simpler, smoother och smarter zecurity för affärsverksamhetens ekosystem - smarter business 2013
Post on 19-Oct-2014
783 views
DESCRIPTION
Allt fler organisationer söker kostnadseffektivitet med att externalisera arbetet i affärsprocesserna och då behövs åtkomsthantering för företagets hela ekosystem. Med självbetjäning, centraliserad behörighetshantering och nya smarta molntjänster har Enfo löst detta hos Tele2, Folksam med flera. Talare: Pekka Hagström, Business Area Manager, Security, Enfo Zipper Zecurity. Mer från dagen på http://bit.ly/sb13seTRANSCRIPT
© 2013 IBM Corporation
Simpler, Smoother och Smarter Zecurity för affärsverksamhetens ekosystem
Pekka HagströmBusiness Area Manager SecurityEnfo Zipper Zecurity
Drivers to enhance identity and access management
1. Internal users2. External users 3. Online business models4. IT architecture
Hvide Sand,Denmark
+ 25 Co
Business drivers to enhance IAM – part 1
Streamline the administration of internal usersAutomate the flow of identity related data, from HR into various systemsAutomate the adjustment to changes in job rolesEnforce access according to the job rolesReduce processing /onboarding time for new employeesSimplify administrative proceduresDelegate administration to different organizational units so that they can administer
their own users according to mutual agreementsCentralize the administration of internal users and federate them to external
(cloud)servicesFulfill administrative requirements with traceability and audit reportingEnhance the quality of identity-related data in different target systems
Streamline the administration of external users Eliminate/reduce administration costs Delegate all administration of external users to external stakeholders Ensure that external users have access only in accordance with their agreements Externalize the risks of administration external stakeholders Eliminate latency for changes to user / permission data Ensure ‘non-repudiation?' of all transactions conducted by external users
Business drivers to enhance IAM – part 2
Enable all online business and all online activities Provide single-sign-on to all users to all applications/services/systems Enable access to all processes for external users (according to agreements) Enable login/authorization with federated external identities Provide seamless integration to external (cloud)services Enhance the business within your ecosystem – customers, partners, brokers, etc.
Business drivers to enhance IAM – part 3
Parent company
Business Ecosystem
Wealth management
Credit bank
Investment bank
Fund company
Deposit bank
Insurance company
Challenge – business based access in ecosystems
Multi-tenant IAM is needed
External organization as a service provider
Embedded cloud services
Payment Card company
Cloud services
B2C customers B2B customers
Business partnersRegulators
Brokers
Re-sellers
Examples of federated identities in the ecosystem
Company
External authentication services
Employers of external users
External partners
Cloud services
External partners
Streamline your ICT architecture Utilize commercial services instead of in-house development Externalize the risks associated with internal solutions and maintenance Avoid dependencies to specialized IT-resources Provide modern claim-based access control services to new services/applications Integrate your existing (target) applications with source systems (i.e. HR) Externalize login into a common SSO service
ICT drivers to enhance IAM
Alternative solution models
1. Propagation from HR into applications2. Dynamic, business based access control
Provisioning into target applications
Dynamic access control
Conceptual IAM solution models
HR (1)
HR (2)
CRM (1)
CRM (2)IdM DB
IdM Portal
Master sources
Application 1
Application 2
Service 1
Service 2
Application 3
Application 4
AD
ABAC
Local authentication and authorization based on local replicated data
Dynamic authentication & authorization based on
attributes
Authentication and authorization based on centralized data (AD)
IdM Processes
Bus
ine
ss p
roce
sses
Target systems
Access Management
Service Management HR
IdM Synch. engine
AD Cloud Applications LDAP
Provisioning into target systems
HR 1
Master dataWeb services
Customers Intranet
Service mgmtHR 2Identity portal
IdM admin app
Source for internal users
Embedded administration
Centralized administration
Who gets access to what, on behalf of whom?IdM
1. e-Service management
3. Delegated Identity management
2. Business agreements as a foundation for access
Access Object
Service agreements
OnlineServices
Application
Service Consumers
User
PermissionUser account
PersonB
usi
nes
s in
teg
rity
Fou
ndat
ion
for
entit
lem
ents
A person can act as multiple users
Implicit & explicit
attributes
Conceptual model for dynamic access control
Service Providers
Services vs. customer specific development?
Smarter ICT
Simpler with common services
Applicationservices
Integrationservices
SecurityServices
CommunicationServices
Service Desk
Workstationservices
Assetmanagement
Infrastructureservices
Business intelligence & Billing services
Smoother ICT platform for business applications
Business Applications Business PortalsBusiness processes
Simpler, smoother, smarter ICT
Smart value-added security services