CA Identity Suite
-
Upload
santiago-cavanna -
Category
Technology
-
view
274 -
download
0
Transcript of CA Identity Suite
CA Identity Suite
Santiago CavannaSecurity Solution Account DirectorArgentina, Chile, Bolivia, Uruguay y Paraguay.
Twitter https://twitter.com/scavannaOffice: +54-11-43-17-15-95 | Mobile: +54-911-41-65-15-47 | [email protected]
2 © 2015 CA. ALL RIGHTS RESERVED.
The World of Identity Management & Governance
3 © 2015 CA. ALL RIGHTS RESERVED.
Identity Management shifts from being IT-centric…
IT-aware users
to Business-centric…
Business users & Customers(Often mobile)
4 © 2015 CA. ALL RIGHTS RESERVED.
Demands of the Business User
Support my device
Businessfriendly
Decision support tools
Unified interface
Productivity
Customized experience
4
5 © 2015 CA. ALL RIGHTS RESERVED.
CA Changes the Game
5 © 2015 CA. ALL RIGHTS RESERVED.
6 © 2015 CA. ALL RIGHTS RESERVED.
Convenient, intuitive, business-oriented user experience
A One-Stop Shop for business user access to all identity services
User experience that is specifically designed for business. Uses terms that business users understand.
– Business-oriented proactive analytical & advisory tools
– Personalized dashboards
– Business-oriented resource names
7 © 2015 CA. ALL RIGHTS RESERVED.
Automated Provisioning
Wizard-based on-boarding of new users (including self-registration), such as employees, business partners and contractors.
Manages identities, roles, and policies across on-prem & cloud applications
Customizable workflows support the unique way each organization approves, and schedules these activities.
Broad set of connectors to target systems
8 © 2015 CA. ALL RIGHTS RESERVED.
Access Requests
Easy-to-use access request process through an intuitive 'Shopping Cart‘ experience.
Conveniently request roles and entitlements from a Business Entitlements Catalog, view current access privileges, track the status of previous requests, copy users permissions, compare users and select from saved favorites.
All requests can be checked for segregation of duties compliance.
9 © 2015 CA. ALL RIGHTS RESERVED.
Internet
Access
SAP CRM
HR Portal
Online
Payroll
Business Entitlement CatalogMoving from IT terms…..
HR_SEC_SYSJA01_RPTABIZOBJ_AUDIT_J100I
AD_WEBSEC_INNET
SAP_Role_Mng_Cust
VPN_TANT01_GROUP23
SAP_View_Rep_BZ50
AD_GROUP_ACCESS_W50
AD_GROUP_002_All
SAP_Portal_M45
FIN_AA23
IM_PRVN_Portal_002
DIC
TIO
NA
RY
SVRFin33_Access
….to Business terms
10 © 2015 CA. ALL RIGHTS RESERVED.
Expedite, track, manage and control your requests through an intuitive ‘social network’ like experience.
Improves manager productivity and provides audit reporting of approvals
Request Tracking
11 © 2015 CA. ALL RIGHTS RESERVED.
Certification Campaigns
Simplifies and centralizes all necessary compliance activities in one place.
Business entitlements catalogue simplifies certifications
Risk analysis highlights risky access to:
– enable real-time remediation– improve policy enforcement– Simplify regulatory compliance.
CRM Customer
view
Update HR reports
View Billing
Reports
12 © 2015 CA. ALL RIGHTS RESERVED.
Risk Analyzer & Simulator
RISK ANALYZER is based on an advanced, robust rules engine that calculates user risk score in real time:
– Calculates and displays users' risk scores and alerts whenever it detects a risky user.
– Updates risk scores continually based on changes to user privileges, user attributes and other contextual factors.
– Simulates in real time the user's risk score changes in the context of access requests.
13 © 2015 CA. ALL RIGHTS RESERVED.
Prevent Violations
Provides three levels of preventive controls, based on risk and violation types and severity levels, when high-risk users or violating transactions are detected:– Displays an informative alert, or– Requires justification in order to
proceed with the action, or– Rejects the action.
14 © 2015 CA. ALL RIGHTS RESERVED.
Launchpad gives the user quick links to other web applications, internal or external
• The links can be CA Identity Portal configured links• Clicking on a link will redirect the user to the
application in another tab/window
CA Identity Portal offers authorization level to expose Launchpad applications to specific users based on their permissions
• Users can request for access to web applications and then get a quick link to open the application
Applications Launchpad
15 © 2015 CA. ALL RIGHTS RESERVED.
Identity on-the-go
Managers can manage identities and entitlements on-the-go.
Allows the organization to support BYOD policy, and to improve efficiency, responsiveness, and user satisfaction while reducing security risks.
16 © 2015 CA. ALL RIGHTS RESERVED.
Brand your Identity
Provides role and branding customization of the user interface. Administrators can control the look and feel of:– Logo– Color scheme– Font size– Background image
17 © 2015 CA. ALL RIGHTS RESERVED.
But, the IT user has needs too!
Policy enforcement
Low TCO
Application connectivity
Fast provisioning
Fast ROI
Compliance reporting & auditing
17
18 © 2015 CA. ALL RIGHTS RESERVED.
Business-Oriented User Experience
CA Identity Management & Governance Capabilities
IDENTITY MANAGEMENT & GOVERNANCE
LIFECYCLE
CAPABILITIES Automated provisioning User self-service Supports on-premise & cloud apps Deployment tools
BUSINESS VALUE Increased efficiencies Reduced Help Desk costs Flexibility for your cloud adoption Customization without coding
CAPABILITIES Role mining & analytics Privilege clean-up Automated access certifications Access policy enforcement
BUSINESS VALUE Simplify user management Highlights improper entitlements Simplified compliance Prevents policy violations
Management Governance
19 © 2015 CA. ALL RIGHTS RESERVED.
Reducing your TCO
Px
Cx
Cfx
PolicyXpressCustomization Without Coding
ConnectorXpressCreate Connectors To Databases And LDAP
ConfigXpressEnvironment Management
20 © 2015 CA. ALL RIGHTS RESERVED.
Connector XpressSimplifying connectivity to apps and data
High cost and TTV to develop customer connectors
High maintenance costs
Difficult and costly customization
THE CHALLENGE
Wizard-based tool to easily create connectors
Provision to relational database tables and LDAP directory servers
Customization without coding
CAPABILITIES:
Customers
Partners
Employees
Directories
Databases
Reduced deployment time for environments with custom apps
Reduces ongoing development & maintenance costs
BENEFITS:
Custom Apps
Generated Connectors
Cx
21 © 2015 CA. ALL RIGHTS RESERVED.
Policy XpressImplementing business policy without coding
Implementing business policy requires coding –> high development costs
Ongoing maintenance costs for code
Difficult to audit and validate policy enforcement
Wizard-based tool to implement policy in applications
Pre-defined actions at specific times during a user transaction
Customization without coding
Users
Customization takes minutes, not days or weeks!
Eliminates code maintenance costs
No need for special coding skills
Reduces errors in policy enforcement due to coding mistakes
DefinePolicy
Admins
Business Policies
Px
Px
THE CHALLENGE CAPABILITIES: BENEFITS:
22 © 2015 CA. ALL RIGHTS RESERVED.
Config XpressSimplifying configuration management
Migration between environments is time-consuming and error-prone
Lack of documentation of status of each component
Environment import from live systems or through exported files
Change-analysis reports highlight differences between environments
“Push-button” configuration documentation
Reduced time to migrate environments
Improved visibility into config status
Reduced TCO
Development Test Production
Business Logic
Identity Manager
Identity Manager
Identity Manager
Business Logic Business Logic
Cfx
THE CHALLENGE CAPABILITIES: BENEFITS:
23 © 2015 CA. ALL RIGHTS RESERVED.
Config XpressSimplifying configuration management
Development Test Production
Business Logic
Identity Manager
Identity Manager
Identity Manager
Business Logic Business Logic
Migration between environments is time-consuming and error-prone
Lack of documentation of status of each component
Environment import from live systems or through exported files
Change-analysis reports highlight differences between environments
“Push-button” configuration documentation
Reduced time to migrate environments
Improved visibility into config status
Reduced TCO
THE CHALLENGE CAPABILITIES: BENEFITS:
–Customer comments on the Config Xpress tool
“Thank you…..Thank you!!!!”
“Incredibly valuable tool!”
Cfx
24 © 2015 CA. ALL RIGHTS RESERVED.
CA Identity SuiteDesigned with your IT & Business needs in mind
Deep Provisioning
Access Requests
Certifications
Role Analytics
Self-Service
Access Governance
Privilege Cleanup
Risk Analysis
Policy Enforcement
Deployment Tools
Capabilities
BusinessIT
25 © 2015 CA. ALL RIGHTS RESERVED.
CA Identity SuiteDesigned with your IT & Business needs in mind
Great User Experience
Improved Productivity
Customized Experience
Mobile Access
Easy access to all my apps
Identity automation
Reduced entitlement risk
Reduced TCO
Reduced Help Desk costs
Simplified Compliance
Benefits
BusinessIT
26 © 2015 CA. ALL RIGHTS RESERVED.
Why CA Identity Suite?
Business-oriented user experienceBusiness-oriented application
simplifies use and improves user
satisfaction. A Business Entitlements
Catalogue greatly simplifies access
requests by business users.
Reduced TCO through streamlined deploymentXpress tools simplify connectivity to
homegrown apps, enable business policy
definition without coding, and
streamline migration between
Development-Test-Production
One-stop-shop for access to all identity servicesSimplified, centralized interface
improves productivity and user
satisfaction/loyalty
Risk analysis & simulationAdvanced, robust rules engine that
calculates user risk score in real time,
and generates alerts on a risky user
access request.
Secures on-premise and cloud applicationsCentralized control of identities,
users, roles and policies across
on-premise and cloud applications.
ProvenScalabilitySupports many large, complex
environments today. Can address
your needs as they grow.
27 © 2015 CA. ALL RIGHTS RESERVED.
CA Identity Management and GovernanceCustomer Success
Rankings based on Fortune.com. Gov ranking based on # of employees
3 out of the top 6 US Government Agencies
5 out of the top 7 Manufacturing4 out of the top 5 Telecoms
9 out of the top 15 Fortune 500
28 © 2015 CA. ALL RIGHTS RESERVED.
CA Identity Management & GovernanceAnalyst Reviews & Industry Awards
1Leadership Compass: Access Governance: Martin Kuppinger, Oct 20141Leadership Compass: Identity Provisioning,: Martin Kuppinger, Apr 20141Leadership Compass: IAM/IAG Suites: Martin Kuppinger, Nov 20142Identity and Access Management Suites: Q3 2013; Forrester Research Inc.; September 4, 2013
Leader:
• Access Governance: Oct, 2014
• Identity Provisioning: Apr, 2014
• IAM/IAG Suites, Nov, 2014
Kuppinger-Cole Leadership Compass1 Forrester Wave2
Leader:
Identity and Access Management Suites: Sept, 2013
29 © 2015 CA. ALL RIGHTS RESERVED.
Industry awards for CA Identity Management
CA Identity Manager Best Identity Management Solution of 2015
Winner in 2013, Finalist in 2014
"The Reader Trust Award is unique because it represents the voice of the people who are using these products and services every day. CA Identity Manager was chosen as the Best Identity Management Solution winner for its ability to meet and exceed the needs of its customers."
Illena Armstrong, Vice President, editorial, SC Magazine
30 © 2015 CA. ALL RIGHTS RESERVED.
Legal NoticeCopyright © 2015 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. No
unauthorized use, copying or distribution permitted.
THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the information. TO
THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION,
ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. In no event will CA be liable for any loss or
damage, direct or indirect, in connection with this presentation, including, without limitation, lost profits, lost investment, business interruption, goodwill, or
lost data, even if CA is expressly advised of the possibility of such damages.
Certain information in this presentation may outline CA’s general product direction. This presentation shall not serve to (i) affect the rights and/or obligations
of CA or its licensees under any existing or future written license agreement or services agreement relating to any CA software product; or (ii) amend any
product documentation or specifications for any CA software product. The development, release and timing of any features or functionality described in this
presentation remain at CA’s sole discretion.
Notwithstanding anything in this presentation to the contrary, upon the general availability of any future CA product release referenced in this presentation,
CA may make such release available (i) for sale to new licensees of such product; and (ii) in the form of a regularly scheduled major product release. Such
releases may be made available to current licensees of such product who are current subscribers to CA maintenance and support on a when and if-available
basis.
The information and results illustrated here are based upon each identified customer’s unique experiences with the referenced software product in a variety of environments, which may include production and non-production environments. Past performance of the software products in such environments is not necessarily indicative of the future performance of such software products in identical, similar or different environments.
31 © 2015 CA. ALL RIGHTS RESERVED.
Thank you!
© 2015 CA. All rights reserved.
Customer success stories
33 © 2015 CA. ALL RIGHTS RESERVED.
Streamlining identity managementCase study: A large, multi-national media/broadcasting company
CONTRACTORS
150K+ Users
Challenges:
Fragmented entitlements
lack of visibility of access orphan accounts overlapping access
Manual entitlement reviews
No standardized role definitionsPARTNERS
EMPLOYEES
800+ Apps15K+ Unix servers
31K+ Windows servers55K+ Devices
These 3 slides describe the
Comcast use case
(delete this before showing)
34 © 2015 CA. ALL RIGHTS RESERVED.
Streamlining identity managementCase study: A large, multi-national media/broadcasting company
CA Identity Suite
CONTRACTORS
PARTNERS
EMPLOYEES
Consistent role definitions Remediated orphan accounts/incorrect access Seamless access to apps and assets Shopping cart experience for access requests
RESULTS:
Reduced onboarding SLAs (5 day to minutes!) Vast improvement in ease of administration “Day 1 Productivity” Reduced time for certification campaigns (50 campaigns went
from 12 weeks to 3)
BENEFITS ACHIEVED:
IdentityPortal
IdentityManagement
IdentityGovernance
Roles
35 © 2015 CA. ALL RIGHTS RESERVED.
Streamlining identity managementCase study: A large, multi-national media/broadcasting company
CONTRACTORS
PARTNERS
EMPLOYEES
Consistent role definitions Remediated orphan accounts/incorrect access Seamless access to apps and assets Shopping cart experience for access requests
RESULTS:
Reduced onboarding SLAs (5 day to minutes!) Vast improvement in ease of administration “Day 1 Productivity” Reduced time for certification campaigns (50 campaigns went
from 12 weeks to 3)
BENEFITS ACHIEVED:
IdentityPortal
IdentityManagement
IdentityGovernance
Roles–Chief Infrastructure and Information Security Officer
“We have been able to help simplify identity management processes and make engagement easy for our business leaders without compromising our security and compliance needs.”
36 © 2015 CA. ALL RIGHTS RESERVED.
Customer
Success“We have been able to help simplify identity management processes and make engagement easy for our business leaders without compromising our security and compliance needs.”–Chief Infrastructure and Information Security
Officer, Comcast
This is the same quote as the
previous slide, in case you don’t want
to use 3 slides for this one case study
37 © 2015 CA. ALL RIGHTS RESERVED.
Customer
Success
At a retail organization, Identity Governance analyzed 250,000
accounts, 66 million access rights and discovered 200 roles
in 3 minutes
38 © 2015 CA. ALL RIGHTS RESERVED.
Hill International is aglobal leader in managing construction risk
Reduced provisioning time from 14 days to 24 hours, improving productivity
39 © 2015 CA. ALL RIGHTS RESERVED.
Customer
SuccessA F500 insurance company:
Reduced SOX audit data gathering from 10 days to 2 hours
Reduced on-boarding from 10 days to <2 days
40 © 2015 CA. ALL RIGHTS RESERVED.
Customer
SuccessA F100 Financial Institution achieved:
$1M help desk savings within 2 years (for PW Mgt)
Using correlation, recouped $1.3M in software licenses by finding orphan accounts
41 © 2015 CA. ALL RIGHTS RESERVED.
Customer
Success“CA Identity Governance provided the most rapid TTV of any IAM product I’ve ever used…”
VP of IT, Huge Global Retailer
Extra slides to use
43 © 2015 CA. ALL RIGHTS RESERVED.
Integrated Identity Management & Governance Solution
CA Strong Authentication
CA Directory
CA Risk Authentication
Risk assessment for authentication and access decisions
Patented software-based two-factor authentication
High performancestore
CA Single Sign-On
Management of CA SSO entitlements
CA Identity
Suite
44 © 2015 CA. ALL RIGHTS RESERVED.
Customer success using CA Identity Suite
Identity process automation
Improved efficiencies and employee productivity
Simplified and faster provisioning
Improved compliance audits through automated access certifications
Benefits gained from using CA Identity Suite
45 © 2015 CA. ALL RIGHTS RESERVED.
Identity Management From CA Technologies
What is driving our strategy?
Understanding who has access to what and why
Identifying potential threats
Simplifying governance of access
The Open Enterprise
Enabling the Business Minimizing Risk
Increased cloud adoption (IaaS, PaaS, SaaS)
Bring your own devices and identities
Distributed internal and external users
Improving efficiencies
Shifting responsibilities from IT to the business user
Lowering total cost of ownership
46 © 2015 CA. ALL RIGHTS RESERVED.
Challenges of Today’s Open Enterprise
REDUCE RISK OF OVER-PRIVILEGED USERS
Do I have Segregation of Duties violations right now? Do all my users have the correct access for their role(s)?
AUTOMATE IDENTITY PROCESSES
Are my processes too manual? Are they inefficient? Do I have inconsistent security policies due to human error?
Can I reduce the time & effort it takes to submit audit reports? Can I easily show “who has access to what”?
SIMPLIFY COMPLIANCE AUDITS IMPROVE EMPLOYEE PRODUCTIVITY
How much time do my managers spend in access certifications? How long does it take a new employee to have ALL their access
and accounts available?
INCREASE USER PARTICIPATIONPROVIDE OUTSTANDING USER EXPERIENCE
Can the system interact with my users with Business terms that they understand?
Can I improve my user productivity and satisfaction?
Can I provide a one-stop-shop where my users can easily access all identity services in one place?
Can I reduce the need of IT to manage identity processes?
47 © 2015 CA. ALL RIGHTS RESERVED.
CA Identity Suite
The next Generation of Identity Management and Governance
Identity ManagerAutomated Provisioning
Policy/Workflow Mgt
Identity GovernanceRole Discovery & Analytics
Entitlement Certification
Identity PortalBusiness User Experience
Access Request/User Mgt
CA IDENTITY SUITE
CustomApplication
MainframeDatabaseDirectory SAPUNIXSalesforce
Xp
ress
Tec
hn
olo
gies
ConfigX
ConnectX
PolicyX
Entitlement Info
Business DataHR Systems