Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
You can change this under Settings & Account at any time.
Role-Based Access Control
Transcript of Role-Based Access Control
Requires strong enforcement tools
Requires total buy-in from the business
Requires highly skilled and trained administrators
Requires strong monitoring and logging
Requires more than just Active Directory Role-based Access Control Role-based Access Control Access Control:
controlling access to resources.
giving access to authorized persons; denying access to unauthorized persons What is RBAC A Role:
a job function which determines
the permissions a person has A Resource:
any service, item or object requiring
controlled access. Ex: a building, a printer,
an application or an email address. RBAC:
a means of controlling
access by assigning people
to roles, and roles to resources. In practice: A role is not the same as an HR job title. A single person can have more than one role Two people with the same job title can have different roles Two people with the same roles can have different job titles A good access control methodology supports strong Authentication, Authorization, and Accounting (AAA) Authentication: You are the right person Authorization: You have the right access Accounting: We can track and report on what you've done Between buildings, mailboxes, websites, applications, printers, file shares, rooms, computers, servers, services, etc., we currently have thousands of resources. Chevy Chase is assigned the "Loan Officer" role The role "Loan Officer" is assigned
edit rights to the resource "LO Website" Chevy Chase now has rights to
edit the resource "LO Website" People Role Resources What is the value in
Role-based Access Control? Compliance with regulations Highly Scalable and Elastic Least Privilege Separation of Duties (SoD) Supports well-known, required security principals Streamline and Automate Audit-ready transparency and reporting 1-click provisioning and de-provisioning What are the challenges? Identity & Access Management (IAM) Network Shares
1220 building badge system MaaS360 (MDM)
Onboarding Management site
LO sites Ethics Point
Asset Eval Apprasial
1220 Building Intrusion System
1218 Building Interior access control
1218 Building External Access Control
1218 Building Intrusion System DOCUTECH
FANNIE MAE - DU
THE WORK NUMBER
VA Currently an estimated 25% of services, applications, and sites can comply with the RBAC standard.
Identity & Access Management (IAM) is the next evolution in
end-to-end RBAC implementation. What is Identity & Access Management (IAM)? Definition: at the highest level it is
managing access and identities thorough
one source across disparate resources. "One source to rule them all,
One source to find them; One
source to bring them all
and through RBAC bind them" Case in Point:
I currently have 14 different
vi. Network Devices
vii. 1218 Building Alarm system
viii. 1218 Building Badge system
ix. 1220 Alarm system
xi. Microsoft Licensing site
xiii. Local computer access
WiFi - multiple branches How long would it take to de-provision me? If you needed to, how could you track my activity? How many hours would it take to provision a user to take my place? What are the key drivers for IAM? The consolidation of identities
The consolidation of administration points
The consolidation of monitoring and reporting
Heightened, tightened security... ...and yes, wait for it... Single sign-on authentication to all resources!!! Single sign-on Revealed... Definition: SSO, for our puroses,
Is simply the presentation of a
portal through which, after being
authenticated once, an employee
gains access to all resources
according to their role. Portal Could be presented through Channel A, Service Now,
or a custom interface supplied by IAM Summary... RBAC is...
Supported by IAM
Experienced through SSO
A Major Enterprise Initiative Requiring significant time, resources, and cost - but in the end will future-proof Academy Mortgage to scale and grow while remaining highly adaptive and elastic to changing conditions.
...It's not if, but when... Any Questions?