
 
PDF
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
PPTX
Intel IT's Identity and Access Management Journey
Intel IT Center
 
PPTX
Identity & access management
Vandana Verma
 
PPTX
The Path to IAM Maturity
Jerod Brennen
 
PPTX
Developing an IAM Roadmap that Fits Your Business
ForgeRock
 
PDF
Identity & Access Management for Securing DevOps
Eryk Budi Pratama
 
PPTX
Identity and access management
Piyush Jain
 
PPTX
Identity and Access Management (IAM)
Identacor
 
PDF
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
PDF
NIST Zero Trust Explained
rtp2009
 
PPT
Identity Access Management (IAM)
Prof. Jacques Folon (Ph.D)
 
PPTX
Identity and Access Management Playbook CISO Platform 2016
Aujas
 
PDF
Best Practices for Identity Management Projects
Hitachi ID Systems, Inc.
 
PDF
Identity and Access Management (IAM)
Jack Forbes
 
PPTX
Zero Trust Network Access
Er. Ajay Sirsat
 
PDF
5. Identity and Access Management
Sam Bowne
 
PPTX
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
PPTX
Identity Access Management 101
OneLogin
 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
Building Your Roadmap Sucessful Identity And Access Management
Government Technology Exhibition and Conference
 
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
Intel IT's Identity and Access Management Journey
Intel IT Center
 
Identity & access management
Vandana Verma
 
The Path to IAM Maturity
Jerod Brennen
 
Developing an IAM Roadmap that Fits Your Business
ForgeRock
 
Identity & Access Management for Securing DevOps
Eryk Budi Pratama
 
Identity and access management
Piyush Jain
 
Identity and Access Management (IAM)
Identacor
 
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
NIST Zero Trust Explained
rtp2009
 
Identity Access Management (IAM)
Prof. Jacques Folon (Ph.D)
 
Identity and Access Management Playbook CISO Platform 2016
Aujas
 
Best Practices for Identity Management Projects
Hitachi ID Systems, Inc.
 
Identity and Access Management (IAM)
Jack Forbes
 
Zero Trust Network Access
Er. Ajay Sirsat
 
5. Identity and Access Management
Sam Bowne
 
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Identity Access Management 101
OneLogin
 

Similar to IBM Security Identity & Access Manager (20)

PPTX
5 reasons your iam solution will fail
IBM Security
 
PDF
Secure Identity: The Future is Now
Lane Billings
 
PPT
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
IBM Security
 
PPTX
Are You Ready to Move Your IAM to the Cloud?
IBM Security
 
PPTX
CrossIdeas Roadshow IAM Governance IBM Marco Venuti
IBM Sverige
 
PDF
IBM Security Identity and Access Management - Portfolio
IBM Sverige
 
PPT
Path Maker Security Presentation
danhsmith
 
PPT
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
Andris Soroka
 
PPTX
Social Distance Your IBM i from Cybersecurity Risk
Precisely
 
PDF
Ispim overview pdf
ssusere18cdd1
 
PDF
IBM - IAM Security and Trends
IBM Sverige
 
PPTX
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
IBM Sverige
 
PPTX
Smart Identity for the Hybrid Multicloud World
Katherine Cola
 
PDF
Identity Governance: Not Just For Compliance
IBM Security
 
PPT
Ibm_2-4-5 nov 2010
Agora Group
 
PPTX
IBM Security Portfolio - 2015
IBM Thailand Co Ltd
 
PPTX
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
IBM Security
 
PPTX
IBM i Security Study
HelpSystems
 
PPT
IBM Security Strategy Intelligence,
Information Security Awareness Group
 
PPTX
Security in the Cognitive Era: Why it matters more than ever
EC-Council
 
5 reasons your iam solution will fail
IBM Security
 
Secure Identity: The Future is Now
Lane Billings
 
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
IBM Security
 
Are You Ready to Move Your IAM to the Cloud?
IBM Security
 
CrossIdeas Roadshow IAM Governance IBM Marco Venuti
IBM Sverige
 
IBM Security Identity and Access Management - Portfolio
IBM Sverige
 
Path Maker Security Presentation
danhsmith
 
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
Andris Soroka
 
Social Distance Your IBM i from Cybersecurity Risk
Precisely
 
Ispim overview pdf
ssusere18cdd1
 
IBM - IAM Security and Trends
IBM Sverige
 
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
IBM Sverige
 
Smart Identity for the Hybrid Multicloud World
Katherine Cola
 
Identity Governance: Not Just For Compliance
IBM Security
 
Ibm_2-4-5 nov 2010
Agora Group
 
IBM Security Portfolio - 2015
IBM Thailand Co Ltd
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
IBM Security
 
IBM i Security Study
HelpSystems
 
IBM Security Strategy Intelligence,
Information Security Awareness Group
 
Security in the Cognitive Era: Why it matters more than ever
EC-Council
 
Ad

More from IBM Sverige (20)

PDF
Trender, inspirationer och visioner - Mikael Haglund #ibmbpsse18
IBM Sverige
 
PDF
AI – hur långt har vi kommit? – Oskar Malmström, IBM #ibmbpsse18
IBM Sverige
 
PDF
#ibmbpsse18 - The journey to AI - Mikko Hörkkö, Elinar

IBM Sverige
 
PDF
#ibmbpsse18 - Koppla säkert & redundant till IBM Cloud - Magnus Huss, Interexion
IBM Sverige
 
PDF
#ibmbpsse18 - Den svenska marknaden, Andreas Lundgren, CMO, IBM
IBM Sverige
 
PDF
Multiresursplanering - Karolinska Universitetssjukhuset
IBM Sverige
 
PPTX
Solving Challenges With 'Huge Data'
IBM Sverige
 
PPTX
Blockchain explored
IBM Sverige
 
PPTX
Blockchain architected
IBM Sverige
 
PPTX
Blockchain explained
IBM Sverige
 
PDF
Grow smarter project kista watson summit 2018_tommy auoja-1
IBM Sverige
 
PDF
Bemanningsplanering axfood och houston final
IBM Sverige
 
PDF
Power ai nordics dcm
IBM Sverige
 
PDF
Nvidia and ibm presentation feb18
IBM Sverige
 
PDF
Hwx introduction to_ibm_ai
IBM Sverige
 
PPTX
Ac922 watson 180208 v1
IBM Sverige
 
PDF
Watson kista summit 2018 box
IBM Sverige
 
PDF
Watson kista summit 2018 en bättre arbetsdag för de många människorna
IBM Sverige
 
PDF
Iwcs and cisco watson kista summit 2018 v2
IBM Sverige
 
PDF
Ibm intro (watson summit) bkacke
IBM Sverige
 
Trender, inspirationer och visioner - Mikael Haglund #ibmbpsse18
IBM Sverige
 
AI – hur långt har vi kommit? – Oskar Malmström, IBM #ibmbpsse18
IBM Sverige
 
#ibmbpsse18 - The journey to AI - Mikko Hörkkö, Elinar

IBM Sverige
 
#ibmbpsse18 - Koppla säkert & redundant till IBM Cloud - Magnus Huss, Interexion
IBM Sverige
 
#ibmbpsse18 - Den svenska marknaden, Andreas Lundgren, CMO, IBM
IBM Sverige
 
Multiresursplanering - Karolinska Universitetssjukhuset
IBM Sverige
 
Solving Challenges With 'Huge Data'
IBM Sverige
 
Blockchain explored
IBM Sverige
 
Blockchain architected
IBM Sverige
 
Blockchain explained
IBM Sverige
 
Grow smarter project kista watson summit 2018_tommy auoja-1
IBM Sverige
 
Bemanningsplanering axfood och houston final
IBM Sverige
 
Power ai nordics dcm
IBM Sverige
 
Nvidia and ibm presentation feb18
IBM Sverige
 
Hwx introduction to_ibm_ai
IBM Sverige
 
Ac922 watson 180208 v1
IBM Sverige
 
Watson kista summit 2018 box
IBM Sverige
 
Watson kista summit 2018 en bättre arbetsdag för de många människorna
IBM Sverige
 
Iwcs and cisco watson kista summit 2018 v2
IBM Sverige
 
Ibm intro (watson summit) bkacke
IBM Sverige
 
Ad

Recently uploaded (20)

PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
July Patch Tuesday
Ivanti
 
PDF
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
PDF
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
Timothy Rottach - Ramp up on AI Use Cases, from Vector Search to AI Agents wi...
AWS Chicago
 
PDF
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
PDF
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
PDF
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
PDF
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
PDF
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
July Patch Tuesday
Ivanti
 
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
Timothy Rottach - Ramp up on AI Use Cases, from Vector Search to AI Agents wi...
AWS Chicago
 
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 

IBM Security Identity & Access Manager

  • 1. © 2014 IBM Corporation IBM Security Systems 1© 2014 IBM Corporation IBM Security Identity & Access Manager Product Overview Henrik Nelin Certified Security IT-Architect [email protected] January 2015
  • 2. © 2014 IBM Corporation2 IBM Security Systems 2 Agenda  Overview IBM Security IAM  IBM Security Identity Manager  IBM Security Privileged Identity Manager  IBM Security Identity Governance  IBM Security Access Manager  IBM Security IAM Cloud IBM Security Framework
  • 3. © 2014 IBM Corporation3 IBM Security Systems Part of IBM’s comprehensive portfolio of security products
  • 4. © 2014 IBM Corporation4 IBM Security Systems Identity and Access Management (IAM) Securing extended enterprise with Threat-aware Identity and Access Management Deliver actionable identity intelligence Safeguard mobile, cloud and social access Simplify cloud integrations and identity silos Prevent advanced insider threats • Validate “who is who” especially when users connect from outside the enterprise • Proactively enforce access policies on web, social and mobile collaboration channels • Manage and audit privileged access across the enterprise • Defend applications and data against unauthorized access • Provide federated access to enable secure online business collaboration • Unify “Universe of Identities” for efficient directory management • Streamline identity management across all security domains • Manage and monitor user entitlements and activities with security intelligence 4
  • 5. © 2014 IBM Corporation5 IBM Security Systems IBM Identity Management Product IBM Security Identity Manager (ISIM)
  • 6. © 2014 IBM Corporation6 IBM Security Systems Addressing Customer Challenges IBM Identity Management Manage users and their access rights • Securely enroll, manage and terminate user profiles and access rights throughout lifecycle • Flag expired accounts and role conflicts Streamline user access to protected resources • Reduce costs and improve user productivity with password management and single sign-on • Support strong authentication devices for extra security Safeguard access in Cloud / SaaS environments • Monitor shared and privileged accounts to manage risk • Secure user single sign-on in cloud environments Address regulatory mandates • Produce audit reports to demonstrate compliance with security regulations • Monitor, identify and correct security violations
  • 7. © 2014 IBM Corporation7 IBM Security Systems Identity Manager automates, audits, and remediates user access rights across your IT infrastructure Identity Manager Identity change (add/del/mod) HR Systems/ Identity Stores Approvals gathered Accounts updated Accounts on 70+ different types of systems managed. Plus, In-House Systems & portals Databases Operating Systems DatabasesDatabases Operating Systems Operating Systems ApplicationsApplications Networks & Physical Access Access policy evaluated Detect and correct local privilege settings Cost Complexity Compliance Reduce Costs • Self-service password reset • Automated user provisioning • Self-service access request Manage Complexity • Consistent security policy • Quickly integrate new users & apps Address Compliance • Closed-loop provisioning • Access rights audit & reports • Know the people behind the accounts and why they have the access they do • Fix non-compliant accounts • Automate user privileges lifecycle across entire IT infrastructure • Match your workflow processes
  • 8. © 2014 IBM Corporation IBM Security Systems | Technical Sales Enablement Identity Service Center UI  Request Access  View Access  Approvals - Manage Activities  The launch page for all Identity activities 8
  • 9. © 2014 IBM Corporation9 IBM Security Systems Identity Service Center for business users: Access Request
  • 10. © 2014 IBM Corporation10 IBM Security Systems Simplified policy, workflow, and configuration reduces setup time  Wizards helps users build: • Approval workflows • Request for Information Nodes • Email Nodes • Adoption Policies • Recertification Policies • Identity Feeds • Service Definitions  No need for programming or scripting for simple configuration options • Defaults to “simple” configuration • Toggle to “advanced” option to meet complex needs
  • 11. © 2014 IBM Corporation11 IBM Security Systems Centralized password management - enhances security and reduces help desk costs  Customer Challenge: • High Help Desk costs to support employee forgotten password requests • Need to expire passwords regularly and enforce password format for security • Account breach may raise awareness of weaknesses  SIM solution: • Self-service password management across all systems - Apply targeted or global password rules - Verify compliance with target systems • Password synchronization - Propagate and intercept • Challenge/response questions for forgotten user ids and/or passwords - User or site defined questions - Email notification • Integration with SAM E-SSO - Desktop password reset/unlock at Windows logon prompt - Provisioning user access to SAM E-SSO
  • 12. © 2014 IBM Corporation12 IBM Security Systems Account reconciliation – enforcing access policy  Customer Challenge: • When employees leave or change jobs, their application and system accounts are not terminated • Dormant and “orphan” accounts result in higher license costs, and expose organization to security breaches • Compliance audit failure could result  IBM Solution: • SIM can automatically reconcile “known good” SIM users to accounts on target applications and systems. • Orphan accounts are recognized and can be automatically suspended.  Benefit: accounts available only for valid users – lower IT admin costs, improved security Managed Endpoint (accounts) SIM Reconciliation User repository with approved privileges
  • 13. © 2014 IBM Corporation13 IBM Security Systems Access recertification - facilitates compliance Customer challenge • Compliance – ensuring account access remains updated and valid IBM Security Identity Governance capabilities • Attestation: Provides an access validation process to those who can responsibly and accurately make that decision • 3 types of recertification policies to validate continued need for resources - Account recertification policies • Account recertification policies target accounts on specific services - Access recertification policies • Access recertification policies target specific accesses (in decipherable terms, i.e. AD group UK3g8saleww_R = sales pipeline portlet) - User recertification policies • A type of certification process that combines recertification of a user's role, account and group membership into a single activity
  • 14. © 2014 IBM Corporation14 IBM Security Systems Identity Management On-the-Go! Identity Manager Mobile  Native Android and iPhone app/interface  Allows business managers to review and approve employee requests • also view history/status  Supports password change, forgotten password reset (with challenge/ response)  Support for OAuth authentication for Android and iOS applications
  • 15. © 2014 IBM Corporation15 IBM Security Systems Adapter portfolio: integration breadth and depth to achieve rapid value Applications & Messaging Blackberry Ent. Server Cognos Command line-based applications Documentum eServer Google Apps LDAP-based applications Lotus Notes/Domino Microsoft Lync Microsoft Office365 Microsoft Sharepoint Novell eDirectory Novell Groupwise Oracle E-Business Suite Oracle PeopleTools Rational Clearquest Rational Jazz Server Remedy Salesforce.com SAP GRC SAP Netweaver SAP AS Java DB2/UDB Oracle MS SQL Server Sybase CA Top Secret CA ACF2 Cisco UCM Desktop Password Reset Assistant Entrust PKI IBM Security Access Mgr. IBM Security Access Manager for ESSO RACF zOS RSA Authentication Mgr. HP-UX IBM AIX IBM i/OS Red Hat Linux Solaris Suse Linux Windows Local Approva BizRights Citrix Pwd Mgr Cryptovision PKI ActivIdentity Lawson SecurIT R-Man JD Edwards Epic Meditech Tandem BMC Remedy Zimbra Mail • Quickly integrate with home-grown applications • Easy wizard-driven templates reduces development time by 75% • Requires fewer specialized skills Siebel Windows AD/ Exchange Fast, adaptable tooling for custom Adapters Broad Support for Prepackaged Adapters Deep support, beyond a ‘check box’, for critical infrastructure and business applications Applications and Messaging Partner Offered Integrations Databases Operating SystemsAuthentication and Security Application adapter Host adapter Requires local adapter
  • 16. © 2014 IBM Corporation16 IBM Security Systems Cognos-based reporting system facilitates audit requirements  Full Cognos Reporting capabilities included • Report Administration - Report scheduling - Distribution via email (PDF) and URL • Report customization • Web-based Report Viewer • Dashboards 16
  • 17. © 2014 IBM Corporation17 IBM Security Systems Identity Management IBM Security Privileged Identity Manager (PIM)
  • 18. © 2014 IBM Corporation18 IBM Security Systems IBM Security Privileged Identity Manager Centrally manage, audit and control shared identities across the enterprise Key release highlights  Control shared access to sensitive user IDs – Check-in / check-out using secure credential vault  Track usage of shared identities – Provide accountability  Automated password management – Automated checkout of IDs, hide password from requesting employee, automate password reset to eliminate password theft  Request, approve and re-validate privileged access – Reduce risk, enhance compliance  Optional Privileged Session Recorder – Visual recording of privileged user activities with on demand search and playback of stored recordings  Optional Application ID governance – Replace hardcoded and clear text embedded credentials IBM security solution  Privileged Identity Management (PIM) solution providing complete identity management and enterprise single sign-on capabilities for privileged users Prevent advanced insider threats Databases Admin ID Credential VaultPrivileged Session Recorder Pwd PIM for Apps IBM Security Privileged Identity Manager
  • 19. © 2014 IBM Corporation19 IBM Security Systems Identity Management IBM Security Identity Governance (ISIG)
  • 20. © 2014 IBM Corporation20 IBM Security Systems Challenges with Identity Governance today … Roles Groups Accounts Actual Usage Business Need Risk Privileges The Problem: “Identity explosion” across the enterprise increasing security risks, insider threats, and audit exposures  Difficult to tie business activities to enterprise risk  Auditors are unable to review access risk and compliance without a lot of help from IT  Business users lack insight that help them to properly certify user accesses and entitlements  Ongoing, automated controls to ensure continued compliance – Multiple point tools to make it difficult to tie compliance processes to governance and user provisioning activities
  • 21. © 2014 IBM Corporation21 IBM Security Systems IBM Security Identity Governance and Administration solution: offers integrated governance and user lifecycle management IBM Security Identity Governance and Administration  SIM collects entitlement data from managed resources  SIG allows business to certify access rights, model roles, manage SoD  SIM performs write-back to target systems for closed-loop fulfillment IBM SIG
  • 22. © 2014 IBM Corporation IBM Security Systems 22 22 Identity and Access Management Access Management Safeguard mobile, cloud and social access
  • 23. © 2014 IBM Corporation IBM Security Systems 23 Helping achieve secure transactions and risk-based enforcement Safeguarding mobile, cloud and social access Consumer / Employee Applications Manage consistent security policies Consumers Employees BYOD Security Team Application Team DataApplications On/Off-premise Resources Cloud Mobile Internet Threat-aware application access across multiple channels Strong Authentication, SSO, session management for secure B2E, B2B and B2C use cases Context-based access and stronger assurance for transactions from partners and consumers Transparently enforce security access policies for web and mobile applications Enforce security access polices without modifying the applications Access Management 23
  • 24. © 2014 IBM Corporation IBM Security Systems 24 ISAM for Web and ISAM for Mobile Packages ISAM for Web • Layer 7 Load Balancer • Web Threat Protection ISAM for Mobile • Context based access control • Device registration/fingerprinting • Multi-factor Authentication • API Protection (OAuth) • Web Reverse Proxy • Policy Server • Embedded LDAP • Distributed Session Cache ISAM Appliance • Base Services
  • 25. © 2014 IBM Corporation IBM Security Systems 25 SSO Enterprise Applications/Data User accesses data from inside the corporate network1 User is only asked for Userid and Password to authenticate2 Corporate Network User accesses confidential data from outside the corporate network3 User is asked for Userid /Password and OTP based on risk score4 Outside the Corporate NetworkStrong Authentication  Built-in Risk scoring engine using user attributes and real-time context (e.g. Risk Scoring and Access policy based on Device registration, Geo-political location, IP reputation, etc. )  Support mobile authentication with built-in One-Time Password (OTP) and ability to integrate with 3rd party strong authentication vendors, as needed. Example of supported OTPs are MAC OTP (email & SMS), HMAC OTP (TOTP & HOTP using client generators like Google Authenticator), RSA SecurID Soft and Hard tokens  Offer Software Development Kit (SDK) to integrate with 3rd party authentication factors and collect additional contextual attributes from the device and user session ISAM for Mobile Stronger identity assurance for high risk access 25
  • 26. © 2014 IBM Corporation26 IBM Security Systems Identity Management IBM Security Identity & Access Management Cloud
  • 27. © 2014 IBM Corporation27 IBM Security Systems IAM Cloud Service – Capabilities overview •Bluemix Securing infrastructure & workloads Secure usage of business applications Secure service composition & apps Manage cloud administration & workload access Integrate identity & access into services & apps Enable employees to connect securely to SaaS • Protect applications and workloads in private Cloud stacks (e.g. FIM) • Deploy in VMware based on-prem clouds today; add support for additional hypervisors and cloud platforms • Support for applications to invoke service API’s on behalf of a user • Integration with cloud platforms (i.e. BlueMix) to externalize identity from applications • Provide Web and Federated SSO (i.e. SAML) to both on/off-premises applications • Provide self-service and portal based experience/access for enterprise, business and personal applications IaaS SaaS PaaS 27
  • 28. © 2014 IBM Corporation28 IBM Security Systems Integration
  • 29. © 2014 IBM Corporation29 IBM Security Systems Identity enriched security intelligence:  QRadar Device Support Module for Identity Manager (including PIM vault functions) • Centrally reports in QRadar, the activities of the SIM admin users  Collect identity attribute info from SIM registry. Use data in conjunction with log events and network flow data in rules to provide “identity context aware’ security intelligence • Map SIM identities and groups to activities in QRadar-monitored applications. Help correlate enterprise-wide user activities. Generated reports can assist with SIM user recertification or role planning  User ID Mappings: multiple user ids from systems are mapped to a common ID, i.e. SKumar and SureshKumar are the same person - for comprehensive activity correlation Identity Repository Security Identity Manager Databases Operating Systems DatabasesDatabases Operating Systems Operating Systems ApplicationsApplications Networks & Physical Access SIM and QRadar Integration • Identity mapping data and user attributes • SIM Server logs • Application logs
  • 30. © 2014 IBM Corporation30 IBM Security Systems 30 Implementing identity and access management can address these challenges and drive positive results IT Business Decreases risk of internal fraud, data leak, or operational outage Streamline Compliance costs by providing automated compliance reports Can reduce the time to onboard and de- provision identities from weeks to minutes Can significantly reduce Help Desk costs resulting from password reset calls Improves end-user experience with Web- based business applications by enabling such activities such as single sign-on
  • 31. © 2014 IBM Corporation IBM Security Systems 31 www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.