novell access governance suite

Novell® Access Governance Suite Overview and Business Case

Ross ChevalierCTO Americas, President Novell Canada Novell, Inc / [email protected]

© Novell, Inc. All rights reserved.2

Making IT Work As One™


Reduce Cost Manage ComplexityMitigate Risk


Our Conversation Today

• Quick Access Governance Review• Motivating Factors• Opening Questions• Cost Containment• Cost Avoidance• Risk Avoidance• Positive Financial Impact• Call to Action


Risk to the Enterprise is Rising

Security BreachesCompliance ViolationsGrowth Challenges

Significant Risk, Cost and Exposure

Identity TheftPrivacy Concerns


Growing Risk, Growing Regulations

Sarbanes-Oxley

HIPAA

Basel II

HSPD-12

FISMA

PCI-DSS

Gramm-Leach-Bliley


“Governance, Risk and Compliance (GRC) remains an intensely human effort. Two-thirds of budget are earmarked for people-related expenses (services plus head count).”

– AMR Research


Access Governance is Dynamic

Metrics forManagement and

Maintenance

Exceptions andConditions

Provide Visibility for Modeling

Access RightsRemediationand Validation

Access Requests and Changes

RegularReview andCertification

ContinuousAccess Lifecycle

Management


The Complete Identity Picture


Role of Identity ManagementAutomation and Validation


Motivating Factors

• Government Regulation• External Auditor Pressure

– “The Ding List”• Reduce Direct Expense• Organizational Impact• Increasing Accountability and Engagement• Manual models consistently fail


Some Opening Questions...

• Business Model– B2B, B2C, Multinational

• Annual Revenue• Employee Count• Business unit manager engagement

– Review and re certification• Number of annual access reviews

– Number of users reviewed per review cycle– Number of unique certification reviews

• Is the data easy to understand?• Is there rubber-stamping?


Regulatory Scope Assessment

• Financial Reporting– SOX, CA 52-313, Turnbull, LSF, Transparency Directive, JSOX,

MAR• Industry Mandated Initiatives

– Basel II, GLBA, FERC/NERC, FFIEC, FISMA, HIPAA/HITECH, ITAR

• Privacy Mandates– PCI, State Based (CA 1386, MA Privacy 201), Country Based

(Pipeda)


Cost Containment

• Compliance Audit Cost– Internal Staff Costs– External Fees

• Corporate Loss of Productivity– Can be significant

• Staff Reduction/Redeployment– Put the right people on the right tasks


Cost Containment Example

Cost Containment Department Function Cost

Audit 25 Applications $250,000 25% $62,500

Business $90 50% $202,500

Staff Reduction $55 33% $264,264

Total $529,264

Automation Reduction

Expense Savings Annually

Compliance Audit Cost

Corporate Loss of Productivity

150 BU, Certification and

Access Reviewers

IT Compliance and Security

7 FTEs doing data gathering, assessment

and reporting


Cost Avoidance

• Fines and Penalties• Operational Impact

– Response and Notification– Customer Revenue Loss– Customer Replacement Cost– Service Availability– Brand


Cost Avoidance Example

Actual Loss Unit Cost Impact Inherent Risk

$1,000,000 33% $330,000

100,000 $50 $5,000,000 33% $1,650,000

7000 $54/mth x 12 months $4,536,000 33% $1,496,880

7000 $280 $1,960,000 33% $646,800

$138,000 100% $138,000

$3,000,000 33% $990,000Total $5,251,680

Cost Avoidance (Loss of 100,000

Customer Records)

Potential Cost to

BusinessFines and Penalties

(SOX, Privacy, PCI et. al.)

Operational Impact – Response and

NotificationOperational Impact – Customer Revenue

LossOperational Impact –

Customer Replacement Cost

(Marketing)Operational Impact – Service Availability

System Outage 6 hrs.

$23,000/hr revenue loss

Operational Impact – Brand


Risk Avoidance

• Inappropriate access to systems and data• Aged entitlements and entitlement creep• Orphaned accounts and entitlements

– “User” gone but access remains

• Reduces data entry errors• Manage data location/copies• Breach preparedness


Positive Financial Outcomes

• Reduction in operational costs going forward• Reduction in “firedrill effects”• Increased corporate confidence

– Reduces the “are you sure?”– Creates real-time reporting and dashboards

• Better positioned for future demand


Call to Action

• Visit the Access Governance Suite (AGS) table (#A14) in IT Central to view a demo

• Work with your Novell® Client Executive, Product Sales Specialist or Novell Partner to:

– Arrange an private AGS assessment using these tools– Build your corporate business case based upon the report– Secure budget to proceed– Engage with the first phase of the Access Governance Project

> Measure consistently> Keep the loop closed and feedback coming> Strengthen the case for follow-on phases


Time for Questions


Novell®

Making IT Work As One™

+ Reduce Cost + Manage Complexity+ Mitigate Risk

Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

novell access governance suite

Technology