Identity and Access Governance

The Identity

A representation of a single person (a warm body)

Is used throughout the entire application
Can have almost unlimited attributes
Only the attributes needed for the IAM processes

Identities can be collected from multiple sources, containing multiple types of

identities
Identities can be created based on the collection from multiple sources,
combining this information into a single identity

Copyright Capgemini 2015. All Rights Reserved 2

Identity Attributes

Details we wish to document/know about the identity

Write on the post its identity attributes that you think are relevant for the IAM
processes.

Copyright Capgemini 2015. All Rights Reserved 3

SECURITY LIFE CYCLE
Security Baseline
Risk Assessment
Evaluations

Remediate
Backup,
Restore Who is Who?
(Identity Management)

Security
Authorization
Operation Management
Centre
SIEM
Intrusion Detection
Copyright Capgemini 2015. All Rights Reserved 4
IAM BUSINESS DRIVERS
Regulations & Laws Customer Requirements
Comply
Comply with:
with: Demonstrate
Demonstrate compliance:
compliance:
General
General law
law &
& regulations
regulations ISAE
ISAE 3402/SAS70
3402/SAS70 statements
statements
Privacy
Privacy Laws (e.g. WBP)
Laws (e.g. WBP) ISO 27001 certification
ISO 27001 certification
NMA,
NMA, OPTA,
OPTA, AFM
AFM Demonstrating
Demonstrating being
being in
in Control
Control
HIPAA, FDA
HIPAA, FDA Security as a differentiator
IAM
Business
Business Effectiveness Drivers Protecting Assets
Improve
Improve processes:
processes: Protect:
Protect:
Reduce
Reduce cycle
cycle time,
time, License
License management
management Intellectual
Intellectual Property
Property (IP)
(IP)
Flawless
Flawless provisioning
provisioning // First
First Time
Time Right
Right Privacy
Privacy sensitive
sensitive data
data
Effective
Effective &
& efficient
efficient Audit
Audit &
& Compliance
Compliance Business
Business sensitive
sensitive data
data (incl.
(incl. financial)
financial)
User
User experience
experience Physical
Physical assets
assets

Copyright Capgemini 2015. All Rights Reserved 5

Why IAM -> Business benefits of IAM

Comply with laws

Increase efficiency and
legislation
Bring your own
Increase
device
productivity
(BYOD)
COST

RISK
Reduce risk
Reduce provisioning
exposure (Corporate
costs and time
Image)
Reduce costs of Comply with
helpdesk (i.e. customer
password resets) requirements

Reduce costs of end Improve asset

user licenses management

Copyright Capgemini 2015. All Rights Reserved 6

 WHAT IS IDENTITY & ACCESS MANAGEMENT (IAM)

On-boarding Initial access rights

Employees
Contractors
Customers
Etc.
Chang

e
Chang
The challenge:
Anticipating on
changes
e

Off-boarding Revoke access rights

Identity Management Authorization/ Access

Management
Copyright Capgemini 2015. All Rights Reserved 7
Why IAM becomes increasingly important!

Access
Control Physical
Identity,
security
Authorization
and Data center
access Theft Identity & Access Management
management DATA prevention
etc.
Policy & Governance
Standards & Operations

Application security
Cloud applications Identity Credentials &
Vulnerability testing, Patch Management Authentication
management etc.

Authorization Assets, Devices,

Data Security Model Management & Services

Copyright Capgemini 2015. All Rights Reserved 8

IAG (IDENTITY & ACCESS GOVERNANCE) SCENARIOS
Access Requests Audit, Reviews & Reporting
Automation (Joiners) Regulation Breaches
Self Service Visibility
Standardized Context Specific Reports

Access Approvals Provisioning

Approval workflow Automation
SoD / Sensitive Access (triggered by
approval process)
Chart of Authority
Integration with
Automated Notifications
service desk
Standardized
Privileged Access Period Access Certifications
Automation (Leavers/Movers)
Entitlements & Roles Automation (annual review)
RBAC Orphan accounts
Common policy Remediation

Copyright Capgemini 2015. All Rights Reserved 9

QUESTIONS ?

Thank You

Copyright Capgemini 2015. All Rights Reserved 10