2. Evolution of IAM at a US financial services major
• Increased adoption of Cloud & Big
Data – Workday, Office 365, SaaS,
Hadoop,…
• Adoption of BYOD is diluting
traditional perimeter
• Growing security concerns on critical
platforms
• Expanding compliance mandates
• Increased collaboration with business
partners
• End users did not find IAM processes
intuitive enough
• Existing Sun IAM platform was
challenged to scale and deliver
• Extremely long turn around to
onboard new applications to IAM
platform
• No single view of employees and
contingent workers
• Different service windows for logical
and physical access
2
4. (Saviynt + ForgeRock) provided the next generation IAM architecture
Core architecture deployed in 2 months
4
Managed Systems
BigDataCloudEnterprise
Enterprise IAM
Identity
Warehouse
Fine-grained
Roles and SOD
Collection engines
for user access
and usage logs
Audit and
Control
SSO /
Authentication
Password
Management
REST APIs
BusinessView
Coarse-grained
Provisioning,
Synchronization
End-users, Managers,
IT Security, Auditors,
Platform owners
Fine-grained SOD
Management & Remediation
Enterprise / Application Role
Engineering & Management
Controls Library
(200+ security & SOD controls)
Access
Simulation
& Version
Mgmt.
Collectors
Access
Request
System
Access
Review
Security &
Compliance
Reporting
Saviynt AppSec Manager
Identity Stores /
Authoritative Sources
Custom AppsAD LDAP RACF Badging
5. Step 1 – Introduced an intuitive web and mobile UI
for access request and certification
5
• Simple grid layout for
easy navigation
• Supports
personalization
Mobile app available
on iOS and Android
Single window to request logical
and physical access
6. Step 1 – Introduced an intuitive web and mobile UI
for access request and certification
6
• Simple grid layout for
easy navigation
• Supports
personalization
Mobile app available
on iOS and Android
Single window to request logical
and physical access
• End users did not find IAM
processes intuitive enough
• Different service windows
for logical and physical
access
7. Step 2 – Single best-practice enterprise workflow and
pre-built modules to accelerate application onboarding
7
• Out-of-box single enterprise
workflow drives access
request behavior
• Enhanced with access
recommendations
• Met requirements of more
than 90% of enterprise apps
and platforms
• Promoted configuration
instead of coding to
onboard applications
• Reduced customization and
# of workflows, accelerated
application onboarding
• Based on industry based
practices
Integrated 182 applications
with new IAM platform in just
4.5 months
• Integration varied from automated to
semi-automated provisioning
• Usage logs were fed in for critical
applications, Cloud and Big Data
platforms
Privilege User
Management
Badge
Management
Contingent
Worker
Onboarding
Service
Account
Management
8. Step 2 – Single best-practice enterprise workflow and
pre-built modules to accelerate application onboarding
8
• Out-of-box single enterprise
workflow drives access
request behavior
• Enhanced with access
recommendations
• Met requirements of more
than 90% of enterprise apps
and platforms
• Promoted configuration
instead of coding to
onboard applications
• Reduced customization and
# of workflows, accelerated
application onboarding
• Based on industry based
practices
Integrated 182 applications
with new IAM platform in just
4.5 months
• Integration varied from automated to
semi-automated provisioning
• Usage logs were fed in for critical
applications, Cloud and Big Data
platforms
Privilege User
Management
Badge
Management
Contingent
Worker
Onboarding
Service
Account
Management
• Extremely long turn around
to onboard new applications
to IAM platform
• No single view of employees
and contingent workers
9. Step 3 – Implemented over 200+ security, process and SOD controls
ingrained in security platform, and actionable usage analytics
9
Financial platforms
(180 SOD rules)
o Core banking
o Investment management
o Life insurance
o Property and casualty
o Treasury
o Core financials
o Fraud management
o Information technology
SOX
Privacy
FFIEC
Access Logs
Analytics
Engine Access
Recommendations
Access Request – Peer recommendations
Access Approval – Outlier analysis
Access Certification – Outlier & Usage
analysis
10. Step 3 – Implemented over 200+ security, process and SOD controls
ingrained in security platform, and actionable usage analytics
10
Financial platforms
(180 SOD rules)
o Core banking
o Investment management
o Life insurance
o Property and casualty
o Treasury
o Core financials
o Fraud management
o Information technology
SOX
Privacy
FFIEC
Access Logs
Analytics
Engine Access
Recommendations
Access Request – Peer recommendations
Access Approval – Outlier analysis
Access Certification – Outlier & Usage
analysis
• Growing security concerns
on critical platforms
• Expanding compliance
mandates
11. Step 4 – Implemented fine-grained entitlement
management for critical apps, cloud and big data platforms
11
Managed Systems
BigDataCloudEnterprise
Fine-grained
Roles and SOD
Collection engines
for user access
and usage logs
Audit and
Control
BusinessView
IT Security, Auditors,
IAM Admins
Fine-grained SOD
Management & Remediation
Enterprise / Application Role
Engineering & Management
Controls Library
(200+ security & SOD controls)
Access
Simulation
& Version
Mgmt.
Collectors
Access
Request
System
Access
Review
Security &
Compliance
Reporting
Saviynt AppSec Manager
Custom Critical
Apps Workday Admins,
Big Data Admins,
Platform Owners
12. Step 4 – Implemented fine-grained entitlement
management for critical apps, cloud and big data platforms
12
Managed Systems
BigDataCloudEnterprise
Fine-grained
Roles and SOD
Collection engines
for user access
and usage logs
Audit and
Control
BusinessView
IT Security, Auditors,
IAM Admins
Fine-grained SOD
Management & Remediation
Enterprise / Application Role
Engineering & Management
Controls Library
(200+ security & SOD controls)
Access
Simulation
& Version
Mgmt.
Collectors
Access
Request
System
Access
Review
Security &
Compliance
Reporting
Saviynt AppSec Manager
Custom Critical
Apps Workday Admins,
Big Data Admins,
Platform Owners
• Increased adoption of Cloud & Big
Data – Workday, Office 365, SaaS,
Hadoop,…
• Adoption of BYOD is diluting
traditional perimeter
• Growing security concerns on critical
platforms
13. Step 5 – We are now implementing advanced
behavioral analytics
13
User
Amount
transactions
Date &
Time
IP
Address
User
Time Slices
Activity frequency
Network Sources
Daily, Weekly, Monthly, Day of
the Week, Time of Day,
Holidays, Weekend
Behavior Profile
Suspicious Activities
John. Doe
10/10/2011, 12:03:20,
10.12.132.1, John Doe, Email sent
14. Step 5 – …and activating various insider threat
management use cases
14
Insider Threat Intelligence
• Data theft detection and prevention
• Fraud detection and prevention
• VIP Snooping
• Sabotage detection and prevention
Data Exfiltration Analytics
• Data theft detection/prevention
• Signature less and correlation analysis of
Network and Host DLP
• Risk ranking of incidents and case
management
Fraud Intelligence
• Enterprise Fraud detection
• Web Fraud detection
• Customer Service Rep Fraud detection
Identity & Access Intelligence
• Global Identity Warehouse
• Access risk monitoring & cleanup
• Risk-based access requests
• Risk-based access certifications
Big Data Analytics
• Data Mining for security intelligence
• Purpose-built Security Analytics on
Hadoop, Greenplum and other Big Data
stores
• Visualization of linkages in large datasets
Cyber Threat Detection
• Targeted attack detection
• Low and slow attacks
• Advanced malware detection
• Investigation & Response
Application Security Intelligence
• Privilege Misuse
• Unusual view/download of sensitive
information
• Account Takeover
• Off the shelf and Custom Apps
Security Risk Monitoring
• Continuous risk monitoring
• Organization Risk Scorecard
• User Risk Scorecard
• System Risk Scorecard
Case Management
• Graphical Link analysis using investigation
workbench
• Case management
• Fully configurable workflow
• Reporting
15. We helped realize tangible benefits for the client…
15
Uniform risk and security management
• Consistent security model using roles, SOD policies, rules, templates, etc. across various critical /
enterprise applications, Big Data and Cloud providers
• Over 200+ security and SOD controls library, compliance dashboards provide visibility to security
posture
• Automated security life-cycle management combined with actionable usage analytics
• REST APIs enable easy integration with enterprise applications
Faster time to value
• Saves >70% time in implementing security vis-à-vis traditional methods
• Pre-built life-cycle management modules and best practice workflow
• Rapid application integration promotes factory model
Lower TCO
• Subscription-based pricing model
• Cloud-based deployment option available, lowers hardware footprint
• Reduce administrative overhead for audit reporting and user access management
• Improve end user satisfaction with intuitive and mobile ready security tools
1
2
3
16. Visit us at www.saviynt.com or our booth at IRM Summit
Thank You
Questions?