building your roadmap sucessful identity and access management
DESCRIPTION
TRANSCRIPT
Building Your Roadmap:
Successful Identity and Access Management (IAM)
2 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
What are the CXO’s telling us?
“It’s too expensive and manual to make
sure we’re addressing all the necessary
regulations. And then we have to do it all over again for the
next time.”
ContinuousCompliance
Escalating Administration Costs
Ghost User Accounts
Auditors’ Requirements
Leverage-able It Infrastructure
Negative Security-Related Publicity
Accumulating& Inappropriate
Privileges
Help Desk Overload
3 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
What are the CXO’s telling us?
“25% of my help desk calls are related to resetting
forgotten passwords!”
ContinuousCompliance
Escalating Administration Costs
Ghost User Accounts
Auditors’ Requirements
Leverage-able It Infrastructure
Negative Security-Related Publicity
Accumulating& Inappropriate
Privileges
Help Desk Overload
4 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
What are the CXO’s telling us?
“There is just no budget to hire more IT administrators, but our
user population is growing, particularly
as we bring more customers/partners
online.”
ContinuousCompliance
Escalating Administration Costs
Ghost User Accounts
Auditors’ Requirements
Leverage-able It Infrastructure
Negative Security-Related Publicity
Accumulating& Inappropriate
Privileges
Help Desk Overload
5 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
What are the CXO’s telling us?
“I still have accounts in my
systems for users that are long gone!”
ContinuousCompliance
Escalating Administration Costs
Ghost User Accounts
Auditors’ Requirements
Leverage-able It Infrastructure
Negative Security-Related Publicity
Accumulating& Inappropriate
Privileges
Help Desk Overload
6 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
What are the CXO’s telling us?
“As employees and partners change
responsibilities they keep acquiring new
system privileges with us while none are removed. How do I
fix that?”
ContinuousCompliance
Escalating Administration Costs
Ghost User Accounts
Auditors’ Requirements
Leverage-able It Infrastructure
Negative Security-Related Publicity
Accumulating& Inappropriate
Privileges
Help Desk Overload
7 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
What are the CXO’s telling us?
“Internal and external auditors need to see if
you have sufficient control over your IT
systems and access to private data. Auditors don’t care generally how much it costs.”
ContinuousCompliance
Escalating Administration Costs
Ghost User Accounts
Auditors’ Requirements
Leverage-able It Infrastructure
Negative Security-Related Publicity
Accumulating& Inappropriate
Privileges
Help Desk Overload
8 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
What are the CXO’s telling us?
“Enterprise architects hate to see
the IT ‘wheel’ continually reinvented.
IAM should be employed and
managed as part of enterprise architecture.”
ContinuousCompliance
Escalating Administration Costs
Ghost User Accounts
Auditors’ Requirements
Leverage-able It Infrastructure
Negative Security-Related Publicity
Accumulating& Inappropriate
Privileges
Help Desk Overload
9 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
What are the CXO’s telling us?
“I don’t want to see my organization in
the news.”
ContinuousCompliance
Escalating Administration Costs
Ghost User Accounts
Auditors’ Requirements
Leverage-able It Infrastructure
Negative Security-Related Publicity
Accumulating& Inappropriate
Privileges
Help Desk Overload
10 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Doing More with Less is no longer a temporary economic issue –
it is here to stay.
The Essence of Business
LESS BUDGETLESS STAFF
SHORTER SCHEDULEREDUCE COSTS
COSTS TIME
MORE USERS MORE ACCESS
MORE FLEXIBILITYMORE APPS
MORE PARTNERSMUCH FASTER
USERS TRANSACTIONS
COMPETITIVE EDGECONDUCT BUSINESS
11 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Definition of Identity & Access Management (IAM)
> Identity & Access Management is the set of processes and the supporting infrastructure and systems for the creation, management and use of digital identities and enforcement of security-related business policies
Who’s there? What can they do?
What dothey need?
How do you manage them?
> Authentication management
> Access control
> User management
> Delegated administration
> Workflow
> Self-service
> Account, resource provisioning
> Account, resource de-provisioning
Enterprise IT Management
Security Management
IAM
> It enables you to answer the following:
12 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Before…
Average Process 7-10 DaysIssues to Consider: Backlog Errors Requests Delays Impact on Productivity
NEWUSER
1. HR Request for Access
2. Manager Request for
Access
3. Policy Examination And
Approval IT
4. Policy Examination And
Approval Administration
5. Return for Corrections
6. Submit Revised Request
7. Revised Policy Examination And
IT Approval
8. Revised Policy Examination And
Approval Administration
9. Identified Exception
10. Exception Approval Granted
11. Approval Granted
UNSATISFIEDNEWUSER
12. Applications Set Up
13. IT Set Up14. Keeping Audit Trail
13 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
…And After
NEWUSER
3. Policy Examination Approval And
Execution
2. Manager Request For
Access
1. HR RequestFor Access
SATISFIEDNEWUSER
Average Process 30 Minutes
Issues to Consider: What would you do with the
spare time?
14 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Employment Life CycleA
CC
ESS &
TR
AN
SA
CTIO
NS M
AN
AG
EM
EN
T
Hire Promotion Relocation Team Project Departure
What is the Cost of Quarterly Reorganization?
15 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
IAM Business Drivers – The Complete Picture
IncreasingEfficiency
ComplyingWith Regulation
IncreasingSecurity
EnablingBusiness
16 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Exercise – Identify Your Business Drivers
Business Driver Weighted Average (Totaling 100%)
Comply with security regulations
Increase user satisfaction
Reduce cost of IT resources
Streamline business processes
Enable Web services
Secure company data
Increase IT productivity
Manage user life-cycle more effectively
Increase customer and partner satisfaction
Integrate enterprise security apps
Manage information risks
Improve Enterprise Services, SOA & IAM integration
Move your current provisioning toward “Phase 2”
17 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Business Benefits of IAM Functionality
Information Consolidation
Authentication & Authorization
Registration & Enrollment
Single Sign-On
Enabling a comprehensive picture of the entire organizational data
Facilitating an easy implementation of future applications
Managing resources more effectively
Scaling security
Increasing control
Eliminating redundancy in data management
Securing the company’s reputation
Attracting prospective customers to do business online
Securing important corporate data such as branding info
Complying with regulations such HIPAA, Gramm -Leach-Bliley act, 21 CFR part 11, and the Sarbanes-Oxley act
Scaling organizational security
Reducing account management time
Streamlining business processes
Delivering better web services
Increasing productivity of help desk and IT services
Increasing satisfaction of both internal and external users
Reducing calls to help desk
Enabling easy access with one account and one password
Reducing account management time
Improving help desk services
Delivering a better client web experience
Increasing user satisfaction
18 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Business Benefits of IAM Functionality
Password Management
Delegated Administration &
Self-ServicesAudit
Provisioning & Federated Identity
Increasing organizational security
Eliminating calls to help desk regarding password reset
Closing security gaps
Reducing account management time
Increasing user satisfaction
Reducing account management time
Increasing IT & help desk productivity
Decentralizing organizational control
Complying with regulations
Increasing control and management of information flow
Automating auditing and audit trail analysis as much as possible
Maintaining security through de-provisioning on termination, user clean-up and robust auditing capabilities
Managing access rights through centralized user management and delegated administration
Providing automated workflow
Addressing ebusiness initiatives promptly and efficiently to gain and maintain market share
Leveraging the system across the value chain and strengthening commitment
19 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Business Impact of IAM Functionality
Business Facilitation
Cost Containment
Operational Efficiency
Risk Management
User Satisfaction
ESA Support
Regulatory Compliance
Information Consolidation
Authentication and Authorization
Registration & Enrollment Single Sign-On Password Management
Delegated Administration & Self-Service
Audit Provisioning & Federated Identity
20 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
> What is the maximum capacity of your current system?
> What is the average growth in application development?
> What is the average impact of a reorganization?
> How often does a reorganization occur?
Key Questions Every Organization Must Consider
> What is the average turnover?
> What menial tasks you would like to eliminate?
> How long does it take to set up a new user in the current system?
> What is the cost associated with this process?
21 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
> How many users (customers, partners) will be given access?
> What is your annual application management cost?
> What is the cost of new user management?
> What is the annual cost of existing user management?
> What is the cost by security feature, per application?
Key Questions Every Organization Must Consider CONTINUED
> What is the financial impact of faster access to applications?
> What is the reduced IT management cost of federated provisioning across the extranet?
> What is the financial impact of IAM on supporting Business Processes & Enterprise Architecture?
22 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
> A common perception is that by avoiding IAM strategies, companies save money.
> In reality, avoiding IAM results in significant costs arising from inefficiencies and loss of productivity.
> There is a price for doing nothing:
The Price of Doing Nothing
Adding more help desk & IT personnel in the future.
Wasting more time on integration of future applications.
Incurring cost of trying to prove compliance to regulations through manual and un-integrated processes.
Taking the risk of a security breach, which can be tremendously expensive to the organization.
Incurring potential damage to your reputation.
Lagging behind other companies.
23 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
“Many midsized companies won’t consider identity management, because they think it is too difficult to deploy, too expensive to purchase and implement, and too complicated to administer and maintain. The problem is that it’s precisely when companies grow to mid-market ($150 million to $1 billion) that user accounts seem to multiply like rabbits…. Postponing an investment in some form of unified account or identity management often proves to be one of the most common — and costly — mistakes in security today.”
The Price of Doing Nothing
David Piscitello, Network World, 08/28/06
24 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
> Each company has its own estimates for these input figures.
> A certain section of Return on Negligence can affect one company more than another – it is customizable.
> It is difficult to capture future benefits of an IAM solution.
> Companies tend not to buy into external calculations.
> It is an overwhelming calculation that is difficult to prove.
Financial Drivers – Challenges
> It is the only way to get CFO endorsement.
> Despite the credibility challenges, financial justifications must be developed and managed.
> A critical failure point can be avoided by managing the promised RON past the initial purchase to ensure capturing all the promised financial rewards.
> During project design, a financial manager should join the team to monitor progress and results.
25 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Annual Potential for Cost Avoidance Related to IAM Solutions
Potential IT Cost Avoidance Related to User Provisioning $290,649Potential Lost Productivity Costs Avoidance Related to User Provisioning $220,027
Total Potential for Cost Avoidance Related to User Provisioning $510,676
Potential Lost Productivity (Due to Multiple Login Sessions) Cost Avoidance Related to SSO $673,828Potential Lost Productivity (Due to Trial & Error) Cost Avoidance Related to SSO $485,156Potential Help Desk Passwords Resets Cost Avoidance Related to SSO $354,883
Total Potential for Cost Avoidance Related to SSO $1,513,867
Potential Application Development Cost Avoidance Related to Web Access Control $135,000Potential Security Audits Cost Avoidance Related to Web Access Control $20,000Potential Extranets Help Desk Cost Avoidance Related to Web Access Control $195,186Potential Downtime Cost Avoidance Related to Web Access Control $30,000
Total Potential for Cost Avoidance Related to Web Access Control $380,186
• Please note that potential Help Desk Cost Avoidance alone amounts to $550,068 Per Year
Total Cost of Negligence per Year $2,404,729
Total Cost of Negligence for 3 Years $7,214,187
Return-On-Negligence (RON) on IAM Avoidance - Overview
26 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
RON for Typical Identity Management Tool – Basic Input
Company Details
Number of Internal Users (employees) 3,000
Number of External Users (partners and customers) 10,000
Rate of growth per year (% of users) 10%
Turnover rate per year (% of users) 10%
Rate of Moves, Adds and Changes (MACs) 15%
Annual Fully-Burdened Salary for IT Staff Member (Salary +15%) $90,850
Average Fully-Burdened Employee Salary (Salary + 15%) $90,850
Number of Work Hours Per Year 1920
27 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
RON for Identity Management – Industry Standard Assumptions
Assumptions
Number of Hours to Set up a New User 3
Number of Hours to Handle Moves, Changes (MACs) 1
Number of Hours to Delete Obsolete User 0.75
Number of Hours From Request Through Resolution (for New Account) 10
Number of Hours From Request Through Resolution for Moves/Changes (MACs) 14
28 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Company Details
Number of Internal Users (employees) 3,000
Average Number of Accounts per Internal User (Employee) 4
Annual Fully-Burden Salary for IT Staff Member (Salary +15%) $90,850
Average Fully-Burden Employee Salary (Salary + 15%) $69,000
Number of Work Hours Per Year 1920
RON for Single Sign-On – Basic Assumptions
29 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Assumptions
Time Spent to Login to a Single Account (Minutes) 0.50
Average % of Total Logins that Are Incorrect Out of Total Logins 10%
Average % of Incorrect Logins to be Solved by Trial and Error 80%
Average Time to Trial and Error Forgotten Password Per User (minutes) 2
Average Length of Help Desk Call (Minutes) 10.0
RON for Single Sign-On – Industry Standard Assumptions
30 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Calculations Results
Lost User Productivity Cost Due to Multiple Login Sessions
Login Sessions Per User Per Year 1,000
Number of Hours Spent on Login Sessions Per Internal User Per Year 8
Hourly Cost of Typical Employee $36
Cost of Lost Productivity (Due to Multiple Login Sessions) $898,438
% Lost User Productivity Cost Savings Provided by Single Sign-On 75%
Potential Lost Productivity Costs Avoidance Related to SSO $673,828
Lost User Productivity Cost Due to Trial & Error of Forgotten Password
Total Number of Incorrect Logins Per User Per Year 100
Total Number of Incorrect Logins Solved by Trial & Error per User 80
Total Number of Incorrect Logins Solved by Help Desk Assistance Per User 20
Time Spent on Trial & Error Per User Per Year (hours) 3
Time Spent on Help Desk Calls Per User Per Year (hours) 3
Total Cost of Lost Productivity (Due to Trial & Error of Forgotten Password) $646,875
% Lost User Productivity Cost Savings Provided by Single Sign-On 75%
Potential Lost Productivity (Due to Trial & Error) Costs Avoidance Related to SSO $485,156
RON for Single Sign-On – Avoidance Impact
31 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
RON for Web Access – Basic Input
Company Details
Number of External Users (partners and customers) 10,000
Rate of Growth per Year (% of users) 10%
Turnover Rate Per Year (% of users) 10%
Number of New Extranet Applications Per Year 15
Number of Security Audits Per Year 10
Annual Fully-Burdened Salary for IT Staff Member (Salary +15%) $90,850
Number of Work Hours Per Year 1920
32 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Assumptions
Average Access Control Development Cost Per Extranet/intranet Application $12,000
Average Cost of Security Audit $4,000
Average Number of Help Desk Calls Per User per Year 11
Average % Help Desk Activity Related to Passwords 30%
Average Length of Help Desk Call (Minutes) 10.0
Average Application Downtime Cost Per Hour (Due to Security Breach) $30,000
Average Number of Downtime Hours Per Year (Due to Security Breach) 2
RON for Web Access – Industry Standard Assumptions
33 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Calculations Results
Cost of Application Development Time Associated with Access Control
Cost of Hard-Coding Access Control $180,000
% Application Development Cost Savings Provided by Web Access Control 75%
Potential Application Development Costs Avoidance Related to Web Access Control $135,000
Cost of Security Audits per Year
Cost of Security Audits per Year $40,000
% Security Audits Cost Savings Provided by Web Access Control 50%
Potential Security Audits Costs Avoidance Related to Web Access Control $20,000
RON for Avoidance Impact – Web Access
34 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Calculations Results
Cost of Help-Desk (not using Self-Registration and Self-Service)
Number of Help Desk Calls Per Year 110,000
Number of Help Desk Calls Related to Passwords Per Year 33,000
Total Time Spent by Help Desk staff on Passwords Related Calls Per Year (Hours) 5,500
Cost of IT Labor Per Hour $47
Cost of Help Desk Related to Extranets $260,247
% Extranets Help Desk Cost Savings Provided by Web Access Control 75%
Potential Extranets Help Desk Costs Avoidance Related to Web Access Control $195,186
Cost of Downtime Due to Attacks Caused by Unauthorized Access
Cost of Downtime $60,000
% Downtime Cost Savings Provided by Web Access Control 50%
Potential Downtime Costs Avoidance Related to Web Access Control $30,000
Total Potential for Cost Avoidance Related to Web Access Control $380,186
RON for Avoidance Impact – Web Access CONTINUED
35 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
RON for Identity Management – Avoidance Impact
User Account Management Cost
Number of New Users Per Year 1300
Number of MACs per Year 1950
Number of Account Terminations Per Year 1300
Total Time Spent Annually on User Account Management (Hours) 6825
Cost of IT Labor Per Hour $47
Annual Cost of User Account Management by IT $322,943
% IT Cost Savings Provided by User Provisioning 90%
Potential IT Cost Avoidance Related to User Provisioning $290,649
36 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
RON for Identity Management – Avoidance Impact CONTINUED
Lost User Productivity (Due to Account Management) Cost
Number of New Internal Users/Employees Per Year 300
Number of MACs per Year for Internal Users (Existing Employees) 450
Hourly Cost of Typical Employee $47
Cost of Lost Productivity For New Employees $141,953
Cost of Lost Productivity For Existing Employees $298,102
Total Lost Productivity Costs Per Year (Due to Account Management) $440,055
% Lost User Productivity Cost Savings Provided by User Provisioning 50%
Potential Lost Productivity Cost Avoidance Related to User Provisioning $220,027
Total Potential for Cost Avoidance Related to Admin $510,676
37 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Rank financial drivers criteria by organizational importance
Industry standard figures
Estimates for your organization
Where do I get the numbers from?
Exercise – Building Your Own Financial Plan
38 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Tip for Consideration
No financial plan or RON analysis will be credible unless it is managed throughout the entire process to ensure capturing the promised results.
39 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
Pitfalls to Avoid
> Don’t set unachievable goals.
> Don’t try to “boil the ocean”.
> Don’t reduce cost through reducing business workflow analysis.
> Don’t look at IAM as an IT type project.
> Don’t expect to operate IAM without organizational changes and commitments.
> Don’t expect to operate IAM without reengineering some business process.
> Don’t exclude any organizational stakeholder or those with conflicting agendas.
40 April 8, 2023 Building Your Roadmap: Successful Identity and Access Management (IAM) Copyright © 2007 CA
One Last Word …
Good luck!
The longest journey starts with a single step.