Skip to main content

Identity and Access Mgmt - Gartner Symposium

IAM is at the heart of every business
Helps manage risk through accountability and transparency
- intelligence = audit and analytics
- administration
- access

Value changes with maturity
1) security efficiency; IAM for the sake of IT; save time and money
2) security effectiveness; compliant with policy and regulation
3) business enablement; this is where most of the value is
Look at all three; value metrics

Business process improvements
Risk management
Fine grained controls

Trend - people are bailing on the Admin projects because it doesn't provide value that was expected; instead people are moving to intelligence; failing to deliver compliance; maybe there is a different way; end game is intelligence; provisioning by itself is not enough

Intelligence focuses on auditing, monitoring and manual remediation, and analytics

Provisioning still needs to happen; admin is becoming more out of the box; what are the most important systems to protect?

Primary functional capability across intelligence, admin, authentication, authorization
No one vendor provides it all and you don't need it all

Intelligence
- web fraud detection
- ERP SOD

Check out Hype Cycle for IAM, 2010
Leverage the Gartner Maturity Model

Entitlement Lifecycle Mgmt
- role lifecycle mgmt; role based access control RBAC is part of this
- entitlement mgmt

Shifting towards Identity and Access Intelligence

Why IAM projects fail
1) focusing on tools instead of process and value; destined to fail

Establish an IAM governance model; plan, implement, manage, monitor
Align IAM with Business Intelligence; people, process, products

Be aware of the cloud based solutions; most cloud decisions are two to three years out in this space; most people want to wait to see how this plays out; looks promising but still bleeding edge

Customers are disillusioned by the IAM suite; people more comfortable with best of breed; moving to atomic IAM services

Comments

Popular posts from this blog

6 Key Steps to a Successful Mobile Apps Strategy

What IT Can Do to Lead a Successful Mobile App Strategy CIO’s are under pressure to deliver business capabilities on mobile devices, all while optimizing budgets, increasing operational excellence, and providing innovative, secure solutions. It’s a complex juggling act. In the mobile space, it’s tempting to just jump in and start building mobile apps. But corporate IT needs to help balance the exuberance of building apps with using a common set of success criteria. This is especially true if the enterprise wants a manageable and successful mobile app effort, defined by usage, adoption and business value. While corporate IT can provide technical design and architecture expertise, even more important is the role they play in terms of coordinating the enterprise mobile app strategy. Here are six key steps for doing so: 1. Create a cross-functional “mobile app working team” This is a group of business and IT team members that are passionate about creating mobile solutions

Quadrennial Energy Review - Jan 2017 (notes)

https://energy.gov/sites/prod/files/2017/01/f34/Transforming%20the%20Nation%27s%20Electricity%20System-The%20Second%20Installment%20of%20the%20Quadrennial%20Energy%20Review--%20Full%20Report.pdf "The electricity system we have today was developed over more than a century and includes thousands of generating plants, hundreds of thousands of miles of transmission lines, distribution systems serving hundreds of millions of customers, a growing number of distributed energy resources, and billions of enduse devices and appliances. These elements are connected together to form a complex system of systems." "The electricity sector is, however, confronting a complex set of changes and challenges, including: aging infrastructure; a changing generation mix; growing penetration of variable generation; low and in some cases negative load growth; climate change; increased physical and cybersecurity risks; and in some regions widespread adoption of distributed energy resources

The End of Solitude - Response to William Deresiewicz

I recently read an article by William Deresiewicz titled “ The End of Solitude ”. What prompted me to read the article was an interview with Mr. Deresiewicz that I heard on NPR. During the NPR interview, Mr. Deresiewicz delved into the importance of solitude, being alone and time for self-reflection. Of course, you are naturally drawn to premises that are similar to your own so I listened intently as he contrasted the present with the past regarding the lack of “alone” time that we all face today. Mr. Deresiewicz’s literary knowledge is beyond impressive – he’s an academic and is able to compare and contrast numerous thought-leaders of the past and their views of the value of solitude. In “The End of Solitude” he highlights the importance of solitude that numerous philosophers and famous authors have written about for many, many years. My personal appreciation for Thoreau’s writing, specifically Walden and more specifically “Solitude” and “Economy” immediately came to mind as I read