IAM is at the heart of every business
Helps manage risk through accountability and transparency
- intelligence = audit and analytics
- administration
- access
Value changes with maturity
1) security efficiency; IAM for the sake of IT; save time and money
2) security effectiveness; compliant with policy and regulation
3) business enablement; this is where most of the value is
Look at all three; value metrics
Business process improvements
Risk management
Fine grained controls
Trend - people are bailing on the Admin projects because it doesn't provide value that was expected; instead people are moving to intelligence; failing to deliver compliance; maybe there is a different way; end game is intelligence; provisioning by itself is not enough
Intelligence focuses on auditing, monitoring and manual remediation, and analytics
Provisioning still needs to happen; admin is becoming more out of the box; what are the most important systems to protect?
Primary functional capability across intelligence, admin, authentication, authorization
No one vendor provides it all and you don't need it all
Intelligence
- web fraud detection
- ERP SOD
Check out Hype Cycle for IAM, 2010
Leverage the Gartner Maturity Model
Entitlement Lifecycle Mgmt
- role lifecycle mgmt; role based access control RBAC is part of this
- entitlement mgmt
Shifting towards Identity and Access Intelligence
Why IAM projects fail
1) focusing on tools instead of process and value; destined to fail
Establish an IAM governance model; plan, implement, manage, monitor
Align IAM with Business Intelligence; people, process, products
Be aware of the cloud based solutions; most cloud decisions are two to three years out in this space; most people want to wait to see how this plays out; looks promising but still bleeding edge
Customers are disillusioned by the IAM suite; people more comfortable with best of breed; moving to atomic IAM services
Helps manage risk through accountability and transparency
- intelligence = audit and analytics
- administration
- access
Value changes with maturity
1) security efficiency; IAM for the sake of IT; save time and money
2) security effectiveness; compliant with policy and regulation
3) business enablement; this is where most of the value is
Look at all three; value metrics
Business process improvements
Risk management
Fine grained controls
Trend - people are bailing on the Admin projects because it doesn't provide value that was expected; instead people are moving to intelligence; failing to deliver compliance; maybe there is a different way; end game is intelligence; provisioning by itself is not enough
Intelligence focuses on auditing, monitoring and manual remediation, and analytics
Provisioning still needs to happen; admin is becoming more out of the box; what are the most important systems to protect?
Primary functional capability across intelligence, admin, authentication, authorization
No one vendor provides it all and you don't need it all
Intelligence
- web fraud detection
- ERP SOD
Check out Hype Cycle for IAM, 2010
Leverage the Gartner Maturity Model
Entitlement Lifecycle Mgmt
- role lifecycle mgmt; role based access control RBAC is part of this
- entitlement mgmt
Shifting towards Identity and Access Intelligence
Why IAM projects fail
1) focusing on tools instead of process and value; destined to fail
Establish an IAM governance model; plan, implement, manage, monitor
Align IAM with Business Intelligence; people, process, products
Be aware of the cloud based solutions; most cloud decisions are two to three years out in this space; most people want to wait to see how this plays out; looks promising but still bleeding edge
Customers are disillusioned by the IAM suite; people more comfortable with best of breed; moving to atomic IAM services
Comments
Post a Comment