SlideShare a Scribd company logo

Identity & Access Management for Securing DevOps

Eryk Budi Pratama
Eryk Budi Pratama

The document discusses identity and access management (IAM) for securing the DevOps lifecycle. It covers key aspects of IAM including: - User access provisioning and de-provisioning, periodic access reviews, privileged user accounts, and segregation of duties being primary concerns. - The importance of IAM foundations like identity management, access management, directory services, and managing complex identity relationships rather than just identities. - Business values of IAM like automation, consistency, accountability, reduced costs, better service, and optimized compliance. - Drivers for IAM investments like security, compliance with regulations, and improving productivity. - The IAM lifecycle including identity management, access management, provisioning,

1 of 41
Downloaded 254 times
Identity & Access Management for Securing DevOps Lifecycle Eryk Budi Pratama DevSecOps ID 4th Meetup | 14 Nov 2019
Start with problems
IT Audit as the primary driver Understanding the business, entity, and IT Environment Identify account, significant accounts and processes Understand process, including related applications Identify WCGW and relevant controls Manual control or Application Control IT General Control Test of Design (TOD) and Test of Effectiveness (TOE) IT General Control IT-Dependent Manual Controls Manual Controls Application Controls Objective of Control TypeofControl Manual Automated Prevent Detect Misstatement in The Financial Statements Audit Process IT Audit as part of Financial Audit
IT General Control as part of IT Audit Access to Program and Data ▪ Policies and procedures ▪ User access provisioning and de-provisioning ▪ Periodic access reviews ▪ Password requirements ▪ Privileged user accounts ▪ Physical access ▪ Appropriateness of access/ segregation of duties ▪ Encryption ▪ System authentication ▪ Audit logs ▪ Network security Program Changes & Development Computer Operations ▪ Change management procedures and system development methodology ▪ Authorization, development, implementation, testing, approval, and documentation ▪ Migration to the production environment (Separation of Duties) ▪ Configuration changes ▪ Emergency changes ▪ Data migration and version controls ▪ Post change/implementation testing and reviews ▪ Batch job processing ▪ Monitoring of jobs (success/ failure) ▪ Backup and recovery procedures ▪ Incident handling and problem management ▪ Changes to the batch job schedules ▪ Environmental controls ▪ Disaster Recovery Plan (DRP) and Business Continuity Plan (DRP) ▪ Patch management
User and Access Management as primary concern User access provisioning and de-provisioning Periodic access reviews Privileged user accounts Segregation of duties System authentication User Management Access Management
IAM Foundation
Identity and Access Management Security Management Provides the overarching framework, policies, and procedures Identity Management Access Management Manages individual identities and their access to resources and services Manages the “who has access to what” question and allows access based on individual relationship with the resources and services Directory Services Maintains an identity repository that store identity data and attributes, and provides access and authorization information “ IAM grants authorized users the right to use a service, while preventing access to non-authorized users “
From Simply Managing Identities to Managing Complex Relationships source: Forrester Research Identity Access Management Identity Relationship Management
IAM Business Value Automation & Repeatability Consistency Accountability Reduce Cost Better Service Optimize Compliance Core Benefits Drive Results Managing Risk Efficiently Sample Metrics ▪ % of access request in compliance with policy ▪ % of privileges covered by periodic review ▪ % of changes done through the tool ▪ % of request initiated through proper channel / procedure ▪ Avg time to obtain approval from access request ▪ etc….
Major Drivers for IAM Investments source: https://assets.kpmg/content/dam/kpmg/ch/pdf/ch-identity-and-access-management.pdf
IAM – NIST Cybersecurity Framework View Identity Management and Access Control (PR.AC) is part of Protect domain within NIST Cybersecurity Framework. Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions. PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes PR.AC-2: Physical access to assets is managed and protected PR.AC-3: Remote access is managed PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties PR.AC-5: Network integrity is protected (e.g., network segregation, network segmentation) PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions PR.AC-7: Users, devices, and other assets are authenticated
IAM – CIS Top 20 CSC View ▪ Deploy Port Level Access Control ▪ Utilize Client Certificates to Authenticate Hardware Assets ▪ Maintain Inventory of Administrative Accounts ▪ Change Default Passwords ▪ Ensure the Use of Dedicated Administrative Accounts ▪ Use Multifactor Authentication For All Administrative Access ▪ Manage Network Devices Using Multi-Factor Authentication and Encrypted Sessions ▪ Manage Network Infrastructure Through a Dedicated Network ▪ Require All Remote Login to Use Multi-Factor Authentication ▪ Segment the Network Based on Sensitivity ▪ Enable Firewall Filtering Between VLANs ▪ Disable Workstation to Workstation Communication ▪ Protect Information through Access Control List ▪ Maintain an Inventory of Authentication Systems ▪ Require Multi-Factor Authentication ▪ Encrypt or Hash all Authentication Credentials ▪ Maintain an Inventory of Accounts ▪ Establish Process for Revoking Access ▪ Disable Any Unassociated Accounts ▪ Disable Dormant Accounts ▪ Ensure All Accounts Have An Expiration Date ▪ Manage All Devices Remotely Logging into Internal Network
Identity Management Basic Process Authoritative/Trusted Source Middleware / Identity Management Solution Target System HR Data IDM Solution Active Directory Email Server ERP Others Applications Provisioning Reconciliation Create,Update,Revoke
Access Management Basic Process Receive Request Verification Provide Rights Log and Track Access ▪ Change requests ▪ Services requests ▪ HR requests ▪ App / Script requests ▪ Valid user ? ▪ Valid request ? ▪ Request access ? ▪ Remove access ? ▪ Provide access ▪ Remove access ▪ Restrict access ▪ Check and monitor identity status ▪ Violations to Incident Management Process Business Rules, Policies, Procedures, Controls ISMS
User Account & Access Lifecycle Application Lifecycle Role Mining & Definition Change location s, roles, etc Forget p assword • Zero Day Access Provisioning • Rehire • Reinstate Access Person Onboarding • Self-Service Request • Request on behalf of another user Access Request Access Request • Segregation of Duties Policies • Policy-violation scan Policy & Risk Policy & Risk • Application Periodic Access Review • Role Periodic Access Review • Privileged Account Periodic Access Review Periodic Access Review Periodic Access Review • Produce or Export Operational Metrics • Configurable Auditing of all Identity- related events Reporting Reporting • Job Transfer • Authoritative System Attribute Change • Temporary Leave User Access Change Events User Access Change Events Termination • Planned Exit • Emergency Termination • Third Party Resource Termination Termination • Standardized On-boarding of Applications • Application Change • Role Lifecycle Management Application Lifecycle Role Mining & Definition Person Onboarding source: https://home.kpmg/content/dam/kpmg/us/pdf/2018/10/kpmg-access-management-orchestration-suite.PDF
Common Challenges source: EY – Identity and Access Management Beyond Compliance User access request and approve Provision/de- provision Enforce Report and audit Review and certify Reconcile ▪ Processes differ by location, business unit and resource ▪ Approvers have insufficient context of user access needs —do users really need access to private or confidential data ▪ Users find it difficult to request required access ▪ Time lines to grant/remove access are excessive ▪ Inefficient and error-prone manual provisioning processes are used ▪ Access profile cloning occurs inappropriately ▪ Inappropriate access may not be de- provisioned. ▪ Applications do not support central access management ▪ Access management policies do not exist ▪ Segregation of duties is not enforced ▪ Role/rule-based access is used inconsistently ▪ Actual rights on systems exceed access levels that were originally approved/provisioned ▪ There is no single authoritative identity repository for employees/ non-employees. ▪ Processes are manual and differ by location, business unit and resource ▪ Reviewers must complete multiple, redundant and granular access reviews ▪ KPIs/metrics do not exist or do not align with business- driven success criteria (e.g., reduce risk by removing terminated user access on the day of termination) ▪ Audits are labor intensive
On Premise IAM Disclaimer: Because of time limitation to present the material, for example purpose, this section will cover the overview of Sailpoint IdentityIQ & Forgerock OpenAM as the speaker’s team experiences are on the described platform.
Forgerock Architecture source: https://backstage.forgerock.com/docs/openam/12/deployment-planning/ ▪ OpenAM Context-Based Access Management System. OpenAM is an all-in- one industry-leading access management sol ution, providing authentication, authorization, federation, Web services security, adaptive risk, and entitlements services among many other features. ▪ OpenIDM. Cloud-Focused Identity Administra tion. OpenIDM is a lightweight provisioning system, built on resource-oriented principles. ▪ OpenDJ. Internet Scale Directory Server. OpenDJ provides full LDAP protocol support, multi-protocol access, cross-domain replicatio n, common REST framework, SCIM support, and many other features. ▪ OpenIG. No Touch Single Sign-On (SSO) to enterprise, legacy, and custom applications. OpenIG is a reverse proxy server with special ized session management and credential replay functionality. ▪ OpenICF. Enterprise and Cloud Identity Infrastructure Connectors.
OpenAM Architecture source: https://backstage.forgerock.com/docs/openam/12/deployment-planning/
OpenAM Deployment Example OpenAM Frontend Load Balancer Reverse Proxy Layer
Sailpoint IdentityIQ Architecture source: https://allaboutiam.com/2014/12/25/generic-identityiq-implementation-architecture/
Sailpoint IdentityIQ – Sample Dashboard
Cloud IAM Disclaimer: Because of time limitation to present the material, for example purpose, this section will cover the overview of Google cloud-based IAM as the speaker experience is on GCP platform.
Cloud IAM Resource Hierarchy source: https://cloud.google.com/iam/docs/overview Policy is set on a resource, and each policy contains a set of: ▪ Roles ▪ Role members Resources inherit policies from parent: ▪ Resource policies are a union of parent and resource. If parent policy is less restrictive, it overrides a more restrictive resource policy
Permissions Management in Cloud IAM source: https://cloud.google.com/iam/docs/overview
Cloud IAM Policy source: https://cloud.google.com/iam/docs/overview
IAM in DevOps
Cloud Access Security Broker (CASB) at glance source: https://www.skyhighnetworks.com/cloud-security-blog/how-to-deploy-a-casb-the-first-cloud-security-reference-architecture/
Integrate IDM to Jenkins (via SAML Plugin) source: https://github.com/jenkinsci/saml-plugin/ Configure Global Security Enable Security SAML 2.0 Configure plugin settings
Basic SAML Transaction Steps (Sample) source: https://github.com/jenkinsci/saml-plugin/ 1. The user attempts to reach a hosted Google application, such as Gmail, Start Pages, or another Google service. 2. Google generates a SAML authentication request. The SAML request is encoded and embedded into the URL for the partner's SSO service. 3. Google sends a redirect to the user's browser. The redirect URL includes the encoded SAML authentication request that should be submitted to the partner's SSO service. 4. The partner decodes the SAML request and extracts the URL for both Google's ACS (Assertion Consumer Service) and the user's destination URL (RelayState parameter). 5. The partner generates a SAML response that contains the authenticated user's username 6. The partner encodes the SAML response and the Relay State parameter and returns that information to the user's browser. 7. Google's ACS verifies the SAML response using the partner's public key. If the response is successfully verified, ACS redirects the user to the destination URL. 8. The user has been redirected to the destination URL and is logged in to Google.
Authorization Workflow between IDM and AM source: https://forum.forgerock.com/2018/05/forgerock-identity-platform-version-6-integrating-idm-ds/
Integrate IDM to Kubernetes (via OIDC) source: https://kubernetes.io/docs/reference/access-authn-authz/authentication/
Access Management Orchestration (sample) source: https://home.kpmg/content/dam/kpmg/us/pdf/2018/10/kpmg-access-management-orchestration-suite.PDF Policy Lifecycle Orch’s
Case Study Disclaimer: The case study has been sanitized to ensure the confidentiality of speaker’s team experience in delivering Identity & Access Management services.
Case Study – Identity Management Platform Deployment Insurance Company Challenge Approach Deliverable — Leading global insurance company, had a number of outstanding audit points arising from the lack of visibility into “who has access to what”. The client, in order to address these audit points, embarked on an Identity and Access Management programme in XXXX that saw the replacement of their existing legacy automated provisioning tool with a strategic Identity Management platform. This project involved the management of 5000 users and covered the on-boarding of 35 business critical applications. — [Consultant] was selected to help the client deploy the strategic Identity Management platform. — [Consultant] followed an access governance led approach to the deployment i.e; authoritative source data was reconciled prior to applications being on-boarded. Entitlement review was conducted across all on-boarded applications. — Once periodic entitlement reviews were instituted as a BAU process, the platform was further enhanced to support access requests and Joiner, Movers and Leavers policies. — Business and IT roles were on-boarded to conduct role based certifications for specific applications. — [Consultant] helped with the remediation of orphan and dormant accounts, including the establishment of unique identifiers for every identity record. — The project was successfully transitioned to deployment support after the deployment of core functionality. — [Consultant] put together a multi location support team to help the client consolidate the functionality built and to support the continued roll-out of the platform across their application estate. — Delivery of a comprehensive strategic user access programme that is supported by all divisions within the organization and satisfies the regulator. — A clear vision of the target state and practical implementation phases for sustained growth. — A multi location support team to help consolidate the functionality built and to support the continued roll-out of the platform across application estate.
Identity Management Platform Deployment – Holistic View source: KPMG – Identity and Access Management the new Complex
Identity Management Platform Deployment (1/3) Project Governance Initiate Infrastructure Analysis & Design Configure & Build Test & Verify Release Close Tasks Deliverables Baseline [Tools] install in development environment ▪ Infrastructure Validation Host Instance Diagrams ▪ Baseline [Tools] Installation in Development Environment ▪ [Tools] environment ready for Test and Verification Source repository configured with a Standard Build Environment and tools. Environment connection details captured and documented. Developer and system accounts created Development, UAT, and Production environments in place
Identity Management Platform Deployment (2/3) Project Governance Initiate Infrastructure Analysis & Design Configure & Build Test & Verify Release Close Tasks Deliverables Requirements definition and update to Project planning ▪ Requirements Traceability Matrix ▪ High Level Architecture Specification ▪ Detailed Design document Requirements Stakeholder Interviews Requirements Traceability Matrix Approval Initial draft of Design Specification (developed iteratively throughout the engagement) High Level Architecture Specification Approval
Identity Management Platform Deployment (3/3) Project Governance Initiate Infrastructure Analysis & Design Configure & Build Test & Verify Release Close Tasks Deliverables Iterative updates to Design Specification ▪ Identity cubes built and populated ▪ Models and policies defined in [Tools] ▪ Workflows implemented ▪ Simple Branded Pages ▪ Build Guide Established ▪ All configurations complete Data loading Load authoritative source Load account and entitlement data Correlate accounts to identities Review orphans Workflow definition Policy modeling Create Build Guide (UAT) Configuration of access certifications Development of rule libraries General configuration of reporting, and dashboard Pass-Through Authentication / SSO Configuration Simple Branding Preparation of UAT-ready system
Key Success Factor – Who should involved Identity & Access Management Business Responsible for management / controlling of business activities IT Architecture & Ops Responsible for IT Architecture & IT Ops Programs & Projects Responsible for updating the IT of the business environment of the enterprise HR Responsible for management of employee information Audit Responsible for internal audit Security Responsible for organization’s Security processes
Thank You
Ad

Recommended

Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
Sounil Yu
 
international human rights law
international human rights lawinternational human rights law
international human rights law
Hafizul Mukhlis
 
The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM Maturity
Jerod Brennen
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
Government Technology Exhibition and Conference
 
Design thinking
Design thinkingDesign thinking
Design thinking
Vlad Posea
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
GetSmarter
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)
Adnan Naseem
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0
Eryk Budi Pratama
 
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen DeloitteIAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IBM Sverige
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity Model
Sarah Moore
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
ForgeRock
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
Prashanth BS
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development paths
Chelsea Jarvie
 
Best Practices for Identity Management Projects
Best Practices for Identity Management ProjectsBest Practices for Identity Management Projects
Best Practices for Identity Management Projects
Hitachi ID Systems, Inc.
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
Intel IT Center
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
NetIQ
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
Jerod Brennen
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
Prof. Jacques Folon (Ph.D)
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
Vladimir Jirasek
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
SentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivSentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel Aviv
NOAH Advisors
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
A cloud readiness assessment framework
A cloud readiness assessment frameworkA cloud readiness assessment framework
A cloud readiness assessment framework
Carlo Colicchio
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Sailpoint Identity IQ Online Training | SailPoint Online Training
Sailpoint Identity IQ Online Training | SailPoint Online TrainingSailpoint Identity IQ Online Training | SailPoint Online Training
Sailpoint Identity IQ Online Training | SailPoint Online Training
eshwarvisualpath
 
Co p
Co pCo p
Co p
Allyn McGillicuddy
 
Ad

More Related Content

What's hot (20)

IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen DeloitteIAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IBM Sverige
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity Model
Sarah Moore
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
ForgeRock
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
Prashanth BS
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development paths
Chelsea Jarvie
 
Best Practices for Identity Management Projects
Best Practices for Identity Management ProjectsBest Practices for Identity Management Projects
Best Practices for Identity Management Projects
Hitachi ID Systems, Inc.
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
Intel IT Center
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
NetIQ
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
Jerod Brennen
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
Prof. Jacques Folon (Ph.D)
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
Vladimir Jirasek
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
SentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivSentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel Aviv
NOAH Advisors
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
A cloud readiness assessment framework
A cloud readiness assessment frameworkA cloud readiness assessment framework
A cloud readiness assessment framework
Carlo Colicchio
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen DeloitteIAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IBM Sverige
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity Model
Sarah Moore
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
ForgeRock
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
Prashanth BS
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development paths
Chelsea Jarvie
 
Best Practices for Identity Management Projects
Best Practices for Identity Management ProjectsBest Practices for Identity Management Projects
Best Practices for Identity Management Projects
Hitachi ID Systems, Inc.
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
Intel IT Center
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
NetIQ
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
Jerod Brennen
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
Prof. Jacques Folon (Ph.D)
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
Vladimir Jirasek
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
SentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivSentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel Aviv
NOAH Advisors
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
A cloud readiness assessment framework
A cloud readiness assessment frameworkA cloud readiness assessment framework
A cloud readiness assessment framework
Carlo Colicchio
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 

Similar to Identity & Access Management for Securing DevOps (20)

Sailpoint Identity IQ Online Training | SailPoint Online Training
Sailpoint Identity IQ Online Training | SailPoint Online TrainingSailpoint Identity IQ Online Training | SailPoint Online Training
Sailpoint Identity IQ Online Training | SailPoint Online Training
eshwarvisualpath
 
Co p
Co pCo p
Co p
Allyn McGillicuddy
 
Co p
Co pCo p
Co p
Allyn McGillicuddy
 
Sailpoint Identity IQ Course Online | Sailpoint Online Course
Sailpoint Identity IQ Course Online | Sailpoint Online CourseSailpoint Identity IQ Course Online | Sailpoint Online Course
Sailpoint Identity IQ Course Online | Sailpoint Online Course
eshwarvisualpath
 
Sailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewSailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overview
ITJobZone.biz
 
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business Case
Hitachi ID Systems, Inc.
 
CyberArk
CyberArkCyberArk
CyberArk
Jimmy Sze
 
Silicon Valley IDSA Meetup October 2018
Silicon Valley IDSA Meetup October 2018 Silicon Valley IDSA Meetup October 2018
Silicon Valley IDSA Meetup October 2018
Identity Defined Security Alliance
 
Rajiv Resume (1) (1)
Rajiv Resume (1) (1)Rajiv Resume (1) (1)
Rajiv Resume (1) (1)
Rajiv Bhalerao
 
Rajiv Resume (1) (1)
Rajiv Resume (1) (1)Rajiv Resume (1) (1)
Rajiv Resume (1) (1)
Rajiv Bhalerao
 
Rajiv Resume (1) (1)
Rajiv Resume (1) (1)Rajiv Resume (1) (1)
Rajiv Resume (1) (1)
Rajiv Bhalerao
 
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_finalSso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Grant Reveal
 
SailPoint Online Training | Sailpoint Course
SailPoint Online Training | Sailpoint CourseSailPoint Online Training | Sailpoint Course
SailPoint Online Training | Sailpoint Course
eshwarvisualpath
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control Fundamentals
Setiya Nugroho
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Lance Peterman
 
20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx
Anand Dhouni
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
mbmobile
 
Sailpoint Training Institutes in Hyderabad | Sailpoint Course
Sailpoint Training Institutes in Hyderabad | Sailpoint CourseSailpoint Training Institutes in Hyderabad | Sailpoint Course
Sailpoint Training Institutes in Hyderabad | Sailpoint Course
eshwarvisualpath
 
Rajiv_Resume
Rajiv_ResumeRajiv_Resume
Rajiv_Resume
Rajiv Bhalerao
 
Sailpoint Identity IQ Online Training | SailPoint Online Training
Sailpoint Identity IQ Online Training | SailPoint Online TrainingSailpoint Identity IQ Online Training | SailPoint Online Training
Sailpoint Identity IQ Online Training | SailPoint Online Training
eshwarvisualpath
 
Co p
Co pCo p
Co p
Allyn McGillicuddy
 
Co p
Co pCo p
Co p
Allyn McGillicuddy
 
Sailpoint Identity IQ Course Online | Sailpoint Online Course
Sailpoint Identity IQ Course Online | Sailpoint Online CourseSailpoint Identity IQ Course Online | Sailpoint Online Course
Sailpoint Identity IQ Course Online | Sailpoint Online Course
eshwarvisualpath
 
Sailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewSailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overview
ITJobZone.biz
 
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business Case
Hitachi ID Systems, Inc.
 
CyberArk
CyberArkCyberArk
CyberArk
Jimmy Sze
 
Silicon Valley IDSA Meetup October 2018
Silicon Valley IDSA Meetup October 2018 Silicon Valley IDSA Meetup October 2018
Silicon Valley IDSA Meetup October 2018
Identity Defined Security Alliance
 
Rajiv Resume (1) (1)
Rajiv Resume (1) (1)Rajiv Resume (1) (1)
Rajiv Resume (1) (1)
Rajiv Bhalerao
 
Rajiv Resume (1) (1)
Rajiv Resume (1) (1)Rajiv Resume (1) (1)
Rajiv Resume (1) (1)
Rajiv Bhalerao
 
Rajiv Resume (1) (1)
Rajiv Resume (1) (1)Rajiv Resume (1) (1)
Rajiv Resume (1) (1)
Rajiv Bhalerao
 
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_finalSso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Grant Reveal
 
SailPoint Online Training | Sailpoint Course
SailPoint Online Training | Sailpoint CourseSailPoint Online Training | Sailpoint Course
SailPoint Online Training | Sailpoint Course
eshwarvisualpath
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control Fundamentals
Setiya Nugroho
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Lance Peterman
 
20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx
Anand Dhouni
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
mbmobile
 
Sailpoint Training Institutes in Hyderabad | Sailpoint Course
Sailpoint Training Institutes in Hyderabad | Sailpoint CourseSailpoint Training Institutes in Hyderabad | Sailpoint Course
Sailpoint Training Institutes in Hyderabad | Sailpoint Course
eshwarvisualpath
 
Rajiv_Resume
Rajiv_ResumeRajiv_Resume
Rajiv_Resume
Rajiv Bhalerao
 
Ad

More from Eryk Budi Pratama (20)

Digital Leadership: How to Build Valuable Connection
Digital Leadership: How to Build Valuable ConnectionDigital Leadership: How to Build Valuable Connection
Digital Leadership: How to Build Valuable Connection
Eryk Budi Pratama
 
AI Solutions for Sustainable Developmentpment_public.pdf
AI Solutions for Sustainable Developmentpment_public.pdfAI Solutions for Sustainable Developmentpment_public.pdf
AI Solutions for Sustainable Developmentpment_public.pdf
Eryk Budi Pratama
 
AI Governance: Responsible and Trustworthy AI
AI Governance: Responsible and Trustworthy AIAI Governance: Responsible and Trustworthy AI
AI Governance: Responsible and Trustworthy AI
Eryk Budi Pratama
 
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIRingkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Eryk Budi Pratama
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Eryk Budi Pratama
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
Eryk Budi Pratama
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
Eryk Budi Pratama
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
Eryk Budi Pratama
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
Eryk Budi Pratama
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL Indonesia
Eryk Budi Pratama
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Eryk Budi Pratama
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - Eryk
Eryk Budi Pratama
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Eryk Budi Pratama
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
Eryk Budi Pratama
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & Assurance
Eryk Budi Pratama
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
Eryk Budi Pratama
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
 
Digital Leadership: How to Build Valuable Connection
Digital Leadership: How to Build Valuable ConnectionDigital Leadership: How to Build Valuable Connection
Digital Leadership: How to Build Valuable Connection
Eryk Budi Pratama
 
AI Solutions for Sustainable Developmentpment_public.pdf
AI Solutions for Sustainable Developmentpment_public.pdfAI Solutions for Sustainable Developmentpment_public.pdf
AI Solutions for Sustainable Developmentpment_public.pdf
Eryk Budi Pratama
 
AI Governance: Responsible and Trustworthy AI
AI Governance: Responsible and Trustworthy AIAI Governance: Responsible and Trustworthy AI
AI Governance: Responsible and Trustworthy AI
Eryk Budi Pratama
 
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIRingkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Eryk Budi Pratama
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Eryk Budi Pratama
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
Eryk Budi Pratama
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
Eryk Budi Pratama
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
Eryk Budi Pratama
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
Eryk Budi Pratama
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL Indonesia
Eryk Budi Pratama
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Eryk Budi Pratama
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - Eryk
Eryk Budi Pratama
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Eryk Budi Pratama
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
Eryk Budi Pratama
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & Assurance
Eryk Budi Pratama
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
Eryk Budi Pratama
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
 
Ad

Recently uploaded (20)

MINDCTI revenue release Quarter 1 2025 PR
MINDCTI revenue release Quarter 1 2025 PRMINDCTI revenue release Quarter 1 2025 PR
MINDCTI revenue release Quarter 1 2025 PR
MIND CTI
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Vaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without HallucinationsVaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without Hallucinations
john409870
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Top 10 IT Help Desk Outsourcing Services
Top 10 IT Help Desk Outsourcing ServicesTop 10 IT Help Desk Outsourcing Services
Top 10 IT Help Desk Outsourcing Services
Infrassist Technologies Pvt. Ltd.
 
Social Media App Development Company-EmizenTech
Social Media App Development Company-EmizenTechSocial Media App Development Company-EmizenTech
Social Media App Development Company-EmizenTech
Steve Jonas
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Web and Graphics Designing Training in Rajpura
Web and Graphics Designing Training in RajpuraWeb and Graphics Designing Training in Rajpura
Web and Graphics Designing Training in Rajpura
Erginous Technology
 
Build 3D Animated Safety Induction - Tech EHS
Build 3D Animated Safety Induction - Tech EHSBuild 3D Animated Safety Induction - Tech EHS
Build 3D Animated Safety Induction - Tech EHS
TECH EHS Solution
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
MINDCTI revenue release Quarter 1 2025 PR
MINDCTI revenue release Quarter 1 2025 PRMINDCTI revenue release Quarter 1 2025 PR
MINDCTI revenue release Quarter 1 2025 PR
MIND CTI
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Vaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without HallucinationsVaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without Hallucinations
john409870
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Top 10 IT Help Desk Outsourcing Services
Top 10 IT Help Desk Outsourcing ServicesTop 10 IT Help Desk Outsourcing Services
Top 10 IT Help Desk Outsourcing Services
Infrassist Technologies Pvt. Ltd.
 
Social Media App Development Company-EmizenTech
Social Media App Development Company-EmizenTechSocial Media App Development Company-EmizenTech
Social Media App Development Company-EmizenTech
Steve Jonas
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Web and Graphics Designing Training in Rajpura
Web and Graphics Designing Training in RajpuraWeb and Graphics Designing Training in Rajpura
Web and Graphics Designing Training in Rajpura
Erginous Technology
 
Build 3D Animated Safety Induction - Tech EHS
Build 3D Animated Safety Induction - Tech EHSBuild 3D Animated Safety Induction - Tech EHS
Build 3D Animated Safety Induction - Tech EHS
TECH EHS Solution
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 

Identity & Access Management for Securing DevOps

  • 1. Identity & Access Management for Securing DevOps Lifecycle Eryk Budi Pratama DevSecOps ID 4th Meetup | 14 Nov 2019
  • 3. IT Audit as the primary driver Understanding the business, entity, and IT Environment Identify account, significant accounts and processes Understand process, including related applications Identify WCGW and relevant controls Manual control or Application Control IT General Control Test of Design (TOD) and Test of Effectiveness (TOE) IT General Control IT-Dependent Manual Controls Manual Controls Application Controls Objective of Control TypeofControl Manual Automated Prevent Detect Misstatement in The Financial Statements Audit Process IT Audit as part of Financial Audit
  • 4. IT General Control as part of IT Audit Access to Program and Data ▪ Policies and procedures ▪ User access provisioning and de-provisioning ▪ Periodic access reviews ▪ Password requirements ▪ Privileged user accounts ▪ Physical access ▪ Appropriateness of access/ segregation of duties ▪ Encryption ▪ System authentication ▪ Audit logs ▪ Network security Program Changes & Development Computer Operations ▪ Change management procedures and system development methodology ▪ Authorization, development, implementation, testing, approval, and documentation ▪ Migration to the production environment (Separation of Duties) ▪ Configuration changes ▪ Emergency changes ▪ Data migration and version controls ▪ Post change/implementation testing and reviews ▪ Batch job processing ▪ Monitoring of jobs (success/ failure) ▪ Backup and recovery procedures ▪ Incident handling and problem management ▪ Changes to the batch job schedules ▪ Environmental controls ▪ Disaster Recovery Plan (DRP) and Business Continuity Plan (DRP) ▪ Patch management
  • 5. User and Access Management as primary concern User access provisioning and de-provisioning Periodic access reviews Privileged user accounts Segregation of duties System authentication User Management Access Management
  • 7. Identity and Access Management Security Management Provides the overarching framework, policies, and procedures Identity Management Access Management Manages individual identities and their access to resources and services Manages the “who has access to what” question and allows access based on individual relationship with the resources and services Directory Services Maintains an identity repository that store identity data and attributes, and provides access and authorization information “ IAM grants authorized users the right to use a service, while preventing access to non-authorized users “
  • 8. From Simply Managing Identities to Managing Complex Relationships source: Forrester Research Identity Access Management Identity Relationship Management
  • 9. IAM Business Value Automation & Repeatability Consistency Accountability Reduce Cost Better Service Optimize Compliance Core Benefits Drive Results Managing Risk Efficiently Sample Metrics ▪ % of access request in compliance with policy ▪ % of privileges covered by periodic review ▪ % of changes done through the tool ▪ % of request initiated through proper channel / procedure ▪ Avg time to obtain approval from access request ▪ etc….
  • 10. Major Drivers for IAM Investments source: https://assets.kpmg/content/dam/kpmg/ch/pdf/ch-identity-and-access-management.pdf
  • 11. IAM – NIST Cybersecurity Framework View Identity Management and Access Control (PR.AC) is part of Protect domain within NIST Cybersecurity Framework. Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions. PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes PR.AC-2: Physical access to assets is managed and protected PR.AC-3: Remote access is managed PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties PR.AC-5: Network integrity is protected (e.g., network segregation, network segmentation) PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions PR.AC-7: Users, devices, and other assets are authenticated
  • 12. IAM – CIS Top 20 CSC View ▪ Deploy Port Level Access Control ▪ Utilize Client Certificates to Authenticate Hardware Assets ▪ Maintain Inventory of Administrative Accounts ▪ Change Default Passwords ▪ Ensure the Use of Dedicated Administrative Accounts ▪ Use Multifactor Authentication For All Administrative Access ▪ Manage Network Devices Using Multi-Factor Authentication and Encrypted Sessions ▪ Manage Network Infrastructure Through a Dedicated Network ▪ Require All Remote Login to Use Multi-Factor Authentication ▪ Segment the Network Based on Sensitivity ▪ Enable Firewall Filtering Between VLANs ▪ Disable Workstation to Workstation Communication ▪ Protect Information through Access Control List ▪ Maintain an Inventory of Authentication Systems ▪ Require Multi-Factor Authentication ▪ Encrypt or Hash all Authentication Credentials ▪ Maintain an Inventory of Accounts ▪ Establish Process for Revoking Access ▪ Disable Any Unassociated Accounts ▪ Disable Dormant Accounts ▪ Ensure All Accounts Have An Expiration Date ▪ Manage All Devices Remotely Logging into Internal Network
  • 13. Identity Management Basic Process Authoritative/Trusted Source Middleware / Identity Management Solution Target System HR Data IDM Solution Active Directory Email Server ERP Others Applications Provisioning Reconciliation Create,Update,Revoke
  • 14. Access Management Basic Process Receive Request Verification Provide Rights Log and Track Access ▪ Change requests ▪ Services requests ▪ HR requests ▪ App / Script requests ▪ Valid user ? ▪ Valid request ? ▪ Request access ? ▪ Remove access ? ▪ Provide access ▪ Remove access ▪ Restrict access ▪ Check and monitor identity status ▪ Violations to Incident Management Process Business Rules, Policies, Procedures, Controls ISMS
  • 15. User Account & Access Lifecycle Application Lifecycle Role Mining & Definition Change location s, roles, etc Forget p assword • Zero Day Access Provisioning • Rehire • Reinstate Access Person Onboarding • Self-Service Request • Request on behalf of another user Access Request Access Request • Segregation of Duties Policies • Policy-violation scan Policy & Risk Policy & Risk • Application Periodic Access Review • Role Periodic Access Review • Privileged Account Periodic Access Review Periodic Access Review Periodic Access Review • Produce or Export Operational Metrics • Configurable Auditing of all Identity- related events Reporting Reporting • Job Transfer • Authoritative System Attribute Change • Temporary Leave User Access Change Events User Access Change Events Termination • Planned Exit • Emergency Termination • Third Party Resource Termination Termination • Standardized On-boarding of Applications • Application Change • Role Lifecycle Management Application Lifecycle Role Mining & Definition Person Onboarding source: https://home.kpmg/content/dam/kpmg/us/pdf/2018/10/kpmg-access-management-orchestration-suite.PDF
  • 16. Common Challenges source: EY – Identity and Access Management Beyond Compliance User access request and approve Provision/de- provision Enforce Report and audit Review and certify Reconcile ▪ Processes differ by location, business unit and resource ▪ Approvers have insufficient context of user access needs —do users really need access to private or confidential data ▪ Users find it difficult to request required access ▪ Time lines to grant/remove access are excessive ▪ Inefficient and error-prone manual provisioning processes are used ▪ Access profile cloning occurs inappropriately ▪ Inappropriate access may not be de- provisioned. ▪ Applications do not support central access management ▪ Access management policies do not exist ▪ Segregation of duties is not enforced ▪ Role/rule-based access is used inconsistently ▪ Actual rights on systems exceed access levels that were originally approved/provisioned ▪ There is no single authoritative identity repository for employees/ non-employees. ▪ Processes are manual and differ by location, business unit and resource ▪ Reviewers must complete multiple, redundant and granular access reviews ▪ KPIs/metrics do not exist or do not align with business- driven success criteria (e.g., reduce risk by removing terminated user access on the day of termination) ▪ Audits are labor intensive
  • 17. On Premise IAM Disclaimer: Because of time limitation to present the material, for example purpose, this section will cover the overview of Sailpoint IdentityIQ & Forgerock OpenAM as the speaker’s team experiences are on the described platform.
  • 18. Forgerock Architecture source: https://backstage.forgerock.com/docs/openam/12/deployment-planning/ ▪ OpenAM Context-Based Access Management System. OpenAM is an all-in- one industry-leading access management sol ution, providing authentication, authorization, federation, Web services security, adaptive risk, and entitlements services among many other features. ▪ OpenIDM. Cloud-Focused Identity Administra tion. OpenIDM is a lightweight provisioning system, built on resource-oriented principles. ▪ OpenDJ. Internet Scale Directory Server. OpenDJ provides full LDAP protocol support, multi-protocol access, cross-domain replicatio n, common REST framework, SCIM support, and many other features. ▪ OpenIG. No Touch Single Sign-On (SSO) to enterprise, legacy, and custom applications. OpenIG is a reverse proxy server with special ized session management and credential replay functionality. ▪ OpenICF. Enterprise and Cloud Identity Infrastructure Connectors.
  • 20. OpenAM Deployment Example OpenAM Frontend Load Balancer Reverse Proxy Layer
  • 21. Sailpoint IdentityIQ Architecture source: https://allaboutiam.com/2014/12/25/generic-identityiq-implementation-architecture/
  • 22. Sailpoint IdentityIQ – Sample Dashboard
  • 23. Cloud IAM Disclaimer: Because of time limitation to present the material, for example purpose, this section will cover the overview of Google cloud-based IAM as the speaker experience is on GCP platform.
  • 24. Cloud IAM Resource Hierarchy source: https://cloud.google.com/iam/docs/overview Policy is set on a resource, and each policy contains a set of: ▪ Roles ▪ Role members Resources inherit policies from parent: ▪ Resource policies are a union of parent and resource. If parent policy is less restrictive, it overrides a more restrictive resource policy
  • 25. Permissions Management in Cloud IAM source: https://cloud.google.com/iam/docs/overview
  • 26. Cloud IAM Policy source: https://cloud.google.com/iam/docs/overview
  • 28. Cloud Access Security Broker (CASB) at glance source: https://www.skyhighnetworks.com/cloud-security-blog/how-to-deploy-a-casb-the-first-cloud-security-reference-architecture/
  • 29. Integrate IDM to Jenkins (via SAML Plugin) source: https://github.com/jenkinsci/saml-plugin/ Configure Global Security Enable Security SAML 2.0 Configure plugin settings
  • 30. Basic SAML Transaction Steps (Sample) source: https://github.com/jenkinsci/saml-plugin/ 1. The user attempts to reach a hosted Google application, such as Gmail, Start Pages, or another Google service. 2. Google generates a SAML authentication request. The SAML request is encoded and embedded into the URL for the partner's SSO service. 3. Google sends a redirect to the user's browser. The redirect URL includes the encoded SAML authentication request that should be submitted to the partner's SSO service. 4. The partner decodes the SAML request and extracts the URL for both Google's ACS (Assertion Consumer Service) and the user's destination URL (RelayState parameter). 5. The partner generates a SAML response that contains the authenticated user's username 6. The partner encodes the SAML response and the Relay State parameter and returns that information to the user's browser. 7. Google's ACS verifies the SAML response using the partner's public key. If the response is successfully verified, ACS redirects the user to the destination URL. 8. The user has been redirected to the destination URL and is logged in to Google.
  • 31. Authorization Workflow between IDM and AM source: https://forum.forgerock.com/2018/05/forgerock-identity-platform-version-6-integrating-idm-ds/
  • 32. Integrate IDM to Kubernetes (via OIDC) source: https://kubernetes.io/docs/reference/access-authn-authz/authentication/
  • 33. Access Management Orchestration (sample) source: https://home.kpmg/content/dam/kpmg/us/pdf/2018/10/kpmg-access-management-orchestration-suite.PDF Policy Lifecycle Orch’s
  • 34. Case Study Disclaimer: The case study has been sanitized to ensure the confidentiality of speaker’s team experience in delivering Identity & Access Management services.
  • 35. Case Study – Identity Management Platform Deployment Insurance Company Challenge Approach Deliverable — Leading global insurance company, had a number of outstanding audit points arising from the lack of visibility into “who has access to what”. The client, in order to address these audit points, embarked on an Identity and Access Management programme in XXXX that saw the replacement of their existing legacy automated provisioning tool with a strategic Identity Management platform. This project involved the management of 5000 users and covered the on-boarding of 35 business critical applications. — [Consultant] was selected to help the client deploy the strategic Identity Management platform. — [Consultant] followed an access governance led approach to the deployment i.e; authoritative source data was reconciled prior to applications being on-boarded. Entitlement review was conducted across all on-boarded applications. — Once periodic entitlement reviews were instituted as a BAU process, the platform was further enhanced to support access requests and Joiner, Movers and Leavers policies. — Business and IT roles were on-boarded to conduct role based certifications for specific applications. — [Consultant] helped with the remediation of orphan and dormant accounts, including the establishment of unique identifiers for every identity record. — The project was successfully transitioned to deployment support after the deployment of core functionality. — [Consultant] put together a multi location support team to help the client consolidate the functionality built and to support the continued roll-out of the platform across their application estate. — Delivery of a comprehensive strategic user access programme that is supported by all divisions within the organization and satisfies the regulator. — A clear vision of the target state and practical implementation phases for sustained growth. — A multi location support team to help consolidate the functionality built and to support the continued roll-out of the platform across application estate.
  • 36. Identity Management Platform Deployment – Holistic View source: KPMG – Identity and Access Management the new Complex
  • 37. Identity Management Platform Deployment (1/3) Project Governance Initiate Infrastructure Analysis & Design Configure & Build Test & Verify Release Close Tasks Deliverables Baseline [Tools] install in development environment ▪ Infrastructure Validation Host Instance Diagrams ▪ Baseline [Tools] Installation in Development Environment ▪ [Tools] environment ready for Test and Verification Source repository configured with a Standard Build Environment and tools. Environment connection details captured and documented. Developer and system accounts created Development, UAT, and Production environments in place
  • 38. Identity Management Platform Deployment (2/3) Project Governance Initiate Infrastructure Analysis & Design Configure & Build Test & Verify Release Close Tasks Deliverables Requirements definition and update to Project planning ▪ Requirements Traceability Matrix ▪ High Level Architecture Specification ▪ Detailed Design document Requirements Stakeholder Interviews Requirements Traceability Matrix Approval Initial draft of Design Specification (developed iteratively throughout the engagement) High Level Architecture Specification Approval
  • 39. Identity Management Platform Deployment (3/3) Project Governance Initiate Infrastructure Analysis & Design Configure & Build Test & Verify Release Close Tasks Deliverables Iterative updates to Design Specification ▪ Identity cubes built and populated ▪ Models and policies defined in [Tools] ▪ Workflows implemented ▪ Simple Branded Pages ▪ Build Guide Established ▪ All configurations complete Data loading Load authoritative source Load account and entitlement data Correlate accounts to identities Review orphans Workflow definition Policy modeling Create Build Guide (UAT) Configuration of access certifications Development of rule libraries General configuration of reporting, and dashboard Pass-Through Authentication / SSO Configuration Simple Branding Preparation of UAT-ready system
  • 40. Key Success Factor – Who should involved Identity & Access Management Business Responsible for management / controlling of business activities IT Architecture & Ops Responsible for IT Architecture & IT Ops Programs & Projects Responsible for updating the IT of the business environment of the enterprise HR Responsible for management of employee information Audit Responsible for internal audit Security Responsible for organization’s Security processes