Extending IBM Security Identity Manager
With StealthAUDIT for Data & Access Governance
Charlie Palella – IBM Alliance Manager
charlie.palella@stealthbits.com
Sean Cataldo – GM, Data & Access Governance
sean.cataldo@stealthbits.com
Jeff Warren – VP, Product Mgt. Data & Access Governance
jeff.warren@stealthbits.com
Agenda
 Unstructured Data Access Challenges
 Managing Privileged Identities
 Enabling Complete IAM Governance
Unstructured Data Challenges
 Access Sprawl
o
o
Joiner, Mover, Leaver Activity Management
Distributed Entitlements
•
o
Unlike applications, unstructured data entitlements
are widespread at the folder level
Access Never thoroughly Reviewed/Adjusted
 Data Explosion
o
80% of Data is in Unstructured Data Sites
•
o
o
SharePoint, File Systems, SQL, etc.
Estimated that 30-40% of that data is sensitive
Gartner predicts 650% increase in next 5 years
 Risk Exposure on the Rise
o
o
o
o
Brand, Revenue & Reputation Exposure
Security Breach / Insider Threat
Compliance Findings
Service Level Impacts
Managing Access to Unstructured Data
Privileged
Identities
User
Access
Extending PIM to Unstructured Data with StealthAUDIT
Managing Privileged Identities
Setting the Stage for PIM
PIM
ESSO
I need access to
this Server.
IT Admin
SIM
I need access to
this Database.
IT Admin
I need access to
this Web App.
IT Admin
How StealthAUDIT Helps…..
❶
DISCOVER
❷
CONFORM
❸
PUBLISH
❹
MONITOR
Monitor
Discover
User risk
Activity
Where
exists
PIM
User
Logons access
Who has
privileged
How they areESSO
have privileged
access
SIM
Our Value Proposition for PIM
Capability
Benefit
Discovery &
Conformance
Find any “back doors” to circumvent PIM and close them
where it matters the most
Monitor Activity
Know exactly what files administrators touched, modified,
read, copied, etc.
Monitor Logons
Know when Privileged IDs not managed by PIM logged
onto the system
Publish to PIM
StealthAUDIT can feed information directly to PIM to
ensure all Privileged Identities are managed centrally
StealthAUDIT Integration with IBM’s PIM and SIM
Governing User Access
Access Governance for Unstructured Data
Access
Recertification
SIM
Self-Service
Access
StealthAUDIT®
Directory
Services
Applications
SharePoint
Databases
File
Systems
How StealthAUDIT Helps…..
❶
Discover Critical Unstructured Data Resources
❷
Correlate Access & Permissions
❸
Determine Resource Ownership
❹
Publish to SIM
IBM & STEALTHbits: One Stop Access Governance
SIM: Governs User Access to Applications…but what about the Data?
What SIM Does
Natively
With StealthAUDIT
Provision User Access
to Applications (ex. PeopleSoft)
to Data (ex. the Finance Share)
Review User Access
to Applications
to Data
De-Provision User Access
to Applications
to Data
PIM: Governs Known Privileged Identities …but what about the Unknown?
What PIM Does
With StealthAUDIT
Control shared access to sensitive User IDs
Discover Backdoor Privileged ID’s residing within Data (ex. Local Admin Group)
Request, approve and re-validate privileged access
Identify Un-managed Privileged Identities
Track usage of shared identities
Monitor Privileged Identity Activity
Automated password management
Ensure Sensitive Resources are only Accessed by the PIM Controlled Accounts
For Applications ,Data and Privileged Identities!
Contact Us for Additional Details
1. STEALTHbits Partner Alliance Manager
o Charlie Palella: charlie.palella@stealthbits.com
2. Visit our developerWorks® website
3. Visit www.stealthbits.com