Upload
ramana-rao
View
218
Download
0
Embed Size (px)
Citation preview
7/31/2019 01 Tejas Lagad
1/28
7/31/2019 01 Tejas Lagad
2/28
Novell Inc, Confidential & Proprietary
2
Agenda
Challenges of BFSI Solution to the challenges
Identity Management
Regulatory Compliance
Next Steps
Q&A
7/31/2019 01 Tejas Lagad
3/28
Novell Inc, Confidential & Proprietary
3
Security Challenges in Banking...
Litigation RisksComplianceViolationsGrowthChallenges
Information TheftPrivacyConcerns
7/31/2019 01 Tejas Lagad
4/28
Novell Inc, Confidential & Proprietary
4
Business Challenges
At the Bank Branches... Low user productivity/satisfaction Password overload
Too many to remember
User lockouts from failed login attempts
Tedious processes for password reset
Inability to accommodate roaming users (between machines or branches) Very long & painful login/logout
Lack of security Insecure workarounds for the password overload problem
Sharing of User IDs and passwords
Password lists
Weak/easy-to-guess passwords Generic IDs and passwords for roaming users (cannot be audited effectively)
Authenticated application sessions left open (reluctance to log out, and
forgetting to lock the client desktop during lunch, for example)
7/31/2019 01 Tejas Lagad
5/28
Novell Inc, Confidential & Proprietary
5
Business Challenges
At the Bank HQ/Central Office... Provisioning pain Provisioning of the remaining 100's of applications
Prompt de-provisioning access due to role changes or terminations
Delegation of access rights
Auditing / Insufficient visibility into compliance-related issues
Companies only (manually) track access to a few core mainframe-based
apps
No automation in the tracking/reporting process
Nothing for all the other 100's of applications
High load/slow response for password reset requests
7/31/2019 01 Tejas Lagad
6/28
Novell Inc, Confidential & Proprietary
6
Lead to Opportunities
Security & Compliance
Agility & Cost Containment
Identity and access management projects are much more thantechnology implementations - they have real business value byreducing direct costs, improving operational efficiency and enabling
regulatory compliance.
Business Drivers of Identity and Access Management- Roberta Witty, Gartner Group November 2003
Secure sensitive information & meet regulatory demands
Enable growth while controlling costs
7/31/2019 01 Tejas Lagad
7/28
Novell Inc, Confidential & Proprietary
7
What is Required?
In three to five years, every large organization will have an access
management middleware layer that knows the identity of every userand device, and manages who can talk to what, when and how.
ManageComplexity
1EnforceSecurity andCompliance
2MaximizeAgility
3
across all yoursystems and platforms
... across Branches and Sites
... across the Globe
The hottest business you never heard of- CNET Perspectives, May 18, 2005
7/31/2019 01 Tejas Lagad
8/28
Security & Identity Management
7/31/2019 01 Tejas Lagad
9/28
Novell Inc, Confidential & Proprietary
9
Security and Identityarchitecture
Security & Identity Management
Identity Repository
NetCustomers
Partners /
Suppliers
Web Servers
Meta-directory & Provisioning
Employees
Single Sign-On
Access Control
Web Access SecurityStrong Authentication
Auditing, Logging,
Notification, Reporting
NetwareUnixNT/2000/XP LinuxHost
Partners
Web Servers
SAML
http://www.sharekhan.com/Sharekhan/Home/0,1830,,00.html7/31/2019 01 Tejas Lagad
10/28
Novell Inc, Confidential & Proprietary
10
Identity Repository
Novell A complete solution
Security & Identity Management
eDirectory
NetCustomers
Partners /
Suppliers
Web Servers
Meta-directory & Provisioning
Employees
Single Sign-On
Access Control
Web Access SecurityStrong Authentication
Auditing, Logging,
Notification, Reporting
NetwareUnixNT/2000/XP LinuxHost
Partners
Web Servers
Meta-directory & Provisioning
SecureLogin
Security Manager
Access ManagerModular Authentication Services
Sentinel
SAML
Identity Manager
http://www.sharekhan.com/Sharekhan/Home/0,1830,,00.html7/31/2019 01 Tejas Lagad
11/28
Novell Inc, Confidential & Proprietary
11
Identity Manager - User LifecycleMgmt
7/31/2019 01 Tejas Lagad
12/28
Novell Inc, Confidential & Proprietary
12
Firewall
SECURITY
INFRASTRUC
TURE
Web Servers andApplications
Employee
One Net
Customer
Partner
IIS
Solaris/
Netscape
Linux/
Apache
eDirectory
Access Mgr
Benefits of Access Manager Single Authentication Point
Provides Web Single Sign On (headers and
Form Fill) (can also simulate Netegrity
SiteMinder)
Sends Personalized content to applications
Rewrites HTML data (completely hide
internal DNS infrastructure)
Dynamically encrypts content as it passes
through proxy
Single SSL Certificate can be used for all
internal web sites (proxy based)
No change to HTML content
No change to applications authentication
process
Remove Direct Access to Web Servers
Provides additional security to Citrix
Servers
Citrix
Access Manager Web Access Mgmt
7/31/2019 01 Tejas Lagad
13/28
Novell Inc, Confidential & Proprietary
13
SecureLogin Enterprise SSO
VPN
Internet
User authenticates to
the network
Network allows (or
rejects) users credentials
SSO launches & verifies
credentials in the directory
User launches
application
Passes credentials to
the authentication prompt
Windowsapplications
Windows applications
Citrix publishedapplications
Mainframe terminals
Java applications
Websites and Intranets
User
One login -at the office,
home, or offline
Firewall
LAN
7/31/2019 01 Tejas Lagad
14/28
Novell Inc, Confidential & Proprietary
14
Sentinel Audit, Monitor, Remediate
Automate IT Controls Monitoring and Reporting
Tables
Sys Logs
7/31/2019 01 Tejas Lagad
15/28
Novell Inc, Confidential & Proprietary
15
Pre-defined Collectors
Identity Management
Netegrity SiteMinder RSA Ace/Server
Anti-Virus Symantec AntiVirus Corporate Edition Network
Associates ePolicy Orchestrator TrendMicro InterScan VirusWall CA eTrust
Cache Engine BlueCoat Microsoft ISA Proxy
Firewalls Cisco Pix Checkpoint Firewall-1 Checkpoint Provider-1 Lucent Brick CyberGuard Secure Computing Gauntlet Secure Computing Sidewinder Sonic Wall Microsoft ISA Firewall Zone Alarm
Host IDS McAfee Entercept ISS RealSecure Server Symantec ITA Tripwire Enterasys Dragon CA eTrust Cisco Cisco Secure Agent SNARE
Network IDS
Gnu Snort Symantec Network Security Cisco Secure IDS ISS RealSecure ISS SiteProtector Intrusion.com SecureNet Sourcefi re Mazu Network Profi ler Enterasys Dragon Juniper NetScreen IDP NFR Tipping Point
Mail Relay and Filtering Iron Mail
Operating Systems Microsoft Windows 2000, 2003, XP, NT IBM AIX RedHat Enterprise Linux Sun Solaris Sun Trusted Solaris IBM AS/400 Trusted Solaris HP/UX
Microsoft MOMNetwork Devices Cisco routers, switches, hubs Juniper
Relational Databases Oracle 8i/9i/10g IBM DB2 Microsoft SQL Server
Vulnerability Scanners
McAfee Foundstone Enterprise eEye Retina Gnu Nessus Qualys QualysGuard nCircle IP360 ISS Internet Scanner Harris Stat Gnu NMAP
VPN Cisco VPN Checkpoint VPN-1 Juniper Netscreen
VPN Nortel ContivityMainframe RACF ACF2 Top Secret Himalaya
Policy Managers McAfee ePolicy Orchestrator Symantec ESM
Web and Application Servers IBM WebSphere Apache HTTP Server Microsoft IIS SunOne/iPlanet
Enterprise Applications SAP Oracle Financials
7/31/2019 01 Tejas Lagad
16/28
Novell Inc, Confidential & Proprietary
16
Novell Market LeaderAnalyst and Industry Recognition
[Sentinels]architecture is supremely scalable andflexible...
If we had it to do over, we'd build a message busarchitecture like this one [iSCALE] for scalability.
Other SIM solutions reporting to the 451 Group Impact Report(11/10/05)
2nd Consecutive Year!
SentinelReceives Highest Rating In InfoWorlds SEMTest 2ndYear in a Row
Novell positioned in Leaders Quadrantfor SecurityInformation and Event Management, 1H06*
[Sentinel] Receives Frost & Sullivans 2005
Technology Innovation Award
7/31/2019 01 Tejas Lagad
17/28
Regulatory Compliance
7/31/2019 01 Tejas Lagad
18/28
Novell Inc, Confidential & Proprietary
18
IT Control Landscape is Enterprise-Wide
The Scope
Source: IT Governance Institute, IT Control Objectives for Sarbanes Oxley
General Controls
Program development
Program changes
Computer operations
Access to programs
and data
Control environment
Application
Controls
Completeness
Accuracy
Validity
Authorization
Segregation of
duties
Significant Accounts in the Financial Statements
Balance
SheetsOtherNotesSCFP
Income
Statement
Business Processes/Classes of Transactions
Process A Process CProcess B
Financial Applications
Application A Application CApplication B
IT Infrastructure Services
Database
Network
Operating System
7/31/2019 01 Tejas Lagad
19/28
Novell Inc, Confidential & Proprietary
19
Top Ten Control Deficiencies
1. Unidentified or unresolved segregation of duties issues
2. Operating System (e.g. Unix) access controls supporting financial
applications or Portal not secure
3. Database access controls on financial applications not secure
4. Development staff can run business transactions in production
5. Large number of users with access to super user" status
6. Former employees or consultants still have access
7. Posting periods not restricted within GL application
8. Custom programs, tables & interfaces are not secured
9. Procedures for manual processes non-existent or not followed
10. System documentation does not match actual processSource: Ken Vander Wal, Partner, National Quality Leader, E&YISACA Sarbanes Conference, 4/6/04
7 of 10 are addressed by Identity Management
7/31/2019 01 Tejas Lagad
20/28
Novell Inc, Confidential & Proprietary
20
Novell solutions supporting SOX
7/31/2019 01 Tejas Lagad
21/28
Novell Inc, Confidential & Proprietary
21
Basel II
The RBI has issued guidelines for the adoption of elements of the Basel IIframework (the Standardised Approach for credit risk and Basic IndicatorApproach for operational risk) with effect from 31 March 2007
7/31/2019 01 Tejas Lagad
22/28
Next Steps
7/31/2019 01 Tejas Lagad
23/28
Novell Inc, Confidential & Proprietary
23
Think About Where You Are Today
ROI
Complexity
Application-specific Security
Password Sync
Reduced Sign On
Advanced Authentication
Centralized Access Mgmt
Automatic User Provisioning
Centralized Identity Authority
Partner Federation
Self Service/Enrollment
Where do you want to go next?
Application Integration
7/31/2019 01 Tejas Lagad
24/28
Novell Inc, Confidential & Proprietary
24
The Planning Processtakes many forms
ORGANISATIONS KNOWLEDGE OF SIM
PROBLEMS ACROSS STAKEHOLDERS
ORGANISATIONAL
READINESS TO
ENGAGE SIM
VENDOR
DiscoveryProof of Concept
SIM Strategy
SIM Solution
Implementation
7/31/2019 01 Tejas Lagad
25/28
Novell Inc, Confidential & Proprietary
25
Discovery Dimensions
7/31/2019 01 Tejas Lagad
26/28
Novell Inc, Confidential & Proprietary
26
In Conclusion
"Identity management means a good bit more tofinancial services companies because it gives theman insurance policy to ensure they're complying withregulations. It's a big issue for financial services. If
they don't get it right the CEO can go to jail."- Meta Group
For more information contact [email protected]
or visit http://novell.com/solutions/securityandidentity/
mailto:[email protected]://novell.com/solutions/securityandidentity/http://novell.com/solutions/securityandidentity/mailto:[email protected]7/31/2019 01 Tejas Lagad
27/28
7/31/2019 01 Tejas Lagad
28/28
Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell,Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within thescope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised,modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent ofNovell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and
civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market aproduct. Novell, Inc., makes no representations or warranties with respect to the contents of this document, andspecifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time,without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in thispresentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. Allthird-party trademarks are the property of their respective owners.