Tivoli Security Overview 061506test

2006 IBM Corporation
Tivoli LIVE -- Identity Management

Hursley Park 15
th
June 2006
Casey Plunkett
Director, WW Sales, Tivoli Security
IBM IT Service Management
2
2006 ITSM Partner Summit
Agenda

Identity Management Drivers
Tivoli Identity Management Overview
Deployment Proof Points
Analysts Perspective
3
Gather business
compliance
information
Establish Trust and Compliance
Evaluate
business
compliance
Report
Create Security
Controls &
Compliance
criteria
Protect Systems
Build and
Deploy software
packages
Verify install
images and
request changes
Request Updated
install images
Learn about
vulnerabilities
Windows
tools
Windows
experts
Internet
tools
Internet
experts
Application
tools
Application
experts
Unix
tools
Unix
experts
Database
tools
Database
experts
Integration
tools
Integration
experts
Linux
tools
Linux
experts
Mainframe
tools
Mainframe
experts
Network
tools
Network
experts
Storage
tools
Storage
experts
Key processes in IT Security Management
The activities and processes associated with IT Security Management can be summarized
into four patterns that will remain current as technology changes.
Manage Threats
Gather and analyze
security related
events
and symptoms
Correlate events
and Initiate
Response
Report
Process / Service
view of IT Security
Management
Access Management
Privacy Management
Identity Management
Security Controls Definition
Security Compliance
Business Risk Management
Incident Management
Threat Management
Security Event Management
Vulnerability Management
Security Configuration
Security Patch Management
Manage Users
Apply business
security controls
Apply resource
security controls
Gather security
control information
4
Increased Collaboration
Collaboration
T
r
u
s
t

Legend
Isolated
Operations
1
Select Trusted
Partners
2
Value Chain
Visibility
3
Industry-Centric
Value Web
4
Cross-Industry
Value Coalition
5
C
o
s
t

&

c
o
m
p
l
e
x
i
t
y

o
f

T
h
r
e
a
t
s

a
n
d

A
d
m
i
n
i
s
t
r
a
t
i
o
n

Eco-system integration
improves market agility but
brings with it increased risk
costs in complexity,
administration and
vulnerability.
Core Business
Subsidiary/JV
Customer
Partner/Channel
Supplier/Outsourcer
5
Product Life Cycle Management
Phase I Phase II Phase III Phase IV Phase V
Ideation
Definition/
Feasibility
Development
Launch
Post
Launch
Assess
product,
team and
process
performance
Produce and
ship product
into
marketplace
Fully develop
product/
packaging
manufacturing
process and
business plan
Define
concepts
based on
new
product
ideas
Identify
new
product
ideas

The sweet spot occurs when process design, organization/performance management
and enabling technologies are integrated and optimized across this value chain
R&D
Packaging and Design Graphics
Marketing
Operations and Production
Finance
Engineering
Brand Management
Sales Management
Public Relations/Ads
Legal
Key Stakeholders in the PLM Process:
6
PLM (Summary) Reference Architecture
Adapter Instances
Adapter Instances
Resources
and
Relationships
(RDF store)
Adapter
Registry
Adapter Instances
Workflows
Event
Registry
Event
Dispatcher
Knowledge
Manager
Inference
Rules
Inference
Engine
Presentation
Manager
Adapter Manager
(run-time and monitor)
Event
Log
Admin
Console
WPS
portlet portlet portlet
View
Generator
Content
Manager
Log
Adapter Instance
Store
instantiates
Workflow
Manager
Document
Repository
CAD
Team
(QuickPlace
, Sametime)
Project
Schedule
Bill of
Materials
PDM Mktg/Adv.
portlet
Key Needs:
ESSO
Provisioning
Directory Integ.
Access Control
Root Control
7
Can You Answer the following Questions
Across Your Core Business Processes?

1. WHO can use our IT systems?
2. WHAT can these people do on our IT systems?
3. Can I easily PROVE to the auditor what these people did?

Tivolis Identity and Access Management products
automates these internal controls
8
Identity Management Challenges/Opportunities
How much am I spending on routine password resets?
3-4 times per year, per user and a 14 average cost per call

How long does it take to make new employees/contractors productive?
Up to 12 days per user to create and service accounts

How many of my former employees/contractors still have access to sensitive data?
30-60% of accounts are orphans (potential security exposure)

How confident are we that only the right people have access to our Enterprise data?
70% of fraud cases involving customer data are related to an insider attack

How much time is spent on Account Management by User Community?
10-20% of the LoB community typically provides Account Management

How long does it take to pull together reports for an audit?
Can take weeks and some companys have designated FTEs for this purpose
9
Security
Compliance
Manager
Identity
Manager
Access
Manager
Privacy
Manager
IBMs Integrated Identity Management Portfolio
Users &
Applications
Federated Identity
Manager
Directory Server
Directory Integrator
NeuSecure
Componentized Strategy
10
Tivoli Identity Manager
Identity
change
requested
Identity Stores
HR Systems
Approvals
gathered
Detect and correct local privilege settings
Access
policy
evaluated
Accounts
updated
Databases
Operating
Systems
Applications
Identity
change
requested
Identity
change
requested
Identity Stores Identity Stores
HR Systems HR Systems
Approvals
gathered
Approvals
gathered
Approvals
gathered
Detect and correct local privilege settings Detect and correct local privilege settings
Access
policy
evaluated
Access
policy
evaluated
Accounts
updated
Accounts
updated
Databases Databases
Operating
Systems
Operating
Systems
Applications Applications
Identity Manager
provisions
accounts

Access Manager
provides runtime
enforcement

Integrated::
Automated provisioning/
de-provisioning from an
authoritative source.

Workflow for
provisioning requests.

Additional user self-
service options for
password reset,
registration etc.

Single sign-on for
Identity and Access
combined administration.
11
ITIM Express 4.6
Request-based provisioning with approval
workflow
User self-care and password management
Intuitive GUI
Recertification of user access rights
Installed/Bundled adapters
Out-of-the-box reporting
Email notification
HR Feeds
Account reconciliation
12
Complete Single Sign-on Management
A
c
c
e
s
s

C
o
n
t
r
o
l

ID
Please enter your ID
and password
Login
Password
C
Flexible Authentication
139576
SECURID
User
Digital Identity Services
eMail
Enterprise
Mainframe
eHR
Claims
Federated
Web
eExpenses
Portal
iBanking
13
Tivoli Access Manager Family
Tivoli Access Manager for e-business (TAMeB)
Web SSO, Centralized Authentication/Authorization/Audit

Tivoli Access Manager for Enterprise Sign-On (TAMES-ESSO)
Enterprise (or Host) SSO

Tivoli Federated Identity Manager
Federated SSO, Trust Mgmt/Brokering, Web Services Security Mgmt, Cross-
Enterprise Identity Mapping

Tivoli Access Manager for Business Integration (TAMBI)
WMQ-based Access Control, Data Integrity and Confidentiality

Tivoli Access Manager for Operating Systems (TAMOS)
Locking down Root in UNIX and LINUX
14
Tivoli XML Gateway Integration
Case in point:
Securely implement web services, secure once for many
applications, aggregate user interactions and adhere to
strong security protection and verification
Solution:
Helps protect SOA implementations addressing XML
threats with fine-grain access control. Integrates with
Tivoli Security for enterprise SOA deployments and
centralized security policy management
XS40 XML Security
Gateway
Identity, Security and
Directory Services

Centralized Security Policy
Management
Data
Repository
Policy-driven security
gateway for web services
Enterprise
Directory
Suppliers
Partners
Users
Liberty
SAML
WS-Federation
15
Security Compliance Management
Operating
Systems
Applications
Workstations
Databases
IT security
CxO
IT Environment
Business
issues:
regulations,
standards

IT concerns
Slammer,
MSBlaster,
OS patches
password
violations
Users
Checking systems and applications
For vulnerabilities and identifies
violations against security policies

Key benefits:
Helps to secure corporate data and
integrity
Identifies software security vulnerabilities
Decreases IT costs through automation,
centralization, and separation of duties
Assists in complying with legislative and
governmental standards
16
Vendor integration for faster time-to-value
Desktop SSO
ActivCard ActivClient
Microsoft Kerberos (SPNEGO)
Microsoft NTLM

Directory sync & virtualization
Aelita Ent. Directory Manager
IBM Tivoli Directory Integrator
OctetString Virtual Directory
Radiant Logic

Encryption, SSL & VPN
Aventail EX-1500
Eracom ProtectServer Orange
IBM 4758
IBM 4960
Ingrian Secure Transaction Appliance
nCipher nForce
Neoteris IVE

Integration and Consulting
3000 trained personnel across
Business Partners worldwide

Messaging security
IBM WebSphere BI Message Broker
IBM WebSphere BI Event Broker
IBM WebSphere MQ

Web Server Plug-in
Apache
IBM HTTP Server
IBM WebSphere Edge Server
Microsoft IIS
Sun ONE Web Server

Web Application Server
BEA WebLogic Server
IBM WebSphere App. Server
(Any J2EE Platform)
Microsoft .NET

Web Portal Server
BEA WebLogic Portal (SSO)
IBM WebSphere Portal
Plumtree Portal*
Sun ONE Portal Server (SSO)

XML and Web Services
DataPower
Digital Evolution / SOA Software
Forum Systems
Layer 7 SecureSpan Gateway
Reactivity XML Firewall
VordelSecure

Application Single Sign-On
Adexa collaboration products (9)
Blockade ESconnect
Broadvision One to One
Cash-U Pecan
Centric Product Innovation (3)
Citrix Metaframe / Nfuse XP
Documentum Content Server/Webtop
Documentum eRoom
IBM Content Manager
IBM Host on Demand
IBM Host Publisher
IBM Lotus Domino
IBM Lotus iNotes
IBM Lotus Quickplace
IBM Lotus Sametime
IBM Lotus Team Workplace
Intelliden R-Series
Interwoven TeamSite
Kana Platform
Kintana Suite (Mercury Interactive)
Microsoft Exchange (OWA)
Microsoft SharePoint Portal/Services
OpenConnect WebConnect
Oracle Application server
PeopleSoft Enterprise Application
PeopleSoft Enterprise PeopleTools
Rocksteady Rocknet
SAP Enterprise Portal
SAP Internet Transaction Server
Secur-IT C-Man
Secur-IT D-Man
Siebel
Sourcefire ISM
Sun Calendar Server*
Sun Messenger Server*
Vasco Digipass (via C-Man)

* By request
Platform & Traffic Mgmt.
Crossbeam Security Svcs. Switch
F5 Networks BIG IP
Sanctum AppShield

Strong Authentication
ActivCard
Aladdin Knowledge Systems
Daon Engine (Biometrics)
Entrust TruePass
VeriSign

UNIX Deployment Lockdown
HP-UX
IBM AIX
IBM DB2
IBM HTTP Server
IBM WebSphere App. Server
Oracle DB
Red Hat Linux
Sun Solaris
SuSE Linux

User repository
CA eTrust Directory
IBM Tivoli Directory Server
Microsoft Active Directory
Novell eDirectory
Siemens Nixdorf DirX Directory
Sun ONE Directory Server
Vasco Digipass

Integration factory
17
Tivoli Identity Management Proof Points
on demand Solution:
Automate user provisioning, discovery and correction of invalid access

Case Studies:

Saves $500k/year in HR Enrollment process for 20k employees

Products:
IBM Tivoli Identity Manager (TIM)

Up to 40% of user access is invalid
IT must spend weeks manually provisioning and auditing user
access to business systems
1 week...
3 weeks
to 10 minutes
to 20 minutes and
provisioning costs cut 93%
18
on demand Solution:
Automate user provisioning, discovery and correction of invalid access

Case Studies:

Deployed Provisioning for 9,000 employees across 80 endpoints,
6 countries and 20 roles within 90 days

5 days to implement Provisioning (TIM Express) across 2,500 users

Products:
IBM Tivoli Identity Manager (TIM) or TIM Express, IDI and TAMeB

Up to 40% of user access is invalid
IT must spend weeks manually provisioning and auditing
user access to business systems
19

on demand Solution:
Single sign-on and self-service for password resets

Case Studies:

Most successful IT project in 25 years cost justified in 8 months

Orange projects savings of millions of Euros annually (4M Secure SOA users)

Product:
IBM Tivoli Access Manager for Enterprise Single Sign-On
SOA: IBM Tivoli Federated Identity Manager
Up to 50% of help desk calls are for password resets
Every call incurs 14 in IT costs
20
Process Obtain a list of orphan
accounts and determine
validity
Compliance
and Audit
Issue
Link all user accounts to
an identity
Business
Process
Inefficiency
Manual processes,
custom scripts
IBM on
demand
Approach
Automated reconciliation
Proof Point Wall Street Example
Identity Manager
Identity
change
requested
Identity Stores
HR Systems
Approvals
gathered
Detect and correct local privilege settings
Access
policy
evaluated
Accounts
updated
Databases
Operating
Systems
Applications
Identity
change
requested
Identity
change
requested
Identity Stores Identity Stores
HR Systems HR Systems
Approvals
gathered
Approvals
gathered
Approvals
gathered
Detect and correct local privilege settings Detect and correct local privilege settings
Access
policy
evaluated
Access
policy
evaluated
Accounts
updated
Accounts
updated
Databases Databases
Operating
Systems
Operating
Systems
Applications Applications
Identify Orphan Accounts
Business Process: User Validation
22
Process Implement rules for
application access
consistently
Compliance
and Audit
Issue
Consistent policy
implementation
Business
Process
Inefficiency
Up to 30% of
development costs for
security infrastructure.
Too many passwords to
remember.
IBM on
demand
Approach
Centralized Application
Access Control and SSO
across applications.
Proof Point T. Rowe Price $13.5M
reduction in development
costs
Access Manager
Business Process: New Business Initiative
23
Tivoli Identity Management -- Facts of Interest
>1,500 Access Management customers
>500 Provisioning customers
~20% of IdM customers are small & medium businesses
>3,000 professionals trained and certified to deploy IBM Identity
Management solutions worldwide
24
Tivoli Identity Management -- Facts of Interest
IBM Tivoli Security software is used by:
15 of the top 20 commercial Banks worldwide
6 top Healthcare companies worldwide
4 of the top 5 Telecommunications companies worldwide
6 of the top 10 Aerospace and Defense companies worldwide
7 of the top 10 Computer and Data Services companies worldwide
25
IBM Identity Management Solutions
Continue to be Recognized for Leadership
2006 Provisioning Leadership Position Gartner Magic Quadrant
2005 #1 Provisioning Vendor, Gartner Vendor Selection Tool
2005 Frost & Sullivan Global Market Leadership Award for Identity
Management
2005 Frost & Sullivan Market Leader designation for Access Management
2005 #1 Provisioning and Web SSO Vendor, IDC
2005 Web Services Leadership Position, Gartner Magic Quadrant
2004 SYS-CON Best Web Services Security Solution Award
26
Analyst View:
Identity and Access Management Market Share (IDC)
Source: IDC, Worldwide [IAM] Market Forecast 2005-2009, Market Share for Web SSO and User Provisioning in 2004
IBM Tivoli
35%
CA
34%
Oracle
7%
Novell
7%
BMC
5%
Sun
4%
HP
4%
RSA
3%
Microsoft
1%
27
Frost & Sullivan- Provisioning Market Share- Feb 2006
28
Frost & Sullivan- Web Access share- Feb 2006
29
Gartner- Web Services Magic Quadrant
30

Tivoli Security Overview 061506test

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Tivoli Security Overview 061506test

Încărcat de

Drepturi de autor:

Formate disponibile

2006 IBM Corporation

Tivoli LIVE -- Identity Management

S-ar putea să vă placă și