Hursley Park 15 th June 2006 Casey Plunkett Director, WW Sales, Tivoli Security IBM IT Service Management 2006 IBM Corporation 2 2006 ITSM Partner Summit Agenda
Identity Management Drivers Tivoli Identity Management Overview Deployment Proof Points Analysts Perspective IBM IT Service Management 2006 IBM Corporation 3 2006 ITSM Partner Summit Gather business compliance information Establish Trust and Compliance Evaluate business compliance Report Create Security Controls & Compliance criteria Protect Systems Build and Deploy software packages Verify install images and request changes Request Updated install images Learn about vulnerabilities Windows tools Windows experts Internet tools Internet experts Application tools Application experts Unix tools Unix experts Database tools Database experts Integration tools Integration experts Linux tools Linux experts Mainframe tools Mainframe experts Network tools Network experts Storage tools Storage experts Key processes in IT Security Management The activities and processes associated with IT Security Management can be summarized into four patterns that will remain current as technology changes. Manage Threats Gather and analyze security related events and symptoms Correlate events and Initiate Response Report Process / Service view of IT Security Management Access Management Privacy Management Identity Management Security Controls Definition Security Compliance Business Risk Management Incident Management Threat Management Security Event Management Vulnerability Management Security Configuration Security Patch Management Manage Users Apply business security controls Apply resource security controls Gather security control information IBM IT Service Management 2006 IBM Corporation 4 2006 ITSM Partner Summit Increased Collaboration Collaboration T r u s t
Legend Isolated Operations 1 Select Trusted Partners 2 Value Chain Visibility 3 Industry-Centric Value Web 4 Cross-Industry Value Coalition 5 C o s t
&
c o m p l e x i t y
o f
T h r e a t s
a n d
A d m i n i s t r a t i o n
Eco-system integration improves market agility but brings with it increased risk costs in complexity, administration and vulnerability. Core Business Subsidiary/JV Customer Partner/Channel Supplier/Outsourcer IBM IT Service Management 2006 IBM Corporation 5 2006 ITSM Partner Summit Product Life Cycle Management Phase I Phase II Phase III Phase IV Phase V Ideation Definition/ Feasibility Development Launch Post Launch Assess product, team and process performance Produce and ship product into marketplace Fully develop product/ packaging manufacturing process and business plan Define concepts based on new product ideas Identify new product ideas
The sweet spot occurs when process design, organization/performance management and enabling technologies are integrated and optimized across this value chain R&D Packaging and Design Graphics Marketing Operations and Production Finance Engineering Brand Management Sales Management Public Relations/Ads Legal Key Stakeholders in the PLM Process: IBM IT Service Management 2006 IBM Corporation 6 2006 ITSM Partner Summit PLM (Summary) Reference Architecture Adapter Instances Adapter Instances Resources and Relationships (RDF store) Adapter Registry Adapter Instances Workflows Event Registry Event Dispatcher Knowledge Manager Inference Rules Inference Engine Presentation Manager Adapter Manager (run-time and monitor) Event Log Admin Console WPS portlet portlet portlet View Generator Content Manager Log Adapter Instance Store instantiates Workflow Manager Document Repository CAD Team (QuickPlace , Sametime) Project Schedule Bill of Materials PDM Mktg/Adv. portlet Key Needs: ESSO Provisioning Directory Integ. Access Control Root Control IBM IT Service Management 2006 IBM Corporation 7 2006 ITSM Partner Summit Can You Answer the following Questions Across Your Core Business Processes?
1. WHO can use our IT systems? 2. WHAT can these people do on our IT systems? 3. Can I easily PROVE to the auditor what these people did?
Tivolis Identity and Access Management products automates these internal controls IBM IT Service Management 2006 IBM Corporation 8 2006 ITSM Partner Summit Identity Management Challenges/Opportunities How much am I spending on routine password resets? 3-4 times per year, per user and a 14 average cost per call
How long does it take to make new employees/contractors productive? Up to 12 days per user to create and service accounts
How many of my former employees/contractors still have access to sensitive data? 30-60% of accounts are orphans (potential security exposure)
How confident are we that only the right people have access to our Enterprise data? 70% of fraud cases involving customer data are related to an insider attack
How much time is spent on Account Management by User Community? 10-20% of the LoB community typically provides Account Management
How long does it take to pull together reports for an audit? Can take weeks and some companys have designated FTEs for this purpose IBM IT Service Management 2006 IBM Corporation 9 2006 ITSM Partner Summit Security Compliance Manager Identity Manager Access Manager Privacy Manager IBMs Integrated Identity Management Portfolio Users & Applications Federated Identity Manager Directory Server Directory Integrator NeuSecure Componentized Strategy IBM IT Service Management 2006 IBM Corporation 10 2006 ITSM Partner Summit Tivoli Identity Manager Tivoli Identity Manager Identity change requested Identity Stores HR Systems Approvals gathered Detect and correct local privilege settings Access policy evaluated Accounts updated Databases Operating Systems Applications Tivoli Identity Manager Identity change requested Identity change requested Identity Stores Identity Stores HR Systems HR Systems Approvals gathered Approvals gathered Approvals gathered Detect and correct local privilege settings Detect and correct local privilege settings Access policy evaluated Access policy evaluated Accounts updated Accounts updated Databases Databases Operating Systems Operating Systems Applications Applications Identity Manager provisions accounts
Access Manager provides runtime enforcement
Integrated:: Automated provisioning/ de-provisioning from an authoritative source.
Workflow for provisioning requests.
Additional user self- service options for password reset, registration etc.
Single sign-on for Identity and Access combined administration. IBM IT Service Management 2006 IBM Corporation 11 2006 ITSM Partner Summit ITIM Express 4.6 Request-based provisioning with approval workflow User self-care and password management Intuitive GUI Recertification of user access rights Installed/Bundled adapters Out-of-the-box reporting Email notification HR Feeds Account reconciliation IBM IT Service Management 2006 IBM Corporation 12 2006 ITSM Partner Summit Complete Single Sign-on Management A c c e s s
C o n t r o l
ID Please enter your ID and password Login Password C Flexible Authentication 139576 SECURID User Digital Identity Services eMail Enterprise Mainframe eHR Claims Federated Web eExpenses Portal iBanking IBM IT Service Management 2006 IBM Corporation 13 2006 ITSM Partner Summit Tivoli Access Manager Family Tivoli Access Manager for e-business (TAMeB) Web SSO, Centralized Authentication/Authorization/Audit
Tivoli Access Manager for Business Integration (TAMBI) WMQ-based Access Control, Data Integrity and Confidentiality
Tivoli Access Manager for Operating Systems (TAMOS) Locking down Root in UNIX and LINUX IBM IT Service Management 2006 IBM Corporation 14 2006 ITSM Partner Summit Tivoli XML Gateway Integration Case in point: Securely implement web services, secure once for many applications, aggregate user interactions and adhere to strong security protection and verification Solution: Helps protect SOA implementations addressing XML threats with fine-grain access control. Integrates with Tivoli Security for enterprise SOA deployments and centralized security policy management XS40 XML Security Gateway Identity, Security and Directory Services
Centralized Security Policy Management Data Repository Policy-driven security gateway for web services Enterprise Directory Suppliers Partners Users Liberty SAML WS-Federation IBM IT Service Management 2006 IBM Corporation 15 2006 ITSM Partner Summit Security Compliance Management Operating Systems Applications Workstations Databases IT security CxO IT Environment Business issues: regulations, standards
IT concerns Slammer, MSBlaster, OS patches password violations Users Checking systems and applications For vulnerabilities and identifies violations against security policies
Key benefits: Helps to secure corporate data and integrity Identifies software security vulnerabilities Decreases IT costs through automation, centralization, and separation of duties Assists in complying with legislative and governmental standards IBM IT Service Management 2006 IBM Corporation 16 2006 ITSM Partner Summit Vendor integration for faster time-to-value Desktop SSO ActivCard ActivClient Microsoft Kerberos (SPNEGO) Microsoft NTLM
Integration and Consulting 3000 trained personnel across Business Partners worldwide
Messaging security IBM WebSphere BI Message Broker IBM WebSphere BI Event Broker IBM WebSphere MQ
Web Server Plug-in Apache IBM HTTP Server IBM WebSphere Edge Server Microsoft IIS Sun ONE Web Server
Web Application Server BEA WebLogic Server IBM WebSphere App. Server (Any J2EE Platform) Microsoft .NET
Web Portal Server BEA WebLogic Portal (SSO) IBM WebSphere Portal Plumtree Portal* Sun ONE Portal Server (SSO)
XML and Web Services DataPower Digital Evolution / SOA Software Forum Systems Layer 7 SecureSpan Gateway Reactivity XML Firewall VordelSecure
Application Single Sign-On Adexa collaboration products (9) Blockade ESconnect Broadvision One to One Cash-U Pecan Centric Product Innovation (3) Citrix Metaframe / Nfuse XP Documentum Content Server/Webtop Documentum eRoom IBM Content Manager IBM Host on Demand IBM Host Publisher IBM Lotus Domino IBM Lotus iNotes IBM Lotus Quickplace IBM Lotus Sametime IBM Lotus Team Workplace Intelliden R-Series Interwoven TeamSite Kana Platform Kintana Suite (Mercury Interactive) Microsoft Exchange (OWA) Microsoft SharePoint Portal/Services OpenConnect WebConnect Oracle Application server PeopleSoft Enterprise Application PeopleSoft Enterprise PeopleTools Rocksteady Rocknet SAP Enterprise Portal SAP Internet Transaction Server Secur-IT C-Man Secur-IT D-Man Siebel Sourcefire ISM Sun Calendar Server* Sun Messenger Server* Vasco Digipass (via C-Man)
* By request Platform & Traffic Mgmt. Crossbeam Security Svcs. Switch F5 Networks BIG IP Sanctum AppShield
UNIX Deployment Lockdown HP-UX IBM AIX IBM DB2 IBM HTTP Server IBM WebSphere App. Server Oracle DB Red Hat Linux Sun Solaris SuSE Linux
User repository CA eTrust Directory IBM Tivoli Directory Server Microsoft Active Directory Novell eDirectory Siemens Nixdorf DirX Directory Sun ONE Directory Server Vasco Digipass
Integration factory IBM IT Service Management 2006 IBM Corporation 17 2006 ITSM Partner Summit Tivoli Identity Management Proof Points on demand Solution: Automate user provisioning, discovery and correction of invalid access
Case Studies:
Saves $500k/year in HR Enrollment process for 20k employees
Products: IBM Tivoli Identity Manager (TIM)
Up to 40% of user access is invalid IT must spend weeks manually provisioning and auditing user access to business systems 1 week... 3 weeks to 10 minutes to 20 minutes and provisioning costs cut 93% IBM IT Service Management 2006 IBM Corporation 18 2006 ITSM Partner Summit Tivoli Identity Management Proof Points on demand Solution: Automate user provisioning, discovery and correction of invalid access
Case Studies:
Deployed Provisioning for 9,000 employees across 80 endpoints, 6 countries and 20 roles within 90 days
5 days to implement Provisioning (TIM Express) across 2,500 users
Products: IBM Tivoli Identity Manager (TIM) or TIM Express, IDI and TAMeB
Up to 40% of user access is invalid IT must spend weeks manually provisioning and auditing user access to business systems IBM IT Service Management 2006 IBM Corporation 19 2006 ITSM Partner Summit
Tivoli Identity Management Proof Points on demand Solution: Single sign-on and self-service for password resets
Case Studies:
Most successful IT project in 25 years cost justified in 8 months
Orange projects savings of millions of Euros annually (4M Secure SOA users)
Product: IBM Tivoli Access Manager for Enterprise Single Sign-On SOA: IBM Tivoli Federated Identity Manager Up to 50% of help desk calls are for password resets Every call incurs 14 in IT costs IBM IT Service Management 2006 IBM Corporation 20 2006 ITSM Partner Summit Process Obtain a list of orphan accounts and determine validity Compliance and Audit Issue Link all user accounts to an identity Business Process Inefficiency Manual processes, custom scripts IBM on demand Approach Automated reconciliation Proof Point Wall Street Example Identity Manager Tivoli Identity Manager Identity change requested Identity Stores HR Systems Approvals gathered Detect and correct local privilege settings Access policy evaluated Accounts updated Databases Operating Systems Applications Tivoli Identity Manager Identity change requested Identity change requested Identity Stores Identity Stores HR Systems HR Systems Approvals gathered Approvals gathered Approvals gathered Detect and correct local privilege settings Detect and correct local privilege settings Access policy evaluated Access policy evaluated Accounts updated Accounts updated Databases Databases Operating Systems Operating Systems Applications Applications Identify Orphan Accounts Business Process: User Validation IBM IT Service Management 2006 IBM Corporation 22 2006 ITSM Partner Summit Process Implement rules for application access consistently Compliance and Audit Issue Consistent policy implementation Business Process Inefficiency Up to 30% of development costs for security infrastructure. Too many passwords to remember. IBM on demand Approach Centralized Application Access Control and SSO across applications. Proof Point T. Rowe Price $13.5M reduction in development costs Access Manager Business Process: New Business Initiative IBM IT Service Management 2006 IBM Corporation 23 2006 ITSM Partner Summit Tivoli Identity Management -- Facts of Interest >1,500 Access Management customers >500 Provisioning customers ~20% of IdM customers are small & medium businesses >3,000 professionals trained and certified to deploy IBM Identity Management solutions worldwide IBM IT Service Management 2006 IBM Corporation 24 2006 ITSM Partner Summit Tivoli Identity Management -- Facts of Interest IBM Tivoli Security software is used by: 15 of the top 20 commercial Banks worldwide 6 top Healthcare companies worldwide 4 of the top 5 Telecommunications companies worldwide 6 of the top 10 Aerospace and Defense companies worldwide 7 of the top 10 Computer and Data Services companies worldwide IBM IT Service Management 2006 IBM Corporation 25 2006 ITSM Partner Summit IBM Identity Management Solutions Continue to be Recognized for Leadership 2006 Provisioning Leadership Position Gartner Magic Quadrant 2005 #1 Provisioning Vendor, Gartner Vendor Selection Tool 2005 Frost & Sullivan Global Market Leadership Award for Identity Management 2005 Frost & Sullivan Market Leader designation for Access Management 2005 #1 Provisioning and Web SSO Vendor, IDC 2005 Web Services Leadership Position, Gartner Magic Quadrant 2004 SYS-CON Best Web Services Security Solution Award IBM IT Service Management 2006 IBM Corporation 26 2006 ITSM Partner Summit Analyst View: Identity and Access Management Market Share (IDC) Source: IDC, Worldwide [IAM] Market Forecast 2005-2009, Market Share for Web SSO and User Provisioning in 2004 IBM Tivoli 35% CA 34% Oracle 7% Novell 7% BMC 5% Sun 4% HP 4% RSA 3% Microsoft 1% IBM IT Service Management 2006 IBM Corporation 27 2006 ITSM Partner Summit Frost & Sullivan- Provisioning Market Share- Feb 2006 IBM IT Service Management 2006 IBM Corporation 28 2006 ITSM Partner Summit Frost & Sullivan- Web Access share- Feb 2006 IBM IT Service Management 2006 IBM Corporation 29 2006 ITSM Partner Summit Gartner- Web Services Magic Quadrant IBM IT Service Management 2006 IBM Corporation 30 2006 ITSM Partner Summit