Best Practices for Lean, Efficient and Focused Information Security Projects
From our Advisory Services, KuppingerCole has a long and comprehensive experience in how to do Information Security Projects in a lean, efficient, and focused way. This session will provide you advice on how to mitigate your project risks, how to solve the IT/Business alignment challenge in such projects, and how to ensure that you end up with the solution you need – and not the solution your auditor’s preferred consultants or the technology vendor have in mind. There is a lot of room for improving your projects to better meet your targets while keeping the projects lean.
Identity and Security Intelligence
Security is now as much a question of visibility as it is of controls. Enterprises need to be able to see what’s happening throughout their physical and virtual environments, including both in house and in the cloud. This session discusses the role of identity management in security intelligence, including the kinds of information that enterprises need to collect, the kind of analysis that needs to be performed and the ways that the resulting security intelligence can be applied in making effective security decisions.
- Most things we look at in IAM systems like Identity Provisioning are focused on creating logs and historical reports, but not on analyzing real-time activities
- Most things we do for example in SIEM (Security Information and Event Management) or (even worse) at the firewall level (despite some advances in “next generation firewalls”
- Integrating IAM with DLP, SIEM, Firewalls thus is a must – security intelligence without taking identity into account is security stupidity
- When moving forward with new concepts like claims-based authentication and the underlying authorization another aspects comes into play – how do you monitor and analyze what is happening here? Things become even more complex and providing Governance and Intelligence here from the very beginning appears to be important
- In addition there will be some discussion about how to deal with “dynamic authorization management” environments from that perspective – when looking at XACML or claims-based concepts, we don’t rely on static access control lists but on policies and decisions made based on attributes/claims provided at real-time, which is a new aspect. That is probably a little outside of the key topic, nevertheless it makes sense
- Besides this there is the notion of Access Intelligence now which some vendors interpret just as using Business Intelligence technologies on identity-related log data (beyond reports) while other include real-time information from DLP or SIEM or whatever. You might discuss whether there is a need for that; whether this is really new (I’d say it is something which is just part of Access Governance); and what it should cover