An Identity-focused Approach to Compliance
2 likes429 views
The document outlines Novell's compliance management platform, which integrates identity and security management with tools for provisioning, access control, and risk monitoring. It emphasizes the importance of tracking user access, automating provisioning, and assessing IT risk through various workflows and dashboards. Additionally, it discusses enablers for calculating risk and the necessity of customized risk analysis to mitigate potential threats.
An Identity-focused Approach to Compliance
- 1. An Identity-focused Approach to Compliance Mark Worwetz Volker Scheuber Senior Engineering Manager Senior Engineering Manager Novell Inc./mworwetz@novell.com Novell Inc./vscheuber@novell.com
- 2. Novell Compliance Management ® Platform • Integrated Identity and Security Management Platform – Software Components > Identity Vault > Novell Identity Manager with Roles Based Provisioning Module ® > Novell Sentinel ® ™ > Novell Access Manager ® ™ – Tools > Designer for Novell Identity Manager > Analyzer for Novell Identity Manager – Solution Content > Integrated Provisioning and Access Control Policies and Workflows > Identity Tracking > Identity and Security Monitoring and Reporting 2 © Novell, Inc. All rights reserved.
- 3. Novell Compliance Management ® Platform (cont.) • CMP 1.x Value Proposition – To which systems do people have access? > Identity Tracking – How did people get access to systems? > Automated provisioning events > Workflow provisioning events – What are people doing with their access? > Identity-based Reporting 3 © Novell, Inc. All rights reserved.
- 4. System Assets, Accounts, and Authorizations Role Provisioning Monitoring and Reporting 4 © Novell, Inc. All rights reserved.
- 5. Identity Browser – Accounts 5 © Novell, Inc. All rights reserved.
- 6. Identity Browser – Recent Activity 6 © Novell, Inc. All rights reserved.
- 7. Per-Identity Provisioning Report 7 © Novell, Inc. All rights reserved.
- 8. Per-Identity Account Management 8 © Novell, Inc. All rights reserved.
- 9. Role Mapping Administrator 9 © Novell, Inc. All rights reserved.
- 10. Where Are We Going From Here?
- 11. The Path to Compliance: A Risk Management and Controls Lifecycle
- 12. IT Compliance Lifecycle Define business objectives, policies and Key Performance Indicators (KPIs) Evaluate processes and to help meet objectives business objectives to identify and qualify risks Monitor Real time risk and detect risk response Analyze risk versus thresholds Allow business to determine best long-term response 12 © Novell, Inc. All rights reserved.
- 13. What's Next? System Assets, Accounts, and Authorizations Role Provisioning Monitoring and Reporting 13 © Novell, Inc. All rights reserved.
- 14. What Is My IT Risk? System Assets, Accounts, and Authorizations Role Provisioning IT Risk = ??? Monitoring and Reporting 14 © Novell, Inc. All rights reserved.
- 15. IT Risk Calculation Enablers • Asset Valuation Criteria Workflow – $$$ High Value – $$ Medium Value – $ Low Value • Identify and Assign Asset Owners Workflow – John Smith – System Owner, GroupWise ® – Abby Spencer – System Owner, Financials Database – Chip Nano – System Owner, Golf Tournament Database 15 © Novell, Inc. All rights reserved.
- 16. IT Risk Calculation Enablers (cont.) • Asset Valuation Workflows – GroupWise = ® – Financials = – Golf Tournament Database = • Authorizations Threat Assessment Workflows – High Threat – Medium Threat – Low Threat 16 © Novell, Inc. All rights reserved.
- 17. IT Risk Calculation Enablers (cont.) • Identify Unmanaged/Privileged Accounts Workflows – SAP*, DDIC – Administrator – Root • Customized Risk Analysis – Allows partners and customers to add additional criteria for calculating IT risk > Threat Communities and Capabilities > Locale-Specific Threats > Industry-Specific Threats > Compliance Regulation Concerns 17 © Novell, Inc. All rights reserved.
- 18. System and Authorization Assessment System Assets, Accounts, and Authorizations Role Provisioning Monitoring and Reporting 18 © Novell, Inc. All rights reserved.
- 19. IT Risk Calculation and Monitoring Tools • Threat-Enabled Role Mapping Administrator – Bubble up system authorization threat level to business roles – Approval workflows for role mappings • Risk Analysis Tools – Monitor authorization entitlement grants – Monitor activities of User communities – Risk-related Reports and Dashboards 19 © Novell, Inc. All rights reserved.
- 20. Role Mapping Administrator + Risk 20 © Novell, Inc. All rights reserved.
- 21. Risk Overview Dashboard 21 © Novell, Inc. All rights reserved.
- 22. Risk Calculation Enabled System Assets, Accounts, and Authorizations Role Provisioning IT Risk = Monitoring and Reporting 22 © Novell, Inc. All rights reserved.
- 23. How Can I Mitigate these Risks? System Assets, Accounts, and Authorizations Role Provisioning IT Risk = Monitoring and Reporting 23 © Novell, Inc. All rights reserved.
- 24. IT Risk Control Tools • Threat-Enabled Role-based Provisioning Module – Allow Business Owners to recognize and mitigate risk in provisioning activities • Impact Reports and Dashboards – Did Risk turn into Damage? What was the cost? – Risk Heat Maps – Should Controls be added, modified, removed? • Controls Content – Packaged policy, monitoring, and reporting content to apply controls to areas of risk 24 © Novell, Inc. All rights reserved.
- 25. Provisioning Controls Enabled Multiple Approvals based on Role Level System Asset Values and Authorization Threats Valued by Asset Owner Automated Approvals based on Role Level IT Risk = Monitoring and Reporting 25 © Novell, Inc. All rights reserved.
- 26. Identity Risk Dashboard 26 © Novell, Inc. All rights reserved.
- 28. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.