Identity-aware Infrastructurepublishingext.dir.texas.gov/portal/internal/resources... · SailPoint...
23
Identity-aware Infrastructure Identity at the Center of Security, Compliance & IT Operations Darran Rolls, CTO & CISO
Transcript of Identity-aware Infrastructurepublishingext.dir.texas.gov/portal/internal/resources... · SailPoint...
Identity-aware InfrastructureIdentity at the Center of Security, Compliance & IT Operations
Darran Rolls, CTO & CISO
SailPoint at a Glance
World’s largest, dedicated IAM vendor• Based in Austin Texas, USA• Operations in 15 countries• 300 Partners worldwide• Customers in every vertical
The leader in identity governance
Identity Governance market leadership
GartnerMagic Quadrant for IGA, 2017
ForresterWave for IMG, 2016
KuppingerCole Report, Leadership Compass, 2017
Evolution #1Delegate
Administration
Generation #2Automated
Provisioning
20041998 2018
Generation #3Identity
Governance
20 Years of Identity Management Evolution
Evolution #1Delegate
Administration
Generation #2Automated
Provisioning
20041998 2018
Generation #3Identity
Governance
20 Years of Identity Management Evolution
ü Business user focused
ü Full lifecycle
ü Embedded controls
ü Securing & managing
all access
Copyright © SailPoint Technologies, Inc. 2017. All rights reserved.
Securing & Managing Access
Securing & Managing Access
People Access Data
Unstructured
Structured
ApplicationPeople
Applications
Devices
Authentication
Bio-Metric
WebBased
SAMLBased
PasswordBased
PKIBased
OAuthBased
Authorization
ApplicationSpecific
AttributeBased
SystemDefined
VaultedCreds
GroupBased
RoleBased
Identity & Access Governance
People Access Data
Bio-Metric
WebBased
SAMLBased
PasswordBased
PKIBased
OAuthBased
ApplicationSpecific
AttributeBased
SystemDefined
VaultedCreds
GroupBased
RoleBased
Who has Access to What and Why…
Identity & Access Governance
People Access Data
Bio-Metric
WebBased
SAMLBased
PasswordBased
PKIBased
OAuthBased
ApplicationSpecific
AttributeBased
SystemDefined
VaultedCreds
GroupBased
RoleBased
Automation, Delegation and Self-service
Identity & Access Governance
People Access Data
Bio-Metric
WebBased
SAMLBased
PasswordBased
PKIBased
OAuthBased
ApplicationSpecific
AttributeBased
SystemDefined
VaultedCreds
GroupBased
RoleBased
Visibility & Control = Identity Governance
Identity
Governance
Program Objectives
NIST 800-53 Control Groups
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
Identity Governance Program Objectives
Enabling efficient & accurate user access
Protecting access to applications and data
Staying compliant amidst mounting regulations
Cloud and on-premise applications and data…
IncreasedProductivity
Lower Security Risk
SustainableCompliance
Objective #1: Increased Productivity
• Joiner MOVER & leaver controls…
• Fine-grained access control…
• Delegated administration…
• End-user self-service…
IncreasedProductivity
Objective #2: Lower Security Risk
• Understanding access risk…
• Password management…
• File & access governance…
• De-provisioning & security response…
Lower Security Risk
Objective #3: Sustainable Compliance
• Access reviews…
• Detective and preventive policy controls…
• Data ownership & responsibility…
• Reporting & analytics…
SustainableCompliance
Identity-aware Infrastructure
Copyright © SailPoint Technologies, Inc. 2017. All rights reserved.
Understanding Key Relationships
DataEntitlementAccountIdentity
Darran Rolls
Group=Accounting
\\Shares\HR(read)
\\Shares\Corp(read write)
Group=Users \\Shares\doc3(read)
RACF1232123
SYSDBA
Data Profile1
Data Profile2
SYSOPER Data Profile3
Identity Account Entitlement Data
SIEM & DLP
Applications & Infrastructure
Mobile DeviceManagement
Identity-enabled Infrastructure
Integrated ResponsiveEcosystem
DataGovernance
User Behavior Analysis
PrivilegedUser Mgmt.
GRC
IT ServiceManagement
Shared Context& Actions
Security Infrastructure Identity Governance & AdministrationOperations Infrastructure
EndpointManagement
Access Management
Privileged Account Mgmt.
SIEM
Systems Management
Service Management
GRC
Enterprise Mobility Management
User Behavior Analysis
SailPoint Open Identity Platform
![SailPoint - niap-ccevs.org · PDF file5.1 Extended Security Functional Requirements ..... 20 5.2 Extended Security Assurance Requirements ... [14] SailPoint IdentityIQ Direct Connectors](https://static.fdocuments.us/doc/165x107/5ab73a717f8b9a86428e89af/sailpoint-niap-ccevsorg-extended-security-functional-requirements-20-52.jpg)
