01 Tejas Lagad

7/31/2019 01 Tejas Lagad

1/28


2/28

Novell Inc, Confidential & Proprietary

2

Agenda

Challenges of BFSI Solution to the challenges

Identity Management

Regulatory Compliance

Next Steps

Q&A


3/28


3

Security Challenges in Banking...

Litigation RisksComplianceViolationsGrowthChallenges

Information TheftPrivacyConcerns


4/28


4

Business Challenges

At the Bank Branches... Low user productivity/satisfaction Password overload

Too many to remember

User lockouts from failed login attempts

Tedious processes for password reset

Inability to accommodate roaming users (between machines or branches) Very long & painful login/logout

Lack of security Insecure workarounds for the password overload problem

Sharing of User IDs and passwords

Password lists

Weak/easy-to-guess passwords Generic IDs and passwords for roaming users (cannot be audited effectively)

Authenticated application sessions left open (reluctance to log out, and

forgetting to lock the client desktop during lunch, for example)


5/28


5

Business Challenges

At the Bank HQ/Central Office... Provisioning pain Provisioning of the remaining 100's of applications

Prompt de-provisioning access due to role changes or terminations

Delegation of access rights

Auditing / Insufficient visibility into compliance-related issues

Companies only (manually) track access to a few core mainframe-based

apps

No automation in the tracking/reporting process

Nothing for all the other 100's of applications

High load/slow response for password reset requests


6/28


6

Lead to Opportunities

Security & Compliance

Agility & Cost Containment

Identity and access management projects are much more thantechnology implementations - they have real business value byreducing direct costs, improving operational efficiency and enabling

regulatory compliance.

Business Drivers of Identity and Access Management- Roberta Witty, Gartner Group November 2003

Secure sensitive information & meet regulatory demands

Enable growth while controlling costs


7/28


7

What is Required?

In three to five years, every large organization will have an access

management middleware layer that knows the identity of every userand device, and manages who can talk to what, when and how.

ManageComplexity

1EnforceSecurity andCompliance

2MaximizeAgility

3

across all yoursystems and platforms

... across Branches and Sites

... across the Globe

The hottest business you never heard of- CNET Perspectives, May 18, 2005


8/28

Security & Identity Management


9/28


9

Security and Identityarchitecture


Identity Repository

NetCustomers

Partners /

Suppliers

Web Servers

Meta-directory & Provisioning

Employees

Single Sign-On

Access Control

Web Access SecurityStrong Authentication

Auditing, Logging,

Notification, Reporting

NetwareUnixNT/2000/XP LinuxHost

Partners

Web Servers

SAML
http://www.sharekhan.com/Sharekhan/Home/0,1830,,00.html


10/28


10

Identity Repository

Novell A complete solution


eDirectory

NetCustomers

Partners /

Suppliers

Web Servers


Employees

Single Sign-On

Access Control

Web Access SecurityStrong Authentication

Auditing, Logging,

Notification, Reporting

NetwareUnixNT/2000/XP LinuxHost

Partners

Web Servers


SecureLogin

Security Manager

Access ManagerModular Authentication Services

Sentinel

SAML

Identity Manager
http://www.sharekhan.com/Sharekhan/Home/0,1830,,00.html


11/28


11

Identity Manager - User LifecycleMgmt


12/28


12

Firewall

SECURITY

INFRASTRUC

TURE

Web Servers andApplications

Employee

One Net

Customer

Partner

IIS

Solaris/

Netscape

Linux/

Apache

eDirectory

Access Mgr

Benefits of Access Manager Single Authentication Point

Provides Web Single Sign On (headers and

Form Fill) (can also simulate Netegrity

SiteMinder)

Sends Personalized content to applications

Rewrites HTML data (completely hide

internal DNS infrastructure)

Dynamically encrypts content as it passes

through proxy

Single SSL Certificate can be used for all

internal web sites (proxy based)

No change to HTML content

No change to applications authentication

process

Remove Direct Access to Web Servers

Provides additional security to Citrix

Servers

Citrix

Access Manager Web Access Mgmt


13/28


13

SecureLogin Enterprise SSO

VPN

Internet

User authenticates to

the network

Network allows (or

rejects) users credentials

SSO launches & verifies

credentials in the directory

User launches

application

Passes credentials to

the authentication prompt

Windowsapplications

Windows applications

Citrix publishedapplications

Mainframe terminals

Java applications

Websites and Intranets

User

One login -at the office,

home, or offline

Firewall

LAN


14/28


14

Sentinel Audit, Monitor, Remediate

Automate IT Controls Monitoring and Reporting

Tables

Sys Logs


15/28


15

Pre-defined Collectors

Identity Management

Netegrity SiteMinder RSA Ace/Server

Anti-Virus Symantec AntiVirus Corporate Edition Network

Associates ePolicy Orchestrator TrendMicro InterScan VirusWall CA eTrust

Cache Engine BlueCoat Microsoft ISA Proxy

Firewalls Cisco Pix Checkpoint Firewall-1 Checkpoint Provider-1 Lucent Brick CyberGuard Secure Computing Gauntlet Secure Computing Sidewinder Sonic Wall Microsoft ISA Firewall Zone Alarm

Host IDS McAfee Entercept ISS RealSecure Server Symantec ITA Tripwire Enterasys Dragon CA eTrust Cisco Cisco Secure Agent SNARE

Network IDS

Gnu Snort Symantec Network Security Cisco Secure IDS ISS RealSecure ISS SiteProtector Intrusion.com SecureNet Sourcefi re Mazu Network Profi ler Enterasys Dragon Juniper NetScreen IDP NFR Tipping Point

Mail Relay and Filtering Iron Mail

Operating Systems Microsoft Windows 2000, 2003, XP, NT IBM AIX RedHat Enterprise Linux Sun Solaris Sun Trusted Solaris IBM AS/400 Trusted Solaris HP/UX

Microsoft MOMNetwork Devices Cisco routers, switches, hubs Juniper

Relational Databases Oracle 8i/9i/10g IBM DB2 Microsoft SQL Server

Vulnerability Scanners

McAfee Foundstone Enterprise eEye Retina Gnu Nessus Qualys QualysGuard nCircle IP360 ISS Internet Scanner Harris Stat Gnu NMAP

VPN Cisco VPN Checkpoint VPN-1 Juniper Netscreen

VPN Nortel ContivityMainframe RACF ACF2 Top Secret Himalaya

Policy Managers McAfee ePolicy Orchestrator Symantec ESM

Web and Application Servers IBM WebSphere Apache HTTP Server Microsoft IIS SunOne/iPlanet

Enterprise Applications SAP Oracle Financials


16/28


16

Novell Market LeaderAnalyst and Industry Recognition

[Sentinels]architecture is supremely scalable andflexible...

If we had it to do over, we'd build a message busarchitecture like this one [iSCALE] for scalability.

Other SIM solutions reporting to the 451 Group Impact Report(11/10/05)

2nd Consecutive Year!

SentinelReceives Highest Rating In InfoWorlds SEMTest 2ndYear in a Row

Novell positioned in Leaders Quadrantfor SecurityInformation and Event Management, 1H06*

[Sentinel] Receives Frost & Sullivans 2005

Technology Innovation Award


17/28

Regulatory Compliance


18/28


18

IT Control Landscape is Enterprise-Wide

The Scope

Source: IT Governance Institute, IT Control Objectives for Sarbanes Oxley

General Controls

Program development

Program changes

Computer operations

Access to programs

and data

Control environment

Application

Controls

Completeness

Accuracy

Validity

Authorization

Segregation of

duties

Significant Accounts in the Financial Statements

Balance

SheetsOtherNotesSCFP

Income

Statement

Business Processes/Classes of Transactions

Process A Process CProcess B

Financial Applications

Application A Application CApplication B

IT Infrastructure Services

Database

Network

Operating System


19/28


19

Top Ten Control Deficiencies

1. Unidentified or unresolved segregation of duties issues

2. Operating System (e.g. Unix) access controls supporting financial

applications or Portal not secure

3. Database access controls on financial applications not secure

4. Development staff can run business transactions in production

5. Large number of users with access to super user" status

6. Former employees or consultants still have access

7. Posting periods not restricted within GL application

8. Custom programs, tables & interfaces are not secured

9. Procedures for manual processes non-existent or not followed

10. System documentation does not match actual processSource: Ken Vander Wal, Partner, National Quality Leader, E&YISACA Sarbanes Conference, 4/6/04

7 of 10 are addressed by Identity Management


20/28


20

Novell solutions supporting SOX


21/28


21

Basel II

The RBI has issued guidelines for the adoption of elements of the Basel IIframework (the Standardised Approach for credit risk and Basic IndicatorApproach for operational risk) with effect from 31 March 2007


22/28

Next Steps


23/28


23

Think About Where You Are Today

ROI

Complexity

Application-specific Security

Password Sync

Reduced Sign On

Advanced Authentication

Centralized Access Mgmt

Automatic User Provisioning

Centralized Identity Authority

Partner Federation

Self Service/Enrollment

Where do you want to go next?

Application Integration


24/28


24

The Planning Processtakes many forms

ORGANISATIONS KNOWLEDGE OF SIM

PROBLEMS ACROSS STAKEHOLDERS

ORGANISATIONAL

READINESS TO

ENGAGE SIM

VENDOR

DiscoveryProof of Concept

SIM Strategy

SIM Solution

Implementation


25/28


25

Discovery Dimensions


26/28


26

In Conclusion

"Identity management means a good bit more tofinancial services companies because it gives theman insurance policy to ensure they're complying withregulations. It's a big issue for financial services. If

they don't get it right the CEO can go to jail."- Meta Group

For more information contact [email protected]

or visit http://novell.com/solutions/securityandidentity/
mailto:[email protected]://novell.com/solutions/securityandidentity/http://novell.com/solutions/securityandidentity/mailto:[email protected]


27/28


28/28

Unpublished Work of Novell, Inc. All Rights Reserved.

This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell,Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within thescope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised,modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent ofNovell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and

civil liability.

General Disclaimer

This document is not to be construed as a promise by any participating company to develop, deliver, or market aproduct. Novell, Inc., makes no representations or warranties with respect to the contents of this document, andspecifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time,without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in thispresentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. Allthird-party trademarks are the property of their respective owners.

Documents

01 Tejas Lagad