The Who, What, When, Where and Why of IAM Bob Bentley

The Who, What, When, Where and

Why of IAM

Bob Bentley

It’s a Jungle Out There

“Identity and access management (IAM) is the

security,

risk management and business discipline

that enables

the

right individuals

to have access to the

right

resources

, at the

right time

, for the

right reasons

,

enabling

desired business outcomes

.”

- Gartner, May 23, 2014, “Roundup of Identity and Access Management Research, 1Q14”, Ant Allen & Neil Wynne

Identity and Access Management (IAM)

The Modern IT Challenge

What Users Want

Use Cloud/SaaS Apps

• Agility

Problem

Access to SaaS

IT Department

Corporate credentials in the cloud No strong authentication

Manual process (“Shadow IT”) No Access logs

What Users Want

Access from Mobile

• Easy, straightforward access • From any place/time/device • To mission critical apps

– New SaaS apps

Problem

Access from Mobile

Mobile for more than SaaS

• Most SaaS apps are mobile

friendly…

• But what about the organization’s

existing apps? (The large majority

of apps used)

Organization Apps

Mobile Security

• BYOD = no MDM

• Users store corporate

passwords on their device

• What happens when one is

lost/stolen?

The Power of Mobile

Research and Thoughts from Gartner

“People need to think differently about security when it

comes to mobility.”

“Mobility fundamentally changes how people work and

the pace at which decisions are made."

“If security makes mobile technology unattractive

to use, then security will be left by the wayside, not

What Users Want

Tie Into Social Media

• Easier to authenticate • Fewer credentials to

remember

• Less ID Information available

to thieves and hackers

• Sites know something about

me already

• Easy to share my experience

Problem

Social Media Authentication

LOTS of users out there…

• Billions of users are hard to ignore • They expect to be able to access

your web resources

But how do you do it?

• Not easy to connect to social

networks without customization

• Little information available about

the user

• How do you easily manage what

Access Management Tool

CRM ERP HR _StoreFile Office _Apps Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Current State

The Changing State of IAM

Leveraging new innovations to drive your digital business

Access Management Tool

CRM ERP HR _StoreFile Office _Apps Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Current State

The Changing State of IAM

Leveraging new innovations to drive your digital business

Access Management Tool

ERP HR _StoreFile Office _Apps Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App

Current State Cloud Computing

The Changing State of IAM

Leveraging new innovations to drive your digital business

Access Management Tool ERP Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App

Current State Cloud Computing

The Changing State of IAM

Leveraging new innovations to drive your digital business

Access Management Tool ERP Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App

Current State Cloud Computing

The Changing State of IAM

Leveraging new innovations to drive your digital business

Access Management Tool ERP Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Current State

The Changing State of IAM

Access Management Tool ERP Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Current State

The Changing State of IAM

Ultimate Challenge for IT Going Forward

Match the speed of business vs. mitigating risks

“We have brakes on our cars not so that we can stop, but so that we can go fast” – Sara Gates

AGILITY & AUTONOMY

Case Study:

Modern IAM challenge at Attachmate Group

The Attachmate Group

Information Technology

•

Shared resource among the 4 business units

•

Serves 5,000+ regular employees and contractors

Provides two main employee portals

– Legacy innerweb site – New intranet portal

•

Employee access governed by NetIQ technologies

– eDirectory

Access Manager

Securing Our Applications

•

Protects 250+ applications

– In house – COTS – SaaS

•

Multiple authentication methods

Hundreds of policies

•

Keystone of employee web access

Mobile Adoption

– Corporate owned

– Bring your own device (BYOD)

• Variety of vendors and OS

– Apple iOS (57%), Android (26%), Others (17%)

• Employees want to use mobile for work tasks

• Key business driver was mobile Salesforce.com access for

Access from Mobile Devices

Benefits

Challenges

Our Solution

•

NetIQ CloudAccess 2.1

•

Integrated into existing access management

infrastructure

•

Employees have mobile SSO access to key enterprise

applications and SaaS

•

Advanced authentication option

Solution Benefits

Using CloudAccess

• Typing

– Persistent login • Navigation

– Mobile portal with one touch SSO AppMarks

– Favorites page for iOS

– Widgets for Android

• Security

– Activity based PIN

– Password is never stored on the device

– Remote deactivation by employee or administrator

CloudAccess at Attachmate Group

CloudAccess Takeaways

•

Integration

– Relatively easy

– No major changes to infrastructure

•

Solution

– Actively used by Attachmate Group – Solves real business problems

What is CloudAccess?

•

CloudAccess is an integrated identity and

access management (IAM) appliance

solution.

•

It delivers what business users want—easy

access to SaaS, web and even native mobile

apps, and freedom to use mobile devices—

without the compromises.

•

CloudAccess can run on its own or enhance

Solution

CloudAccess

Business flexibility

Business Users

IT Department

Security Audit logs / Compliance

Single sign-on Corporate credentials secured

Multi-factor authentication Automated process

Access logs

Smart mobile support

SaaS

How Does CloudAccess Work?

User launches and authenticates to CloudAccess from mobile,

laptop or desktop

User is presented with a customized view of available applications, on

the device being used

CloudAccess validates user’s login with the on-site

corporate user store (AD, eDirectory or database)

SSO

Provisioning & SSO

How Does CloudAccess Work?

M y O rg an izatio n Organization Apps Employees, Contractors Partners Customers

User launches apps with one touch

User enjoys immediate SSO access

You can also make CloudAccess available to external users to give them

access to what they need

CloudAccess can also handle provisioning of

user accounts, if the target app requires it

SSO

Provisioning & SSO

What about Securing Sensitive Apps?

M y O rg an izatio n Organization Apps Employees, Contractors

!

!

!

Key Features

Modern End-User Experience

– One-touch SSO access to SaaS, web

and native mobile apps

– Choice of device (iOS, Android or

desktop browser)

– BYOID support (Facebook, Google,

LinkedIn, etc.)

High Security

– No credentials ever leave the

enterprise

– Supports multi-factor authentication

– Security hardened appliance with

automated update channel to stay current

Performance, Scalability & Reliability

– Handles hundreds of authentications per second under sustained load

– Scalable to 50k+ users per cluster – Clustering support for failover and

disaster recovery

Fast and Easy Setup & Management

– Large catalog of pre-made connectors – Existing directory or database groups

define access privileges

– Simple mobile enrollment/management – Only requires typical administrator

Customer Benefits

•

Powerful and secure SSO to all kinds of apps

– SaaS/cloud

– Internal web

– Native mobile apps

SaaS

•

Enables secure access from mobile devices

•

Protects sensitive apps with multi-factor authentication

Support for all kinds of users

– Internal users (employees, contractors)

– Partner organization users (suppliers, distributors)

– External users (customers, citizens, students)

How is this better than competitive

IDaaS solutions?

• Your corporate credentials never leave the enterprise

– Cloud-hosted competitors require copying or creating separate credentials

• CloudAccess easily integrates with on-premise resources

– Identity Management, Access Management – Databases, directories, applications

• You own CloudAccess—much lower cost over time

Several startups have begun selling cloud-hosted IAM solutions (“IDaaS”), offering SSO with quick time-to-value

The CloudAccess Difference

:

How does it integrate with IAM solutions?

significant new capabilities your users need without disrupting

what you already have

• Add-on to Access Management

– Provides a convenient mobile or desktop “SSO launchpad” for

applications protected by web access management

– Easily extends on-premise access management to cloud/SaaS

application targets

– Adds BYOID capabilities for external users

• Add-on to Identity Management

– Adds SSO access from desktop or mobile devices to resources

New in CloudAccess v2.1

• Multi-factor authentication

– OTP included

– Optional NAAF integration for many more methods

• Mobile app available for Android • SSO to native mobile apps

• Support for self-registering external users • Updated UI, can be branded by customer

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

Copyright © 2014 NetIQ Corporation. All rights reserved.