Management
Dustin Puryear
Sr. Consultant, Puryear IT, LLC
dustin@puryear-it.com
http://www.puryear-it.com/
Objectives
Find a common background for
discussing IAM
Discuss problems and opportunities in
the field
Introduce terminology
Highlight a possible future direction
Session Agenda
Todays Problems
Making It All Better
Now What?
Viva La Resistance!
Puryear IT
This Presentation
This presentation was written with
audit/compliance in mind.
Contact dustin@puryear-it.com to
have Dustin Puryear present this
topic to your organization or
company.
Todays Problems
So many IDs!
Person
Active Directory
Account
Online HR Info
Account
PeopleSoft User
Account
Multiple Contexts
Remote Employees
Employees
Customers
Suppliers
Partners
Trends
Regulation and Compliance
SOX, HIPAA, GLB
Increasing Threats
Identity theft
Exposure of confidential info
Maintenance Costs
The average employee needs access to 16
applications
Companies spend an estimated $20-30
user/year for password resets
Administrators
Audit/Compliance
Role
Management
User
Provisioning
IAM
Authorization
Directories
Audits &
Reporting
Authorization (AuthZ)
Deciding what resources can be accessed/used
by a user
Accounting
Charges you for what you do
IAM is a Foundation
Identity Management
Administration
AuthN
AuthZ
Now What?
Implement IAM!
Start Slow!
Define your Single Source of Truth
(SSOT)
Unfortunately, there may be more than
one, if that makes sense..
But How?
SSOT
Work with your team, IT, and
management to determine the true
source of user information
User Provisioning to AD
Its already happening!
Solutions
Microsoft ILM
CA eTrust Admin
Sun IM
The Results!
User provisioning can be automated
Password resets can be delegated to
the helpdesk
And the big one:
You can now audit both the user
provisioning and password resets
To PeopleSoft
Lawson
Oracle
Custom/in-house applications
Authorization
This is the hard one!
Applications define their AuthZ rules
differently
Try to consolidate to an AD/LDAP
authz landscape
Tackle this one application at a time!
Viva La Resistance!
IT Resistence
Sometimes IT resist a formalized IAM
process because:
We are too busy
We cant afford it
We dont want to give up control!
We Cant Afford It
There are small and big solutions to
this problem
If you are an AD-only shop with
minimal applications, then you can
start small
Larger enterprises have no choice,
they cant afford not to!
A Compromise
Take control without giving up
control!
A middle-ground:
IAM solutions can be used to explore
user directories/databases
Reports can be generated
IT can still do the provisioning itself
Summary
Summary
Its becoming impossible to manage
all of these accounts and rights by
hand
You can automate controls
You can automate audit reports
You can control THE PROCESS!
Who We Are?
Puryear IT is THE IAM specialist in
Louisiana
We help small and large companies,
ranging from 100 users to well over
20,000+ users
We are vendor-agnostic, and have worked
with everyone, including:
Microsoft
CA
Sun
Dustin Puryear
Sr. Consultant, Puryear IT, LLC
dustin@puryear-it.com
http://www.puryear-it.com/