Paranoid IAM: Process and Architecture
Time 12/11/19 09:00AM-09:50AM
Room Oak Alley (4th)
Most enterprise risk and incident management discussions do or should involve IAM. Are you happy with the speed and quality of your answers when your audit, security, compliance, privacy, or emergency management team comes calling?
In this talk, we'll discuss changes Duke has made to bring transparency and administrative self-service to IAM operations, including:
* On-demand audit reports and standard remediation playbooks for local access concerns
* Standardized templates for automated provisioning/de-provisioning mechanisms that scale reliably
* Streamlined and flexible attribute release policies standardized across retrieval mechanisms
* Distributed curation and centralized presentation of dynamic groups suitable for reporting and access decisions
* Automated visualizations of problem states and projections to resolution time to inform priorities and resource allocation
* Insights into who has (or has had) access to what and why, paired with mechanisms for administrative interruptions to access
We'll discuss specific tooling (with a special focus on Grouper and CAR) as well as generalized principles and lessons that can be applied to any technology stack. Come bring us your pain points, and we'll talk automation/delegation!
Primary track InCommon
Secondary tracks Information Security