Identity & Access Management

IAM (Identity & Access Management) is one of the cornerstones of Information Security. Thinking in identities and putting the security of information and the access to information in the center of attention is the foundation for improving information security. Moving away from device-centric and network-centric security to information-centric security allows to better understand information risks and the required actions to mitigate these risks and better secure your enterprise. Leading industry experts, all with an analyst background, and KuppingerCole analysts discuss the role IAM plays for information security and the future of IT Security in general in this panel.

In recent times where the term "federation" is slipped into the conversation as if it were a straight forward hassle free process, there lurks a multitude of technical challenges. Chief amongst those are the "session state" issues of SLO and idle time-out. This panel session will unpick the problem and touch on various approaches being used to solve it, manage it, or avoid it.

Privileged accounts like root, sysadmin or Oracle system, are necessary to run and manage databases, middleware and operating systems. These accounts obviously are very powerfull as they allow access to any type of business information. So if somebody would want to severely damage your business for whatever reason, attacks targeting these privileged accounts would be the way to do it.

This leads us to the question: would you at least find out if a privileged account is being misused? In other words: Do you actually know, who is using such accounts and wether this usage is necessary and allowed? If this is a question you are asking yourself from time to time - the auditor would dive much deeper and and also ask, what exactly root had been doing during a certain session. Considering, that according to the Ponemon Institute 2012 Cybercrime Survey, 62% of respondents reported malicious insider breaches, we can assume that the auditor´s questions are reasonable and it would be good to have an answer

In this panel discussion, we will look into the reliability of currently available solutions and talk about the different approaches to reach compliance with PCI-DSS, SOX, Basel and comparable regulations.

Working across six continents, Teleflex provides medical devices used in critical care and surgeries across the globe. Their products help protect patients from infections and enables surgeons to do safer, less invasive procedures ranging from vascular access, anesthesia and airway management among many others.

Teleflex Incorporated (www.teleflex.com) has a core identity management strategy: one point of access. Beginning as just a temporary fix to decommission the company's Sun LDAP directory, Teleflex began their use of a virtual directory. The virtual directory allowed the company to link all of their separate directory information into one enterprise directory. Using directory virtualization, Teleflex was able to eliminate custom scripting, serving up employee data from SQL databases to the receiving applications without scheduling synchronization tasks.

The enterprise directory has now become a significant part of Teleflex's identity management strategy to improve facilitation of acquisitions, eliminate custom scripting to obtain employee data from Teleflex's HR Vista system and to unify and simplify both application access and the end user experience.

Modern identity infrastructures are a tangled web of identity sources, protocols, and varies security means. This panel discussion will focus on the challenges around unifying a disparate identity infrastructure for identity management and federation initiatives. The panel will explore how an identity service, enabled by virtualization, can be used to tackle many kinds of identity management challenges, and facilitate the addition of new identity stores and populations. Nick Sabinske’s experience at Teleflex will serve as a catalyst for the panel discussion, while Ulrich Schulz of Radiant Logic will extend the discussion with other real-life deployments, and Fulup ar Foll from KuppingerCole will provide an objective, third party view of the industry.

Some of the points to discuss:

• Integrating identities stored in Active Directory with the rest of the identity infrastructure, including multiple directories, databases, and web-based applications
• Why a single access point is an essential starting point for many identity management and federation initiatives
• When to choose an on-premise identity management solution compared to a hosted solution
• Achieving single sign on across disparate identity sources and federated systems
• Improving user experience by minimizing credentials and providing uniformity

Identity and Access Management like most of the organizations have implemented is on change. Provisioning as the core element in former days still plays some role, but with Access Governance becoming established, new concepts like Access Intelligence (in its still somewhat undefined form), integration to SIEM, re-thinking of established IT concepts like Message Queueing for the role they can play in Identity and Access Management and many other influencing factors, Identity and Access Management has to be re-thought where it is still established. The art of re-engineering is the balance between an advanced solution and architecture on one hand and the protection of investments. How can you leverage what you have towards a more mature, more flexible, more future-proof, business-focused solution? What will you need in the future and what does it need ot go there? And what about dealing with new groups of users like your customers and trends like BYOD (bring your own device)? And how about the changing requirements around privacy and information security?

KuppingerCole strongly believes that it is time to re-engineer Identity and Access Management and to rethink the established approaches. Martin Kuppinger will present the future view of Identity and Access Management and explains how to best re-engineer it.

VANguard is a suite of authentication and security services provided by the Department of Innovation, Industry, Science and Research on behalf of the Australian Government. VANguard’s services include a browser based single sign on service, a security token service a signature verification service and a timestamping service. These services are available to all three tiers of government within Australia and cater specifically to business to government and government to government transactions. VANguard brokers a range of credentials and is built upon broadly supported standards. Over the past twelve months, VANguard has processed over thirty million transactions.

This case study will begin by examining the history of VANguard including the policy decisions leading to its creation, the challenges inherent in providing a whole of government solution and the progression from concept to implementation. The second part of the case study will focus on the technical and physical implementation of the services and the lessons learned as the project has developed.

Security is now as much a question of visibility as it is of controls. Enterprises need to be able to see what’s happening throughout their physical and virtual environments, including both in house and in the cloud. This session discusses the role of identity management in security intelligence, including the kinds of information that enterprises need to collect, the kind of analysis that needs to be performed and the ways that the resulting security intelligence can be applied in making effective security decisions.