IBM Security & Privacy Services

(1)

(2)

Introduction

Today’s security and privacy challenges

What is identity management? The IBM approach

IBM’s services

How IBM Tivoli delivers and helps you manage:

Identities Access Federated identities Privacy Directories Compliance Risk

Identity management in action: Case study 1

What next?

The challenge of identity management

Today organizations are facing paradoxical demands for greater information access and more stringent

information security. You must deliver more data more quickly to more users inside and outside your

organization. Yet, even as you’re pressured to make information readily available, you’re facing stricter

security and privacy requirements.

Meeting these conflicting needs often produces another set of challenges. When you’re pulling

data from numerous systems—and delivering it to a large user base with different levels of security—

managing roles and access can be overwhelming. Often, user identities are implemented and

managed manually by local system administrators. That approach is inefficient and may not be secure.

What’s more, it could be inhibiting the development and deployment of new business initiatives.

If you’d like to improve identity management within your organization, this guide is for you. It explains

how you can be faster, more efficient and cost-effective in providing information access while meeting

requirements for security and privacy.

NEXT PAGE PREVIOUS PAGE

The challenge of identity management

Why is security and privacy

so important today?

Click Here

(3)

Introduction

What next?

Today’s security and privacy challenges

Thanks to a bevy of regulatory requirements, ensuring security and privacy is no longer optional.

For the healthcare industry, the Health Insurance Portability and Accountability Act (HIPAA) establishes rigorous requirements to safeguard protected health information. For financial services organizations, the Gramm-Leach-Bliley Act places stringent demands for the protection of personal financial data. For publicly held companies across industries, the Sarbanes-Oxley Act of 2002 (more commonly referred to as "SOX") mandates a series of internal controls. SOX requires top management to sign off on the adequacy of these controls and has focused attention on security.

No one disputes that security and privacy are important. But, in the "real world," implementing effective policies and processes is challenging. After all, most organizations have massive user communities and complex IT infrastructures that have evolved over time. Chances are, your environment includes diverse resources—from legacy to open systems—with data straddling multiple applications. In such an environment, ensuring security and privacy can be frustrating—not to mention expensive.

There’s an abundance of individual security products and solutions on the market. But implementing limited products will produce limited results. What you need is an integrated approach driven by a clear view of your business requirements. Then can you ensure that the right people have access to the right information— regardless of where that information lives.

To get there, you may need help addressing the full scope of your enterprise needs—and integrating new security tools into your existing environment.

efficiently and cost-effectively?

Click Here

(4)

Introduction

What is identity management?

The IBM approach IBM’s services

What next?

What is identity management?

Identity management enables organizations to cost-effectively balance information access with security and privacy. But what, exactly, is it?

Identity management is the concept of providing a unifying interface to manage all aspects related to individuals and their interactions with your business. It’s the process that enables business initiatives by efficiently managing the user life cycle—from creating, modifying and managing to terminating user credentials—and by integrating it into the required business processes.

In other words, identity management encompasses all the data and processes related to the representation of an individual involved in electronic transactions.

It delivers the power—and efficiency—of a single, integrated view of each user across all of your systems and applications. It allows you to administer user identities and passwords more quickly and cost-effectively. And, you can support fast-changing business-unit and end-user needs—while meeting regulatory requirements— without further straining your resources.

Achieving effective identity management requires you to have the right mix of business know-how and technical experience. Many companies find they benefit from expert, third-party assistance.

Who can help me implement an effective identity

management infrastructure or deal with a short-term need

for design and implementation services?

Click Here

What is identity management?

(5)

Introduction

What is identity management?

The IBM approach

What next?

The IBM approach

IBM’s Security & Privacy Practice designs and delivers the security architecture and infrastructure necessary to build trusted electronic relationships between our clients' employees, business and trading partners, shareholders and customers.

For identity management, we deliver identity lifecycle management (user self-service, enrollment and

provisioning), identity control (access and privacy control, single sign-on and auditing), and identity foundation (directory and workflow) to effectively manage internal users, as well as an increasing number of customers and partners through the Internet.

Only IBM can deliver comprehensive enterprise identity management for even the largest, most complex organizations. We offer a full portfolio of products and professional services to help ensure optimal solution design, implementation and integration. Our experts understand the business process and technical issues that often arise when implementing identity management. We have the breadth and depth of resources to help make your initiative a success—without straining your internal business or IT teams. And, no one knows our IBM products better. We can accelerate your implementation and integration—so you enjoy the benefits of identity management quickly and fully.

management initiative?

Click Here

(6)

Introduction

What next?

IBM’s Services

To help accelerate and optimize development of your identity management infrastructure, IBM offers these services:

• Secure Identity Workshophelps you understand identity and authentication technology, policy, practices and implementation considerations and formulate a preliminary strategy and action plan for applying identity and authentication to your business.

• Secure Identity Assessmentshelp your line of business leaders and IT decision makers understand the state of your current identity management environment. We also help develop a strategy for improving the effectiveness of managing identities in line with your business goals.

• Identity Management Solution Designanalyzes the identity management components currently deployed within your organization—and the potential for unifying those components into a central identity management system. We outline the benefits of implementing a central system and provide a high-level estimation of the effort such an implementation would involve.

• Role Based Access Control (RBAC)Role Definition helps develop roles for use in managing identities and access control.

What tools do you use to implement identity management

infrastructures?

Click Here

IBM’s Services

(7)

Introduction

What next?

How IBM Tivoli delivers

When it’s time to implement an identity management infrastructure, many organizations choose IBM Tivoli’s suite of security products. Tivoli’s security products provide the tools to secure and manage your information environment. IBM service professionals assist as required to quickly get systems and applications online and productive while reducing costs and maximizing return on investment (ROI).

As part of the IBM identity management solution, IBM Tivoli products support identity lifecycle management, identity control, and identity foundation. Complementing the IBM Security & Privacy services, IBM Tivoli offers a Security Assessment to help determine which products best meet your identity management needs—and how they will integrate into and unify your existing security structures.

Just as important, we offer planning, implementation and integration services to help our products deliver maximum value to your organization. Using proven methodologies, our experts help you overcome any integration challenges and assist you in establishing effective policies and procedures. Our team has the skills and experience to integrate and optimize our products in virtually any environment—no matter how complex.

services and products?

Click Here

(8)

Introduction

What next?

Managing identities

IBM Tivoli Identity Manager provides a secure, automated and policy-based user management solution that helps address information access and security across both legacy and e-business environments. Intuitive Web administrative and self-service interfaces integrate with existing business processes to help simplify and automate managing and provisioning users. It incorporates a workflow engine and leverages identity data for activities such as audit and reporting.

As you consider implementing IBM Tivoli Identity Manager, you may be overwhelmed by the complexity of your environment. After all, most organizations run hundreds, if not thousands, of applications and have many different systems for creating users. Fortunately, IBM Tivoli offers professional services to help with installation and integration of this product. Turn to our experts for help prioritizing applications, creating business-process-based roles and applying those roles using Tivoli Identity Manager.

IBM services professionals can bring the benefits of IBM Tivoli Identity Manager, online quickly in your organization. This solution:

• Reduces help-desk load by using Web self service and password reset/sync interfaces • Cuts elapsed turn-on time, automates routine administrative tasks and helps eliminate errors • Assists in addressing compliance issues and enables you to quickly respond to internal audits

and regulatory mandates

• Automates business processes related to changes in user identities by using life-cycle management For more information, vist:http://www-306.ibm.com/software/tivoli/products/identity-mgr/

I see how you can help me better manage my user

community. Now, how about single sign-on?

Click Here

Managing identities

(9)

Introduction

What next?

Managing access

IBM Tivoli Access Manager for e-business is an award-winning, policy-based access control solution for e-business and enterprise applications. Tivoli Access Manager for e-business can help you manage growth and complexity, control escalating management costs and address the difficulties of implementing security policies across a wide range of Web and application resources.

TAMeB delivers a single sign-on across diverse applications that leverage Web browser clients. IBM Tivoli Access Manager for Operation Systems provides single sign-on across multiple UNIX systems. IBM professional services can help ensure a faster, smoother implementation and integration of this solution. What’s more, our experts can program custom links between Tivoli Access Manager and your non-browser-based applications. IBM professional services assure rapid installation and configuration in your environment, whether simple or complex. This solution:

• Lowers application development, deployment and management costs by delivering unified identity and security management

• Achieves rapid and scalable deployment of Web applications, with standards-based support for Java 2 Enterprise Edition (J2EE) applications

• Offers design flexibility through a highly scalable proxy architecture and/or easy-to-install Web server plug-ins, rule- and role-based access control, support for leading user registries and platforms, and advanced APIs that can be used to further customize security

For more information, vist: http://www-306.ibm.com/software/tivoli/products/access-mgr-e-bus/

and access control. What can you do for our

external partners?

Click Here

(10)

Introduction

What next?

Managing identities in federated environments

Traditionally, providing users with easy access to resources in external domains has meant adhering to specific technologies, high integration costs and low flexibility. In a federated environment, a user can log on through his identity provider in order to conduct transactions or easily access resources in external domains. Partners in a federated identity management environment depend on each other to authenticate their respective users and vouch for their access to services. Federated identity standards, like those being produced by the Liberty Alliance or the Web services security specifications, form an encapsulation layer over local identity and security environments of different domains. This encapsulation layer provides the ingredients for interoperability between disparate security systems inside and across domains, thus enabling federation.

IBM’s Tivoli federated identity management solution allows you to extend identity management to your business partners—helping to ensure trust throughout your value chain. And, because we work with virtually every standard in the industry, we can integrate all of your external users. The Tivoli professional services team has extensive experience in and proven methodologies for designing secure applications and secure authorization. We can help you link and extend your existing security infrastructure throughout the federated model.

IBM professional services can help you more quickly enjoy the benefits of federated identity management. This solution:

• Empowers you to enforce security policies, even when business demands require use of applications owned by other companies

• Automates implementation of trust policies throughout your value chain

• Simplifies administration, allowing you to maintain administrative authority over your internal users and delegate administration of foreign users to the appropriate organization

• Allows you to rapidly create or participate in federated identity environments

• Allows you to retain control of your local security technology while still remaining interoperable (standards-based)

Wow, this solution could really help us with security.

Can you do the same with privacy?

Click Here

Managing federated identities

(11)

Introduction

What next?

Managing privacy

IBM Tivoli Privacy Manager for e-business is an enterprise privacy management solution that provides

middleware to abstract privacy and data-handling rules from applications and IT systems. With this approach, privacy-sensitive data is linked to policy at the point of collection. Subsequent requests to use the data are then filtered—and permitted or denied—according to policy and the data owner's preferences. Audit trails of data usage can also be generated automatically. Tivoli Privacy Manager for e-business enables organizations to manage personal information in an automated manner that can help cut the costs of privacy management and mitigate the risks of unauthorized disclosure.

As you address SOX and/or HIPAA requirements, IBM professional services can help you identify which applica-tions and data must be kept private. We can also help you sort through the myriad of requirements you face in the various countries where you do business. We can help translate your complex privacy requirements into actionable rules and policies. And, we’ll perform the application integration needed to activate them.

IBM professional services can integrate IBM Tivoli Privacy Manager so you can apply changing privacy rules without rewriting existing applications. This solution:

• Enforces privacy policies across your IT infrastructure

• Converts privacy policy from prose to Platform for Privacy Preferences (P3P) format • Provides an easy-to-use natural language interface to author and manage your policy • Monitors access to personal information and generates detailed audit logs

• Manages notification and consent preferences for information sharing across your enterprise • Automatically generates reports detailing compliance to corporate policies

For more information, vist: http://www-306.ibm.com/software/tivoli/products/privacy-mgr-e-bus/

How would you address that when implementing these

IBM Tivoli products?

Click Here

(12)

Introduction

What next?

Managing directories

IBM Tivoli Directory Integrator synchronizes identity data residing in directories, databases, collaborative

systems, applications used for human resources (HR), customer relationship management (CRM) and Enterprise Resource Planning (ERP), and other corporate applications. By serving as a flexible, synchronization layer between a company's identity structure and the application sources of identity data, Tivoli Directory Integrator eliminates the need for a single, centralized datastore. For those enterprises that do choose to deploy an enterprise directory solution, IBM Tivoli Directory Integrator can help ease the process by connecting to the identity data from the various repositories throughout the organization.

IBM Tivoli Directory Server provides a powerful Lightweight Directory Access Protocol (LDAP) identity infrastructure that is the foundation for deploying comprehensive identity management applications and advanced software architectures like Web services.

The IBM Tivoli professional services team can help sort through your directories—which, in most organizations, number in the hundreds and have inconsistent formats and user credentials. Using Tivoli Directory Integrator and Directory Server, we work with you to share and apply user credentials across multiple data stores. In other words, we help to ensure that the right identity data is in the right location at the right time—and that only the right people can access it.

For more information, vist: http://www-306.ibm.com/software/tivoli/products/directory-integrator/

So, you can handle hundreds of directories.

Can you handle security compliance for hundreds

of servers and desktops?

Click Here

Managing directories

(13)

Introduction

What next?

Managing compliance

IBM Tivoli Security Compliance Manager is a security policy compliance product that acts as an early warning system by identifying security vulnerabilities and security policy violations. Tivoli Security Compliance Manager helps organizations define consistent security policies and monitor compliance with them. Security policies can be based on both internal security requirements and industry-standard security policies.

IBM Tivoli professional services can help you address security compliance in your server and desktop environ-ments. Using industry best practices as our guide, we help you establish security standards and code those parameters. In addition, our team can support ongoing monitoring and management of security compliance. With the help of IBM professional services, you can more quickly enjoy the benefits of Tivoli Security Compliance Manager. This solution:

• Automates scans of servers and desktop systems, which can help reduce the cost and time associated with manual security checks

• Provides reports to security officers and compliance auditors with detailed information about the security health of the business so they can take the appropriate steps to make individual systems and departments compliant • Identifies software vulnerabilities prior to costly damage being inflicted by security incidents

• Improves business operations and helps to increase efficiencies though automation and centralization • Assists in addressing compliance issues in regulations and standards by automating compliance tasks,

monitoring correspondence, reducing human error and taming compliance costs

For more information, vist: http://www-306.ibm.com/software/tivoli/products/security-compliance-mgr/

security threats or breaches—how should we

manage those?

Click Here

(14)

Introduction

What next?

Managing risk

Today, you face increasing risks from a multitude of fronts—virus threats, unauthorized access, denial-of-service attacks and other forms of intrusions that target e-business applications, networks, hosting infrastructure, servers and desktops. Customers are demanding the highest quality of service, trust and security from corporations. As a result, implementations of e-business should be secure, enforce the privacy of business transactions, protect the integrity of business operations, protect customer data and provide around-the-clock access. IBM Tivoli Risk Manager can help you centrally manage security incidents and vulnerabilities across your enterprise.

Tivoli Risk Manager is a powerful solution for collating and analyzing the hundreds of thousands of security incidents you log every day on multiple, discrete systems. Working with you, IBM Tivoli professional services can help establish a series of incident profiles. For each type of incident, we’ll map appropriate responses. And, we can even fine-tune your correlation activities over time.

With the help of IBM Tivoli professional services, you can more quickly enjoy the benefits of Tivoli Risk Manager. This solution:

• Can reduce and classify security incidents to quickly identify and address real threats or vulnerabilities • Manages risk in near real-time

• Provides a single centralized view of security events across your enterprise

• Helps integrate security management data from applications, operating systems and network devices • Helps provide business intelligence that enables organizations to proactively address their business risks

using analytical historical reporting guides

For more information, vist: http://www-306.ibm.com/software/tivoli/products/risk-mgr/

Who’s already using IBM Tivoli professional services?

Click Here

Managing risk

(15)

Introduction

What next?

Identity management in action: IBM Tivoli Identity Manager

With some 28,000 employees working throughout the United States and in Canada, Ireland, Spain, and the United Kingdom, the world's largest independent credit card issuer was facing significant help desk costs. Up to 60 percent of calls to the help desk were for password resets—and each call was costing the company between $20 and $45. As the user community continued to grow—and with many users having multiple passwords— these support requirements were having an impact on profitability.

Working with IBM professional services, this organization adopted an automated password reset solution based on IBM Tivoli Identity Manager. Implemented in less than six months, the solution enables users to reset their own NT, Novell, UNIX and mainframe system passwords through an automated, self-service system. In other words, they can do so without having to contact the help desk or information security department. Users can simply go to any PC on the network and securely and safely reset one or more passwords simultaneously. Thanks to this solution, the company’s help desk is now positioned to offer additional technical services to end users—without having to grow resources. Just as important, end users are enjoying increased productivity and satisfaction. The solution has reduced the number of unique passwords a user needs to maintain and virtually eliminated the need to call for help with password resets.

Click Here

(16)

Introduction

What next?

Identity management in action: IBM Tivoli Access Manager

A large insurance provider—offering a wide array of automotive, travel, insurance and financial services—relies on a secure portal to help its 6,000 employees conduct day-to-day business. The trouble was, the portal lacked a unified security architecture and a single sign on for users.

With application-specific authentication, authorization and access control, there were inconsistencies in the level of protection for information assets, service interruptions and data compromises. And, the company was paying up to $80,000 to develop custom security for each application. As if that weren’t enough, there were challenges associated with monitoring and responding to security audit and log information across the disparate applications. The company turned to IBM professional services for help. Our solution—based on IBM Tivoli Access Manager and WebSphere Portal—enables single sign on (SSO) for the company’s enterprise portal. Serving core member-ship, travel and insurance web systems, the portal applications are driven by a wide range of software packages. Up and running in five months, the new portal infrastructure establishes unified and centralized authentication and authorization for Web browser access to both legacy and new applications. This approach reduces administrative overhead and helps avoid the security breaches that may occur due to inconsistent enforcement or human error. It supports real-time audit logs of which users are accessing which resources and for what business purposes. And, it eliminates the need for developers to code security into each application., further reducing cost and speeding implementation and deployment.

Bottom line: The new approach enhances user productivity and security while reducing costs and accelerating the development and launch of new business initiatives.

Identity management services and products from IBM

Tivoli sound like just what we need.

Click Here

Identity management in action: IBM Tivoli Access

(17)

Introduction

What next?

What next?

Is your organization experiencing an "identity crisis"? Or, would you simply like to improve the way you’re managing identities?

Only IBM can deliver a comprehensive identity management solution—including industry-leading products and services to efficiently and effectively integrate these tools into even the most complex of environments. Our Security & Privacy experts offer deep experience and proven methodologies—accelerating your implementation of an identity management infrastructure and enhancing its value to your enterprise.

For more information about identity management from IBM—including the related services and products from IBM Tivoli—please contact your IBM or Tivoli sales representative.

IBM Security and Privacy Practice

Charles Carrington ([email protected])

www.ibm.com/security/services

Tivoli Professional Services

Darrius Terrell ([email protected])

http://www-306.ibm.com/software/tivoli/services/consulting/offerings/offers-security.html

IBM Integrated Technology Solutions David Pipher ([email protected])

http://www-1.ibm.com/services/us/index.wss/gen_it

What next?

IBM Security & Privacy Services

The challenge of identity management

Today organizations are facing paradoxical demands for greater information access and more stringent

information security. You must deliver more data more quickly to more users inside and outside your

organization. Yet, even as you’re pressured to make information readily available, you’re facing stricter

security and privacy requirements.

Meeting these conflicting needs often produces another set of challenges. When you’re pulling

data from numerous systems—and delivering it to a large user base with different levels of security—

managing roles and access can be overwhelming. Often, user identities are implemented and

managed manually by local system administrators. That approach is inefficient and may not be secure.

What’s more, it could be inhibiting the development and deployment of new business initiatives.

If you’d like to improve identity management within your organization, this guide is for you. It explains

how you can be faster, more efficient and cost-effective in providing information access while meeting

requirements for security and privacy.

Why is security and privacy

so important today?

Today’s security and privacy challenges

How can I enhance security and privacy—quickly,

efficiently and cost-effectively?

What is identity management?

Who can help me implement an effective identity

management infrastructure or deal with a short-term need

for design and implementation services?

The IBM approach

How can you help ensure the success of my identity

management initiative?

IBM’s Services

What tools do you use to implement identity management

infrastructures?

How IBM Tivoli delivers

Interesting. Could you tell me more about IBM Tivoli’s

services and products?

Managing identities

I see how you can help me better manage my user

community. Now, how about single sign-on?

Managing access

Sounds great for our internal identity management

and access control. What can you do for our

external partners?

Managing identities in federated environments

Wow, this solution could really help us with security.

Can you do the same with privacy?

Managing privacy

Our company has hundreds of directories.

How would you address that when implementing these

IBM Tivoli products?

Managing directories

So, you can handle hundreds of directories.

Can you handle security compliance for hundreds

of servers and desktops?

Managing compliance

When we identify non-compliance—and other

security threats or breaches—how should we

manage those?

Managing risk

Who’s already using IBM Tivoli professional services?

Identity management in action: IBM Tivoli Identity Manager

Impressive! Anyone else?

Identity management in action: IBM Tivoli Access Manager

Identity management services and products from IBM

Tivoli sound like just what we need.

What next?