Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Role-Based Access Control

No description
by

Glenn Paul

on 7 October 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Role-Based Access Control

What is it & Why does it matter? Requires documented procedures and processes
Requires strong enforcement tools
Requires total buy-in from the business
Requires highly skilled and trained administrators
Requires strong monitoring and logging
Requires more than just Active Directory Role-based Access Control Role-based Access Control Access Control:
controlling access to resources.
giving access to authorized persons; denying access to unauthorized persons What is RBAC A Role:
a job function which determines
the permissions a person has A Resource:
any service, item or object requiring
controlled access. Ex: a building, a printer,
an application or an email address. RBAC:
a means of controlling
access by assigning people
to roles, and roles to resources. In practice: A role is not the same as an HR job title. A single person can have more than one role Two people with the same job title can have different roles Two people with the same roles can have different job titles A good access control methodology supports strong Authentication, Authorization, and Accounting (AAA) Authentication: You are the right person Authorization: You have the right access Accounting: We can track and report on what you've done Between buildings, mailboxes, websites, applications, printers, file shares, rooms, computers, servers, services, etc., we currently have thousands of resources. Chevy Chase is assigned the "Loan Officer" role The role "Loan Officer" is assigned
edit rights to the resource "LO Website" Chevy Chase now has rights to
edit the resource "LO Website" People Role Resources What is the value in
Role-based Access Control? Compliance with regulations Highly Scalable and Elastic Least Privilege Separation of Duties (SoD) Supports well-known, required security principals Streamline and Automate Audit-ready transparency and reporting 1-click provisioning and de-provisioning What are the challenges? Identity & Access Management (IAM) Network Shares
Password State
VisionApp
Solarwinds
Exchange
Kace Ticketing
1220 building badge system MaaS360 (MDM)
SFTP
LMS
VDI
ChannelA
Appraisal Services
Service Now
Onboarding Management site
LO sites Ethics Point
Compease
Reg K
All Regs
Interthinx
AtTask
Inco-Check
Loyalty Express
Bomgar
Blackberry Server
Second Copy
Optimal Blue
Secondary Interactive
Trade Web
Payroll Transmission
Commission Pro
TimeForce
AMB
MERS eRAMP
Motivity
Basecamp
BMI Imaging
Datatrac
Rata Comply
Second Look
ADP
IHM
FIS
Asset Eval Apprasial
STIPS Tracker
Regulatory University
FraudGuard
Docutech
1220 Building Intrusion System
1218 Building Interior access control
1218 Building External Access Control
1218 Building Intrusion System DOCUTECH
FHA
FANNIE MAE - DU
GUS
INCOCHECK
INTERTHINX
MERS
REGULATORY UNIVERSITY
THE WORK NUMBER
UCDP
VA Currently an estimated 25% of services, applications, and sites can comply with the RBAC standard.

Identity & Access Management (IAM) is the next evolution in
end-to-end RBAC implementation. What is Identity & Access Management (IAM)? Definition: at the highest level it is
managing access and identities thorough
one source across disparate resources. "One source to rule them all,
One source to find them; One
source to bring them all
and through RBAC bind them" Case in Point:
I currently have 14 different
identities -
i. AD
ii. IHM
iii. ADP
iv. FIS/LMS
v. Firewalls
vi. Network Devices
vii. 1218 Building Alarm system
viii. 1218 Building Badge system
ix. 1220 Alarm system
x. KeePass
xi. Microsoft Licensing site
xii. VisionApp
xiii. Local computer access
WiFi - multiple branches How long would it take to de-provision me? If you needed to, how could you track my activity? How many hours would it take to provision a user to take my place? What are the key drivers for IAM? The consolidation of identities
The consolidation of administration points
Productivity gains
The consolidation of monitoring and reporting
Self-service portal
Heightened, tightened security... ...and yes, wait for it... Single sign-on authentication to all resources!!! Single sign-on Revealed... Definition: SSO, for our puroses,
Is simply the presentation of a
portal through which, after being
authenticated once, an employee
gains access to all resources
according to their role. Portal Could be presented through Channel A, Service Now,
or a custom interface supplied by IAM Summary... RBAC is...
Compliance-driven
Supported by IAM
Experienced through SSO

A Major Enterprise Initiative Requiring significant time, resources, and cost - but in the end will future-proof Academy Mortgage to scale and grow while remaining highly adaptive and elastic to changing conditions.


...It's not if, but when... Any Questions?
Full transcript