Identity and Access Management community: Discover and share best practices to control IAM for your real world.
Access Governance remains one of the fastest growing market segments in the broader IAM/IAG (Identity and Access Management/Governance) market. Over the past few years, this segment has evolved significantly. Access Intelligence, providing advanced analytical capabilities for identifying access risks and analyzing the current status of entitlements is one of these additions. Improved capabilities in managing access risks are another. Some vendor have also added user activity monitoring to their products.
We were actually named Leader in all 4 categories by KuppingerCole in the 2014 Access Governance Leadership Compass report
This Leadership Compass provides an overview and analysis of the Access Governance market segment, and the solutions available.
Read Analyst Report
Security has become an increasingly important consideration for organizations. Authentication Services has always held security as one of its most important and core functions.In keeping with this concept we have been working on modules to ensure that Authentication Services will work on a Redhat Enterprise Linux operating system with SELinux fully enforced. We have been testing and modifying these modules for some time now to make sure they will work with as many configurations as possible; however internal testing can only go so far.
Our goal is to ensure we have something that will be functional for as many environments as possible without additional configuration while remaining secure. As such we would like to solicit feedback from the Authentication Services community.A project has been started that includes access to the modules, instructions on how to implement them. The Authentication Services forums are available to provide feedback on anything you might discover or you would like to comment on.
As Hellen Keller once said alone we can do so little; together we can do so much. We invite you to work together with us to make this functionality as robust as possible. So join the conversation today.
For access to the project please visit our github page
To discuss the project or to ask any question please visit the All Things Unix Forum
** Please Note: These modules are considered test modules and therefore would not yet be fully supported. They are intended for test environments only. For assistance we ask that you post your questions or concerns to forum where the product team can will review and assist. **
Webcast: 10 Ways to Secure and Manage the Risk of Service Accounts and Other Non-Human Accounts
Date: 12/18/2014 at 11:00 AM ET
Accounts for services and scheduled tasks don’t involve direct human interaction every time, so they’re non-human. They may not pose the same danger as an out-of-control cyborg, but these accounts may pose a greater risk to security than you might think. Attend this webcast with Randy Franklin Smith where he will show you how these type of accounts create all kinds of risks and management burdens, and what to do about them including:
I just returned from the Gartner IAM Summit in Las Vegas with and about a thousand of my IAM cohorts. It was great to spend the week learning more about IAM and talking with old colleagues and gaining new ones. One of the main topics was around how to build a successful enterprise IAM project and knowing what pitfalls to try and avoid. What I took away from it was that IAM is not a project but an ongoing process and in order to ensure success you need to:
Now I am not promising that if you do these two things your IAM journey will be an instance success, but I will promise you that if you don’t, it will probably fall short of accomplishing your goals. One thing that may be helpful in getting your stakeholders on board is to educate them on why IAM is important to the business; we have created a short paper that just might help you with that process, so take a look when you get the chance.
Not everything was about business though we were able to relax and have a bit of fun in our Star Wars hospitality suite on Wednesday! Thanks to those that joined us, and if you didn't get the chance make sure it is on your list to attend next year.
Date: Thursday, Dec. 11, 2014 at 11:00 AM PT / 2:00 PM ET
On-premises applications have taken a back seat for their more available, less expensive and equally as useful cloud equivalents. But organizations focused on ensuring application security lack the ability to properly control identity and access with cloud applications. New advances in Identity & Access Management (IAM) can provide the control and governance you need, available as a service. But is it right for your organization?
In this lively webinar, industry veteran Nick Cavalancia and David Miles, Sr. Product Manager, from Dell Software will discuss:
Dell One Identity as a Service will also be discussed as a viable option for those considering a SaaS solution for their identity and access management needs.
Was recently poking around a "What's New" post in the Community site for Dell vWorkspace, our desktop and application virtualization solution, when I came across a small reference (that involves Dell One Identity Cloud Access Manager) that I wanted to highlight here...
vWorkspace 8.0.1521 MR1 Optional Hotfix 362760 for Web Access Roles for solution SOL127785
This is an optional hotfix to address the following issue - Web Access Roles Please refer to the Support Portal knowledgebase article 127785.
Created: July 9, 2014
If you click through to the KB article, you find that this update includes Cloud Access Manager integration with the vWorkspace Web Access. Through this integration, Cloud Access Manager can present an integrated set of links on its Application Portal for:
What you end up with, for the end user, is an "aggregated workspace" of target links for end users, tailored only to show the applications they are entitled to per security settings in vWorkspace and Cloud Access Manager...
As for single single sign-on, the links on the Cloud Access Manager portal are related to files downloaded from the vWorkspace Web Access server, which embed credentials for accessing the vWorkspace apps. So once users log in to Cloud Access Manager, they don't see extra login events for vWorkspace applications. Cloud Access Manager does authenticate the user to the vWorkspace Web Access server, and that is either handled by a one-time password capture event, or optionally by reusing a user's corporate credentials. Basically, Cloud Access Manager treats vWorkspace Web Access as a special-case protected application.
Setup is straightforward, as seen here:
This is a good example of how we're always looking for ways to expand the value Cloud Access Manager provides customers by addressing new classes of applications. We'll be adding more functionality like this in the future - so stay tuned!
“The Cloud” is changing business in many ways. This discussion is mostly targeting B2B and B2C applications and how cloud and SaaS offerings are affecting access control and security.
Cloud and SaaS offerings affect businesses in the reduced time it takes to implement and begin using business relevant applications compared to the traditional way of getting an application up and running. In the past business departments needed to talk to IT, going through all the processes from budget funding to software selection to purchasing and finally the implementation process with IT. Today, you can simply subscribe to software as a service offering that fits your needs and you can start working. This is the “new business agility” that results from a SaaS offering.
The role of IT departments are changing and adapting. Even if the business departments can easily use line-of-business applications in the cloud, companies are still accountable for controlling the access, the use and the security of the data of those applications.
For the IT department this means that they are not necessarily the department implementing, operating and providing the application support itself but the tools and processes on how to govern and control the overall system security. IT departments need to become a real partner of the business and an enabler of the new agility. IT departments have an opportunity to become the internal facilitator or a kind of consultant for the integration of the business relevant SaaS applications. The business and IT need to ensure that the applications are brought into the overall IAG and GRC program and its tools and solutions so the processes like:
Who should have access or not?
How to grant or revoke access and permissions?
How to provision or de-provision access and permissions?
How to attest/recertify access and permissions?
Are not broken and the new applications fits into the overall scenario.
Uncontrolled growth and use of cloud applications by business could lead to uncontrolled systems and violation of internal and external regulatory controls. IT departments are the natural partner of the business for ensuring security and compliance not just for on premise applications but for SaaS applications as well.
A company should develop a best practices IAG/GRC program as a prerequisite to have the appropriate IAG applications in place that can provide all features required for managing both on-premises and off-premises applications.
We are honored to announce that Dell One Identity Manager has been chosen a Winner by the readers of SearchSecurity.com & Information Security Magazine.
"Dell's offering also supports other best-in-class IAM products, providing the ability to transition an entire IAM strategy into one view. Dell has moved to expand its One Identity suite with Cloud Access Manager as well. The cloud-focused play provides a number of traditional IAM features including single sign-on capabilities for a variety of Web application access scenarios."
Dell One Identity Manager provides you with the right access to business-critical information should be managed by the business and not by IT. That’s why Identity Manager empower the business to govern needed access for agile and effective operations, while reducing the burden on IT. Identity Manager gives you the visibility and control you need to:
The Identity Manager family of solutions includes three products, so you can choose the one that best meets your organization’s specific access management needs.
Read More about the Award
Learn More about Identity Manager
It is 6:30 in the morning and I'm about to get to ready to head to the airport and then home after a week-long business trip. On my way out the door I pick up my hotel bill; as I walk towards the elevator I look over the invoice and notice an additional restaurant charge from the night before. I go to the front desk and have the hotel staff check things over and quickly reverse the charges as someone else had accidentally charged their dinner to my room.
I know this has not been the first time it has happen to me or other colleagues. On my taxi ride to the airport, I keep wondering how does this happen? Why the server can’t realized someone just charged two different bills to the same room? Or, why aren’t there any measures within the restaurant management system in place to quickly pick up these anomalies?
To me, it should be a no brainer as the restaurant management systems should have some concept of Separation of Duties (SoD) to protect the restaurant and patrons from common errors like having guests accidentally charging their bill to other rooms. Ok, maybe I’m over-thinking this. However, it is too much to ask the restaurant management systems to at least warn the server closing the bill the same room number was used on another invoice less than hour ago? A simple pop up or warning message could have help the server realize a potential error or have the ability to correct before the invoice gets reconciled during the night and end up on someone else’s hotel bill.
Is separation of duties (SoD) the key to internal controls to increase protection from fraud and errors? Are today’s organizations taking more proactive measures to protect themselves against fraud or errors which can jeopardize their name brand or cost $$$$ in loss revenue, fines, etc.
The basis of segregation of duties (SoD) processing are rules that represent the technical implementation of prescribed guidelines. They are grouped according to different frameworks (e.g., “internal guidelines”, “SOX”, etc.) or according to content-related criteria, such as for individual application systems. They can either be preventive controls or detective controls. Either way, compliance with the rules established for employees and their access permissions in the enterprise need to be monitored with a SoD check.
Taking my hotel bill anomalies example and applying to real world scenarios, I see companies of all sizes starting to put more importance of not combing internal roles such as receiving and signing company checks. The separation of duties in this case fully restricts the amount of power an individual user has over its core responsibility and minimizes any potential risks.
Thursday, November 20th , 2014
2 pm EST
Clear proof that Dell Software Identity and Access Management solutions are MUCH more effective than your favorite pain reliever!
Learn how the City of Houston relieved its application access and password-induced headaches when it implemented Dell One Identity Manager and Cloud Access Manager for its 15,000 online users. Houston CIO Charles Thompson and Dell Software’s Mark Costenbader join Todd Sander of the Center for Digital Government in a webinar detailing how the city improved its security profile and reduced costs by using Dell Software.
Register for “Security Headaches? Streamline and Secure”