Strong Strong Authentication with Authentication with Identity Lifecycle Identity Lifecycle Manager Manager John Weigelt John Weigelt National Technology Officer National Technology Officer Microsoft Canada Microsoft Canada Hugh Lindley Hugh Lindley VP, Identity Assurance VP, Identity Assurance Avaleris Inc. Avaleris Inc.
29
Embed
Strong Authentication with Identity Lifecycle Manager John Weigelt National Technology Officer Microsoft Canada Hugh Lindley VP, Identity Assurance Avaleris.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Strong Authentication Strong Authentication with Identity Lifecycle with Identity Lifecycle ManagerManager
Strong Authentication Strong Authentication with Identity Lifecycle with Identity Lifecycle ManagerManagerJohn WeigeltJohn WeigeltNational Technology OfficerNational Technology OfficerMicrosoft CanadaMicrosoft Canada
Hugh LindleyHugh LindleyVP, Identity AssuranceVP, Identity AssuranceAvaleris Inc.Avaleris Inc.
Identity at the CenterIdentity at the Center
SecuritySecurity
BusinessBusinessEnablementEnablement
OperationalOperationalEfficiencyEfficiency
ComplianceCompliance
Ensuring that only authorized users get network Ensuring that only authorized users get network accessaccess
Protecting confidential information from improper Protecting confidential information from improper distributiondistributionFreeing up IT resources to focus on high business-Freeing up IT resources to focus on high business-value workvalue work
Creating new ways to connect with customers & Creating new ways to connect with customers & partnerspartners
Provisioning in accordance with company policiesProvisioning in accordance with company policies
Establishing auditable processes for granting access Establishing auditable processes for granting access rightsrights
Automating, reducing and simplifying manual Automating, reducing and simplifying manual processesprocesses
Reducing the complexity of managing many identity Reducing the complexity of managing many identity storesstores
IDA ChallengesIDA Challenges
ExtensibilitExtensibilityy
20+ Connectors20+ Connectors WS-*WS-*
PlatformPlatformComponentsComponents
Workflow Foundation Windows ServicesWorkflow Foundation Windows Services
Microsoft ILM 2007Microsoft ILM 2007Brings together metadirectory, certificate & smart card lifecycle Brings together metadirectory, certificate & smart card lifecycle management, and user provisioning across Windows and enterprise management, and user provisioning across Windows and enterprise systems into a single packaged offering.systems into a single packaged offering.
User ProvisioningUser ProvisioningAutomates the process of on-boarding and off-boarding usersAutomates the process of on-boarding and off-boarding usersSimplifies compliance through automated IDA enforcementSimplifies compliance through automated IDA enforcementEnforces consistent credentials across systemsEnforces consistent credentials across systems
Certificate and Smart Card ManagementCertificate and Smart Card ManagementReduces cost of managing certificate-based credentialsReduces cost of managing certificate-based credentialsAutomates workflow-driven certificate issuance and revocationAutomates workflow-driven certificate issuance and revocationVastly simplifies deployment of smart cardsVastly simplifies deployment of smart cards
Identity SynchronizationIdentity SynchronizationProvides single view of a user across enterprise systemsProvides single view of a user across enterprise systemsAutomatically keeps identity information across systems consistentAutomatically keeps identity information across systems consistent
Microsoft Identity & Access (IDA) Systems Integration PartnerMicrosoft Identity & Access (IDA) Systems Integration Partner
Global provider of Identity Assurance professional services & Global provider of Identity Assurance professional services & solutionssolutions
Incorporated by founders of Alacris -- the original developer of Incorporated by founders of Alacris -- the original developer of idNexusidNexus
Predecessor to Microsoft Certificate Lifecycle Manager (CLM)Predecessor to Microsoft Certificate Lifecycle Manager (CLM)
Acquired by Microsoft in late 2005 -- now integrated with Microsoft ILM Acquired by Microsoft in late 2005 -- now integrated with Microsoft ILM 20072007
Successfully deployed in over 25 global clients in North America & Successfully deployed in over 25 global clients in North America & EuropeEurope
Value Avaleris ProvidesValue Avaleris Provides
Heritage of client success & proven solution approach in Identity Heritage of client success & proven solution approach in Identity AssuranceAssurance
Understanding of the management & implementation challengesUnderstanding of the management & implementation challenges
Depth of technical expertise in Microsoft IDA productsDepth of technical expertise in Microsoft IDA products
About AvalerisAbout Avaleris
AgendaAgendaThe business case for Multi-Factor AuthenticationThe business case for Multi-Factor Authentication
Typical ILM 2007 deployment scenariosTypical ILM 2007 deployment scenarios
Security and Risk ManagementSecurity and Risk Management
Privacy and Information ProtectionPrivacy and Information Protection
Auditability and AccountabilityAuditability and Accountability
Effective deployment and lifecycle Effective deployment and lifecycle management of MFAmanagement of MFA
Simplifying user authenticationSimplifying user authentication
Increased efficiency of helpdesk Increased efficiency of helpdesk staffstaff
Regulatory ComplianceRegulatory Compliance Increased IT Security &Increased IT Security &Operational EfficienciesOperational Efficiencies
Implementation ChallengesImplementation ChallengesLifecycle Management of Smart Cards and CertificatesLifecycle Management of Smart Cards and Certificates
Smart card personalization and customizationSmart card personalization and customization
Dealing with lost, stolen or forgotten smart cards Dealing with lost, stolen or forgotten smart cards
Deployment of smart card middlewareDeployment of smart card middleware
Detailed auditing and reportingDetailed auditing and reporting
Support for centralized, decentralized and self-service scenariosSupport for centralized, decentralized and self-service scenarios
Tightly integrated with Active DirectoryTightly integrated with Active Directory
Smart Cards in the Public Smart Cards in the Public SectorSectorU.S. Federal GovernmentU.S. Federal Government
HSPD-12 / FIPS 201-- issued fall of 2004HSPD-12 / FIPS 201-- issued fall of 2004
Goal: Goal: Establish a common identification standard for Establish a common identification standard for all federal all federal government employees and contractorsgovernment employees and contractors
Personal Identity Verification (PIV) – I (Oct 2005):Personal Identity Verification (PIV) – I (Oct 2005):
Personal Identity Verification (PIV) - I I (Oct 2006):Personal Identity Verification (PIV) - I I (Oct 2006):
Ability to issue FIPS 201 compliant smart cardAbility to issue FIPS 201 compliant smart card
Most departments / agencies have met initial FIPS 201 Most departments / agencies have met initial FIPS 201 milestones and are working towards production milestones and are working towards production implementationsimplementations
Growing interest in broader public & private sectorsGrowing interest in broader public & private sectors
Internet Information ServerInternet Information Server
Component ArchitectureComponent Architecture
Microsoft Certificate AuthorityMicrosoft Certificate Authority
Smart Card MiddlewareSmart Card Middleware
ILM 2007 ArchitectureILM 2007 Architecture
ILM 2007 ArchitectureILM 2007 ArchitectureInclude policies for each taskInclude policies for each taskthat might be performedthat might be performed
Additional profile data includedAdditional profile data includedfor smart card managementfor smart card management
Can include templates issued Can include templates issued from more than one CAfrom more than one CA
Profile Templates include oneProfile Templates include oneor more certificate managedor more certificate managedas a single entityas a single entity
Policy updates managedPolicy updates managedon a per user basis by Active on a per user basis by Active Directory (AD) groupsDirectory (AD) groups
Contains necessary informationContains necessary informationto enforce policy across multiple to enforce policy across multiple certificates, users, and groupscertificates, users, and groups
Stored in AD and availableStored in AD and availableacross the forestacross the forest