GDPR Part 3: Practical Quest

Editor's Notes

• #4: At the same time, actually achieving all three pillars of the business value being demanded from your enterprise computing infrastructure has become significantly more challenging
• #5: At the same time, actually achieving all three pillars of the business value being demanded from your enterprise computing infrastructure has become significantly more challenging
• #7: TRANSFORM – INTEGRATE - DEVELOP Toad is Quest. The best known family of tools dedicated to database development & administration, but also to BI, with roots going back to the 90’s! Quest enables self-service business intelligence, which means easily and secure access to structured and unstructured data from nearly any source, within a collaborative analysis environment that streamlines data sharing between IT and business, thru intuitive interfaces and leading visualization capabilities that enable business and technical users to easily discover new insight. Going back to Development, Toad is the world’s #1 name for DBAs everywhere. Dell guarantees application success through improved code quality, performance and maintainability and gives you access to a community of 3 mil. users
• #8: Protect data across physical, virtual, and cloud• Backup, replicate, and archive across all platforms• Recover from anywhere to anywhere across all platforms• Easily connect to Microsoft Azure for cost effective disaster recoveryRecover full systems, applications, and data in under 15 minutes• Using Live Recovery, bring applications back online as if the outage never happened, with zero impact on end users.Avoid data loss with near continuous protection• Using Rapid Snap, protect servers (physical or virtual), applications, and data near continuously as often as every 5 minutes.Simplify deployment and minimize risk with an appliance• Get a complete backup solution in a box including all the hardware, software, and support.• Preconfigured and optimized at the factory to accelerate on-site deployment time.• Simple wizard driven GUIs make installation and maintenance easySave costs and avoid nasty surprises• All inclusive licensing means you get everything you need for one fixed cost. No additional license costs to unlock new features. 
• #12: Change Auditor Threat Detection identifies suspicious activity indicative of rogue users or compromised accounts — without drowning you in a sea of alerts 
• #13: #1 Abnormal AD activity Change Auditor can spot and score multiple indicators of abnormal AD activity, including: A spike in the volume of changes to AD that a user performs compared to their individual norm, which can indicate that the account has been compromised and is being used to corrupt or destroy critical directory data Privileged users performing administrative actions that are not part of their standard routine, such as first-level helpdesk who has suddenly begun creating new user accounts Users making membership changes to sensitive AD groups A significant spike in AD account changes An abnormal number of failed AD changes, which can indicate an attacker attempting to exploit compromised credentials #2 Brute-force attack By correlating failed logons with other user actions, CA can alert you to true brute-force attacks without drowning you in false positives #3 Snooping user CA alerts you to users attempting to access data they shouldn’t access #4 Data exfiltration or destruction An excessive number of file access or file move events, which can indicate that sensitive files are being copied from a server An excessive number of file delete events, which can indicate the malicious destruction of data #5 Privilege elevation: To spot improper privilege elevation, CA considers each event within the broader context of the user’s related actions A user being added to a critical built-in privileged group, either directly or via nested group membership A user being assigned elevated permissions directly #6 Scripted use of an account An abnormal number of accesses or change attempts can be a sign that a user’s credentials have been taken over by a program or script
• #15: Change Auditor Threat Detection identifies suspicious activity indicative of rogue users or compromised accounts — without drowning you in a sea of alerts 
• #16: Change Auditor Threat Detection identifies suspicious activity indicative of rogue users or compromised accounts — without drowning you in a sea of alerts 
• #17: Change Auditor Threat Detection identifies suspicious activity indicative of rogue users or compromised accounts — without drowning you in a sea of alerts 
• #18: #1 Invest in Simplicity One of the foundational concepts of the One Identity family of solutions is a modular and integrated approach that ensures that each IAM solution can strongly stand on its own, and the cumulative effect is greater than the sum of its parts. Even the name of One Identity’s IAM suite “One Identity” connotes the concept of simplicity. IAM through One Identity helps you to get to one identity, one set of policies, one set of access controls, and one set of rights to audit. Removing the need to define identities and controls each and every time a system is introduced, a new access scenario is necessary, or a new user population emerges is the ultimate manifestation of future-ready IAM. #2 Embrace Open Standards Open standards allow for new functionality to flow into any organization, resulting in improved collaboration and interoperability – plus a competitive edge. One Identity’s single sign-on solutions work across everything from the most modern federated application to legacy applications that cannot support the latest thing. Or, a multifactor authentication solution can be implemented across virtually any system or user population. With One Identity, there is no proprietary secret sauce that is designed to “hook” a customer into our technology trap with no easy way out. Standards are the essence of future-ready IAM. #3 Think Software First One Identity embraces the concept of configuration as opposed to customization, open standards rather than closed systems, and interoperability for universal utility instead of solving the problemof-the-day at the expense of tomorrow’s challenge. For example, tackling the provisioning challenge with One Identity, automatically puts you in a position to address governance needs, without additional investment or another project. Overcoming the management and security challenges of Active Directory with One Identity IAM solutions easily expands to non-Windows systems with the simple addition of an AD bridge; addressing federation needs for the latest SaaS application automatically can tackle the single sign-on needs for legacy applications, the need for secure remote access, and the emerging requirement to deliver context-aware security – all from the same solution with no additional investment and no customization. #4 Build End-to-End Security End-to-end security allows businesses to remain protected and compliant while building confidence to adopt new technologies – like cloud, mobile, and big data. A future-ready approach considers the entire range of security needs and unifies as many previously disparate systems and practices as possible. For example, typically a firewall is deployed to protect the perimeter and IAM solutions are implemented to control user access. Rarely, do they communicate. In fact, they are rarely even mentioned in the same security breath or purchased in the same security project. Similarly, a typical IAM deployment addresses provisioning first (often with a rigid, entirely customized, and not future-ready IAM framework) and then adds governance after, with an entirely different solution from an entirely different vendor, along with all the integration headaches and retro fitting that prevent future-readiness. The same can be said for privileged account management. Implementing one type of solution (lets’ say a Unix root delegation solution) from one vendor and another (perhaps a privilege safe) from another, does not bode well for the future. #5 Modernize and Automate A heavy reliance on IT—with its accompanying glut of manual processes, tribal knowledge, and doing the best you can with what you have—can derail even the most well-meaning IAM project. One Identity solutions are all designed to remove the cumbersome manual processes (or the cumbersome collections of non-integrated tools) from the equation, freeing IT and the rest of the organization to focus on what matters most. But it doesn’t stop there, One Identity’s IAM portfolio also focuses on putting the visibility and power of IAM in the hands of the right people – not just the people that know how to use the tools.
• #19: The static approach views security as a ring of keys, in which each new situation requires installing a new lock and issuing new keys. Eventually, though, the result is a jangling ring of keys that impedes access to every door. In that model, security is based on siloed yes/no decisions that ignore the many static security decisions being made elsewhere in the organization. The disadvantage of the ring-of-keys security approach is its limited view of each request for access. When the organization allows or denies access based on a series of unrelated yes/no decisions, the likely result is incorrectly denying access to too many users with legitimate needs. But if the organization can base security decisions on the who, what, where, when and why behind the user’s request, it can make access control more accurate and increase the ease of legitimate access. Contrary to the ring-of-keys approach, context-aware security is like a wellinformed, completely ethical guard accompanying each user and unlocking the door only when appropriate. As an additional measure of security, the guard may ask the user for a second form of ID if he does not recognize the user or if knows that the user rarely enters by that door. One context-aware model implements a security analytics engine (SAE) that returns a risk score based on multiple factors: Browser used – Includes historical analysis of any browser use that falls outside of normal behavior for the user Location pattern – Detects any requests for access originating from an abnormal location Specific location – Prevents access initiated from specific locations or geographies known to foster malicious activity Time – Detects any requests for access that occur outside of customary times and days for the user Blacklist – Prohibits requests for access based on a list of forbidden networks or network addresses Whitelist – Authorizes requests for access based on a list of approved networks or network addresses
• #20: IAM is concerned with four fundamental concepts: 1. Authentication – ensuring that the person logging on to a system is who they say they are 2. Authorization – the parameters placed around what a user is allowed to do (access) once they are authenticated 3. Administration – in order to enable someone to authenticate and to be correctly authorized, there a re managerial tasks that must be undertaken to set up the user account 4. Audit (Compliance) – those activities that help „prove” that authentication, authorization and administration are done at a level of security sufficient to satisfy established standards All of the „A”assume there is an identity established for each user. This identity or account resides somewhere (typically in a directory) so it can be authenticated, authorized, managed and audited. And typically the directory is tied specifically and exclusively to the application or system that controls user access. If all this is done correctly, the four „A” are easily satisfied. All systems include these requirements for authentication, authorization, administration and audit.
• #21: IAM is concerned with four fundamental concepts: 1. Authentication – ensuring that the person logging on to a system is who they say they are 2. Authorization – the parameters placed around what a user is allowed to do (access) once they are authenticated 3. Administration – in order to enable someone to authenticate and to be correctly authorized, there a re managerial tasks that must be undertaken to set up the user account 4. Audit (Compliance) – those activities that help „prove” that authentication, authorization and administration are done at a level of security sufficient to satisfy established standards All of the „A”assume there is an identity established for each user. This identity or account resides somewhere (typically in a directory) so it can be authenticated, authorized, managed and audited. And typically the directory is tied specifically and exclusively to the application or system that controls user access. If all this is done correctly, the four „A” are easily satisfied. All systems include these requirements for authentication, authorization, administration and audit.
• #22: Access Governance Imbunatatirea vizibilitatii asupra cui are acces la informatiile critice de business, automatizarea provizionarii si impunerea controalelor de acces. Privileged Account Management Gestionarea centralizata a conturilor privilegiate si furnizarea unui control granular al accesului administrativ. Identity Administration Simplificarea mediului de lucru si experientei utilizator prin administrare centralizata si automata a conturilor. User Activity Monitoring Auditarea conformitatii in utilizarea drepturilor de acces care le-au fost acordate angajatilor.
• #23: One Identity solutions eliminate the complexities and time-consuming processes often required to govern identities, manage privileged accounts and control access. Our solutions enhance business agility while addressing your IAM challenges with on-premises, cloud and hybrid environments. See how you can: Define a clear path to governance, access control and privileged management Empower line-of-business managers to make access decisions Leverage modular, integrated components to start building from anywhere Deploy IAM solutions and achieve ROI in weeks – not months or years Say yes to IAM projects that accelerate business operations
• #24: Access Governance Imbunatatirea vizibilitatii asupra cui are acces la informatiile critice de business, automatizarea provizionarii si impunerea controalelor de acces. Privileged Account Management Gestionarea centralizata a conturilor privilegiate si furnizarea unui control granular al accesului administrativ. Identity Administration Simplificarea mediului de lucru si experientei utilizator prin administrare centralizata si automata a conturilor. User Activity Monitoring Auditarea conformitatii in utilizarea drepturilor de acces care le-au fost acordate angajatilor.
• #25: Dell One Identity Solutions are focused on addressing the most common challenges that companies face regarding IdAM We improve visibility into who has access to what and automate the provisioning with fine grained access controls. This process can often be manual for the execution of access request so the on going auditing of access. We improve the users experience and reduce cost of management <click> Access Governance - How to provide the appropriate access effectively and efficiently? <click> Privileged Account Management - How do I make sure that administrators have least privileged access and monitor <click> Identity Administration – Simplify my environment, reduce manual administrative tasks and improve the user experience <click> User Activity Monitoring - How to ensure that that access is within policy? Dell One addresses your enterprise needs for improved users experience for both the business user and the administrator while providing appropriate security access controls across the systems and applications. <click to go to next slide>
• #26: Access Governance Imbunatatirea vizibilitatii asupra cui are acces la informatiile critice de business, automatizarea provizionarii si impunerea controalelor de acces.
• #27: Privileged Account Management Gestionarea centralizata a conturilor privilegiate si furnizarea unui control granular al accesului administrativ.
• #28: Identity Administration Simplificarea mediului de lucru si experientei utilizator prin administrare centralizata si automata a conturilor.
• #29: User Activity Monitoring Auditarea conformitatii in utilizarea drepturilor de acces care le-au fost acordate angajatilor.
• #30: Dell understands that every organization is unique and that you need the right IdAM solution for your environment, your challenges and your goals. That’s why the Dell One offering is designed with flexibility in mind. Use the solutions you need now to address your short-term challenges and rely on an unparalleled depth of capabilities to meet your needs down the road. Single Sign-on Often considered the mythical “Holy Grail” of IAM, single sign-on (SSO) is a reality through Dell One. By removing identity from a high number of systems (Unix, Linux, Mac, Java and many applications) in favor of the ubiquitous Active Directory identity, Dell One provides true SSO for a major portion of your enterprise. But Dell One doesn’t stop there. For systems that cannot be integrated with Active Directory, Dell One delivers enterprise single sign-on that initiates non-Windows authentication from initial AD logon—and it’s transparent to the user. No other solution can offer world-class “true” SSO combined with enterprise SSO for complete coverage. Provisioning The traditional first step in IdAM, provisioning is often one of the most time-consuming, error-prone and troublesome aspects of IdAM in complex environments. Dell One drives provisioning with a layer of identity intelligence that delivers automation, workflows and attestation based on your business objectives, not the limitations of your technologies or resources. Our solutions enable you to “codelessly” provision, re-provision and de-provision users across the entire enterprise. We provide self-service for end users and line-of-business personnel that frees IT from the tedious burden of many provisioning tasks. The Dell One approach lets you realize benefits in a matter of months, not years, and at a fraction of the cost of traditional provisioning frameworks. Role Management A key to effective IdAM is establishing roles to associate your users with the appropriate policies, access rights and business processes that IAM should control. Dell One gives you the power to build a single set of roles and apply them across the enterprise. Our capabilities for consolidating identities and implementing identity intelligence make ad hoc role definition and enforcement things of the past. Dell One can even mine your existing role structure and provide you with the easy-to-use tools to normalize the roles enterprise-wide. Then, you can apply them according to the business driven policies, rules and objectives you’ve established. Identity Intelligence What makes IdAM especially tough is correlating the disparate components (identities, roles, rules, workflows, policies and approvals) with the systems and entitlements required for users to do their jobs. Dell One delivers the 360-degree visibility and enterprise-wide control necessary to actually achieve your IdAM objectives—based on your business needs, not the limitations of specific technologies. This intelligent approach (combined with key, unifying IdAM components) dramatically streamlines and secures IdAM, including provisioning, role management, compliance and access control. Multifactor Authentication Chances are, you’re moving toward multifactor authentication to further secure user access and satisfy regulations. Dell One lets you affordably implement this important technology—without having to add infrastructure. Our multifactor authentication options rely on Active Directory—not a proprietary identity store—and allow you to manage authentication through interfaces you already use. When combined with Dell One’s identity consolidation capabilities, your single solution can be applied to the largest possible portion of your environment. Password Management Analysts report that as much as 35 percent of help desk workload is dedicated to helping users reset forgotten passwords. Dell One helps you address this productivity-killing burden by reducing the number of passwords for each user through identity consolidation. We also strengthen and standardize policy across systems and relieve IT of the password-reset burden entirely. With fewer passwords to forget and the power to securely help themselves, users have fewer interruptions and IT can focus on more critical work. Privileged Account Management Let’s face it, in some IT departments today there are too many administrators who have too much power on too many systems. Native tools can’t address this issue of too many with “keys to the kingdom” because they rarely provide compliance visibility or the flexibility to manage privilege delegation or command control. Dell One gives you the power to granularly delegate administrative rights and execute command control on Windows-, AD- and Unix based systems and devices, while providing a compliance ready audit trail of administrative activities, rights and permissions that spans the entire enterprise. In addition, Dell One secures and automates the request, approval, release, use, return and changing of administrative credentials regardless of which system or which administrator account is required. Optimizing an IdAM Framework Perhaps you have already invested heavily in an IdAM framework. Dell One can help you achieve more value from existing solutions by accelerating their deployment and reducing their complexity. By consolidating a high number of identities (from Unix, Linux, Mac, Java and other applications) into Active Directory, Dell One gives you the power to immediately secure and control those other systems without custom coding and dedicated synchronization points. In addition, the Dell One approach perfectly complements an existing deployment with enhanced, business-driven identity intelligence. We also fill critical functionality gaps with capabilities such as single sign-on, strong authentication, efficient Active Directory administration and privileged account management.