Modular and integrated IAM for the real world - On the Board

[MUSIC PLAYING] Hi, I'm Todd Peterson. I'm on the Identity and Access Management team here at Dell Software. And today, we're going to talk about a real-world example of an organization that has used the modular and integrated approach to totally nail down their identity and access management strategy. So let's turn to the Dell XPS One Touch Screen and get started. So this company is a large multinational industry-leading company whose name has been changed to protect the innocent. So we'll proceed with talking about their story. They had a very complex environment. They had Active Directory. They had a lot of Unix and Linux servers. They had a lot of custom applications that they built themselves. And of course, a lot of off-the-shelf applications. Years ago, they had implemented a very complex, very expensive, but very far reaching identity and access management framework in order to navigate the complexity of that environment and to secure the user access as well as the privileged account access. It ended up that there were things that this framework was not able to do for them. So they went looking for options to fill the gaps that they weren't able to build into the framework themselves. They started with their Active Directory environment, which was an absolutely critical component, and one that the framework didn't handle very well. First off, they did user activity monitoring on the framework. The ability to watch what users are doing, track changes, and report on those changes. That was all great, but they quickly realized that they also needed the ability to better manage the identities and the security of Active Directory itself. They came back and then added an Active Directory security and management solution that allowed them to put what we would call a virtual firewall around Active Directory, giving all the manageability, all of the functionality necessary to manage that most important directory in the way that it deserves. They soon realized that Active Directory was working very well for them now, but they had a lot of other directories that weren't. And the ones that were causing the most problems were the individual directories across thousands of Unix and Linux servers. So they discovered a technology called an Active Directory Bridge that allows them to extend Active Directory to their entire Unix and Linux environment, functionally removing the need to manage identity, to manage authentication and authorization across that entire environment. The one thing that then brought them was a perfect entry into privileged account management for the Unix environment. So all was fine and good. They're still working. They've simplified the framework implementation dramatically. Now, the thousands of connectors that would've been required to manage this environment has been reduced to a few dozen. And they're not as complex because you're not doing one connector for every Unix and Linux system that's in the environment. Soon they realized that a lot of their custom applications were also needing security beyond what they had built into them natively. So these applications were developed in-house, but every time they develop an application, a different developer would implement security in a different way. So it was very inconsistent. So what they did is they unified the security around their custom applications and externalized it so they simply plug those applications in to the rest of the environment. Along with that, that gave them the opportunity to expand to a single sign-on offering later on. It also then, gave them the opportunity to do a self-service password reset on Active Directory, which applies everywhere else as well. With this full end-to-end solution in place, it became apparent that the old framework that they had been using for years simply wasn't designed for this new modular and integrated, modern and business-centric approach to identity and access management they were achieving. So the last thing they did was threw that piece out and replaced it with another piece of the modular and integrated approach, which gave them a unified policy set, business driven attestation, and the other things necessary to do full access governance around the whole environment. So this environment became true IAM as opposed to the old way of doing IAM. To learn more about how this modular and integrated approach can help you in your identity and access management challenges, visit us at software.dell.com/identitymanagement. Thanks for watching.