SlideShare a Scribd company logo

Building Your Roadmap Sucessful Identity And Access Management

Download as PPT, PDF
Government Technology Exhibition and Conference, profile picture
Government Technology Exhibition and Conference

The document discusses the benefits of implementing an Identity and Access Management (IAM) system from the perspectives of various CXOs. It outlines common issues they face such as high costs of manual user provisioning and access management, ghost accounts, and inability to easily comply with regulations. The document then provides examples of how an IAM system can help address these issues through features such as automated user provisioning, access certification, and single sign-on. It estimates potential cost savings from reduced IT costs, increased productivity, and avoided risks.

TechnologyEducation
1 of 40
Downloaded 630 times
1
2
Most read
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Most read
20
21
22
23
24
25
Most read
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Building Your Roadmap: Successful Identity and Access Management (IAM)
What are the CXO’s telling us? “ It’s too expensive and manual to make sure we’re addressing all the necessary regulations. And then we have to do it all over again for the next time.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
What are the CXO’s telling us? “ 25% of my help desk calls are related to resetting forgotten passwords!” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
What are the CXO’s telling us? “ There is just no budget to hire more IT administrators, but our user population is growing, particularly as we bring more customers/partners online.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
What are the CXO’s telling us? “ I still have accounts in my systems for users that are long gone!” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
What are the CXO’s telling us? “ As employees and partners change responsibilities they keep acquiring new system privileges with us while none are removed. How do I fix that?” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
What are the CXO’s telling us? “ Internal and external auditors need to see if you have sufficient control over your IT systems and access to private data. Auditors don’t care generally how much it costs.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors ’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
What are the CXO’s telling us? “ Enterprise architects hate to see the IT ‘wheel’ continually reinvented. IAM should be employed and managed as part of enterprise architecture.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
What are the CXO’s telling us? “ I don’t want to see my organization in the news.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
The Essence of Business Doing More with Less is no longer a temporary economic issue – it is here to stay. LESS BUDGET LESS STAFF SHORTER SCHEDULE REDUCE COSTS COSTS TIME MORE USERS MORE ACCESS MORE FLEXIBILITY MORE APPS MORE PARTNERS MUCH FASTER USERS TRANSACTIONS COMPETITIVE EDGE CONDUCT BUSINESS
Definition of Identity & Access Management (IAM) Identity & Access Management is the set of processes and the supporting infrastructure and systems for the creation, management and use of digital identities and enforcement of security-related business policies Who’s there? What can they do? What do they need? How do you manage them? Authentication management Access control User management Delegated administration Workflow Self-service Account, resource provisioning Account, resource de-provisioning It enables you to answer the following: Enterprise IT Management Security Management IAM
Before… Average Process 7-10 Days Issues to Consider: Backlog Errors Requests Delays Impact on Productivity NEW USER 1. HR Request for Access 2. Manager Request for Access 3. Policy Examination And Approval IT 4. Policy Examination And Approval Administration 5. Return for Corrections 6. Submit Revised Request 7. Revised Policy Examination And IT Approval 8. Revised Policy Examination And Approval Administration 9. Identified Exception 10. Exception Approval Granted 11. Approval Granted UNSATISFIED NEW USER 12. Applications Set Up 13. IT Set Up 14. Keeping Audit Trail
…And After NEW USER 3. Policy Examination Approval And Execution 2. Manager Request For Access 1. HR Request For Access SATISFIED NEW USER Average Process 30 Minutes Issues to Consider: What would you do with the spare time?
Employment Life Cycle What is the Cost of Quarterly Reorganization? ACCESS & TRANSACTIONS MANAGEMENT Hire Promotion Relocation Team Project Departure
IAM Business Drivers – The Complete Picture Increasing Efficiency Complying With Regulation Increasing Security Enabling Business
Exercise – Identify Your Business Drivers Move your current provisioning toward “Phase 2” Improve Enterprise Services, SOA & IAM integration Manage information risks Integrate enterprise security apps Increase customer and partner satisfaction Manage user life-cycle more effectively Increase IT productivity Secure company data Enable Web services Streamline business processes Reduce cost of IT resources Increase user satisfaction Comply with security regulations Weighted Average (Totaling 100%) Business Driver
Business Benefits of IAM Functionality Reducing calls to help desk Enabling easy access with one account and one password Reducing account management time Improving help desk services Delivering a better client web experience Increasing user satisfaction Reducing account management time Streamlining business processes Delivering better web services Increasing productivity of help desk and IT services Increasing satisfaction of both internal and external users Securing the company’s reputation Attracting prospective customers to do business online Securing important corporate data such as branding info Complying with regulations such HIPAA, Gramm -Leach-Bliley act, 21 CFR part 11, and the Sarbanes-Oxley act Scaling organizational security Enabling a comprehensive picture of the entire organizational data Facilitating an easy implementation of future applications Managing resources more effectively Scaling security Increasing control Eliminating redundancy in data management Single Sign-On Registration & Enrollment Authentication & Authorization Information Consolidation
Business Benefits of IAM Functionality Maintaining security through de-provisioning on termination, user clean-up and robust auditing capabilities Managing access rights through centralized user management and delegated administration Providing automated workflow Addressing ebusiness initiatives promptly and efficiently to gain and maintain market share Leveraging the system across the value chain and strengthening commitment Complying with regulations Increasing control and management of information flow Automating auditing and audit trail analysis as much as possible Increasing user satisfaction Reducing account management time Increasing IT & help desk productivity Decentralizing organizational control Increasing organizational security Eliminating calls to help desk regarding password reset Closing security gaps Reducing account management time Provisioning & Federated Identity Audit Delegated Administration & Self-Services Password Management
Business Impact of IAM Functionality ESA Support Provisioning & Federated Identity User Satisfaction Audit Delegated Administration & Self-Service Password Management Single Sign-On Registration & Enrollment Authentication and Authorization Information Consolidation Regulatory Compliance Risk Management Operational Efficiency Cost Containment Business Facilitation
What is the maximum capacity of your current system? What is the average growth in application development? What is the average impact of a reorganization? How often does a reorganization occur? Key Questions Every Organization Must Consider What is the average turnover? What menial tasks you would like to eliminate? How long does it take to set up a new user in the current system? What is the cost associated with this process?
How many users (customers, partners) will be given access? What is your annual application management cost? What is the cost of new user management? What is the annual cost of existing user management? What is the cost by security feature, per application? Key Questions Every Organization Must Consider CONTINUED What is the financial impact of faster access to applications? What is the reduced IT management cost of federated provisioning across the extranet? What is the financial impact of IAM on supporting Business Processes & Enterprise Architecture?
A common perception is that by avoiding IAM strategies, companies save money. In reality, avoiding IAM results in significant costs arising from inefficiencies and loss of productivity. There is a price for doing nothing: The Price of Doing Nothing Adding more help desk & IT personnel in the future. Wasting more time on integration of future applications. Incurring cost of trying to prove compliance to regulations through manual and un-integrated processes. Taking the risk of a security breach, which can be tremendously expensive to the organization. Incurring potential damage to your reputation. Lagging behind other companies.
“ Many midsized companies won’t consider identity management, because they think it is too difficult to deploy, too expensive to purchase and implement, and too complicated to administer and maintain. The problem is that it’s precisely when companies grow to mid-market ($150 million to $1 billion) that user accounts seem to multiply like rabbits…. Postponing an investment in some form of unified account or identity management often proves to be one of the most common — and costly — mistakes in security today.” The Price of Doing Nothing David Piscitello, Network World, 08/28/06
Each company has its own estimates for these input figures. A certain section of Return on Negligence can affect one company more than another – it is customizable. It is difficult to capture future benefits of an IAM solution. Companies tend not to buy into external calculations. It is an overwhelming calculation that is difficult to prove. Financial Drivers – Challenges It is the only way to get CFO endorsement. Despite the credibility challenges, financial justifications must be developed and managed. A critical failure point can be avoided by managing the promised RON past the initial purchase to ensure capturing all the promised financial rewards. During project design, a financial manager should join the team to monitor progress and results.
Return-On-Negligence (RON) on IAM Avoidance - Overview Annual Potential for Cost Avoidance Related to IAM Solutions Potential IT Cost Avoidance Related to User Provisioning $290,649 Potential Lost Productivity Costs Avoidance Related to User Provisioning $220,027 Total Potential for Cost Avoidance Related to User Provisioning $510,676 Potential Lost Productivity (Due to Multiple Login Sessions) Cost Avoidance Related to SSO $673,828 Potential Lost Productivity (Due to Trial & Error) Cost Avoidance Related to SSO $485,156 Potential Help Desk Passwords Resets Cost Avoidance Related to SSO $354,883 Total Potential for Cost Avoidance Related to SSO $1,513,867 Potential Application Development Cost Avoidance Related to Web Access Control $135,000 Potential Security Audits Cost Avoidance Related to Web Access Control $20,000 Potential Extranets Help Desk Cost Avoidance Related to Web Access Control $195,186 Potential Downtime Cost Avoidance Related to Web Access Control $30,000 Total Potential for Cost Avoidance Related to Web Access Control $380,186 Please note that potential Help Desk Cost Avoidance alone amounts to $550,068 Per Year Total Cost of Negligence per Year $2,404,729 Total Cost of Negligence for 3 Years $7,214,187
RON for Typical Identity Management Tool – Basic Input 1920 Number of Work Hours Per Year $90,850 Average Fully-Burdened Employee Salary (Salary + 15%) $90,850 Annual Fully-Burdened Salary for IT Staff Member (Salary +15%) 15% Rate of Moves, Adds and Changes (MACs) 10% Turnover rate per year (% of users) 10% Rate of growth per year (% of users) 10,000 Number of External Users (partners and customers) 3,000 Number of Internal Users (employees) Company Details
RON for Identity Management – Industry Standard Assumptions 14 Number of Hours From Request Through Resolution for Moves/Changes (MACs) 10 Number of Hours From Request Through Resolution (for New Account) 0.75 Number of Hours to Delete Obsolete User 1 Number of Hours to Handle Moves, Changes (MACs) 3 Number of Hours to Set up a New User   Assumptions
RON for Single Sign-On – Basic Assumptions 1920 Number of Work Hours Per Year $69,000 Average Fully-Burden Employee Salary (Salary + 15%) $90,850 Annual Fully-Burden Salary for IT Staff Member (Salary +15%) 4 Average Number of Accounts per Internal User (Employee) 3,000 Number of Internal Users (employees) Company Details
RON for Single Sign-On – Industry Standard Assumptions 10.0 Average Length of Help Desk Call (Minutes) 2 Average Time to Trial and Error Forgotten Password Per User (minutes) 80% Average % of Incorrect Logins to be Solved by Trial and Error 10% Average % of Total Logins that Are Incorrect Out of Total Logins 0.50 Time Spent to Login to a Single Account (Minutes)   Assumptions
RON for Single Sign-On – Avoidance Impact Results Calculations $485,156 Potential Lost Productivity (Due to Trial & Error) Costs Avoidance Related to SSO 75% % Lost User Productivity Cost Savings Provided by Single Sign-On $646,875 Total Cost of Lost Productivity (Due to Trial & Error of Forgotten Password) 3 Time Spent on Help Desk Calls Per User Per Year (hours) 3 Time Spent on Trial & Error Per User Per Year (hours) 20 Total Number of Incorrect Logins Solved by Help Desk Assistance Per User 80 Total Number of Incorrect Logins Solved by Trial & Error per User 100 Total Number of Incorrect Logins Per User Per Year Lost User Productivity Cost Due to Trial & Error of Forgotten Password $673,828 Potential Lost Productivity Costs Avoidance Related to SSO 75% % Lost User Productivity Cost Savings Provided by Single Sign-On $898,438 Cost of Lost Productivity (Due to Multiple Login Sessions) $36 Hourly Cost of Typical Employee 8 Number of Hours Spent on Login Sessions Per Internal User Per Year 1,000 Login Sessions Per User Per Year Lost User Productivity Cost Due to Multiple Login Sessions
RON for Web Access – Basic Input 1920 Number of Work Hours Per Year $90,850 Annual Fully-Burdened Salary for IT Staff Member (Salary +15%) 10 Number of Security Audits Per Year 15 Number of New Extranet Applications Per Year 10% Turnover Rate Per Year (% of users) 10% Rate of Growth per Year (% of users) 10,000 Number of External Users (partners and customers) Company Details
RON for Web Access – Industry Standard Assumptions 2 Average Number of Downtime Hours Per Year (Due to Security Breach) $30,000 Average Application Downtime Cost Per Hour (Due to Security Breach) 10.0 Average Length of Help Desk Call (Minutes) 30% Average % Help Desk Activity Related to Passwords 11 Average Number of Help Desk Calls Per User per Year $4,000 Average Cost of Security Audit $12,000 Average Access Control Development Cost Per Extranet/intranet Application   Assumptions
RON for Avoidance Impact – Web Access $20,000 Potential Security Audits Costs Avoidance Related to Web Access Control 50% % Security Audits Cost Savings Provided by Web Access Control $40,000 Cost of Security Audits per Year Cost of Security Audits per Year $135,000 Potential Application Development Costs Avoidance Related to Web Access Control 75% % Application Development Cost Savings Provided by Web Access Control $180,000 Cost of Hard-Coding Access Control Cost of Application Development Time Associated with Access Control Results Calculations
RON for Avoidance Impact – Web Access CONTINUED $380,186 Total Potential for Cost Avoidance Related to Web Access Control $30,000 Potential Downtime Costs Avoidance Related to Web Access Control 50% % Downtime Cost Savings Provided by Web Access Control $60,000 Cost of Downtime Cost of Downtime Due to Attacks Caused by Unauthorized Access $195,186 Potential Extranets Help Desk Costs Avoidance Related to Web Access Control 75% % Extranets Help Desk Cost Savings Provided by Web Access Control $260,247 Cost of Help Desk Related to Extranets $47 Cost of IT Labor Per Hour 5,500 Total Time Spent by Help Desk staff on Passwords Related Calls Per Year (Hours) 33,000 Number of Help Desk Calls Related to Passwords Per Year 110,000 Number of Help Desk Calls Per Year Cost of Help-Desk (not using Self-Registration and Self-Service) Results Calculations
RON for Identity Management – Avoidance Impact $290,649 Potential IT Cost Avoidance Related to User Provisioning 90% % IT Cost Savings Provided by User Provisioning $322,943 Annual Cost of User Account Management by IT $47 Cost of IT Labor Per Hour 6825 Total Time Spent Annually on User Account Management (Hours) 1300 Number of Account Terminations Per Year 1950 Number of MACs per Year 1300 Number of New Users Per Year User Account Management Cost 
RON for Identity Management – Avoidance Impact CONTINUED $510,676 Total Potential for Cost Avoidance Related to Admin $220,027 Potential Lost Productivity Cost Avoidance Related to User Provisioning 50% % Lost User Productivity Cost Savings Provided by User Provisioning $440,055 Total Lost Productivity Costs Per Year (Due to Account Management) $298,102 Cost of Lost Productivity For Existing Employees $141,953 Cost of Lost Productivity For New Employees $47 Hourly Cost of Typical Employee 450 Number of MACs per Year for Internal Users (Existing Employees) 300 Number of New Internal Users/Employees Per Year Lost User Productivity (Due to Account Management) Cost
Exercise – Building Your Own Financial Plan Estimates for your organization Where do I get the numbers from? Industry standard figures Rank financial drivers criteria by organizational importance
Tip for Consideration No financial plan or RON analysis will be credible unless it is managed throughout the entire process to ensure capturing the promised results.
Pitfalls to Avoid Don’t set unachievable goals. Don’t try to “boil the ocean”. Don’t reduce cost through reducing business workflow analysis. Don’t look at IAM as an IT type project. Don’t expect to operate IAM without organizational changes and commitments. Don’t expect to operate IAM without reengineering some business process. Don’t exclude any organizational stakeholder or those with conflicting agendas.
One Last Word … Good luck! The longest journey starts with a single step.

More Related Content

PPTX
Developing an IAM Roadmap that Fits Your Business
ForgeRock
 
PPTX
The Path to IAM Maturity
Jerod Brennen
 
PPT
Building an Effective Identity Management Strategy
NetIQ
 
PPTX
Identity and Access Management Introduction
Aidy Tificate
 
PPTX
Identity and Access Management (IAM)
Identacor
 
PDF
Identity & Access Management for Securing DevOps
Eryk Budi Pratama
 
PDF
Organizational Change Management
Zivaro Inc
 
PDF
Change management-leadership-guide
Zulhamidi Zulhamidi
 
Developing an IAM Roadmap that Fits Your Business
ForgeRock
 
The Path to IAM Maturity
Jerod Brennen
 
Building an Effective Identity Management Strategy
NetIQ
 
Identity and Access Management Introduction
Aidy Tificate
 
Identity and Access Management (IAM)
Identacor
 
Identity & Access Management for Securing DevOps
Eryk Budi Pratama
 
Organizational Change Management
Zivaro Inc
 
Change management-leadership-guide
Zulhamidi Zulhamidi
 

What's hot (20)

PPTX
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
PDF
Identity and Access Management 101
Jerod Brennen
 
PPTX
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IBM Sverige
 
PDF
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
PPT
The Gartner IAM Program Maturity Model
Sarah Moore
 
PPTX
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
PPTX
Identity & access management
Vandana Verma
 
PPTX
Identity and access management
Piyush Jain
 
PDF
Identity Governance: Not Just For Compliance
IBM Security
 
PPTX
Identity and Access Management Playbook CISO Platform 2016
Aujas
 
PPTX
Intel IT's Identity and Access Management Journey
Intel IT Center
 
PPTX
Privileged Access Management (PAM)
danb02
 
PPTX
Identity Access Management 101
OneLogin
 
PPTX
Oracle Identity Governance - Customer Presentation
Delivery Centric
 
PPTX
OneIdentity - A Future-Ready Approach to IAM
Adrian Dumitrescu
 
PPTX
Azure Identity and access management
Dinusha Kumarasiri
 
PDF
IDENTITY ACCESS MANAGEMENT
Prof. Jacques Folon (Ph.D)
 
PPTX
Privileged Access Management - 2016
Lance Peterman
 
PDF
Microsoft 365 eEnterprise E5 Overview
David J Rosenthal
 
PPTX
Enterprise Security Architecture Design
Priyanka Aash
 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
Identity and Access Management 101
Jerod Brennen
 
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IBM Sverige
 
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
The Gartner IAM Program Maturity Model
Sarah Moore
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Identity & access management
Vandana Verma
 
Identity and access management
Piyush Jain
 
Identity Governance: Not Just For Compliance
IBM Security
 
Identity and Access Management Playbook CISO Platform 2016
Aujas
 
Intel IT's Identity and Access Management Journey
Intel IT Center
 
Privileged Access Management (PAM)
danb02
 
Identity Access Management 101
OneLogin
 
Oracle Identity Governance - Customer Presentation
Delivery Centric
 
OneIdentity - A Future-Ready Approach to IAM
Adrian Dumitrescu
 
Azure Identity and access management
Dinusha Kumarasiri
 
IDENTITY ACCESS MANAGEMENT
Prof. Jacques Folon (Ph.D)
 
Privileged Access Management - 2016
Lance Peterman
 
Microsoft 365 eEnterprise E5 Overview
David J Rosenthal
 
Enterprise Security Architecture Design
Priyanka Aash
 
Ad

Similar to Building Your Roadmap Sucessful Identity And Access Management (20)

PPTX
How to Stay on Top of Users' Identities and their Access Rights
Ivanti
 
PDF
Capgemini ses - security po v (gr)
Gord Reynolds
 
PPT
Identity Management: Risk Across The Enterprise
Perficient, Inc.
 
PPT
IBM - Understanding the value of ECM
rashmin_cby
 
PPT
Best Practices for the Service Cloud
Ross Bauer
 
PPT
Soa4 Smb Ci
✪Computants✪IBM_BP
 
PDF
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
Jean-François LOMBARDO
 
PDF
Business-Driven Identity and Access Governance: Why This New Approach Matters
EMC
 
PDF
Intro To Secure Identity Management
Product Marketing Services
 
PPT
How much does it cost to be Secure?
mbmobile
 
PPTX
IDM in telecom industry
Ajit Dadresa
 
PDF
Compliance & Identity access management
Prof. Jacques Folon (Ph.D)
 
PPTX
2010 06 gartner avoiding audit fatigue in nine steps 1d
Gene Kim
 
PPTX
RM5 IdM, Centralized Entitlement Management
Christian Sundell
 
PPTX
Transforming IT - ITaaS Onboarding
Jerry Jermann
 
PPT
I T E008 Bezar 091907
Dreamforce07
 
PDF
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
Gigya
 
PPT
New Trends in Healthcare IT
Raghuraman Balasubramanian
 
PPTX
Risk Aware IAM for an Insecure World
Forte Advisory, Inc.
 
PPT
BMC BSM - Automate Service Management System
Vyom Labs
 
How to Stay on Top of Users' Identities and their Access Rights
Ivanti
 
Capgemini ses - security po v (gr)
Gord Reynolds
 
Identity Management: Risk Across The Enterprise
Perficient, Inc.
 
IBM - Understanding the value of ECM
rashmin_cby
 
Best Practices for the Service Cloud
Ross Bauer
 
Soa4 Smb Ci
✪Computants✪IBM_BP
 
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
Jean-François LOMBARDO
 
Business-Driven Identity and Access Governance: Why This New Approach Matters
EMC
 
Intro To Secure Identity Management
Product Marketing Services
 
How much does it cost to be Secure?
mbmobile
 
IDM in telecom industry
Ajit Dadresa
 
Compliance & Identity access management
Prof. Jacques Folon (Ph.D)
 
2010 06 gartner avoiding audit fatigue in nine steps 1d
Gene Kim
 
RM5 IdM, Centralized Entitlement Management
Christian Sundell
 
Transforming IT - ITaaS Onboarding
Jerry Jermann
 
I T E008 Bezar 091907
Dreamforce07
 
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
Gigya
 
New Trends in Healthcare IT
Raghuraman Balasubramanian
 
Risk Aware IAM for an Insecure World
Forte Advisory, Inc.
 
BMC BSM - Automate Service Management System
Vyom Labs
 
Ad

More from Government Technology Exhibition and Conference (20)

PPT
Canada School of Public Service
Government Technology Exhibition and Conference
 
PPT
Working In Canada Tool
Government Technology Exhibition and Conference
 
PPT
The Impact Of e- Discovery On The CIO
Government Technology Exhibition and Conference
 
PPT
Public Sector Modernizaton And Security
Government Technology Exhibition and Conference
 
PPT
Rendering Enterprise Content Management Strategies Operational
Government Technology Exhibition and Conference
 
PPT
Alberta's Approach To An Itm Control Framework
Government Technology Exhibition and Conference
 
PPT
Developing A Privacy Culture In Health Care Oganizations
Government Technology Exhibition and Conference
 
PPT
Itss Continuing The Journey
Government Technology Exhibition and Conference
 
PPT
Architecture d’entreprise axée sur la collaboration pour le gouvernement du C...
Government Technology Exhibition and Conference
 
PPT
Beyond Functional Contribution Work And Productivity In The Emerging Web 2.0 ...
Government Technology Exhibition and Conference
 
PPT
Wireless Technology Changes The Way Government Works
Government Technology Exhibition and Conference
 
PPT
Collaboration Enterprise Architecture
Government Technology Exhibition and Conference
 
PDF
Shared Services In Government A Model For The Web
Government Technology Exhibition and Conference
 
PPT
Wirelss Technology Changes The Way Government Works
Government Technology Exhibition and Conference
 
PPT
NORrad PACS Program Northern Radiology – Picture Archive Communication System
Government Technology Exhibition and Conference
 
PPT
PRESTO Complex Program Management
Government Technology Exhibition and Conference
 
PPT
A Network of Networks
Government Technology Exhibition and Conference
 
PDF
New Technologies (‘Web 2.0’) and GC Communications
Government Technology Exhibition and Conference
 
PPT
Bill Eggers - Innovation In Government
Government Technology Exhibition and Conference
 
PPT
Ken Cochrane - Reading the Signals and Preparing for the Future
Government Technology Exhibition and Conference
 
Canada School of Public Service
Government Technology Exhibition and Conference
 
Working In Canada Tool
Government Technology Exhibition and Conference
 
The Impact Of e- Discovery On The CIO
Government Technology Exhibition and Conference
 
Public Sector Modernizaton And Security
Government Technology Exhibition and Conference
 
Rendering Enterprise Content Management Strategies Operational
Government Technology Exhibition and Conference
 
Alberta's Approach To An Itm Control Framework
Government Technology Exhibition and Conference
 
Developing A Privacy Culture In Health Care Oganizations
Government Technology Exhibition and Conference
 
Itss Continuing The Journey
Government Technology Exhibition and Conference
 
Architecture d’entreprise axée sur la collaboration pour le gouvernement du C...
Government Technology Exhibition and Conference
 
Beyond Functional Contribution Work And Productivity In The Emerging Web 2.0 ...
Government Technology Exhibition and Conference
 
Wireless Technology Changes The Way Government Works
Government Technology Exhibition and Conference
 
Collaboration Enterprise Architecture
Government Technology Exhibition and Conference
 
Shared Services In Government A Model For The Web
Government Technology Exhibition and Conference
 
Wirelss Technology Changes The Way Government Works
Government Technology Exhibition and Conference
 
NORrad PACS Program Northern Radiology – Picture Archive Communication System
Government Technology Exhibition and Conference
 
PRESTO Complex Program Management
Government Technology Exhibition and Conference
 
A Network of Networks
Government Technology Exhibition and Conference
 
New Technologies (‘Web 2.0’) and GC Communications
Government Technology Exhibition and Conference
 
Bill Eggers - Innovation In Government
Government Technology Exhibition and Conference
 
Ken Cochrane - Reading the Signals and Preparing for the Future
Government Technology Exhibition and Conference
 

Recently uploaded (20)

PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Cloud computing and distributed systems.
kkkkkhan
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 

Building Your Roadmap Sucessful Identity And Access Management

  • 1. Building Your Roadmap: Successful Identity and Access Management (IAM)
  • 2. What are the CXO’s telling us? “ It’s too expensive and manual to make sure we’re addressing all the necessary regulations. And then we have to do it all over again for the next time.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
  • 3. What are the CXO’s telling us? “ 25% of my help desk calls are related to resetting forgotten passwords!” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
  • 4. What are the CXO’s telling us? “ There is just no budget to hire more IT administrators, but our user population is growing, particularly as we bring more customers/partners online.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
  • 5. What are the CXO’s telling us? “ I still have accounts in my systems for users that are long gone!” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
  • 6. What are the CXO’s telling us? “ As employees and partners change responsibilities they keep acquiring new system privileges with us while none are removed. How do I fix that?” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
  • 7. What are the CXO’s telling us? “ Internal and external auditors need to see if you have sufficient control over your IT systems and access to private data. Auditors don’t care generally how much it costs.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors ’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
  • 8. What are the CXO’s telling us? “ Enterprise architects hate to see the IT ‘wheel’ continually reinvented. IAM should be employed and managed as part of enterprise architecture.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
  • 9. What are the CXO’s telling us? “ I don’t want to see my organization in the news.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
  • 10. The Essence of Business Doing More with Less is no longer a temporary economic issue – it is here to stay. LESS BUDGET LESS STAFF SHORTER SCHEDULE REDUCE COSTS COSTS TIME MORE USERS MORE ACCESS MORE FLEXIBILITY MORE APPS MORE PARTNERS MUCH FASTER USERS TRANSACTIONS COMPETITIVE EDGE CONDUCT BUSINESS
  • 11. Definition of Identity & Access Management (IAM) Identity & Access Management is the set of processes and the supporting infrastructure and systems for the creation, management and use of digital identities and enforcement of security-related business policies Who’s there? What can they do? What do they need? How do you manage them? Authentication management Access control User management Delegated administration Workflow Self-service Account, resource provisioning Account, resource de-provisioning It enables you to answer the following: Enterprise IT Management Security Management IAM
  • 12. Before… Average Process 7-10 Days Issues to Consider: Backlog Errors Requests Delays Impact on Productivity NEW USER 1. HR Request for Access 2. Manager Request for Access 3. Policy Examination And Approval IT 4. Policy Examination And Approval Administration 5. Return for Corrections 6. Submit Revised Request 7. Revised Policy Examination And IT Approval 8. Revised Policy Examination And Approval Administration 9. Identified Exception 10. Exception Approval Granted 11. Approval Granted UNSATISFIED NEW USER 12. Applications Set Up 13. IT Set Up 14. Keeping Audit Trail
  • 13. …And After NEW USER 3. Policy Examination Approval And Execution 2. Manager Request For Access 1. HR Request For Access SATISFIED NEW USER Average Process 30 Minutes Issues to Consider: What would you do with the spare time?
  • 14. Employment Life Cycle What is the Cost of Quarterly Reorganization? ACCESS & TRANSACTIONS MANAGEMENT Hire Promotion Relocation Team Project Departure
  • 15. IAM Business Drivers – The Complete Picture Increasing Efficiency Complying With Regulation Increasing Security Enabling Business
  • 16. Exercise – Identify Your Business Drivers Move your current provisioning toward “Phase 2” Improve Enterprise Services, SOA & IAM integration Manage information risks Integrate enterprise security apps Increase customer and partner satisfaction Manage user life-cycle more effectively Increase IT productivity Secure company data Enable Web services Streamline business processes Reduce cost of IT resources Increase user satisfaction Comply with security regulations Weighted Average (Totaling 100%) Business Driver
  • 17. Business Benefits of IAM Functionality Reducing calls to help desk Enabling easy access with one account and one password Reducing account management time Improving help desk services Delivering a better client web experience Increasing user satisfaction Reducing account management time Streamlining business processes Delivering better web services Increasing productivity of help desk and IT services Increasing satisfaction of both internal and external users Securing the company’s reputation Attracting prospective customers to do business online Securing important corporate data such as branding info Complying with regulations such HIPAA, Gramm -Leach-Bliley act, 21 CFR part 11, and the Sarbanes-Oxley act Scaling organizational security Enabling a comprehensive picture of the entire organizational data Facilitating an easy implementation of future applications Managing resources more effectively Scaling security Increasing control Eliminating redundancy in data management Single Sign-On Registration & Enrollment Authentication & Authorization Information Consolidation
  • 18. Business Benefits of IAM Functionality Maintaining security through de-provisioning on termination, user clean-up and robust auditing capabilities Managing access rights through centralized user management and delegated administration Providing automated workflow Addressing ebusiness initiatives promptly and efficiently to gain and maintain market share Leveraging the system across the value chain and strengthening commitment Complying with regulations Increasing control and management of information flow Automating auditing and audit trail analysis as much as possible Increasing user satisfaction Reducing account management time Increasing IT & help desk productivity Decentralizing organizational control Increasing organizational security Eliminating calls to help desk regarding password reset Closing security gaps Reducing account management time Provisioning & Federated Identity Audit Delegated Administration & Self-Services Password Management
  • 19. Business Impact of IAM Functionality ESA Support Provisioning & Federated Identity User Satisfaction Audit Delegated Administration & Self-Service Password Management Single Sign-On Registration & Enrollment Authentication and Authorization Information Consolidation Regulatory Compliance Risk Management Operational Efficiency Cost Containment Business Facilitation
  • 20. What is the maximum capacity of your current system? What is the average growth in application development? What is the average impact of a reorganization? How often does a reorganization occur? Key Questions Every Organization Must Consider What is the average turnover? What menial tasks you would like to eliminate? How long does it take to set up a new user in the current system? What is the cost associated with this process?
  • 21. How many users (customers, partners) will be given access? What is your annual application management cost? What is the cost of new user management? What is the annual cost of existing user management? What is the cost by security feature, per application? Key Questions Every Organization Must Consider CONTINUED What is the financial impact of faster access to applications? What is the reduced IT management cost of federated provisioning across the extranet? What is the financial impact of IAM on supporting Business Processes & Enterprise Architecture?
  • 22. A common perception is that by avoiding IAM strategies, companies save money. In reality, avoiding IAM results in significant costs arising from inefficiencies and loss of productivity. There is a price for doing nothing: The Price of Doing Nothing Adding more help desk & IT personnel in the future. Wasting more time on integration of future applications. Incurring cost of trying to prove compliance to regulations through manual and un-integrated processes. Taking the risk of a security breach, which can be tremendously expensive to the organization. Incurring potential damage to your reputation. Lagging behind other companies.
  • 23. “ Many midsized companies won’t consider identity management, because they think it is too difficult to deploy, too expensive to purchase and implement, and too complicated to administer and maintain. The problem is that it’s precisely when companies grow to mid-market ($150 million to $1 billion) that user accounts seem to multiply like rabbits…. Postponing an investment in some form of unified account or identity management often proves to be one of the most common — and costly — mistakes in security today.” The Price of Doing Nothing David Piscitello, Network World, 08/28/06
  • 24. Each company has its own estimates for these input figures. A certain section of Return on Negligence can affect one company more than another – it is customizable. It is difficult to capture future benefits of an IAM solution. Companies tend not to buy into external calculations. It is an overwhelming calculation that is difficult to prove. Financial Drivers – Challenges It is the only way to get CFO endorsement. Despite the credibility challenges, financial justifications must be developed and managed. A critical failure point can be avoided by managing the promised RON past the initial purchase to ensure capturing all the promised financial rewards. During project design, a financial manager should join the team to monitor progress and results.
  • 25. Return-On-Negligence (RON) on IAM Avoidance - Overview Annual Potential for Cost Avoidance Related to IAM Solutions Potential IT Cost Avoidance Related to User Provisioning $290,649 Potential Lost Productivity Costs Avoidance Related to User Provisioning $220,027 Total Potential for Cost Avoidance Related to User Provisioning $510,676 Potential Lost Productivity (Due to Multiple Login Sessions) Cost Avoidance Related to SSO $673,828 Potential Lost Productivity (Due to Trial & Error) Cost Avoidance Related to SSO $485,156 Potential Help Desk Passwords Resets Cost Avoidance Related to SSO $354,883 Total Potential for Cost Avoidance Related to SSO $1,513,867 Potential Application Development Cost Avoidance Related to Web Access Control $135,000 Potential Security Audits Cost Avoidance Related to Web Access Control $20,000 Potential Extranets Help Desk Cost Avoidance Related to Web Access Control $195,186 Potential Downtime Cost Avoidance Related to Web Access Control $30,000 Total Potential for Cost Avoidance Related to Web Access Control $380,186 Please note that potential Help Desk Cost Avoidance alone amounts to $550,068 Per Year Total Cost of Negligence per Year $2,404,729 Total Cost of Negligence for 3 Years $7,214,187
  • 26. RON for Typical Identity Management Tool – Basic Input 1920 Number of Work Hours Per Year $90,850 Average Fully-Burdened Employee Salary (Salary + 15%) $90,850 Annual Fully-Burdened Salary for IT Staff Member (Salary +15%) 15% Rate of Moves, Adds and Changes (MACs) 10% Turnover rate per year (% of users) 10% Rate of growth per year (% of users) 10,000 Number of External Users (partners and customers) 3,000 Number of Internal Users (employees) Company Details
  • 27. RON for Identity Management – Industry Standard Assumptions 14 Number of Hours From Request Through Resolution for Moves/Changes (MACs) 10 Number of Hours From Request Through Resolution (for New Account) 0.75 Number of Hours to Delete Obsolete User 1 Number of Hours to Handle Moves, Changes (MACs) 3 Number of Hours to Set up a New User   Assumptions
  • 28. RON for Single Sign-On – Basic Assumptions 1920 Number of Work Hours Per Year $69,000 Average Fully-Burden Employee Salary (Salary + 15%) $90,850 Annual Fully-Burden Salary for IT Staff Member (Salary +15%) 4 Average Number of Accounts per Internal User (Employee) 3,000 Number of Internal Users (employees) Company Details
  • 29. RON for Single Sign-On – Industry Standard Assumptions 10.0 Average Length of Help Desk Call (Minutes) 2 Average Time to Trial and Error Forgotten Password Per User (minutes) 80% Average % of Incorrect Logins to be Solved by Trial and Error 10% Average % of Total Logins that Are Incorrect Out of Total Logins 0.50 Time Spent to Login to a Single Account (Minutes)   Assumptions
  • 30. RON for Single Sign-On – Avoidance Impact Results Calculations $485,156 Potential Lost Productivity (Due to Trial & Error) Costs Avoidance Related to SSO 75% % Lost User Productivity Cost Savings Provided by Single Sign-On $646,875 Total Cost of Lost Productivity (Due to Trial & Error of Forgotten Password) 3 Time Spent on Help Desk Calls Per User Per Year (hours) 3 Time Spent on Trial & Error Per User Per Year (hours) 20 Total Number of Incorrect Logins Solved by Help Desk Assistance Per User 80 Total Number of Incorrect Logins Solved by Trial & Error per User 100 Total Number of Incorrect Logins Per User Per Year Lost User Productivity Cost Due to Trial & Error of Forgotten Password $673,828 Potential Lost Productivity Costs Avoidance Related to SSO 75% % Lost User Productivity Cost Savings Provided by Single Sign-On $898,438 Cost of Lost Productivity (Due to Multiple Login Sessions) $36 Hourly Cost of Typical Employee 8 Number of Hours Spent on Login Sessions Per Internal User Per Year 1,000 Login Sessions Per User Per Year Lost User Productivity Cost Due to Multiple Login Sessions
  • 31. RON for Web Access – Basic Input 1920 Number of Work Hours Per Year $90,850 Annual Fully-Burdened Salary for IT Staff Member (Salary +15%) 10 Number of Security Audits Per Year 15 Number of New Extranet Applications Per Year 10% Turnover Rate Per Year (% of users) 10% Rate of Growth per Year (% of users) 10,000 Number of External Users (partners and customers) Company Details
  • 32. RON for Web Access – Industry Standard Assumptions 2 Average Number of Downtime Hours Per Year (Due to Security Breach) $30,000 Average Application Downtime Cost Per Hour (Due to Security Breach) 10.0 Average Length of Help Desk Call (Minutes) 30% Average % Help Desk Activity Related to Passwords 11 Average Number of Help Desk Calls Per User per Year $4,000 Average Cost of Security Audit $12,000 Average Access Control Development Cost Per Extranet/intranet Application   Assumptions
  • 33. RON for Avoidance Impact – Web Access $20,000 Potential Security Audits Costs Avoidance Related to Web Access Control 50% % Security Audits Cost Savings Provided by Web Access Control $40,000 Cost of Security Audits per Year Cost of Security Audits per Year $135,000 Potential Application Development Costs Avoidance Related to Web Access Control 75% % Application Development Cost Savings Provided by Web Access Control $180,000 Cost of Hard-Coding Access Control Cost of Application Development Time Associated with Access Control Results Calculations
  • 34. RON for Avoidance Impact – Web Access CONTINUED $380,186 Total Potential for Cost Avoidance Related to Web Access Control $30,000 Potential Downtime Costs Avoidance Related to Web Access Control 50% % Downtime Cost Savings Provided by Web Access Control $60,000 Cost of Downtime Cost of Downtime Due to Attacks Caused by Unauthorized Access $195,186 Potential Extranets Help Desk Costs Avoidance Related to Web Access Control 75% % Extranets Help Desk Cost Savings Provided by Web Access Control $260,247 Cost of Help Desk Related to Extranets $47 Cost of IT Labor Per Hour 5,500 Total Time Spent by Help Desk staff on Passwords Related Calls Per Year (Hours) 33,000 Number of Help Desk Calls Related to Passwords Per Year 110,000 Number of Help Desk Calls Per Year Cost of Help-Desk (not using Self-Registration and Self-Service) Results Calculations
  • 35. RON for Identity Management – Avoidance Impact $290,649 Potential IT Cost Avoidance Related to User Provisioning 90% % IT Cost Savings Provided by User Provisioning $322,943 Annual Cost of User Account Management by IT $47 Cost of IT Labor Per Hour 6825 Total Time Spent Annually on User Account Management (Hours) 1300 Number of Account Terminations Per Year 1950 Number of MACs per Year 1300 Number of New Users Per Year User Account Management Cost 
  • 36. RON for Identity Management – Avoidance Impact CONTINUED $510,676 Total Potential for Cost Avoidance Related to Admin $220,027 Potential Lost Productivity Cost Avoidance Related to User Provisioning 50% % Lost User Productivity Cost Savings Provided by User Provisioning $440,055 Total Lost Productivity Costs Per Year (Due to Account Management) $298,102 Cost of Lost Productivity For Existing Employees $141,953 Cost of Lost Productivity For New Employees $47 Hourly Cost of Typical Employee 450 Number of MACs per Year for Internal Users (Existing Employees) 300 Number of New Internal Users/Employees Per Year Lost User Productivity (Due to Account Management) Cost
  • 37. Exercise – Building Your Own Financial Plan Estimates for your organization Where do I get the numbers from? Industry standard figures Rank financial drivers criteria by organizational importance
  • 38. Tip for Consideration No financial plan or RON analysis will be credible unless it is managed throughout the entire process to ensure capturing the promised results.
  • 39. Pitfalls to Avoid Don’t set unachievable goals. Don’t try to “boil the ocean”. Don’t reduce cost through reducing business workflow analysis. Don’t look at IAM as an IT type project. Don’t expect to operate IAM without organizational changes and commitments. Don’t expect to operate IAM without reengineering some business process. Don’t exclude any organizational stakeholder or those with conflicting agendas.
  • 40. One Last Word … Good luck! The longest journey starts with a single step.