Download   Report
  1. No category

Engage 30th – 31st March 2015 Let the Phoenix rise! Rationalise

Engage 30th – 31st March 2015 #EngageUG
Engage 30th – 31st March 2015
#EngageUG
Let the Phoenix rise!
Rationalise your IBM Domino
environment
Engage 30th – 31st March 2015 #EngageUG
Introduction
Stephanie Heit
• Director, BCC Ltd
• @StephanieHeit
Arshad Khalid
• Director of Technical Services
• @arshad101
• IBM Champion
Engage 30th – 31st March 2015 #EngageUG
Engage 30th – 31st March 2015 #EngageUG
Agenda
What We Do
IT Challenges Today
What's the Solution?
Case Studies
• Large Insurance Company: Boost Domino Security
• Global Bank: Standardise Administration
• Global Investment Firm: Streamline Application Management
Summary
Questions
Engage 30th – 31st March 2015 #EngageUG
What We Do
Solutions for securing Notes/Domino infrastructure
Automate underlying administration processes
Ensure regulatory compliance
Our solutions help organisations to
• Reduce risk
• Improve efficiency by securing and streamlining existing processes
• Lower cost.
Over 800 customers
Engage 30th – 31st March 2015 #EngageUG
Engage 30th – 31st March 2015 #EngageUG
Agenda
What We Do
IT Challenges Today
What's the Solution?
Case Studies
• Large Insurance Company: Boost Domino Security
• Global Bank: Standardise Administration
• Global Investment Firm: Streamline Application Management
Summary
Questions
Engage 30th – 31st March 2015 #EngageUG
IT Challenges Today
Engage 30th – 31st March 2015 #EngageUG
The Cost Pressure
The demands in IT
are growing and
assurance of safe
operations to make
powerful and
efficient systems is
the prime goal
7
More than 80% of
IT companies are
under enormous
increasing cost
pressures
Engage 30th – 31st March 2015 #EngageUG
Compliance Requirements
Sarbanes Oxley (SOX) – regulations for investments and securities
FINRA – regulations for investments and financial advisors
HIPAA – regulations for the protection and privacy of health information
Any company that deals with protected health information (PHI) must
ensure that all the required
• physical
• network and
• process security measures
are in place and followed
Engage 30th – 31st March 2015 #EngageUG
The Cost of Not Being Compliant
Brand Damage
Fines for Non-Compliance
Litigation Expenses
Examples
$1.45 billion judgement against Morgan Stanley for being unable to
produce reliable emails in the course of fraud litigation
$2.5 million fine against Merrill Lynch for failing to promptly produce
emails over a period of 17 months
Engage 30th – 31st March 2015 #EngageUG
Data Security and Integrity
High level admin skills are required
Admins have unfettered access to sensitive information
Example: NSA
• Why did they have a Security Leak?
• “The scariest threat is the systems administrator. The system
administrator has godlike access to systems they manage.” (Eric Chiu,
Hytrust, Security Advisor)
• http://www.nytimes.com/2013/06/24/technology/nsa-leak-puts-focuson-system-administrators.html?_r=0
Engage 30th – 31st March 2015 #EngageUG
Engage 30th – 31st March 2015 #EngageUG
Agenda
What We Do
IT Challenges Today
What's the Solution?
Case Studies
• Large Insurance Company: Boost Domino Security
• Global Bank: Standardise Administration
• Global Investment Firm: Streamline Application Management
Summary
Questions
Engage 30th – 31st March 2015 #EngageUG
What's the Solution?
Additional monitoring systems
Reduce required access rights
Provide system log trails
Implement a “two-man rule” to reduce risk
Ensure compliance by having a central audit proof log to record all
actions
Let machines do things that they’re better at doing
Reduction in TCO comes for free!
Engage 30th – 31st March 2015 #EngageUG
Automation is KEY!
Security
Reduce
TCO
Compliance
Automation
Engage 30th – 31st March 2015 #EngageUG
Engage 30th – 31st March 2015 #EngageUG
Agenda
What We Do
IT Challenges Today
What's the Solution?
Case Studies
• Large Insurance Company: Boost Domino Security
• Global Bank: Standardise Administration
• Global Investment Firm: Streamline Application Management
Summary
Questions
Engage 30th – 31st March 2015 #EngageUG
Case Study: Large US Mutual Life Insurance Co
Boost Domino Security – Challenges
Monitor, audit, log & report
• Notes admins activities
• Changes in Domino Directory (open, add, update, delete)
• Database ACL changes
• Document changes
Prevent (if possible)
• Unauthorised access to mailboxes
“Level 3 personnel are assigned full administrator rights to perform support functions. Domino does
not have a native auditing tool that would allow me to review if the administrators are making
”
undocumented changes or reading user mailboxes.
Engage 30th – 31st March 2015 #EngageUG
Case Study: Large US Mutual Life Insurance Co
Boost Domino Security – Options
Use Domino monitoring
• Not enough
Develop monitoring/auditing internally
• Needs to be maintained
• Investment of time and effort
• Not standard
Use a third party product
• Trusted by other customers
• Standardised features
• Maintenance is done by the vendor
Move away from IBM Domino!
Engage 30th – 31st March 2015 #EngageUG
Case Study: Large US Mutual Life Insurance Co
Boost Domino Security – Solution
Three key elements for IBM Domino Server Security
Server ID
Database
Access
Document
Access &
Change
Engage 30th – 31st March 2015 #EngageUG
Case Study: Large US Mutual Life Insurance Co
Boost Domino Security – Solution
Detailed monitoring in real time
• Track access
• Track modifications at field
level
• Old entry
• New entry
Prevent changes in real time
• Control Domino access
rights
• Even for Domino
admins/Managers
• Block access
• Block changes
Engage 30th – 31st March 2015 #EngageUG
Case Study: Large US Mutual Life Insurance Co
Boost Domino Security – Solution
Provide an additional security
layer
• Beyond ACL and document
access rights
• Manager, Designer or
Editors are not allowed to
perform changes
Add security at document field
level
• Provide different security
settings for single fields in a
document
• Manager, Designer or
Editors are not allowed to
change defined fields
Engage 30th – 31st March 2015 #EngageUG
Why protect your Domino Server ID?
What IBM says…
“We understand that most Domino servers are not password-protected to make unattended reboots
simpler, but the vault server's ID file is a key element in the security of your ID vault”
“..a sophisticated attacker with a vault database and one of the corresponding server IDs...would
have all of the cryptographic information needed to masquerade as the vault server and decrypt all of
the ID files stored in the vault”
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/securing-your-notes-id-vault-server
Engage 30th – 31st March 2015 #EngageUG
Case Study: Large US Mutual Life Insurance Co
Boost Domino Security – Solution
Protect Server ID
with passwords
• Assign random password
to server id
• Provide password at
startup
• Automatic restart possible
Protect ACL
• Prevent ACL Changes
• Track ACL Changes
• Control changes with
approval workflow
Protect Notes
document beyond
ACL settings
• Track access to document
• Prevent opening,
modification or deletion
• Control field level
changes with approval
workflow
Engage 30th – 31st March 2015 #EngageUG
Engage 30th – 31st March 2015 #EngageUG
Agenda
What We Do
IT Challenges Today
What's the Solution?
Case Studies
• Large Insurance Company: Boost Domino Security
• Global Bank: Standardise Administration
• Global Investment Firm: Streamline Application Management
Summary
Questions
Engage 30th – 31st March 2015 #EngageUG
Case Study: Global Bank
Standardise Administration – Challenges
100k users world wide
Reduce operating costs by 50%
Adhere to compliance regulations
Implement a standard universal user ID access management system
Used for
• On boarding
• Locking
• Unlocking
• Deleting
Admins spending a lot of time on mundane tasks
Engage 30th – 31st March 2015 #EngageUG
Case Study: Global Bank
Standardise Administration – Initial Situation
Lot of
development
efforts
Manual
monitoring
Highly skilled
administrators
required
Frequency of
human errors
can be high
Using
High access
rights
required
“internal”
Tools
Domino
Administrator
Client
Compliance
issue
Engage 30th – 31st March 2015 #EngageUG
Case Study: Global Bank
Standardise Administration – Solution
• Delegate the tasks to
Helpdesk, HR
• Provide Self Service
thru Request based
architecture
1.Organise
2.Standardise
• Convert admin tasks to
an IT Process
• A detailed checklist for
every task
• “Simple” standard
system environment
running the most current
IBM Domino release
• Processing checklists by
rules, profiles and
backend server tasks
• Ensuring Compliance by
having a central log
database to
automatically record all
actions
• Reduce access rights!
3.Automate
Engage 30th – 31st March 2015 #EngageUG
Case Study: Global Bank
Request
Standardise Administration
Expected rule based UserID
Creation of Person document in
DominoDirectory
Group entries corresponding to the
user are set in the profile
Mail file replica including
cluster created
Password calculated and distributed via
Mail / print or fax / SMS
Data directory of the user created
Basic settings stored, Address Book,
Workspace
User gets links, necessary applications
on the Workspace / Bookmarks
Engage 30th – 31st March 2015 #EngageUG
Case Study: Global Bank
Request
Standardise Administration
Send confirmation mail to
requestor
Send information mail to
business owner
Create Reporting entry
Send welcome mail to
new user
Engage 30th – 31st March 2015 #EngageUG
Case Study: Global Bank
Standardise Administration – Solution
Simplified System Administration
• Standardised technical procedures
Automation with Self-Service Application
• User and group management
• Mail-In databases
Result:
• Reduction of management costs by 50%
• Return on Investment in 8 Months
Engage 30th – 31st March 2015 #EngageUG
Engage 30th – 31st March 2015 #EngageUG
Agenda
What We Do
IT Challenges Today
What's the Solution?
Case Studies
• Large Insurance Company: Boost Domino Security
• Global Bank: Standardise Administration
• Global Investment Firm: Streamline Application Management
Summary
Questions
Engage 30th – 31st March 2015 #EngageUG
Case Study: Global Investment Firm
Streamline Application Management – Challenges
Use an approval process for:
• Updating application design
• Deploying new applications
• Blocking access to an application
• Requesting access to an application
• Locking and deleting an application
Simplify the application management process
• Automatic design update
• Reduce dependence on manual intervention
Audit all changes for compliance
Engage 30th – 31st March 2015 #EngageUG
Case Study: Global Investment Firm
Streamline Application Management – Solution
Convert
Administration
Tasks to request
forms
Configure Server
Tasks to execute
the request form
accordingly
Define standard
output
Engage 30th – 31st March 2015 #EngageUG
Case Study: Global Investment Firm
Request
Streamline Application Management - Solution
NSF file is created/updated from
template
ACL group(s) in the Domino
Directory, are created with all
entries
ACL group(s) in added to the
Database with appropriate access levels
Email is sent to requestor on success,
Any error is notified to Admin
Engage 30th – 31st March 2015 #EngageUG
Case Study: Global Investment Firm
Streamline Application Management – Solution
Simplified Application Management
• App Developers create requests to update app designs without having access
to signer ID
• Requests go through approval workflow
• Tasks can be scheduled for off-peak times
Automation with (almost) no manual intervention
• Full application life cycle
• Access granted on request
Result:
• Reduction in admin effort
• Audit proof logging
Engage 30th – 31st March 2015 #EngageUG
Engage 30th – 31st March 2015 #EngageUG
Agenda
What We Do
IT Challenges Today
What's the Solution?
Case Studies
• Large Insurance Company: Boost Domino Security
• Global Bank: Standardise Administration
• Global Investment Firm: Streamline Application Management
Summary
Questions
Engage 30th – 31st March 2015 #EngageUG
Benefits for Admin/IT Department
Simplify administration
Close security gaps, take off responsibility from admins to prevent
configuration misuse
Concentrate on mission-critical projects and strategic measures
Reduce dependency on internal tools and scripts
No requirement of customized training
Engage 30th – 31st March 2015 #EngageUG
Benefits for Organisations
Enhance system security
Adhere to Compliance policies
Enhance process reliability through request-based change
management with approval cycles
Provide full control and automated documentation of all configuration
changes
Reduce IBM Notes/Domino infrastructure administration cost
Engage 30th – 31st March 2015 #EngageUG
Benefits for Auditors/Security Officers
One place to check for documentation of configuration changes
Reliable information about unauthorised access or modification
attempts.
Audit-proof documentation of access to data on Domino servers.
Engage 30th – 31st March 2015 #EngageUG
Summary
Prevent/track
unauthorised access
Secure server ID
Log changes
Reduce risk
Adhere to guidelines
Avoid penalties
Corporate governance
Standardise
&
Automate
Standardise processes
Self-service
Reduce human error
Reduce TCO
Engage 30th – 31st March 2015 #EngageUG
It’s a wrap!
Stephanie Heit
• [email protected]
• @Stephanie_Heit
Arshad Khalid
• [email protected]
• @arshad101
BCC
• www.bcc.biz
• @BCC_Ltd
Thank You!
P&G CV & Interview Workshop

P&G CV & Interview Workshop

Document 112585

Document 112585

Document 378015

Document 378015

to view the details - Yoezerling Higher Secondary School

to view the details - Yoezerling Higher Secondary School

Offering Closed - Dakota Power Community Wind

Offering Closed - Dakota Power Community Wind

ADMISSION NOTICE FOR PLAYWAY (SESSION : 2015 – 16)

ADMISSION NOTICE FOR PLAYWAY (SESSION : 2015 – 16)

Registration Form

Registration Form

Prospectus 15-17.pmd - Aravinda Vidya Mandiram

Prospectus 15-17.pmd - Aravinda Vidya Mandiram

INVITATION OF THE 30th CASTIC - Registration for International

INVITATION OF THE 30th CASTIC - Registration for International

Do you suffer from the crushing side effects of the

Do you suffer from the crushing side effects of the

abcdocz.com

© Copyright 2024