Identity and Access Management
Business Ready Security Solutions
Agenda
Business and Information Technology (IT) Challenges
Core Infrastructure Optimization
Identity and Access Management Scenarios
Next Steps
Identity and Access Management End State
Current Identity and Access Situation
Extend business resources, especially to the cloud
Secure multiple devices and locations
Manage complex identity lifecycles
Business and IT Challenges
Agility and Flexibility
ControlBUSINESS
NeedsIT Needs
Simplify user experience for collaboration across
networks
Provide seamless movement between applications
Reduce cost of identity management
Provide secure access to applications from anywhere
Manage disparate systems
Managing partner accounts
Multiple identities and limited sign-on help
Different sign-on requirements, password reset
handled through help desk
Remote access solution with separate identities
Current Identity and Access SituationTime and Labor Intensive
Core Infrastructure Optimization (Core IO)
Standardized Rationalized DynamicBasic
Efficient Cost Center Business Enabler Strategic AssetCost Center
Identity and Security Services
Identity and Access
No standard policy framework for identity and access
No password policy for authentication and authorization
Manual identity provisioning and de-provisioning
Directory services are isolated due to a lack of integration
Limited control over access and identity processes
User profile management is centralized
Cross-organization collaboration is manual for partner accounts
Multiple directory services exist with point-to-point synchronization
Control is automated and role-based
User profile provisioning and de-provisioning is automated and centralized
There is a standard federation and trust-management infrastructure Automated identity synchronization and provisioning
Identity management is fully automated and supported by policy
Resource provisioning and de-provisioning is automated, with self-service access management
Federation and trust management infrastructure is centrally managed
Centralized directory that synchronizes automatically
Secure Endpoint
Secure Datacenter
Secure Collaboratio
n
Business Ready Security Solutions
Secure Messaging
Information Protection
Enable more secure, well-managed, identity-centric access to applications hosted on premises and in the cloud from virtually any location or device.
Identity and Access Management
Identity and Access Management Scenarios
Secure Remote Access
Well-managed Identity
Access across Networks
Provide well-managed, common identity
infrastructure
Enable interoperable access across networks
Secure remote access to business resources
Integrated with proven Microsoft® technologies and heterogeneous environments
Well-managed Identity
Identity Management
• Simplifies compliance across heterogeneous environments
• Enhances data quality with delegated user-profile management
Group Management
• Increases efficiency with attribute-basedresource access
• Enhances user productivity with self-service group management
Credential Management
• Lowers helpdesk costs with end-user self-service password features
• Improves security through strong authentication and certificates
“With Forefront® Identity Manager, we are able to streamline tactical processes, while at the same time provide strategic business value through a cohesive Identity and Access Management solution.”
Scott Weir, IT Manager, Desktop Architecture, First American Title Insurance Company
First American Reduces Costs with Streamlined Identity and Access Management
Extend Access Across Networks
On Premises
• Increases end-user productivity due to a single identity
• Provides additional agility as developers build applications with common authentications
Partners
• Facilitates easier and more effective collaboration setup
• Increases compliance by avoiding external accounts
Cloud
• Adds flexibility with common identity and single sign on
• Creates easier cloud integration with standards-based federation
“We will have more granular control over identity and access, so we can start providing users with self-service capabilities and extend secure collaboration to our partners.“
Armand Martin, Enterprise Architect, Security, Dow Corning
Manufacturer to Enhance Efficiency with Improved Identity Management
Secure Remote Access
Always-on DirectAccess
• Improves productivity through seamless, always-on access
• Reduces risk with more secure sign-on and policy-based access
Remote Application Access
• Increases flexibility by accessing network from virtually any device
• Enhances IT agility due to the ability to manage machines anywhere
“With Unified Access Gateway (UAG) and Network Access Protection (NAP), Sporton can enforce its security policies for employees who connect remotely to the network. We could use other products to make sure that remote clients are fully compliant with our environment before we allow them access, but our IT staff would need to spend a lot of time monitoring the process; with UAG and NAP, we can do all this automatically.”
David Feng, IT Director,
Sporton International/
Integrated Across Microsoft and Heterogeneous Environments
Heterogeneous EnvironmentsCore
Infrastructure
Server and Domain Isolation
Common Identity
Interoperable standards for federation
Identity management across platforms
Integrated Solutions
Secure Remote Access
Well-managed Identity Access Across Networks
Virtualization and
Management
Common, well-managed identity across resources
Identity and Access Management End StateSimple and Easy
Common identity is used
in the cloud
More secure, simplified access for partners
Always-on access built into platform
Solution
Banque de Luxembourg decided to implement Microsoft Forefront Identity Manager 2010, which delivers policy-based identity and credential management across heterogeneous environments.
Customer Results and Benefits
• Increased employee productivity
• Simplified IT management
• Improved compliance
Customer Business Challenge
Banque de Luxembourg sought a centralized solution for identity and access management, one that would work with its heterogeneous systems. It wanted to eliminate manual processes for provisioning user accounts in an effort to improve IT efficiency and internal compliance.
“With Forefront Identity Manager and Active Directory, we have the comprehensive identity and access management solution that we need to support our banking operations.”
René Chevremont, Head of Access Management, Banque de Luxembourg
Financial Institution Gains Efficiency with Automated Identity and Access Management
The Security, Identity, and
Access Management
(SIAM) offering portfolio
from Microsoft Services
supports the Business
Ready Security approach
by providing the planning
and deployment guidance
for Microsoft security and
identity products and
technologies.
Experienced – Broad perspective covering industry, segment, and organization size
Knowledgeable - Worked with hundreds of pre-release, early-adoption projects
Connected - Connected to Microsoft product teams
Accountable - Accountable for your success
Why Microsoft Services
http://www.microsoft.com/services
Working with Microsoft Services
Try the solutions at: Microsoft.com/forefront/trial
Speak with a Microsoft representative about
your needs
Deploy solutions that empower your
business needs
Overall Resources and Next StepsForefront Deployment Resourceshttp://www.microsoft.com/forefront/en/us/deployment.aspx
Microsoft Assessment and Planning (MAP) Toolkithttp://technet.microsoft.com/en-us/library/bb977556.aspx
Microsoft Forefront Case Studieshttp://www.microsoft.com/forefront/en/us/case-studies.aspx
Antivirus Defense-in-depth Guide Solution Acceleratorshttp://www.microsoft.com/downloads/details.aspx?FamilyID=f24a8ce3-63a4-45a1-97b6-3fef52f63abb&displaylang=en
Microsoft Serviceshttp://www.microsoft.com/services
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Virtualization andManagement
Integrated Across Microsoft and Heterogeneous Environments
Heterogeneous EnvironmentsCore Infrastructure
Server and Domain Isolation
Common Identity
Interoperable standards for
federation
Identity management across platforms
Integrated Solutions
Business Ready SecurityHelp securely enable business by managing risk and empowering people
Block
FROM:Enable
CostValue
Siloed Seamless
TO:
Highly Secure & Interoperable Platform
IdentityProtect everywhere,access anywhere
Integrate and extend security across the
enterprise
Simplify the security experience,manage compliance
Across on-premises and cloud scenarios
Information Protection
Identity and Access Management
Secure Desktop
Secure Collaboration
Secure Messaging
Secure Datacenter
Business Ready Security Solutions
Top Related