The Who, What, When, Where and
Why of IAM
Bob Bentley
It’s a Jungle Out There
“Identity and access management (IAM) is the
security,
risk management and business discipline
that enables
the
right individuals
to have access to the
right
resources
, at the
right time
, for the
right reasons
,
enabling
desired business outcomes
.”
- Gartner, May 23, 2014, “Roundup of Identity and Access Management Research, 1Q14”, Ant Allen & Neil Wynne
Identity and Access Management (IAM)
The Modern IT Challenge
What Users Want
Use Cloud/SaaS Apps
• Agility
Problem
Access to SaaS
IT Department
Audit logs / Compliance Cost Business user experience Security Business flexibility Business Users No single sign-onCorporate credentials in the cloud No strong authentication
Manual process (“Shadow IT”) No Access logs
What Users Want
Access from Mobile
• Easy, straightforward access • From any place/time/device • To mission critical apps
– New SaaS apps
Problem
Access from Mobile
Mobile for more than SaaS
• Most SaaS apps are mobile
friendly…
• But what about the organization’s
existing apps? (The large majority
of apps used)
Organization Apps
Mobile Security
• BYOD = no MDM
• Users store corporate
passwords on their device
• What happens when one is
lost/stolen?
The Power of Mobile
Research and Thoughts from Gartner
“People need to think differently about security when it
comes to mobility.”
“Mobility fundamentally changes how people work and
the pace at which decisions are made."
“If security makes mobile technology unattractive
to use, then security will be left by the wayside, not
What Users Want
Tie Into Social Media
• Easier to authenticate • Fewer credentials to
remember
• Less ID Information available
to thieves and hackers
• Sites know something about
me already
• Easy to share my experience
Problem
Social Media Authentication
LOTS of users out there…
• Billions of users are hard to ignore • They expect to be able to access
your web resources
But how do you do it?
• Not easy to connect to social
networks without customization
• Little information available about
the user
• How do you easily manage what
Access Management Tool
CRM ERP HR StoreFile Office Apps Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Current State
The Changing State of IAM
Leveraging new innovations to drive your digital business
Access Management Tool
CRM ERP HR StoreFile Office Apps Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Current State
The Changing State of IAM
Leveraging new innovations to drive your digital business
Access Management Tool
ERP HR StoreFile Office Apps Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App
Current State Cloud Computing
The Changing State of IAM
Leveraging new innovations to drive your digital business
Access Management Tool ERP Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App
Current State Cloud Computing
The Changing State of IAM
Leveraging new innovations to drive your digital business
Access Management Tool ERP Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App
Current State Cloud Computing
The Changing State of IAM
Leveraging new innovations to drive your digital business
Access Management Tool ERP Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Current State
The Changing State of IAM
Access Management Tool ERP Other Apps Other Apps Other Apps Other Apps Other Apps Web App Web App Web App Web App Web App Web App Web App Web App Web App Web App Current State
The Changing State of IAM
Ultimate Challenge for IT Going Forward
Match the speed of business vs. mitigating risks
“We have brakes on our cars not so that we can stop, but so that we can go fast” – Sara Gates
AGILITY & AUTONOMY
Case Study:
Modern IAM challenge at Attachmate Group
The Attachmate Group
Information Technology
•
Shared resource among the 4 business units
•
Serves 5,000+ regular employees and contractors
•Provides two main employee portals
– Legacy innerweb site – New intranet portal
•
Employee access governed by NetIQ technologies
– eDirectory
Access Manager
Securing Our Applications
•
Protects 250+ applications
– In house – COTS – SaaS
•
Multiple authentication methods
•Hundreds of policies
•
Keystone of employee web access
Mobile Adoption
• Two types of mobile– Corporate owned
– Bring your own device (BYOD)
• Variety of vendors and OS
– Apple iOS (57%), Android (26%), Others (17%)
• Employees want to use mobile for work tasks
• Key business driver was mobile Salesforce.com access for
Access from Mobile Devices
•Benefits
– Bring anywhere – Productivity – Collaboration •Challenges
– TypingOur Solution
•
NetIQ CloudAccess 2.1
•
Integrated into existing access management
infrastructure
•
Employees have mobile SSO access to key enterprise
applications and SaaS
•
Advanced authentication option
Solution Benefits
Using CloudAccess
• Typing
– Persistent login • Navigation
– Mobile portal with one touch SSO AppMarks
– Favorites page for iOS
– Widgets for Android
• Security
– Activity based PIN
– Password is never stored on the device
– Remote deactivation by employee or administrator
CloudAccess at Attachmate Group
CloudAccess Takeaways
•
Integration
– Relatively easy
– No major changes to infrastructure
•
Solution
– Actively used by Attachmate Group – Solves real business problems
What is CloudAccess?
•
CloudAccess is an integrated identity and
access management (IAM) appliance
solution.
•
It delivers what business users want—easy
access to SaaS, web and even native mobile
apps, and freedom to use mobile devices—
without the compromises.
•
CloudAccess can run on its own or enhance
Solution
CloudAccess
Business flexibility
Business Users
IT Department
Business user experience CostSecurity Audit logs / Compliance
Single sign-on Corporate credentials secured
Multi-factor authentication Automated process
Access logs
Smart mobile support
SaaS
How Does CloudAccess Work?
User launches and authenticates to CloudAccess from mobile,
laptop or desktop
User is presented with a customized view of available applications, on
the device being used
CloudAccess validates user’s login with the on-site
corporate user store (AD, eDirectory or database)
SSO
Provisioning & SSO
How Does CloudAccess Work?
M y O rg an izatio n Organization Apps Employees, Contractors Partners Customers
User launches apps with one touch
User enjoys immediate SSO access
You can also make CloudAccess available to external users to give them
access to what they need
CloudAccess can also handle provisioning of
user accounts, if the target app requires it
SSO
Provisioning & SSO
What about Securing Sensitive Apps?
M y O rg an izatio n Organization Apps Employees, Contractors
!
!
!
User launches apps with one touch, just likeKey Features
Modern End-User Experience
– One-touch SSO access to SaaS, web
and native mobile apps
– Choice of device (iOS, Android or
desktop browser)
– BYOID support (Facebook, Google,
LinkedIn, etc.)
High Security
– No credentials ever leave the
enterprise
– Supports multi-factor authentication
– Security hardened appliance with
automated update channel to stay current
Performance, Scalability & Reliability
– Handles hundreds of authentications per second under sustained load
– Scalable to 50k+ users per cluster – Clustering support for failover and
disaster recovery
Fast and Easy Setup & Management
– Large catalog of pre-made connectors – Existing directory or database groups
define access privileges
– Simple mobile enrollment/management – Only requires typical administrator
Customer Benefits
•
Powerful and secure SSO to all kinds of apps
– SaaS/cloud
– Internal web
– Native mobile apps
SaaS
•
Enables secure access from mobile devices
•
Protects sensitive apps with multi-factor authentication
•Support for all kinds of users
– Internal users (employees, contractors)
– Partner organization users (suppliers, distributors)
– External users (customers, citizens, students)
How is this better than competitive
IDaaS solutions?
• Your corporate credentials never leave the enterprise
– Cloud-hosted competitors require copying or creating separate credentials
• CloudAccess easily integrates with on-premise resources
– Identity Management, Access Management – Databases, directories, applications
• You own CloudAccess—much lower cost over time
Several startups have begun selling cloud-hosted IAM solutions (“IDaaS”), offering SSO with quick time-to-value
The CloudAccess Difference
:
How does it integrate with IAM solutions?
• CloudAccess can be easily added to your existing IAM to bringsignificant new capabilities your users need without disrupting
what you already have
• Add-on to Access Management
– Provides a convenient mobile or desktop “SSO launchpad” for
applications protected by web access management
– Easily extends on-premise access management to cloud/SaaS
application targets
– Adds BYOID capabilities for external users
• Add-on to Identity Management
– Adds SSO access from desktop or mobile devices to resources
New in CloudAccess v2.1
• SSO to any cloud or web application• Multi-factor authentication
– OTP included
– Optional NAAF integration for many more methods
• Mobile app available for Android • SSO to native mobile apps
• Support for self-registering external users • Updated UI, can be branded by customer
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
Copyright © 2014 NetIQ Corporation. All rights reserved.