Академический Документы
Профессиональный Документы
Культура Документы
by David Seidl
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Securing Enterprise Identities For Dummies, Centrify Special Edition
Published by John Wiley & Sons, Inc. 111 River St. Hoboken, NJ 070305774 www.wiley.com
Copyright 2016 by John Wiley & Sons, Inc., Hoboken, New Jersey
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any
form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise,
except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the
prior written permission of the Publisher. Requests to the Publisher for permission should be
addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ
07030, (201) 7486011, fax (201) 7486008, or online at http://www.wiley.com/go/permissions.
Trademarks: Wiley, For Dummies, the Dummies Man logo, The Dummies Way, Dummies.com,
Making Everything Easier, and related trade dress are trademarks or registered trademarks of John
Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used
without written permission. All other trademarks are the property of their respective owners. John
Wiley & Sons, Inc., is not associated with any product or vendor mentioned in this book.
Publishers Acknowledgments
Some of the people who helped bring this book to market include the following:
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Introduction
F or years, companies have designed networks around a
traditional security model meant to protect local sys-
tems. This network perimeter included layers of firewalls,
intrusion detection systems, and other network security
devices and systems intended to keep data safe against
attack. But today, attackers are focusing on a specific type of
threat compromised credentials. In fact, the leading point
of attack used in data breaches is compromised credentials
and the privileges that go with them.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
2 Securing Enterprise Identities For Dummies, Centrify Special Edition
This icon marks tips that can save you time and effort.
This icon is for the technical types who are reading the book.
The information marked by this icon may be geeky, but it can
be useful. too.
If you see this icon, make sure to pay attention youll want
this knowledge at hand later.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter1
Understanding the Current
Anatomy of Enterprise IT
In This Chapter
Looking at the infrastructure of enterprise IT
Seeing how mobile differs from traditional desktop computing
Considering users and access requirements
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
4 Securing Enterprise Identities For Dummies, Centrify Special Edition
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter1: Understanding the Current Anatomy of Enterprise IT 5
All these security tools are like locked doors: Theyre only as
strong as the key that unlocks them. Hackers know that trying
to break down the door is very hard. But if you have the key
to the lock, walking in couldnt be easier. That means that
there is always a way past this layered security: the accounts
and remote access systems that administrators use to manage
the systems they protect. Of course, that also means that the
protective devices themselves can be a route in if administra-
tive credentials are compromised. As organizations move to
the cloud and hosted infrastructure, this gets harder because
your boundaries are in many places.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
6 Securing Enterprise Identities For Dummies, Centrify Special Edition
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter1: Understanding the Current Anatomy of Enterprise IT 7
If your organization finds that cloud services are a good
fit, it probably wont just jump directly to the cloud all
at once, which means youll be partially in a traditional
datacenter or softwaredefined datacenter model while
also using cloud services. These split models are known
as hybrid operating models with a split between on
premises and offpremises software and services.
Onpremises applications
For years, most of the applications that your organiza-
tion used were likely onpremises, with local servers and
infrastructure to keep them running. Both traditional and
softwaredefined datacenters host onpremises applications,
and even organizations that have moved a lot of their infra-
structure and applications to the cloud still use onpremises
applications. This means that security operations still need to
account for how existing systems that use Active Directory,
LDAP, or other local accounts can integrate into a hybrid
environment.
Cloud applications
Cloud applications change your identity needs because they
require integration with AuthN (authentication) and AuthZ
(authorization) services. Many cloud applications rely on
technologies like SAML, OpenID, OAuth, or SCIM. Integrating
these with existing onpremises systems can be a challenge if
your current systems arent built to work with the cloud!
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
8 Securing Enterprise Identities For Dummies, Centrify Special Edition
Big data
Theres a lot of information in really large datasets, and
analyzing them using big data tools can provide a major
competitive advantage. The same treasure trove of data
and the analysis tools that you need to deal with it can also
create new security challenges. Big data tools like Hadoop
are often run in a nonsecure mode, particularly during
development, and locking them down by requiring AuthZ and
AuthN controls can be challenging. Making big data part of
your identity infrastructure is key to keeping your big data
environment secure.
Mobile applications
Mobile applications add yet another layer of complexity.
Some are native applications for mobile platforms like Apple
iOS or Android, while others are built to work on both
traditional PCs via a web browser and on mobile devices.
Making the applications work with your infrastructure can be
an adventure in much the same way that cloud application
integration can be challenging.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter1: Understanding the Current Anatomy of Enterprise IT 9
Mobile computing
Mobile computing covers a broad variety of computing that
isnt conducted at a users desk. In very broad terms, mobile
computing is composed of two major groups of devices:
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
10 Securing Enterprise Identities For Dummies, Centrify Special Edition
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter1: Understanding the Current Anatomy of Enterprise IT 11
Privileged accounts: IT administrators have access to a
special type of shared system or application accounts,
which provide access to sensitive data, to change or
grant access or provide the ability to delete or damage
critical systems. These so called privileged accounts,
such as the root account or local administrator account
are the digital equivalent to a master key. Special care
needs to be taken in order to protect these accounts and
their associated privileges, including auditing, monitor-
ing, and logging.
Employees: Typical employees make up the bulk of your
users for enterprise IT systems, and they can create com-
plexity due to the variety of roles and positions they can
hold. Over time, many employees end up accumulating
a broad range of rights if they arent carefully managed,
and even a normal employee account can be useful to
attackers as a way into your systems and applications.
Contractors and outsourced IT: Contractors can create a
unique set of requirements because theyre typically time
limited, but they can require special access to do what
youve hired them to do. A contractor like a developer
or outsourced IT staff member may need system access
or rights and privileges unique to their role, but may not
have the rest of the access that a normal employee does.
In addition, they may work for a period of time and then
stop when their contracts end. Later, they may be rehired,
or be asked to perform further services. This makes tradi-
tional account lifecycles challenging to follow. In addition,
many contractors work from a remote location, making
their identity hard to verify. That means that using iden-
tity management services to audit, monitor, and manage
contractor accounts is particularly important.
Partners: Business partners, both as individuals and as
organizations, often need accounts and rights to access
data and applications that your organizations share to
work together. Partner accounts may require interorga-
nizational coordination and oversight, and may need to
support trust relationships or federation.
Federation allows a user to log in to various unrelated
systems or applications, using credentials from his own
organization. Its accomplished by having a shared set of
policies and practices, as well as supporting technolo-
gies that establish delegated or trusted authentication
between members of the federation.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
12 Securing Enterprise Identities For Dummies, Centrify Special Edition
You may find that some (or many!) of your users fit into mul-
tiple categories and roles. That can add a lot of complexity to
your identity management process as you try to track what
access rights they should have. Remember that accumulated
access can be a major risk as your users move around the
organization and acquire rights and roles!
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter2
Exploring the Role of
Identity in Cyber Security
In This Chapter
Identifying todays cyber security challenges
Protecting onpremises and cloud infrastructure
Securing external and mobile users and systems
Expanding your security perimeter when data is everywhere
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
14 Securing Enterprise Identities For Dummies, Centrify Special Edition
Cyber threats
Todays organizations must be protected against a broad
range of cyber threats. These can include things like
Breaches
It seems like nearly every day you hear news of a new breach.
In fact, large and smallscale breaches have become so
common that theyre a topic of discussion in our daily lives
even for people outside of IT. That doesnt mean that the
impact of a breach isnt significant.
Want to know more about the risks you face? Check out
Centrifys State of the Corporate Perimeter Survey. It includes
data on how employees treat credentials, what other organi-
zations are facing, and how leaders are dealing with issues.
You can find it at www.centrify.com/whycentrify/
corporateperimetersurvey.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter2: Exploring the Role of Identity in Cyber Security 15
Hackers, attackers, and advanced
persistent threats
The biggest change in cyber security in recent years has been
the appearance of advanced persistent threats (APTs). Attacker
groups use advanced tools and techniques to compromise
and control targeted systems and networks for long periods of
time. When they gain the deepest levels of access, they place
an emphasis on retaining and using their control of their tar-
gets to gather sensitive data including credentials to access
additional systems.
APTs are scary, but everyday threats like phishing emails and
driveby infections that leverage browser and browser plugin
flaws to compromise PCs and capture credentials in order to
access systems are a big part of the threat your organization
faces, too. Its safe to assume that at least some of the PCs
and devices used in any organization will be compromised
during any given year, and that means that security needs to
presume that the devices and the data they contain could be
at risk.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
16 Securing Enterprise Identities For Dummies, Centrify Special Edition
Hosted infrastructure
Hosted infrastructure moves your security boundaries out-
side the traditional physical boundaries of your organization.
That means that building a static security infrastructure
around a controlled network wont work. Linking multiple
sites, cloud providers, or other locations can be a challenge if
you dont find ways to securely connect them. Fortunately, as
youll see later in this chapter, identity can provide that link,
as well as helping secure the remote environments.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter2: Exploring the Role of Identity in Cyber Security 17
External users
In addition to mobile devices, organizations are also seeing
an explosion in the number and types of external users they
need to support. From contractors to vendors to outsourced
IT, each additional type of external user brings additional
complexity to the account lifecycle and security models
that you have to maintain. Each of these new users needs
a way to access organizational resources, and the tradi-
tional answer of a single onesizefitsall remote access VPN
doesnt fit.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
18 Securing Enterprise Identities For Dummies, Centrify Special Edition
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter2: Exploring the Role of Identity in Cyber Security 19
Multifactor authentication
Multifactor authentication (MFA) is a means of authenticating
that requires both something you have and something you
know (or, in some cases, something you are). For example, a
common method of multifactor authentication is a generated
passcode and a password. The generated passcode normally
comes from a keyfobstyle token or from your smartphone
(something you have) and the password is the something
you know. Because there are two elements to this authentica-
tion process, its sometimes called twofactor authentication.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
20 Securing Enterprise Identities For Dummies, Centrify Special Edition
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter2: Exploring the Role of Identity in Cyber Security 21
Identity as a defense mechanism
Fortunately, identity is that next layer of security. Combining
multifactor authentication with a centralized identity manage-
ment system that can track, audit, and manage user authenti-
cation, what a user can do, what the users do, and details of
systems and applications they use can provide both insight
and control. Identity is the common security layer across all
your resources regardless of whether theyre in the cloud,
onmobile, or in your datacenter.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
22 Securing Enterprise Identities For Dummies, Centrify Special Edition
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter3
Architecting Security
Using Identity
In This Chapter
Using identity to provide security
Designing a security perimeter that meets todays challenges
Looking at the services an identity platform should provide
Tackling compliance and auditing with identity platform services
Architecting a Modern
Security Perimeter
A modern security perimeter has to combine traditional
perimeter defenses with additional layers that can handle
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
24 Securing Enterprise Identities For Dummies, Centrify Special Edition
Identitybased defenses
Identity can be used both as a separate protective layer and
as a way to enhance traditional perimeter defenses. Here
are a few examples of how identity can be used to provide
protection for your systems and data:
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter3: Architecting Security Using Identity 25
Traditional perimeter defenses
Layered security is a necessity in cyber security, and tradi-
tional defenses are found in almost every organizations plan.
These defenses were often built under the assumption that all
data could be surrounded by a firewall, and that most threats
will come from outside the organizational network. In some
cases, designs protect critical infrastructure from most users,
but ignore the unanticipated risks originating from admin-
istrators and insiders with privileged access, which raises
threat exposure and the likelihood of failed audits.
Firewalls
Firewalls are normally used to separate network segments,
either to keep a trusted network separate from a lower
security zone, or to provide network separation for differ-
ing groups or systems. Firewalls can help prevent network
attacks from outside by blocking attacks against vulnerable
services, but some traffic is required to be allowed through
for services to work.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
26 Securing Enterprise Identities For Dummies, Centrify Special Edition
Network devices
Network devices come in many flavors switches, routers,
wireless access points and controllers, and many others.
Most of these devices have some security capabilities, and an
increasing number are designed to provide enhanced security
out of the box. Integration with an identity platform can help
make sure that privileged accounts are secure, and that the
actions taken by administrators are logged and audited. Of
course, the ability to make sure you dont have forgotten or
abandoned accounts lurking on key network devices can be a
big security bonus, too!
Single signon
When users are faced with a multitude of accounts and pass-
words to remember, they often solve the problem by reusing
passwords or by using weak passwords. Not only does single
signon help solve that problem, but it also provides a single
place to enforce strong authentication requirements. Using
single signon also helps reduce the likelihood that forgotten
or abandoned accounts will haunt your organization, since
you can manage accounts centrally rather than on individual
servers or services.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter3: Architecting Security Using Identity 27
Multifactor authentication
Multifactor authentication is incredibly important when
youre trying to prevent attackers from using compromised
credentials. Passwords are often easy to acquire through
phishing scams, by bruteforce attacks, or because systems
are compromised and user passwords are captured by mal-
ware packages and sent back to their creators.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
28 Securing Enterprise Identities For Dummies, Centrify Special Edition
No matter how good your identity platform is, bad data and
staff who arent making sure that employee (or other user)
status changes get handled can leave gaps in your security.
Implement automation wherever possible, remember the
people side of security, and make sure you test your pro-
cesses in parallel with your technology!
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter3: Architecting Security Using Identity 29
stablish which applications can be accessed by particular
e
users. An identity platform with strong workflow capabilities
and business logic designed to put users in the right groups
with appropriate logging and monitoring can enable secure
remote access management regardless of how many different
ways your organization phones home.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
30 Securing Enterprise Identities For Dummies, Centrify Special Edition
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter3: Architecting Security Using Identity 31
These arent all the audit and reporting features that an iden-
tity platform can provide, but using these features can be
a big part of providing greater security insight by using the
platform.
Continuous compliance
Almost every industry faces some form of compliance require-
ments, whether theyre local, state, national, or international
laws, or theyre part of contractual obligations. The increasing
need for compliance means that being able to prove compli-
ance quickly and easily can be a big win for your organization.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
32 Securing Enterprise Identities For Dummies, Centrify Special Edition
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter4
Deploying an Identity
Platform for Security
In This Chapter
Using Identity as a Service
Securing privileged access
Delivering anytime, anywhere access
Avoiding conversion pitfalls
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter4: Deploying an Identity Platform for Security 35
Cloud directories
If you dont already have an onpremise directory, or want
to centralize existing directory information from multiple
sources like Active Directory and LDAP, a cloud directory is
a key component of a cloud identity platform. If you already
have existing directories, you can still use the cloud directory
for users that arent currently managed such as partners or
customers.
Directory bridging
If you want to use your existing directories with a cloud
identity platform, you need a way to bridge between them.
Aconnector that is aware of Active Directory can enable
single signon and policy management between both the
onpremise and cloud environment while making onpremise
apps and systems available to remote users using the cloud
platform without a VPN.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
36 Securing Enterprise Identities For Dummies, Centrify Special Edition
Cloud identities
Many organizations have faced There are a few ways to address
an explosion of cloud and mobile this, such as banning unapproved
applications adopted by their users applications, or requiring mobile
without any approval or review from application management, but in
IT. Cloud services and many mobile todays consumerized technology
applications that rely on a cloud world, saying no typically just
service backend have their own makes users go around approvals.
identities associated with them. If Instead, you can choose to integrate
your users are storing your organi- with cloud services via standards
zations data in services that arent like SAML and by supporting OAuth.
connected to your identity platform, Making your organizations creden-
not only will you lose access to it if tials work in cloud services, and then
they leave the organization, but they making it easy to do so, can be a big
can retain access to the data even win and help slow down the flood of
if you remove their access to central your data heading to cloud services
systems! you cant control.
Authentication engine
An authentication engine validates that a user is who they
claim to be by validating a user with a username and pass-
word, asking for additional factors of authentication, and
applying logic to determine if their access request is valid.
Once validated, addition tokens or credentials may need to be
created to facilitate access to the requested resource such as
a SaaS application or Linux system.
Policy engine
The business rules that are applied to identity are a major
part of the security provided by identities. A policy engine
with an easytouse interface that helps you build easily
understandable policies to control and manage identity
is a key part of a cloud identity platform. A policy engine
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter4: Deploying an Identity Platform for Security 37
should be able to enforce requirements based on a user; his
attributes; the time, location, or device hes using; as well as
what network or what application hes using.
Directory integration
Using a single directory platform like Active Directory to
manage nonWindows systems (like network devices, Linux,
and Unix systems) can also be a powerful advantage. If you
use Active Directory, you can save time by using your existing
security groups and policies with a platform that integrates
with what you already have.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
38 Securing Enterprise Identities For Dummies, Centrify Special Edition
Identity consolidation
Strong security practices require users to log in as them-
selves, rather than via shared or anonymous accounts.
Unfortunately, organizations with hundreds or thousands
of Unix and Linux systems are often plagued with managing
identity on individual systems. With so many independent
and often overlapping identity silos, consolidating identity
to a single directory can be challenging and time consum-
ing. A modern identity platform can quickly consolidate user
accounts and groups into a single directory and enforce sepa-
ration of administrative duties.
Leastprivilege access
In addition to making sure that users log in as themselves, its
important to implement leastprivilege access (access that pro-
vides the minimum set of rights that a user needs to accom-
plish his job). Using leastprivilege access limits the potential
damage from security breaches and prevents users from
improper or accidental activities.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter4: Deploying an Identity Platform for Security 39
To get the most benefit out of leastprivilege access, make
sure you control exactly who can access what and when. That
means youll need to configure privileges so that users can
only elevate privileges appropriate for their job function, at
specific times, for a length of time, and on appropriate serv-
ers. A modern identity platform should be able to centrally
manage least-privilege policies in a crossplatform manner
across Windows, Linux, and UNIX as well as network devices.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
40 Securing Enterprise Identities For Dummies, Centrify Special Edition
Break-glass scenarios
In the lastditch case where a system is down, no network
access is available and an administrator needs to access a
root password or local administrator account, an identity plat-
form can allow authorized IT users to check out passwords
for system accounts for a limited duration and then automati-
cally change the password after the checkout expires. This
also ensures that youll have an audit trail available to review
after the issue is resolved.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter4: Deploying an Identity Platform for Security 41
rivileged session monitoring allows you to view session sum-
p
maries or pinpoint specific activity by searching event data
and video capture of sessions on Windows, Linux, Unix sys-
tems, and network devices.
Delivering Anywhere,
Anytime Access
Users including remote workers, contractors, vendors, and
partners all need to access corporate resources outside
the traditional network perimeter. Do you really want to give
them all a VPN connection? An identity platform can facilitate
the access to corporate resources without requiring a VPN
and ensure security through multifactor authentication and
access policies.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
42 Securing Enterprise Identities For Dummies, Centrify Special Edition
Migration support
Migrating to an identity platform can impact many systems,
and may take a lot of time to execute. If you set out without
strong migration support, you can spend a massive amount of
time building out capabilities you already have. That means
that a platform that provides wizards and migration tools can
be a big part of your success.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter4: Deploying an Identity Platform for Security 43
Make sure your chosen platform works with the infrastruc-
ture you use, whether that is Windows, Linux, Unix, network
devices, Mac, iOS, Android, SaaS apps, onpremise apps, or
something else. If you leave behind chunks of your user base,
youll quickly find that your users are working around your
unified identity platform.
Automation
When youve moved to your new identity platform, youll be
ready to conduct your daytoday operations. This is where
automation comes in. To make your platform work well for
you, you should:
Vendor partnership
Identity platforms offer a lot of benefits, but they can take a
lot of time if you dont use their capabilities well. Make sure
you select a vendor who has helped other organizations like
your own make the move. While it may seem obvious, its
still a good idea to make sure to involve your vendor in your
migration even if you have a lot of inhouse talent their
expertise can save you a lot of time and effort! Make sure to
pick a vendor that has a proven track record with strong cus-
tomer references, and make sure those references report high
levels of success and satisfaction.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
44 Securing Enterprise Identities For Dummies, Centrify Special Edition
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter5
Ten Things to Look for in
an Identity Platform
In This Chapter
Recognizing ten key features of identity platforms
Understanding what to look for when selecting an identity platform
Here are ten items that should be at the top of your list of
considerations:
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
46 Securing Enterprise Identities For Dummies, Centrify Special Edition
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
WILEY END USER LICENSE AGREEMENT
Go to www.wiley.com/go/eula to access Wileys ebook EULA.