Post on 08-Jan-2017
World®’16
TechTalk:GoverningYourPrivilegedUsers– AKeyStepTowardsReducingtheRiskofBreachEhudAmiri – ProductManagement– CATechnologies
SCT38T
SECURITY
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.
Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInformationalPurposesOnlyTermsofthisPresentation
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
Manyorganizationshaveasolutiontocontroltheactionsofprivilegedusers.But,that’snotenoughforacompleteprivilegedusermanagementsolution– youmustalsogoverntheiraccesstomakesurethatonlythecorrectusershaveelevatedprivileges,andtheyhaveonlytheprivilegesthattheyneed.ThisTechTalkisanoverviewofthePre-ConEdin-depthsessiononPrivilegedUserGovernance.ComeheretolearnhowyoucanreduceyourriskthroughthiscapabilitythatisuniquetoCA.
EhudAmiriCATechnologiesProductManagement
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
OneStopShopforallIdentityServicesEverythingtheBusinessUserNeedsinOnePlace
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhyPrivilegedAccessGovernanceisNeeded?
§ TheSituationToday– PrivilegedAccessManagement(PAM)ismostlyastandalone solutionthatimplementscritical
securityandcompliancecontrolsmanagingandmonitoringuseofsensitiveaccess
– Inmostcasesitisseparated fromthecorporateIdentityManagement
§ Theoutcome– Lackofoverallvisibilityto“whohasaccesstowhat”
– Missingapprovalandauditinginformationfor“whyaccesswasgranted”
– InabilitytoenforceconsistentidentitypoliciessuchasSegregationOfDuties– Lackofriskanalysisfortheoveralluseraccess
– FragmentedcompliancewithregulatoryrequirementssuchasISO27002sections8.1.2“ownershipofassets”and9.2.5“reviewofaccessrights”
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
PrivilegedAccessGovernance
§ TheCAApproach– ProvidinggovernanceforPrivilegedAccessiscritical
– Governanceshouldbeconsistentacrossprivilegedaccessandnon-privilegedaccess
– Asalways,it’sallabouttheuserexperience!
§ TheCAIdentitySuiteSolution– Automatedprovisioningandde-provisioning
– Accessrequest– Accesscertification
CAIdentitySuiteIntegrationwithCAPrivilegedAccessManager
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AutomatedProvisioningandDe-Provisioning
§ Automateon-boardingandoff-boardingofPAMAccountsaspartofregularuserlifecycle
§ OutoftheboxCAIdentitySuiteconnectorforCAPAMusingstandardPAMAPIs
§ ManagePAMAccountsandtheirassignmentstoRoles,UserGroups,Devices&DeviceGroups
§ SupportforlocalaccountsandLDAP/ADaccounts
§ Supportforgranularaccessassignmentsincludingstart/enddate,rolescopinganddevicepolicies
IntegrationwithCAPrivilegedAccessManager
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AccessCertification
§ Gainvisibilityintoalluseraccessinacentralizedplace
§ GranularinsightintoCAPAMaccounts,roles,groups&devices
§ OutoftheboxCAPAMcertificationprocesses:– PAMusercertification
– PAMdevicecertification
§ Easilyidentifyuserswithexcessiveaccess
§ FulfillmentusingtheconnectorforCAPAM
IntegrationwithCAPrivilegedAccessManager
9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AccessRequest
§ Easy-to-useaccessrequestforCAPAMpermissionsthroughanintuitive'ShoppingCart‘experience
§ Real-timeriskanalysisofacombinedprivilegedandnon-privilegedaccess
§ Allrequestscanbecheckedforsegregationofdutiescompliance
§ Businessdescription,workflow,localization,recommendations,etc.
§ FulfillmentusingtheconnectorforCAPAM
IntegrationwithCAPrivilegedAccessManager
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhyNowandWhyCAforPrivilegedAccessGovernance?
§ Compliance– Manyorganizationsarefacingcompliancepressuretoensureproperprivilegedaccessgovernanceis
implemented
§ BetterSecurity– Managingandgoverning“whohasaccessandwhy”forprivilegedaccessisbecomingmoreimportant
inthebroaderfightagainstsecuritybreaches
§ EliminatingSilos– Implementingseparategovernancesolutionsforprivilegedaccessandnon-privilegedaccessmay
createunintendedweaknessesincustomers’cyber-securitystrategy
§ OneStopShop– ByintegratingCAIdentitySuiteandCAPrivilegedAccessManagement,customerscaneasily
implementanenterprise-wideapproachthatisbasedontwoproven&marketleadingsolutions
MakingtheRightChoice
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
RecommendedSessions
SESSION# TITLE DATE/TIME
SCT39T PAMforHybridEnterprises 11/17/2016at1:45pm
SCT37T StreamliningIDMDeployment 11/17/2016at3:00pm
SCT05T PAMBehavioralAnalytics 11/18/2016at4:30pm
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WeWanttoHearFromYou!
§ ITCentralisaleadingtechnologyreviewsite.CAhasthemtohelpgenerateproductreviewsforourSecurityproducts.
§ ITCSstaffmaybeatthissessionnow!(lookfortheirshirts).Ifyouwouldliketoofferaproductreview,pleaseaskthemaftertheclass,orgobytheirbooth.
Note:§ Onlytakes5-7mins§ Youhavetotalcontroloverthereview§ Itcanbeanonymous,ifrequired
13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Thankyou.
Stayconnectedatcommunities.ca.com
14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Security
FormoreinformationonSecurity,pleasevisit:http://cainc.to/EtfYyw