Applying Identity and Access Management to Enable Secure Global Collaboration Lorance Tisdale Director of Collaboration Services BAE Systems Andy Han SVP Products PAGE 1 | CONFIDENTIAL | TSCP NextLabs Agenda • Business Objectives • Requirements – Business – Functional • Solution Approach • Lessons Learned • Demo • Q&A PAGE 2 | CONFIDENTIAL | TSCP Background- BAE Systems, Inc. Overview Overview • BAE Systems, Inc. is a US subsidiary of BAE Systems plc, a leading European Aerospace and Defense Prime Contractor, under a Special Security Agreement (SSA) with the U.S. Government • Approximately 35,000 employees and $15B annual revenues. US operations in over 30 states. Global operations in Europe, Central America, and South Africa Business Sectors – – – – – Electronic Systems Intelligence &Security Land & Armaments Support Solutions Inc (Corporate) 3 Background – Corporate Intranet Objectives Centralize Communication and Sharing • The Portal for accessing Applications in BAE Systems • Make the right information available to the right people • Support collaboration between BAE Systems employees worldwide Minimize the number of Portals across BAE Systems • Consolidate a number of Portals that exist within BAE Systems Reduce Operational Costs • Prevent Data Spills • Automate Audit • Automate Provisioning • Enforce Compliance 4 Business Requirements - Compliance and Security Export Compliance Requirements Security Requirements • • National Security – Control Classified information posted onto the site • Customer or Company Proprietary Information – Control Program specific information Procurement/Supplier Management Requirements General Requirements • Prevent disclosure of supplier’s competition sensitive data to a competitor – Where another BAE Systems’ Company may be a potential competitor to the supplier • Misinterpretation of information if intended use and intent not clearly defined • Ability to support be extended to other BAE Systems Domains • Ability to support SharePoint 2010 • 5 Control uploads of Export Controlled Information – EAR or ITAR controlled information posted on the site(s) may be or are restricted Information should be properly classified and marked to ensure proper handling Architecture Requirements Functional Requirements - Compliance & Security Information Barriers – Prevent Data Spills • Make sure US Domestic data isn’t shared in Global Intranets Automate Information Governance • Reduce the time delays and manual effort to review information for compliance and security Content and Identity-Aware • Ability to scan information for sensitive content • Block unauthorized access based on identity of user Support Automatic and Workflow Driven Approval Processes • Non-sensitive information is available immediately without manual intervention • Sensitive information goes through automated approval process 6 Solution– Corporate Intranet Architecture Corporate Intranet – Central Collaboration Portal for BAE Systems Applications NextLabs – Information Governance Controls Corporate Intranet BAE Systems Applications SharePoint 2010 Compliance & Security – Extranet Applications NextLabs Compliance & Security Workflows Compliance & Security 3 Domains – – – US Non-US External (Partners, Suppliers, Customers) US Intranet Domain (US) Global Intranet Domain (non-US) External Domain (External) 7 Solution - Automated Information Governance Content Identification Documents automatically scanned by NextLabs for controlled content “Flagged” documents are quarantined for review. “Clean” documents are immediately available Compliance Review Compliance or security reviews “Flagged” documents If clean, removed from quarantine If controlled triggers compliance processes Identity and Access Management Cleared documents get tagged with metadata to drive appropriate access by NextLabs. Control access to information leveraging attributes in a federated identity system 8 Solution - Audit Dashboards – Role based dashboards for easy access to most critical analysis Analytics – Multi-dimensional summary analysis – Trend Analysis Activity Audit – Data access, use and distribution across applications – Details required for Incident Investigation and Response Compliance Audit – Policy Enforcement – Policy Based Activity Audit 9 Solution Implementation Process • Used standard SDLC process • Agile Methodology with scrum 10 Solution Implementation – Schedule (Actual) Month 1 Month 2 Month 3 Month 4 Month 5 Month 6 Define Design Configure Solution Testing Go-live! Deploy/Transition 11 Solution Implementation – System Architecture Identity sources (AD, Multi-forest, Multi-domain) SharePoint 2010 4 Web Front Ends 12 Solution Implementation - Result Status • The solution has been in production for more than 12 months for 50,000 users Benefits • Reduction in Manual Compliance Process workload • Reduced Compliance and Information risk – Additional proactive gates. – Increased comfort with collaboration • Improved ease of collaboration for end-users – Information availability – Fewer manual steps 13 Strategic Considerations & Lessons Learned • Deployment lessons • • Stand up solution in pilot environment first … understand architecture requirements Roll out in stages • Think Global • • Avoid separate policy control systems. Separate administration is expensive Invest in a centralized control platform • One for All • Invest in a single global platform for managing data entitlement • Leverage Standards • Leverage emerging standards such as XACML* to ensure future application support [*XACML (eXtensible Access Control Markup Language) provides a mechanism to create policies and rules for controlling access to information] DEMO Questions? For more information • Lorance Tisdale ([email protected]) • Andy Han ([email protected])
© Copyright 2024 ExpyDoc
