The erosion of the perimeter in higher education. Why IAM is becoming your first line of defence.

Similar documents
Changing face of endpoint security

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

1 Introduction to Identity Management. 2 Access needs evolve. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Security Metrics Framework

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Security Architecture

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

To the Designer Where We Need Your Help

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

MANAGED CLOUD SERVICES

1 Hitachi ID Access Certifier. 2 Agenda. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

7.16 INFORMATION TECHNOLOGY SECURITY

The Four A s of Access A practical guide to auditing an access process.

Transforming Security Part 2: From the Device to the Data Center

SIEM: Five Requirements that Solve the Bigger Business Issues

What It Takes to be a CISO in 2017

CipherCloud CASB+ Connector for ServiceNow

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

An Aflac Case Study: Moving a Security Program from Defense to Offense

Securing Data in the Cloud: Point of View

1 IAM Program Launch. 2 Agenda. 3 Introductions. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

Cybersecurity Session IIA Conference 2018

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

S T A N D A R D : M O B I L E D E V I C E S

a. UTRGV owned, leased or managed computers that fall within the regular UTRGV Computer Security Standard

Launching a Highly-regulated Startup in the Cloud

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Defense in Depth Security in the Enterprise

Cyber Security Program

Say Goodbye to Enterprise IT: Welcome to the Mobile First World. Sean Ginevan, Senior Director, Strategy Infosecurity Europe

Secure Access & SWIFT Customer Security Controls Framework

Managing the Risk of Privileged Accounts and Passwords

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Security Readiness Assessment

Information Security Controls Policy

Information Technology General Control Review

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Server Security Procedure

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Mobile Device policy Frequently Asked Questions April 2016

Maximize your investment in Microsoft Office 365 with Citrix Workspace

THREE-PART GUIDE TO DEVELOPING A BYOD STRATEGY WHITE PAPER FEBRUARY 2017

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

DIGITAL TRUST Making digital work by making digital secure

Crash course in Azure Active Directory

Manchester Metropolitan University Information Security Strategy

Microsoft Security Management

AT&T Endpoint Security

CLOUD SECURITY CRASH COURSE

RSA Data Loss Prevention: Policy to Remediation

INFORMATION RESOURCE SECURITY CONFIGURATION AND MANAGEMENT

ISE North America Leadership Summit and Awards

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

BYOD Business year of decision!

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

CHALLENGES GOVERNANCE INTEGRATION SECURITY

NEN The Education Network

RAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Procedure: Bring your own device

Cyber Essentials Questionnaire Guidance

Securing Digital Transformation

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

The Common Controls Framework BY ADOBE

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

The 10 Principles of Security in Modern Cloud Applications

AUTHORITY FOR ELECTRICITY REGULATION

1 Hitachi ID Group Manager. 2 Agenda. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Supporting the Cloud Transformation of Agencies across the Public Sector

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Objectives of the Security Policy Project for the University of Cyprus

CIS Controls Measures and Metrics for Version 7

How to Enable and Secure in the Next Stage of BYOD: Reap the Benefits of Bring Your Own Laptop

CSN38: Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

Securing Your Most Sensitive Data

McAfee epolicy Orchestrator

UCOP ITS Systemwide CISO Office Systemwide IT Policy. UC Event Logging Standard. Revision History. Date: By: Contact Information: Description:

University of Cincinnati Federated Identity Strategy

Corporate Information Security Policy

Responsible Officer Approved by

the SWIFT Customer Security

Checklist: Credit Union Information Security and Privacy Policies

CSP 2017 Network Virtualisation and Security Scott McKinnon

RIPE RIPE-17. Table of Contents. The Langner Group. Washington Hamburg Munich

locuz.com SOC Services

Data Protection in Practice

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

Carbon Black PCI Compliance Mapping Checklist

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Secure wired and wireless networks with smart access control

FDIC InTREx What Documentation Are You Expected to Have?

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank

CIS Controls Measures and Metrics for Version 7

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Transcription:

www.pwc.com.au The erosion of the perimeter in higher education. Why IAM is becoming your first line of defence.

What are all the things that make up IAM? 2

The identity scope is getting bigger and bigger. Identity types are expanding to include non-carbon lifeforms where the people aspect of your IAM solution now also needs to consider smart devices, sensors, etc., as new identity types. Partners Business partners must work as close confidants, yet risks of thirdparty relationships must be managed. Scenario = Defined perimeter; federation becomes necessary Identity Students student experience is becoming a competitive advantage, and digital identity is the first point of engagement. Challenges exist with managing a seamless experience and the volume of identities that this brings. Scenario = No defined perimeter; federation, cloud, and SaaS come into play. Devices Devices present exciting new possibilities with new challenges on a massive scale. Build for the future with a highly-scalable, device-friendly digital identity platform. Scenario = No defined perimeter; federation, cloud, SaaS, and mobility come into play. Employees This is the traditional use case that originally generated the need for managing access within your workforce. Scenario = Defined perimeter Contractors The contingent workforce needs to be managed like employees, but additional challenges with regards to governance and expiring contracts. Scenario = Defined perimeter 3

So how do Banks handle this? 4

Why can this work for a Bank? Data Center (s) Public DMZ Network Appliances Web/Application Servers Databases Other servers Internal/Private DMZ Sensitive Data Zone Secured Databases Secure Internal Web Applications Internal Web Applications Secured Infrastructure Zone Secure Servers Laptops Users (Employees) Desktops Network Zone Key Firewall IDM Host-Based DLP Anti-Virus Core Security Services Web App Firewall IDS/IPS Multi-Factor Auth Secure SDLC Tools Network DLP Database DLP Endpoint Encryption Database Encryption Database Firewall Access Controls Vulnerability Scanning Asset Management Logging & Alerts Config / Patch Management

So why doesn t this work for us? 6

What makes us unique? Open Accessible No distinct boundary Where is our perimeter? Who are our users? Where are our systems? 7

So what does IAM need to look like in a higher education environment? Know who is accessing your systems (identities) As you collapse your boundary, treat every user as untrusted. Identify and document what access a student should have. How is this different from staff? How is this different from alumni? Treat every individual user as the new perimeter. How would you apply a firewall rule to them? Re-define your new perimeter. Is it at the application layer? Is it at the data layer? Is it around your key information assets? Re-think Role Based Access Control it helps significantly. Consider every aspect of access. Not just the ones that are easy. 8

The association of roles to users Logical Grouping of Individuals Alumni Blackboard (alumni attributes) Student Blackboard (course materials) Staff Blackboard access (course materials + alumni attributes) Internal systems The key is to identify what the clashes or violations of access exist, and that becomes the boundary of the role. This considers principles of both Least Privilege and Segregation of Duties. Roles don t exist on their own We already have systems, and those systems already have been configured to allow and deny access to individuals. Role definition provides the framework to group access to provide the following benefits: Business user experience Governance capabilities Operational support Request and approval workflow Transfers Compliance 9

What does roles mean to me? What is a hybrid approach really mean and how do we build out a proper role definition framework? Top-down Job Functions aligned to business hierarchy (organisational chart) Business Roles (Security Manager, Staff, Alumni) Bottom-up Application / System information Entitlement Data (user specific from Active Directory) Hybrid Approach A mechanism that allows pragmatic attribute mapping of user identities to roles and personas that enable automation and governance aligned to business roles. Task Task name Task description H. Design University-Wide (Business) Roles Preliminary enterprise role definition and design Map enterprise roles to IT roles I. Design User IT Roles Preliminary IT role definition J. Role Mapping Define Rules and Constraints Define Role Ownership Map IT roles to enterprise roles Define Segregation of Duties (SoD) Define rules to assign users to roles Define processes for assigning role custodians and stewards 11

It s not just about giving access 12

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback