66% run 14% 20% grow transform EXPLOSIVE DATA GROWTH PROLIFERATION OF DEVICES BUDGET REDUCTIONS IT CONSTRAINTS Companies are under pressure to do more with less.
Download ReportTranscript 66% run 14% 20% grow transform EXPLOSIVE DATA GROWTH PROLIFERATION OF DEVICES BUDGET REDUCTIONS IT CONSTRAINTS Companies are under pressure to do more with less.
66% run 14% 20% grow transform EXPLOSIVE DATA GROWTH PROLIFERATION OF DEVICES BUDGET REDUCTIONS IT CONSTRAINTS Companies are under pressure to do more with less ENABLING DEVICES AVAILABILITY ROLE & DEVICE DRIVEN PRIVILEGES ALLOW CUSTOMERS & PARTNERS Companies must facilitate productivity without impacting security ADAPTING TO CLOUD RAPID ON-BOARDING OF SERVICES MERGERS & ACQUISITIONS PROLIFERATION OF GROUPS & USERS Management must adapt rapidly to changing business needs f RAPID RESPONSE PROTECT WHILE EXTENDING CENTRALIZE & STANDARDIZE REPORT & AUDIT Companies need an integrated security strategy EMPOWER USERS TAKE CONTROL PLAN FOR THE FUTURE Incorporating Identity into your environment can transform your business Identity Spans Environment USERS & DEVICES INFRASTRUCTURE APPS & SERVICES IDENTITY USERS & DEVICES INFRASTRUCTURE PRIVATE PUBLIC APPS & SERVICES TRADITIONAL IT IDENTITY HYBRID CLOUD o Single View Mgmt. o Application of Business Rules o Automated Requests, Approvals, and Access Assignment ADMINISTRATION o User Sign-on Experience o Trusted Source o Standard and Secure Protocols o Level of Assurance AUTHENTICATION o How and where are authorizations handled o Can a user access the resource and what can they do when they access it? AUTHORIZATION o Track who does what, when, where and how o Focused Alerting o In-Depth Collated Reporting o Governance AUDITING ADMINISTRATION Provision & De-provision AUTHENTICATION Identity Updates Identity Proliferation AUTHORIZATION Synchronization Interface Selection Change Control AUDIT Group Management Administration Provides ADMINISTRATION AUTHENTICATION AUTHORIZATION Flexible Sign-on Methods Supported Sources Security Protocols AUDIT Assurance Methods Authentication Provides ADMINISTRATION Entitlement Type AUTHENTICATION Access Policies AUTHORIZATION AUDIT Enforcement Strategy Authorization Provides ADMINISTRATION Reporting AUTHENTICATION Alerting AUTHORIZATION Governance methods AUDIT Collection of data Audit Provides http://aka.ms/io IO Level Basic IO Level Description • • • Most IT resources are used to keep IT functioning with reactive management Systems are complex, incompatible, and expensive and do not provide services throughout the organization Organizations use few IT policies and automated processes. Standardized • • • Organizations run somewhat effective, centralized IT departments IT systems remain complex, incompatible, and expensive and are run as standalone operations Basic automation is provided by a centralized IT group; pockets of automated services exist at business units Rationalized • • • • Long-term IT strategy is developed jointly by business and IT groups IT policies are defined with business criteria and enforced with IT processes and technology Complexity is engineered out of IT processes, and application compatibility issues are minimal This is the most cost-effective infrastructure optimization state Dynamic • Cost savings are secondary to maximizing business agility, which is a source of competitive advantage Some decision making is decentralized to bring decisions closer to business processes IT systems are highly automated, flexible, and respond quickly to changing business conditions Organizations may choose not to implement certain IT best practices because they reduce business agility • • • Basic Provisioning Deprovisioning Administration Audit No Deprovisioning, Adhoc Dynamic Automated Creation in all ID Stores Automated Deprovisioning in one Manual Deprovisioning in All ID Automated deprovisioning in all or more ID Stores Stores ID Stores Email Notifications to Others Manual by Help Desk Owner Managed w/o Approvals Dynamic/Attribute Based Owner Managed with Approvals Identity Updates Manual by Help Desk Self-Service w/o verification Self-Service with Approvals Password Reset Performed by Help Desk Synchronization None No Enterprise ID Store Self-Service Password Reset Synchronization among some ID Synchronization amongst all ID Stores Stores Enterprise ID Store + Application Specific Stores User Interface Help Desk Change Control Call Help Desk / Manual Workflow Single Enterprise ID Store Internal User Portal Internal/External User Portal Call Help Desk / Some Electronic None Workflow Multiple Passwords, Multiple One Password, One Logon to One Password, Multiple Logons Logons Company Resources Self-Service Request with Electronic Workflow One Password, One Logon to all Resources Source No central source Central + Application Centric Central, Multiple External ID's Central + Federation Protocols Multiple Week Protocols Multiple Strong Protocols, No Transition Multiple Protocols with TransitionSingle Protocol Assurance No Assurance, Shared ID's Password-Based Soft Certificates Entitlement Type Application Centric Sign-On Method Authorization Manual Creation Rationalized Automated Creation in one or more ID stores Group Management Identity Proliferation Authentication Standardized Access Policies Enforcement Strategy Reporting None Alerting No Alerting AD Integrated (Group based) + Role or Attribute Based Some Application Centric None Written Manual Manual Collation and Report Generation of Log Data Governance No Governance Collection of Data Disjoint, Manual Collection of Log Data Multifactor Centralized Policy Based Centrally Enforced Agent, API, Proxy based Automated Report Generation on Automated Attestation Report Some Systems Creation Proactive Alerting + Event Based Reactive/Event Driven Alerting Alerting No DLP, Manual Enforcement of Centralized DLP in Use Governance Disjoint, Automated Collection of Automated Collection of Log Data Logs Innovate Build a Plan Assess One Day Workshop Education 2 Week Assessment and Roadmap Assess Business Assess Infrastructure Identity Solutions Planning Define Roadmap Deployment Workshops are designed to introduce Identity and help customers understand how an identity solution could help their enterprise. Customer Benefits Include: • Introduction to core tenants of Identity • Discussion around recommended practices • Detailed explanation of Microsoft identity solutions • Business Value modeling Traditional IT TECHNOLOGIES Private Public Hybrid DESIRED END STATES Partners One Day 1-3 Day Workshop Workshops Education 2 Week Assessment and Roadmap Assess Business Assess Infrastructure Identity Solutions Planning Define Roadmap Deployment Assessment designed to help the you understand your current state within identity and to provide a roadmap towards maturity based upon business needs and goals. Customer Benefits Include: • Detailed assessment report and recommended path forward • Logical roadmap based on assessment, experience and recommended practices Traditional IT TECHNOLOGIES Private Public Hybrid DESIRED END STATES Partners One Day 1-3 Day Workshop Workshops Education 2 Week Assessment and Roadmap Assess Business Assess Infrastructure Identity Solutions Planning Define Roadmap Deployment Microsoft Services Identity Offerings Include: • • • • Traditional IT TECHNOLOGIES Enterprise Identity Management using Forefront Identity Manager 2010 Enterprise Identity Federation using Active Directory Federation Services Access Enablement Gateway and Identity Service Solution Application Identity Assessment for Windows Azure Private Public Hybrid DESIRED END STATES Partners Simplify, Streamline, and Secure AEGIS Solution Application Owners Application Users http://europe.msteched.com www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn http://europe.msteched.com/sessions