Deep Identity - Solution Overview

Christer Cruz | Sales Consulting Manager

Agenda:

Industry Trends & Challenges

Business Challenges
Solution Overview
Business Benefits of Implementing IDM
Solutions
First Look @ New V5 User
Competitive Differentiator

Market Trends:
1. Growing Market Security Awareness
2. Regulatory Pressure

Trend #1: Increased IT

Spending & Focus on
the wrong risks
BUDGET 2013/2014
Medium & Large
Enterprises

WHERE IT SECURITY BUDGET GOES:

Advanced Persistent Threats (APT)
Endpoint Security & Malware
Network Security
REALITY CHECK
Email Security
against servers
Mobile94%
Security
66% of sensitive data in databases
..
96% Non-compliance PCI
5% Privilege Misuse
32% of Hacking involved stolen
login credentials

Trend #2: Employees and

contractors are the most cited
source of vulnerabilities
85%

Global State of Information

Security Survey 2016

Trend #3:
The use and amount of
data in enterprises has
increased exponentially

Top spending priorities over the next 12

months
Key findings from The Global State of

Information Security Survey 2015

Global State of Information

Security Survey 2016

Business Challenges

Identity and Access Management Challenges

For USERS

How to request a change?

Who must approve the change?
When will the change be completed?
Too many passwords.
Too many login prompts.

Identity and Access Management Challenges

For IT Operations

Onboarding, deactivation, transfer across many apps is challenging.

More apps all the time!
What data is trustworthy and what is obsolete?
Not notified of new-hires/terminations on time.
Hard to interpret end user requests.
Who can request, who should authorize changes?
What entitlements are appropriate for each user?
The problems increase as scope grows from internal to external.
Complexity of Managing User Profiles across various/siloed applications.

Identity and Access Management Challenges

For Developers..
Need temporary access (e.g. prod migration).
Half the code in every new app is the same:
Identify.
Authenticate.
Authorize.
Audit.
Manage the above.
Mistakes in this infrastructure create security holes.

Identity and Access Management Challenges

For Security, Risk, and Audit..

Orphan, dormant accounts.

Too many people with privileged access.
Static admin, service passwords a security risk.
Weak password, password-reset processes.
Inappropriate, outdated entitlements.
Who owns ID X on system Y?
Who approved entitlement W on system Z?
Limited/unreliable audit logs in apps.

Business Drivers

Business Drivers for IAM

Security and
Controls

Regulatory
Compliance

Reliable
deactivation.
Strong
Authentication.
Appropriate
security
entitlements

BSP 808, PDPA,

BSP Identity
Theft Memo,
PCI-DSS, SOX,
HIPAA, EU
Privacy
Directive, etc.
Audit User
Access Rights

IT Support Costs

Service / SLA

Helpdesk Call
Volume
Time/Effort to
manage access
rights.

Faster OnBoarding
Simpler
Request /
Approval
process
Reduce burden
of too many
login prompts
and passwords

Business Drivers for IAM

Appropriate access rights.

Timely access termination.
Effective authentication.

How do we get started?

Getting an IAM Project started.

Plan of attack.value based selling

Build a business case.

Get management sponsorship and a budget.
Discovery phase, capture detailed requirements.
Assemble a project team:
security
system administration
user support
etc.
Try before you buy: Demos, POCs, Live Demo.
IAM Solution Discovery and Roadmap Discussion.

Identity and Data Governance

Identity and Access Management 101

Identity Management

Provisioning

process for managing the entire life cycle of

digital identities, including the profiles of
people, systems, and services

Access Management
is the process of regulating access to information
assets by providing a policy-based control of who
can use a specific system based on an
individual's role and the current role's permissions and
restrictions

De-Provision

IAM
Report and Audit /
Reconcile

Enforce/Access
Review

Goal of Identity and Access Management

IT Security Basics
Whos who , Whats What & Who has access to What

ACCESS

ACCESS

Employee
Partners
Customers
Suppliers
Anyone
Databases
Folders
Cloud Storage
Portals

Cloud Applications
On-premise Applications

ENTITLEMENT CATALOG

Who is Deep Identity?

Who is Deep Identity?

Identity Governance. Optimized.
A niche IT Security Technology vendor based and 100% owned in Singapore
Comprehensive and completely automated solutions for Identity and Data
Governance solution.
Offer a comprehensive and unique solutions built based on layered approach
to address Identity Governance & Administration, and Unstructured (Big) Data
Governance
Part of Temasek Group, subsidiary of Trusted Source Pte Ltd.

Who is Deep Identity?

Our Customers in Singapore

Analyst View

Gartner in its Dec 2013 MQ report says Deep

Identity remains the only IGA product vendor
Gartner has identified that is headquartered in
the Asia/Pacific region.

Kuppingercole in the April 2014 report

says that The Innovators segment
contains only one vendor, Deep Identity.
They are rather innovative, even with
respect to some Identity Provisioning
features.

Access Control/Governance for SAP Environments

INNOVATION LEADER

Accreditation @ IDA
What this mean to Deep Identity:
Green lane - The Government procurement process has been
streamlined to allow accredited companies to be considered first by
Government agencies.
Increase the visibility of accredited companies
Match government lead demand with innovative supply.

http://www.ida.gov.sg/Collaboration-and-Initiatives/Initiatives/Store/Accreditation-IDA

Solution Overview

What we offer today

Comprehensive Identity & Data Governance
Solution:

Identity Audit & Compliance Manager

Identity Manager
Data Governance Manager
Privilege Identity Manager

Identity Audit & Compliance Manager

Deep IACM
Comprehensive Layered Approach to address Identity
& Access Governance
Automatic Detection & Notification of Violation
User & Role Attestation
Compliance Management
Workflow
Risk Scoring
Reporting & Analytics

Three Phased Attestation

Comprehensive attestation (User & Role Access Certification)
approach, IACM provides capability to implement 3 phase
attestation process as below:
Self-service Attestation
Attestation by Manager/Group/Department
Attestation by Endpoint Systems

Enables organization to implement review of user access matrix

structural manner and with complete coverage and visibility.

Side-Benefits.
Security aspect is one thing.
Types of Reports:
Last Login
Last Password Change
How many functions / modules they are using?

Identity Audit & Compliance Manager

Deep IACM
Comprehensive Layered Approach to address Identity &
Access Governance
Automatic Detection & Notification of Violation
User & Role Attestation
Compliance Management
Workflow
Risk Scoring
Reporting & Analytics

Compliance Management
IACM provides out-of -the box policy templates for enterprises to perform
compliance check. Such checks include:

Separation of duties (SoD) Within a particular systems and across systems

User Compliance & Sensitive Access
Password Compliance
Unauthorized user/groups assignments

Risk scoring includes the ability to automatically assign risk typically low,
medium and high.
Complex risk scoring is based on user role assignment, user behavior and
compliance violations.

Compliance Lifecycle

Compliance Management
Integrated SoD & GRC Solutions
Across SAP
& third party
Applications

Detailed SoD
Checks across
Users, Profiles,
Roles & TCODEs
Across App,
DB and OS

Support
Cloud-based
Applications

Across All
SAP Modules
& Environment

Identity Manager
Deep IM

Provisioning / de-provisioning, transfer

Password Management
Access Request Management
Data Synchronization/Replication
Self-service:

Registration
Profile Administration
Password Reset/Account Unlock
Self-service Attestation

Identity Manager
Identity Portal for iOS and Android Phones

Identity Manager
Identity Portal for iOS and Android Phones

Data Governance Manager

Deep DGM
Data discovery and profiling
Identify in-active, orphan, duplicate, & sensitive files

Data Access Request Management

Create folder (and assign users to folder)

Attestation for Data Access

Analytics & Dashboard

Data Governance Manager

Architecture

Privilege Identity Manager

Deep PIM

Privilege Access Request

Privilege Command Manager (UNIX)
Secure Desktop Connection Manager
Session Recording & Logging
Video Logging
Keystroke Logging

Privilege Identity Manager

Deep PIM

Architecture

Solution Architecture

VM / Deployment Architecture

Security Architecture

Business Benefits

Positioning (Use Case)

Business Problem:
Customers current system setup cant offer an unified user identity management for different target systems. IT admin
need to do the management such as user creation, checking, password reset, and generating reports work manually and
individually in different systems. Its time consuming, and affecting the operational efficiency.

Challenges:
User management provision and reconciliation are independent for different target systems and applications. Its hard and
time consuming for the unified user management.
Provide the visibility of the current and existing user profiles.
Provide a centralized repository of users being provisioned upon.
Compliance reporting functionality cant generate compliance-driven reports.

Business Benefits:
Deep Identity understands the current tedious, and labour-intensive manual process for provisioning and deprovisioning of employees - which are time-consuming, costly and can be prone to error.
These manual processes generally result in loss of productivity, lack of audit trail, and could potentially pose
security risk to our customer.

Key Focus Areas

Benefits

User Provisioning and Attestation

Have centralized and automated application which will perform the provisioning and access
review tasks, thus simplifies user administration and provides security for the data.

User Tracking

Have centralized application which will be able to present current and existing users and their
respective access to different target systems.

Compliance Reports

Have a tool which will be able to generate compliance-driven reports, meeting compliance
reporting needs. Comply with SoD and GRC regulations.

User Management (Privilege) and Access

Have a centralized repository which will store all users information to offer different applications
or systems with this centralized user repository as the basis of authorization.

We are here to help..

Establish realistic and achievable business value expectations for the
IAM program (Business Requirements and Business Case
Development)
1. The risk and compliance driven business case.
2. The operational effectiveness or cost savings driven business case.

3. The business enablement driven business case.

We are here to help..

Strategic Approach to crafting an IAM Business Case

Current state assessment; capability maturity; IAM maturity model;

assessment report

Summary of Benefits (High Level)

Enhanced
Security

Enhanced User
Experience

Increased
Productivity

Improved
Efficiency

Systematic cleanup of unauthorized

accounts

Self-service web
portal to view self
access rights,
request for a new
access right, create
a new group, etc.
Email notifications
whenever there is
any actions
required

Default system
access to be given
to new joiners on
Day One

Staff spending less

time on admin
routines
(estimated
$60,000 soft
savings per year)

Enforcement of
Segregation of
Duties policies,
within and across
applications

Reduced
turnaround time
to provision new
access upon
request

Competition & Differentiator

Know your Competition

Big Boys

IBM
CA Technologies
Novell
Oracle
Dell

Niche Players

Sailpoint
Aveksa
Courion
CrossIdeas

Cloud Players
Okta
ForgeRock

Data Governance Players

Varonis
Stealthbits

Compliance/GRC Players
SAP GRC
Archer

Competitive Differentiator
Features and functionality against leaders in the market

Value Add/Differentiator

Total Cost of Ownerships

TCO and
Investment Value over
3-5 Years

Value for Money

Professional
Services
Software License
Hardware

V5 First Look & Roadmap

Product Roadmap
Integrated Identity, Access & Data Governance Suite (V5)

Identity
Governance
& Administration

Access
Management

Data Governance

Identity Audit &

Compliance
Manager

Web
Single
Sign-On

Data
Governance
Manager

Identity
Manager

XACML/ABAC
Entitlement
Server

Data
Crawler

Privilege
Identity
Manager

Deep Identity
TACACS+

Connectors Roadmap

DI Connectors

OS

Win

Unix
Telnet/SSH

DIRECTORIES

AD

AD Cloud Sync

Data storage
devices

Mail/collab systems

MS SQL

Windows

Exchg Server

Oracle

EMC

My SQL

SharePoint
Server

DB

Password Filter
IBM
IBM Z/OS
AS/400

Generic LDAP
V2&V3

DB App Table

LNS Domino

Google Usr
Mgmt.

ERP

SAP Usr Mgmt

SAP EP

Oracle
eBusiness Suit

Oracle
PeopleSoft Usr
Mgmt.

FTP

1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.

AD
LNS
SAP EP
SAP User Management
SAP HRMS
Windows
Unix
MS SQL
Oracle 11g/12c
Exchange server
ERP > Oracle eBusiness Suit
ERP> Oracle people soft user management
HRMS > Oracle PeopleSoft
HRMS > Oracle eBusiness suit user management

Portals

SharePoint

CLOUD/Third Party
Integration

IBM WebSphere
MQ

Web Services/API

SPML

SCIM

Cloud Application

Office 365

HRMS/TS ER

Privilege User
Management

SAP HRMS

Xceedium

Google Usr
Mgmt

Oracle PeopleSoft

Salesforce Usr
Mgmt.

Oracle eBis
Suite usr Mgmt

Off-Line/FlatFile Recon

Workday

CyberArc

Summary

Integrated Identity & Data Governance Solution

Complete
- Supports both On-Premise
and Cloud App and Infra
- Internet of Things (IoT)

Automated & Integrated

- End-to-end Automation
- OOB Integration

Lightweight
- Most Lightweight Solution & Lower TCO
- Agentless

Call to Action.

Technical Deep-Dive with Pre-Sales Team

Product Positioning / Licensing / Support
Nominate Accounts

THANK YOU!