ibm software group confidential © 2003 ibm corporation confidentiality/date line: 13pt arial...
TRANSCRIPT
IBM Software Group
Confidential © 2003 IBM Corporation
Selling Tivoli Security Portfolio
Business Partner Training Presentation(for Business Partner use only)
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
Agenda
• Overview
• Customer issues
• AMOS value
• Identifying and qualifying opportunities
• What does AMOS secure?
• Competition
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
Overview
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
Business Drivers for Security
Reduce cost of development– Avoid coding security into each application
– Faster application deployment Reduce total cost of ownership
– Reduce administrative/helpdesk costs Compliance with privacy legislation
– HIPAA, GLB, COPA Quicker time to market
– Reuse user/group and policy information Ability to securely share information
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
BrowserBrowser
1
HTTP ServersHTTP Servers
App Servers(WebSphere/BEA)
App Servers(WebSphere/BEA)
53
2
MainframesMainframes
13
2
44
54
Typical 3 Tier Architecture
Browser issues request to Web server
Most Web applications and processing are run on UNIX or the mainframe
Application server performs some business logic and may forward to mainframe for additional processing
HTTP server forwards request to application server
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
BrowserBrowser
2
HTTP ServersHTTP Servers
App Servers(WebSphere/BEA)
App Servers(WebSphere/BEA)
MainframesMainframes
13
2
44
How do we control what action a user can take?
• To review insurance claim, users may go to www.insurance.com/claims/review.jsp• How do we decide which claims they can review and which ones they cannot?• Most applications servers have little or no security• Therefore, security must be coded manually by each developer:
• Increase QA time• Increases deployment time• Increases overall time and cost
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
BrowserBrowser
4
HTTP ServersHTTP Servers
App Servers(WebSphere/BEA)
App Servers(WebSphere/BEA)
MainframesMainframes
13
2
44
How do we protect individual Operating Systems?
• Most customers run their Web applications on UNIX systems or the mainframe• The mainframe has RACF/ACF/TopSecret to protect OS/390 or z/OS resources• What about customers who run Solaris, AIX, HP-UX or z/Linux?
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
What is Tivoli Access Manager?
In its simplest form, Access Manager is an Authorization Engine
It decides what actions a person or application can take on a specific resource. For example: which users are allowed to read a file
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
Selling AMOS
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
What is Access Manager for OS?
Tivoli Access Manager for Operating Systems is a UNIX security tool.
– It addresses typical security holes in the most common types of UNIX (Solaris, AIX, HP-UX, Linux)
– Provides “RACF-Like” security for customers who run Linux on the mainframe.
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
Customer Issues
UNIX and Linux Security is too weak for the enterprise Leading to accidental and deliberate data loss
UNIX systems frequently fail security audits Delegation of ‘root’ (super user) access is problematic Difficult to manage security policy across multiple systems There is no RACF for Linux on the Mainframe
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
Access Manager for OS Value • Secure application environment protects data
• Reduce administration costs– Centrally define authorization policies on heterogeneous servers across your enterprise– Securely delegate UNIX administration
• Meet corporate auditing requirements– Detailed auditing showing transactions were expressly authorized and protected
• Leverage existing investments
• Build on an existing AM environment
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
Selling Opportunities
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
How to Identify Opportunities
Identifying opportunities
– Identify existing CA eTrust Access Control customers
– Any customer with UNIX systems
– Focus on those that are in Banking, Finance, Healthcare and Government since these all involve sensitive data that need to be protected
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
Pain Questions
How many UNIX boxes do you have?– How many different types of UNIX?
How do you manage security across all those boxes?
How many people officially have the ‘root’ password?– How many people have it that you don’t know about?
Can they delete files? – How do you audit ‘root’ access?
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
Qualifying Questions
What is driving you to look at a UNIX security solution?
Who is sponsoring this at an executive level?
Have you looked at other UNIX security solutions? Which ones?
What servers do you want to start with?
Is there money in the budget for this?
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
Key People
Head of UNIX/Linux Server group UNIX/Linux Admins Mainframe Linux security VP on Enterprise Architecture Chief Security Officer CIO/CTO
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
What does AMOS secure?
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
What does AMOS secure?
Runs on top of UNIX security (this minimizes disruption) All controls apply to all users – including “root” Conditional access – Access granted only via program Login Policy Controls Incoming/Outgoing network services (telnet, ftp, etc)
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
Competitive Comparison Single threaded product design
– Performance impact to the OS – sometimes stated as averaging 5-10%
– AMOS will be significantly less in most circumstances (less than 1%)
– Tivoli is priced significantly lower on init purchase and maintenance
– Some competitors do have broader platform support for older OS products
– Some competitors claim to have a Windows product
– Tivoli is faster at delivering new platform support
Products using modified operating systems– Positioned as a highly secure web server products
– More complex to implement – greater level of kernel modification
– Can impact standard applications
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
Competitive Differences
Non-intrusive (not a customized kernel – a kernel extension) Very high performance compared to last year’s leader (CA) Provides centralized access control services across UNIX vendor
offerings Support consolidation of security policy administration of UNIX OS
with MQ and Web applications Provides Web-based administration tool that supports multiple
levels of delegation
IBM Software Group | Tivoli software
AMOS – Business Partner Training Presentation | CONFIDENTIAL © 2003 IBM Corporation
Performance of OS access control is key
ACL Performance - Solaris
7
9
103
201
0 100 200 300
1
4P
roce
ssor
s
Test Runs Per Hour
Access Manager for OS 103 201
Leading Competitor 7 9
1 4