SlideShare una empresa de Scribd logo
1 de 29
Descargar para leer sin conexión
ITIL v3 - Access MANAGEMENT (IdM)




GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
Access Management. Definitions
ITIL v3 defines “Access Management” as:


“the process of granting authorized users the right to use a
   service, while preventing access to non-authorized users. It has
   also been referred to as Rights Management or Identity
   Management in different organizations.”

“the process that enables users to use the services that are
   documented in the Service Catalogue”




    GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
Access Management. Definitions

• Access refers to the level and extent of a service’s functionality or
data that a user is entitled to use.

• Identity refers to the information about them that distinguishes
them as an individual and which verifies their status within the
organization. By definition, the Identity of a user is unique to that
user.




      GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
Access Management. Definitions
• Rights (also called privileges) refer to the actual settings whereby a user is
provided access to a service or group of services. Typical rights, or levels of
access, include read, write, execute, change, delete.

• Services or service groups. Most users do not use only one service, and
users performing a similar set of activities will use a similar set of services.
Instead of providing access to each service for each user separately, it is
more efficient to be able to grant each user – or group of users – access to
the whole set of services that they are entitled to use at the same time.

• Directory Services refers to a specific type of tool that is used to manage
access and rights



       GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
Access Management. Roles.
                                  Workflow
                       Departs.                                                  
Deptos. Involucrados




                       RRHH                                                         
                       IT-
                       HelpDesk                                            
                       IT -
                       Seguridad                                                  
                                                 Alta
                                                               Cambio      Cambio
                                    Incorp.                                          Baja
                                                 Accsesos       Rol         Dpto.

                                              Ciclo de Vida del Empleado / Usuario



                       GSX – ACCESS MANAGEMENT 05-2009    Josep Bardallo
Definitions: IAM & SSO
• SSO = “Single Sign On”
   Es un proceso por el cual un usuario se Identifica y Autentifica
     una sóla vez para acceder a cualquier aplicación o sistema
     (“una sola password una sola vez”)

• IAM = “Identity & Access Management”
   Gestión de Identidades y Accesos: se encarga de gestionar el
     Ciclo de Vida de un Empleado en una organización.




     GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
IAM: Architecture




                                                   Nivel de
                                                   Funcionalidad




GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
Grrrr!




GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
The solution




GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
Access Management Process.
         Purpose/goal Objective
“Access Management provides the right for users to be able to use
 a service or group of services. It is therefore the execution of
 policies and actions defined in Security and Availability
 Management.”




    GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
Access Management Process
                       Scope
Access Management is effectively the execution of both Availability and Information
Security Management, in that it enables the organization to manage the
confidentiality, availability and integrity of the organization’s data and intellectual
property.

Access Management ensures that users are given the right to use a service, but it does
not ensure that this access is available at all agreed times – this is provided by
Availability Management.

Access Management is a process that is executed by all Technical and Application
Management functions and is usually not a separate function. However, there is likely to
be a single control point of coordination, usually in IT Operations Management or on
the Service Desk.

Access Management can be initiated by a Service Request through the Service Desk.




       GSX – ACCESS MANAGEMENT 05-2009       Josep Bardallo
Access Management Process
                           Process activities
• Requesting access
    • like Request for Change, Service Request, Scripts, Human ….
• Verification
    • That the user requesting access is who they say they are
    • That they have a legitimate requirement for that service
• Providing rights : provide that user with rights to use the requested service
    • Access Management does not decide who has access to which IT services. Rather,
    Access Management executes the policies and regulations defined during Service
    Strategy and Service Design
• Monitoring identity status
    • Access Management should understand and document the typical User Lifecycle for
    each type of user and use it to automate the process
• Logging and tracking access : ensuring that the rights that they have provided
are being properly used
• Removing or restricting rights

      GSX – ACCESS MANAGEMENT 05-2009       Josep Bardallo
Access Management Process
Triggers, input and output/inter-process interfaces

 • An RFC. This is most frequently used for large-scale service
 introductions or upgrades where the rights of a significant number of
 users need to be updated as part of the project.

 • A Service Request. This is usually initiated through the Service Desk, or
 directly into the Request Fulfilment system, and executed by the relevant
 Technical or Application Management teams.

 • A request from the appropriate Human Resources Management
 personnel (which should be channelled via the Service Desk). This is
 usually generated as part of the process for hiring, promoting, relocating
 and termination or retirement.

 • A request from the manager of a department, who could be
 performing an HR role, or who could have made a decision to start using
 a service for the first time.
    GSX – ACCESS MANAGEMENT 05-2009     Josep Bardallo
Tools Samples : ESSO
Applications




                                WSS-SAML                  LEGACY




                                PSGINA                    MSGINA

User Strong Authentication




       GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
Tools Samples : IAM



                              Rol


                       Auth

                                    Prov.




Provisioning            Workflow            MetaDirectory           Connectors   Applications
(HR, LDAP, BD,…)




               GSX – ACCESS MANAGEMENT 05-2009     Josep Bardallo
Workflow & PKI Integration




GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
Ejemplo: EPayment + DNIe

                         iPay
                         Name: Juan Perez
                         Address
                         ValidCertificate
                         Table23          Ammount153,03 €

                         Ammount:
                         A – HSBC PrivateAccount
                          PAYED
                                        153,03 €
                         BThanks Expenses Acc.
                           - CityBank for your
                          Visit - iPAY
                         C – VISA CreditCard

                         D –PayPalAccount




GSX – ACCESS MANAGEMENT 05-2009           Josep Bardallo
Tools Samples : ESSO




GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
Access Management Process
         Tools Samples : Identity Delegation




GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
Access Management Process
                               METRICS

Metrics that can be used to measure the efficiency and effectiveness
of Access Management include:

   • Number of requests for access (Service Request, RFC, etc.)
   • Instances of access granted, by service, user, department, etc.
   • Instances of access granted by department or individual
   granting rights
   • Number of incidents requiring a reset of access rights
   • Number of incidents caused by incorrect access settings.




    GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
Access Management Process
          Challenges, Critical Success Factors and risk

Conditions for successful Access Management include (KPI):
• The ability to verify the identity of a user (that the person is who they say they
are)
• The ability to verify the identity of the approving person or body
• The ability to verify that a user qualifies for access to a specific service
• The ability to link multiple access rights to an individual user
• The ability to determine the status of the user at any time (e.g. to determine
whether they are still employees of the organization when they log on to a
system)
• The ability to manage changes to a user’s access requirements
• The ability to restrict access rights to unauthorized users
• A database of all users and the rights that they have been granted.


      GSX – ACCESS MANAGEMENT 05-2009     Josep Bardallo
¿ Questions?




GSX – ACCESS MANAGEMENT 05-2009   Josep Bardallo
Gràcies
        Hindi
                                                                               Korean
                                          Traditional Chinese
                            Català


                                                                           Gracias
                 Russian                                                     Spanish




                                      Thank                                  Obrigado
                                      You
                                             English
                                                                              Brazilian Portuguese

    Arabic
                                                                   Danke
                                                                  German

                  Grazie                                                     Merci
                  Italian
                                         Simplified Chinese                  French




Tamil
                                                       Japanese                         Thai



                GSX – ACCESS MANAGEMENT 05-2009         Josep Bardallo

Más contenido relacionado

La actualidad más candente

AD Audit Plus a Detailed Walkthrough
AD Audit Plus a Detailed WalkthroughAD Audit Plus a Detailed Walkthrough
AD Audit Plus a Detailed WalkthroughADAuditPlus
 
ITIL Practical Guide - Service Operation
ITIL Practical Guide - Service OperationITIL Practical Guide - Service Operation
ITIL Practical Guide - Service OperationAxios Systems
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access ManagementPrashanth BS
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT Center
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesCisco Canada
 
Integrate microsoft azure storage with backup solutions
Integrate microsoft azure storage with backup solutionsIntegrate microsoft azure storage with backup solutions
Integrate microsoft azure storage with backup solutionsIngram Micro
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trinings
 
ITIL Service Desk Tools
ITIL Service Desk ToolsITIL Service Desk Tools
ITIL Service Desk Toolsahmedshama
 
Contribuições aos modelos de maturidade em gestão por processos e de excelênc...
Contribuições aos modelos de maturidade em gestão por processos e de excelênc...Contribuições aos modelos de maturidade em gestão por processos e de excelênc...
Contribuições aos modelos de maturidade em gestão por processos e de excelênc...Felipe Guedes Pinheiro
 
Itil 4 foudnation exam sample answers booklet 1
Itil 4 foudnation exam sample answers booklet 1Itil 4 foudnation exam sample answers booklet 1
Itil 4 foudnation exam sample answers booklet 1Bambang Sutejo
 
ServiceNow ITSM Overview
ServiceNow ITSM OverviewServiceNow ITSM Overview
ServiceNow ITSM OverviewJade Global
 
Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access ControlEmpowerID
 
Managed Services Presentation
Managed Services PresentationManaged Services Presentation
Managed Services PresentationScott Gombar
 
IT Service Level Agreement
IT Service Level AgreementIT Service Level Agreement
IT Service Level AgreementKHNOG
 
INTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONSINTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONSIvanti
 
ITIL v3 Foundation Overview
ITIL v3 Foundation OverviewITIL v3 Foundation Overview
ITIL v3 Foundation Overviewadabbas
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Aujas
 
Boost your ITSM maturity with a service catalog
Boost your ITSM maturity with a service catalogBoost your ITSM maturity with a service catalog
Boost your ITSM maturity with a service catalogAxios Systems
 

La actualidad más candente (20)

AD Audit Plus a Detailed Walkthrough
AD Audit Plus a Detailed WalkthroughAD Audit Plus a Detailed Walkthrough
AD Audit Plus a Detailed Walkthrough
 
ITIL Practical Guide - Service Operation
ITIL Practical Guide - Service OperationITIL Practical Guide - Service Operation
ITIL Practical Guide - Service Operation
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
 
Integrate microsoft azure storage with backup solutions
Integrate microsoft azure storage with backup solutionsIntegrate microsoft azure storage with backup solutions
Integrate microsoft azure storage with backup solutions
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
 
ITIL Service Desk Tools
ITIL Service Desk ToolsITIL Service Desk Tools
ITIL Service Desk Tools
 
Contribuições aos modelos de maturidade em gestão por processos e de excelênc...
Contribuições aos modelos de maturidade em gestão por processos e de excelênc...Contribuições aos modelos de maturidade em gestão por processos e de excelênc...
Contribuições aos modelos de maturidade em gestão por processos e de excelênc...
 
Itil 4 foudnation exam sample answers booklet 1
Itil 4 foudnation exam sample answers booklet 1Itil 4 foudnation exam sample answers booklet 1
Itil 4 foudnation exam sample answers booklet 1
 
Itil v4-mindmap
Itil v4-mindmapItil v4-mindmap
Itil v4-mindmap
 
ServiceNow ITSM Overview
ServiceNow ITSM OverviewServiceNow ITSM Overview
ServiceNow ITSM Overview
 
Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)
 
Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access Control
 
Managed Services Presentation
Managed Services PresentationManaged Services Presentation
Managed Services Presentation
 
IT Service Level Agreement
IT Service Level AgreementIT Service Level Agreement
IT Service Level Agreement
 
INTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONSINTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONS
 
ITIL v3 Foundation Overview
ITIL v3 Foundation OverviewITIL v3 Foundation Overview
ITIL v3 Foundation Overview
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016
 
Boost your ITSM maturity with a service catalog
Boost your ITSM maturity with a service catalogBoost your ITSM maturity with a service catalog
Boost your ITSM maturity with a service catalog
 

Similar a ITIL - IAM (Access Management)

Continuous Auditing, Monitoring & Data Analytics
Continuous Auditing, Monitoring & Data AnalyticsContinuous Auditing, Monitoring & Data Analytics
Continuous Auditing, Monitoring & Data AnalyticsCISA1567
 
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...e-Xpert Solutions SA
 
XsXprt, a User Access Compliance and License Management tool for SAP
XsXprt, a User Access Compliance and License Management tool for SAPXsXprt, a User Access Compliance and License Management tool for SAP
XsXprt, a User Access Compliance and License Management tool for SAPGourav Ladha
 
Australia Department of Immigration and Citizenship - A Case Study on Transfo...
Australia Department of Immigration and Citizenship - A Case Study on Transfo...Australia Department of Immigration and Citizenship - A Case Study on Transfo...
Australia Department of Immigration and Citizenship - A Case Study on Transfo...Vincent Kwon
 
ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!
ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!
ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!Dayalan Punniyamoorthy
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineNovell
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
RM5 IdM, Centralized Entitlement Management
RM5 IdM, Centralized Entitlement ManagementRM5 IdM, Centralized Entitlement Management
RM5 IdM, Centralized Entitlement ManagementChristian Sundell
 
Active directory solutions brochure
Active directory solutions brochureActive directory solutions brochure
Active directory solutions brochureZoho Corporation
 
Detailed Total Enrollment
Detailed  Total  EnrollmentDetailed  Total  Enrollment
Detailed Total Enrollmenttreyreeves1953
 
Placement of BPM runtime components in an SOA environment
Placement of BPM runtime components in an SOA environmentPlacement of BPM runtime components in an SOA environment
Placement of BPM runtime components in an SOA environmentKim Clark
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Syspangel4
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...CA Technologies
 
Employee Profile Management System
Employee Profile Management SystemEmployee Profile Management System
Employee Profile Management Systemncct
 

Similar a ITIL - IAM (Access Management) (20)

Continuous Auditing, Monitoring & Data Analytics
Continuous Auditing, Monitoring & Data AnalyticsContinuous Auditing, Monitoring & Data Analytics
Continuous Auditing, Monitoring & Data Analytics
 
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
 
XsXprt, a User Access Compliance and License Management tool for SAP
XsXprt, a User Access Compliance and License Management tool for SAPXsXprt, a User Access Compliance and License Management tool for SAP
XsXprt, a User Access Compliance and License Management tool for SAP
 
Australia Department of Immigration and Citizenship - A Case Study on Transfo...
Australia Department of Immigration and Citizenship - A Case Study on Transfo...Australia Department of Immigration and Citizenship - A Case Study on Transfo...
Australia Department of Immigration and Citizenship - A Case Study on Transfo...
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
 
ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!
ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!
ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product Line
 
IdM FinalVer
IdM FinalVerIdM FinalVer
IdM FinalVer
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online training
 
Soa Test Methodology
Soa Test MethodologySoa Test Methodology
Soa Test Methodology
 
Vj courier
Vj courier Vj courier
Vj courier
 
RM5 IdM, Centralized Entitlement Management
RM5 IdM, Centralized Entitlement ManagementRM5 IdM, Centralized Entitlement Management
RM5 IdM, Centralized Entitlement Management
 
Active directory solutions brochure
Active directory solutions brochureActive directory solutions brochure
Active directory solutions brochure
 
Detailed Total Enrollment
Detailed  Total  EnrollmentDetailed  Total  Enrollment
Detailed Total Enrollment
 
Placement of BPM runtime components in an SOA environment
Placement of BPM runtime components in an SOA environmentPlacement of BPM runtime components in an SOA environment
Placement of BPM runtime components in an SOA environment
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Sys
 
GRC Software Implementation Strategy
GRC Software Implementation StrategyGRC Software Implementation Strategy
GRC Software Implementation Strategy
 
DCE - IBM Blueworks LIVE
DCE - IBM Blueworks LIVEDCE - IBM Blueworks LIVE
DCE - IBM Blueworks LIVE
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
 
Employee Profile Management System
Employee Profile Management SystemEmployee Profile Management System
Employee Profile Management System
 

Más de Josep Bardallo

DNIe como acceso universal en entornos multiplataforma
DNIe como acceso universal en entornos multiplataformaDNIe como acceso universal en entornos multiplataforma
DNIe como acceso universal en entornos multiplataformaJosep Bardallo
 
Svt cloud security services - Catalogo de Servicios
Svt cloud security services - Catalogo de ServiciosSvt cloud security services - Catalogo de Servicios
Svt cloud security services - Catalogo de ServiciosJosep Bardallo
 
M10 service management
M10 service managementM10 service management
M10 service managementJosep Bardallo
 
M9 cloud & open source
M9 cloud & open sourceM9 cloud & open source
M9 cloud & open sourceJosep Bardallo
 
M8 privacy & regulatory in internet
M8 privacy & regulatory in internetM8 privacy & regulatory in internet
M8 privacy & regulatory in internetJosep Bardallo
 
M4 internet systems & applications I
M4   internet systems & applications IM4   internet systems & applications I
M4 internet systems & applications IJosep Bardallo
 
M5 internet systems & applications ii
M5 internet systems & applications iiM5 internet systems & applications ii
M5 internet systems & applications iiJosep Bardallo
 
M1 network types & internet
M1   network types & internetM1   network types & internet
M1 network types & internetJosep Bardallo
 
S4 public or private datacenter
S4 public or private datacenterS4 public or private datacenter
S4 public or private datacenterJosep Bardallo
 
S3 internet business with user data
S3   internet business with user dataS3   internet business with user data
S3 internet business with user dataJosep Bardallo
 
S1 internet, secure place for business
S1   internet, secure place for businessS1   internet, secure place for business
S1 internet, secure place for businessJosep Bardallo
 
Securima ti ca 2013 - seguridad en la nube
Securima ti ca 2013 - seguridad en la nubeSecurima ti ca 2013 - seguridad en la nube
Securima ti ca 2013 - seguridad en la nubeJosep Bardallo
 
SVT CloudJacket Service
SVT CloudJacket ServiceSVT CloudJacket Service
SVT CloudJacket ServiceJosep Bardallo
 
SVT. innovacion y crecimiento con Cloud 2013
SVT. innovacion y crecimiento con Cloud 2013SVT. innovacion y crecimiento con Cloud 2013
SVT. innovacion y crecimiento con Cloud 2013Josep Bardallo
 
Ahorro De Costes Con Esso. Best Practices
Ahorro De Costes Con Esso. Best PracticesAhorro De Costes Con Esso. Best Practices
Ahorro De Costes Con Esso. Best PracticesJosep Bardallo
 

Más de Josep Bardallo (20)

DNIe como acceso universal en entornos multiplataforma
DNIe como acceso universal en entornos multiplataformaDNIe como acceso universal en entornos multiplataforma
DNIe como acceso universal en entornos multiplataforma
 
Svt cloud security services - Catalogo de Servicios
Svt cloud security services - Catalogo de ServiciosSvt cloud security services - Catalogo de Servicios
Svt cloud security services - Catalogo de Servicios
 
M10 service management
M10 service managementM10 service management
M10 service management
 
M9 cloud & open source
M9 cloud & open sourceM9 cloud & open source
M9 cloud & open source
 
M8 privacy & regulatory in internet
M8 privacy & regulatory in internetM8 privacy & regulatory in internet
M8 privacy & regulatory in internet
 
M7 internet security
M7 internet securityM7 internet security
M7 internet security
 
M6 cloud computing
M6 cloud computingM6 cloud computing
M6 cloud computing
 
M4 internet systems & applications I
M4   internet systems & applications IM4   internet systems & applications I
M4 internet systems & applications I
 
M5 internet systems & applications ii
M5 internet systems & applications iiM5 internet systems & applications ii
M5 internet systems & applications ii
 
M1 network types & internet
M1   network types & internetM1   network types & internet
M1 network types & internet
 
S6 cloud hype cycle
S6 cloud hype cycleS6 cloud hype cycle
S6 cloud hype cycle
 
S5 email dying
S5 email dyingS5 email dying
S5 email dying
 
S4 public or private datacenter
S4 public or private datacenterS4 public or private datacenter
S4 public or private datacenter
 
S3 internet business with user data
S3   internet business with user dataS3   internet business with user data
S3 internet business with user data
 
S1 internet, secure place for business
S1   internet, secure place for businessS1   internet, secure place for business
S1 internet, secure place for business
 
Securima ti ca 2013 - seguridad en la nube
Securima ti ca 2013 - seguridad en la nubeSecurima ti ca 2013 - seguridad en la nube
Securima ti ca 2013 - seguridad en la nube
 
SVT CloudJacket Service
SVT CloudJacket ServiceSVT CloudJacket Service
SVT CloudJacket Service
 
SVT. innovacion y crecimiento con Cloud 2013
SVT. innovacion y crecimiento con Cloud 2013SVT. innovacion y crecimiento con Cloud 2013
SVT. innovacion y crecimiento con Cloud 2013
 
Ahorro De Costes Con Esso. Best Practices
Ahorro De Costes Con Esso. Best PracticesAhorro De Costes Con Esso. Best Practices
Ahorro De Costes Con Esso. Best Practices
 
SSO ROI
SSO ROISSO ROI
SSO ROI
 

ITIL - IAM (Access Management)

  • 1. ITIL v3 - Access MANAGEMENT (IdM) GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 2. Access Management. Definitions ITIL v3 defines “Access Management” as: “the process of granting authorized users the right to use a service, while preventing access to non-authorized users. It has also been referred to as Rights Management or Identity Management in different organizations.” “the process that enables users to use the services that are documented in the Service Catalogue” GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 3. Access Management. Definitions • Access refers to the level and extent of a service’s functionality or data that a user is entitled to use. • Identity refers to the information about them that distinguishes them as an individual and which verifies their status within the organization. By definition, the Identity of a user is unique to that user. GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 4. Access Management. Definitions • Rights (also called privileges) refer to the actual settings whereby a user is provided access to a service or group of services. Typical rights, or levels of access, include read, write, execute, change, delete. • Services or service groups. Most users do not use only one service, and users performing a similar set of activities will use a similar set of services. Instead of providing access to each service for each user separately, it is more efficient to be able to grant each user – or group of users – access to the whole set of services that they are entitled to use at the same time. • Directory Services refers to a specific type of tool that is used to manage access and rights GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 5. Access Management. Roles. Workflow Departs.      Deptos. Involucrados RRHH   IT- HelpDesk   IT - Seguridad     Alta Cambio Cambio Incorp. Baja Accsesos Rol Dpto. Ciclo de Vida del Empleado / Usuario GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 6. Definitions: IAM & SSO • SSO = “Single Sign On” Es un proceso por el cual un usuario se Identifica y Autentifica una sóla vez para acceder a cualquier aplicación o sistema (“una sola password una sola vez”) • IAM = “Identity & Access Management” Gestión de Identidades y Accesos: se encarga de gestionar el Ciclo de Vida de un Empleado en una organización. GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 7. IAM: Architecture Nivel de Funcionalidad GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 8. Grrrr! GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 9. The solution GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 10. GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 11. Access Management Process. Purpose/goal Objective “Access Management provides the right for users to be able to use a service or group of services. It is therefore the execution of policies and actions defined in Security and Availability Management.” GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 12. Access Management Process Scope Access Management is effectively the execution of both Availability and Information Security Management, in that it enables the organization to manage the confidentiality, availability and integrity of the organization’s data and intellectual property. Access Management ensures that users are given the right to use a service, but it does not ensure that this access is available at all agreed times – this is provided by Availability Management. Access Management is a process that is executed by all Technical and Application Management functions and is usually not a separate function. However, there is likely to be a single control point of coordination, usually in IT Operations Management or on the Service Desk. Access Management can be initiated by a Service Request through the Service Desk. GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 13. Access Management Process Process activities • Requesting access • like Request for Change, Service Request, Scripts, Human …. • Verification • That the user requesting access is who they say they are • That they have a legitimate requirement for that service • Providing rights : provide that user with rights to use the requested service • Access Management does not decide who has access to which IT services. Rather, Access Management executes the policies and regulations defined during Service Strategy and Service Design • Monitoring identity status • Access Management should understand and document the typical User Lifecycle for each type of user and use it to automate the process • Logging and tracking access : ensuring that the rights that they have provided are being properly used • Removing or restricting rights GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 14. Access Management Process Triggers, input and output/inter-process interfaces • An RFC. This is most frequently used for large-scale service introductions or upgrades where the rights of a significant number of users need to be updated as part of the project. • A Service Request. This is usually initiated through the Service Desk, or directly into the Request Fulfilment system, and executed by the relevant Technical or Application Management teams. • A request from the appropriate Human Resources Management personnel (which should be channelled via the Service Desk). This is usually generated as part of the process for hiring, promoting, relocating and termination or retirement. • A request from the manager of a department, who could be performing an HR role, or who could have made a decision to start using a service for the first time. GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 15. Tools Samples : ESSO Applications WSS-SAML LEGACY PSGINA MSGINA User Strong Authentication GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 16. Tools Samples : IAM Rol Auth Prov. Provisioning Workflow MetaDirectory Connectors Applications (HR, LDAP, BD,…) GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 17. Workflow & PKI Integration GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 18. Ejemplo: EPayment + DNIe iPay Name: Juan Perez Address ValidCertificate Table23 Ammount153,03 € Ammount: A – HSBC PrivateAccount PAYED 153,03 € BThanks Expenses Acc. - CityBank for your Visit - iPAY C – VISA CreditCard D –PayPalAccount GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 19. Tools Samples : ESSO GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 20. GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 21. GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 22. Access Management Process Tools Samples : Identity Delegation GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 23. GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 24. GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 25. GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 26. Access Management Process METRICS Metrics that can be used to measure the efficiency and effectiveness of Access Management include: • Number of requests for access (Service Request, RFC, etc.) • Instances of access granted, by service, user, department, etc. • Instances of access granted by department or individual granting rights • Number of incidents requiring a reset of access rights • Number of incidents caused by incorrect access settings. GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 27. Access Management Process Challenges, Critical Success Factors and risk Conditions for successful Access Management include (KPI): • The ability to verify the identity of a user (that the person is who they say they are) • The ability to verify the identity of the approving person or body • The ability to verify that a user qualifies for access to a specific service • The ability to link multiple access rights to an individual user • The ability to determine the status of the user at any time (e.g. to determine whether they are still employees of the organization when they log on to a system) • The ability to manage changes to a user’s access requirements • The ability to restrict access rights to unauthorized users • A database of all users and the rights that they have been granted. GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 28. ¿ Questions? GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo
  • 29. Gràcies Hindi Korean Traditional Chinese Català Gracias Russian Spanish Thank Obrigado You English Brazilian Portuguese Arabic Danke German Grazie Merci Italian Simplified Chinese French Tamil Japanese Thai GSX – ACCESS MANAGEMENT 05-2009 Josep Bardallo