Professional Documents
Culture Documents
Solution Presentation
Tushar Haralkar
Country Technical Sales Leader - IBM Security Software
India / South Asia Region
Consumers
expect
frictionless
experiences,
where security is
assumed
Using progressive trust will reduce friction
across the experience
Trusted
Continuous and
ongoing usage of
apps/services
Validated
Use established
credentials to
authenticate
Registered
Level of context
Engaged
Explore new
relationships
Anonymous
Learn about the app or
service
Confirm trust
4
Source: http://info.localytics.com/blog/25-of-users-abandon-apps-after-one-use
https://www.forbes.com/sites/blakemorgan/2019/09/24/50-stats-that-prove-the-value-of-customer-experience/#299d9bb94ef2
https://www.prnewswire.com/news-releases/new-research-from-dimension-data-reveals-uncomfortable-cx-truths-300433878.html
What we’re hearing
from our clients
Help me...
Support consumers To engage, build, and Get to market faster, Create an on-demand
with a seamless and manage customer support digital CIAM program for
frictionless customer relations and brand transformation with repeatable operations
journey trust security by design
5
Solution:
IBM’s turnkey Consumer IAM
program
enables a personalized, omnichannel
and secure interaction between
consumer and brand.
6
The CIAM Platform Blueprint
IDP’s (Social Providers) DATA ENRICHMENT
- Identity Insertion
- Profile Augmentation - 3rd party Data Feeds
- FIDO 2 (Profile Data) - Procured Data Sources
BUSINESS APPLICATIONS
- Campaign Management
Consumers - CRM / ERP Systems
- Engagement Management
Consumer Identity
Authentication and Access Management
& Authorization Platform (CIAM) Customer Profiles
IT DATA LAKE
IoT Devices
- Business Intelligence
- Data Insights
- Customer Journey Analytics
Standard Capabilities:
Ø Self Registration
Ø (Social) Login IAM PROVISIONING Cybersecurity Monitoring
Ø Single-Sign-On
Ø Preference Mgmt. - Employee/Call Center - Threat Scoring
Identity Provisioning - Security Insights
Ø Consent Mgmt.
Ø Multi Factor Auth (MFA)
The IBM CIAM Platform Product Suite
IBM Security Verify Trust – IBM Security Verify Governance and
Fraud Protection IDP’s (Social Providers) DATA ENRICHMENT
Compliance with IBM
Guardium
- Identity Insertion - 3rd party Data Feeds
- Profile Augmentation - Procured Data Sources
BUSINESS APPLICATIONS
- Campaign Management
Consumers - CRM / ERP Systems
- Engagement Management
Consumer Identity
Authentication and Access Management
& Authorization Platform (CIAM) Customer Profiles
IT DATA LAKE
IoT Devices
- Business Intelligence
- Data Insights
- Customer Journey Analytics
Standard Capabilities: IBM Security Verify SIEM Integration
Ø Self Registration
Ø (Social) Login
Governance
IAM PROVISIONING
IBM QRadar
SIEM FEEDS
Ø Single-Sign-On
- Fraud Scoring
Ø Preference Mgmt. - Employee Identity
- Security Application
Ø Consent Mgmt. Provisioning
Insights
Ø Multi Factor Auth (MFA)
Making a CIAM
program turnkey
Enterprise Design Consulting
Design – IBM Proven Method & Framework
9
Manageable CIAM building blocks
for a structured approach
Our modular approach ensures all stakeholders get aligned
throughout the full lifecycle of the Consumer Engagement
– How does the User – What kind of level of security – What level of profile self – What kind of reporting is
Experience look like? is required service is available? available?
– What is the registration – Is MFA needed?, What kind – Which systems can access – How can we set policies
experience? of verification? which attributes? around fraud?
– What attributes are you – Are there multiple domains – How do we ensure profile – How do we integrate
looking for? that require SSO? deletion in all systems? business applications to
utilize the profile data?
1
IBM Security / © 2019 IBM Corporation
0
IBM Security
Consumer IAM Services
On-demand, personalized, and trusted experiences between consumer and brand
1
IBM Security / © 2020 IBM Corporation
1
IBM can help organizations deliver a seamless and secure
consumer experience, from first interaction to brand loyalist
CIAM Adoption Strategy CIAM Accelerated Deployment Managed Platform CIAM On-Demand
Design an outcome-focused Optimize your investment Enhance your operational Expand integrations with prioritized
CIAM program using Enterprise by complementing the existing efficiency with improved business continuous use case support in an
Design Thinking marketing program with a solution processes and a fully managed on-demand model for CMO and LOB
that best fits your needs CIAM platform
Integration
Consumer Process Technical Design On-boarding Process Clean-up and
Envision (SIEM, ITSM,
IAM roadmap architecture architecture and Build assets deployment lock down
etc.)
Key activities
Core Platform: Design: Platform and Integrations • Business Consulting on new Use Cases
• Deployment Workshop (incl. Validate Design) (CIAM CTO role)
• Current Landscape Review • Incidents and problem management
• Design Data Migration Strategy • Business Intake New Service / Campaign
• Establish Use-Case Requirements • Service Requests
• Platform and API Training • Requirements description
• Develop Target Architecture and Integrations • Change Management
Deploy:
• Effort estimation
• Develop Implementation Plan • Provisioning • Minor Enhancements
• Embedded Adopt, Deploy, Manage Process
UI/UX (web / Mobile / IoT) • Configuration • Vendor Management
• Branding • Consumer Experience Reporting and
• Establish Data Capture Requirements Quarterly
Analytics
• Export Services
• Validate Wireframes • Performance test / optimization
• Integrations • Security and Compliance Management
recommendations
• Confirm Flow diagrams (Managing regulation changes of the platform)
• Vulnerability analyses recommendations
Shared Service Model Definition • Audit Support
Key Deliverables
Core Platform: • Development and Test Environment Support levels 8x5, 16x7, and 24x7 • New platform configurations
Provisioning
• Documented Current State Infrastructure and • Incident and problem management • New Application integrations
PII Usage • Core CIAM Platform Configure
• Service requests • New Project onboarding
• Email Service Configuration
• Documented Use Case & Capability
• Registration/Social Configuration • Change management • Ongoing Documentation
Requirements
• Translation File (all customer facing text) • Minor enhancements
• Conceptual Target Architecture and
Integrations • Data Migration • Vendor Management
• Data Export Location
• Conceptual Implementation Plan Quarterly
• Production Environment Provisioning
UI/UX (web / Mobile / IoT) • Performance / Optimization report
• Migrate Test to Production
• Documented Data Capture Attributes • Document Final Setup • Vulnerability analyses report
• Confirmed Wireframes and Flow diagrams • Sign Off
Shared Service Model Blueprint
13
Our Understanding of Your Requirements It is understood that future initiatives will encompass
v Bank would like to establish a comprehensive and holistic assessment of
technology implementation, process changes, and
their current Consumer Identity and Access Management (CIAM) building out the CIAM Team capabilities.
capabilities and practices. Management of the CIAM solution is also available,
with incremental optimization and advanced
v This is intended to compare the current state of CIAM people, processes, integrations.
technology and governance against future-state business needs and
industry standards. People
ID
CONSULTING METHODS > STRATEGY AND PLAN
1 2 4 5 6 7 8
Findings from
1
Prioritize Use
Conceptual Future State Cases for Recommended
Engagement Start-up
3 Views Model Adoption Approach
Strategy
Business
Objectives & Needs
1 Engagement Start-up 2 CIAM Posture 5 Conceptual Views 7 Prioritize Use Cases for CIAM
• Initiate project conference call to • Prepare and conduct interview/workshops • Apply Design Thinking framework • Organize recommendations for use cases,
define objectives • Capture current state findings profile data usage
• Develop framework for UI/UX interface and
• Prepare data collection
Business Objectives & Needs prioritization of CIAM use cases • Create solution approach
questionnaire 3• Prepare and conduct interview/workshops • Review and validate conceptual views • Review/revise to meet stakeholder
• Identify key business drivers and/or 6
dependencies • Review stakeholders’ business and operational objectives
requirements, regulatory policies, and consumer Future State Model 8
• Review roles and responsibilities • Develop approach for processes, Approach
access impacts on brand
• Confirm project objectives 4 consumer profile data usage • Sequence prioritized use cases
Findings based on Use Cases
• Consolidate assessment findings • Develop approach for future state summary • Document high-level functional architecture
and adoption approach
• Review UI/UX, workflows, profile data attributes
9/4/2
3
Offering Deliverables
18
Adoption Strategy Key activities and deliverables per Method
0.5 1 1.5 1
Pre-Assess week Assess week Strategize weeks Plan week
Key activities
• Review scope of the CIAM project • Conduct 3 workshops for up to 2 hours each to • Apply Design Thinking framework to determine • Organize the findings, requirements, use
Inventory Yes Bank landscape of systems prioritization for to-be use cases, capability cases, recommendations, architectural
• Schedule the project initiation conference call
requiring management of consumer profiles, and functionality for a future CIAM program decisions, solution approach along with Bank
• Facilitate Project Planning conference call including applications, databases, API input, document in a draft CIAM Strategy
• Develop framework and prioritization for
endpoints, devices, profile data stores and Approach document
• Prepare document repository onboarding & integration of UI/UX interface,
communication channels.
wireframes, systems and applications into • Conduct a meeting to review the draft CIAM
• Send questionnaires and related documents to
• Conduct up to 3 follow-up interviews to gather centralized consumer access management Strategic Approach document with the Yes
Bank
additional information identified in workshops program Bank Stakeholders for understanding and
• Review <Client> environment, organization, feedback
• Review and document as-is processes for • Identify CIAM applications, use cases and
and completed questionnaire identifying any
CIAM processes and systems identified, UI/UX communication channels that will be prioritized • Update the CIAM Strategy Approach based on
missing information
wireframes, and use cases for integration into a CIAM solution. Bank feedback and develop a single working
• Discuss key business drivers or dependencies revision of the CIAM Strategy Approach
• Review business and operational • Recommend approach for processes,
document based upon review and input from
requirements, regulatory and locally-defined consumer profiles, of the future state and in-
Yes Bank
security policies, frameworks, and standards scope use cases for CIAM solution
for impact on the consumer access • Deliver the updated CIAM Strategy Approach
management solution and onboarding document, turn over the document to the Bank
prioritization, integrations Project Manager for sign-off
• Client Milestone: CIAM Strategy Approach
document
• Create a CIAM Strategy Approach executive
Key Deliverables presentation
• Confirm stakeholder participation from • Documented Current State Infrastructure and • Documented Use Case & Capability • Deliver the CIAM Strategy Approach Report
business units: Marketing, IT, Security, PII Usage Requirements, conceptual Target Architecture
Operations • Executive Presentation
• Documented Use Case & Capability and Integrations
• Confirm questionnaire receipt and clarify any Requirements • Confirmed UI/UX Wireframes and Flow
uncertainties of purpose or data requested diagrams
• Documented UI/UX and Profile Data Capture
Attributes • Deliver draft CIAM Strategy Approach Report
with findings for Yes Bank review
19
IBM Security Verify Consumer IAM (CIAM)
Implementation High Level Plan
*Note: This is a simulated high level implementation plan. Based on the detailed
understanding of the current state at bank, the actual revised plan will be shared
2
0
CIAM – Discovery Phase
Key Activities Key Deliverables
• facilitate a Requirements Gathering and Planning Workshop at your location, for up to ten of your
participants for up to two hours, on a mutually agreed date and time to:
• Planning and requirement analysis document will be owned by
• review your security documentation including security policies, strategies, standards, and business
Digital Banking app team and IBM Security Verify Access team
processes. Such review typically includes up to ten documents of up to 20 pages per document; will provide inputs to it.
• review your CIAM requirements, and mobile app assets;
• review existing CIAM infrastructure, as applicable, to determine its role in the final CIAM solution;
• conduct assessment interviews with your key managers and staff. The interviews will be Bank / Partner Responsibility
conducted remotely, via teleconference, for up to one hour each. Such interviews are designed to:
• verify your current documented CIAM environment (if applicable), and mobile-based infrastructure;
• provide documentation (such as security policies, strategies, standards, and
documented business processes) related to CIAM in your environment;
• identify current and recommended CIAM administrative processes; and
• identify business challenges you anticipate being addressed by the proposed CIAM solution;
• identify and schedule your personnel for participation in workshops and
interviews as required;
• identify the user consolidation / migration requirements from existing repositories to new CIAM
framework;
• schedule conference and meeting rooms for workshops and interviews as
• identify the integration requirements with your digital mobile banking app; required; and
• identify any MFA requirements;
• provide access to your personnel (for example, system administrators,
• document Delivery Partner’s findings in a Planning document; network administrators, and business process owners) on a timely basis to
• review the draft document with your Point of Contact by telephone or other electronic means; provide detailed information needed to create the Architecture and System
• perform one revision of the Planning document, if required, and deliver the final Planning document Design documents; and
to your Point of Contact; and
• conduct a review of the final document for up to ten of your participants for up to two hours. Such
review will be conducted remotely or onsite, as mutually agreed.
21
CIAM – Sprint & Testing
Key Activities Key Deliverables
• document the conceptual design of the proposed ISAM solution
• Architecture document
• install and configure required middleware, user registries, databases, and applications
required to support the IBM Security Verify Access ; • System Design Document
• configure the ISAM system for storage of your user, group, and configuration data; • UAT support
• configure ISAM groups;
• Production rollout
• import user data from your authoritative, data sources, into IBM Security Verify Access
repositories and assign them to groups;
• digital certificates for communications with protected objects, LDAP servers, IBM
Security Verify Access servers, and related application management servers;
Bank / Partner Responsibility
• IBM Security Verify Access servers for communications with policy and LDAP servers;
• provide all hardware and software components for the CIAM system;
• junctions to protected objects;
• provide, install and configure all load balancing and failover network components as
• ACLs to control access to the protected objects;
required;
• Advanced Access Control configuration for OTP;
• provide daily backup and recovery services for each of the Web access manager
• logging and auditing on each server to specify log locations and enabling auditing; server systems and data;
• a single administrative domain; • provide network support to facilitate additions and modifications to existing network
• perform functionality testing for capabilities required for your environment. infrastructure required to support the new Web access management systems;
• configure the IBM Security Verify Access system for storage of your user and group • procure and install SSL certificates as required;
data;
• manage DNS entries for the CIAM system components;
• import user data from your authoritative, data sources, into IBM Security Verify Access
repositories and assign them to groups; • Provide remote connectivity for implementation teams
• SIT, UAT and Production rollout
22
CIAM: Scope
Overview Functional Technical
The scope for providing centralized CIAM solution is as follows: Based on our understanding of Yes Bank requirements we • Project kick-off and initiation workshop including:
• Develop core user Access management framework for the consumer user
entities
will cover the following functional use cases for the digital • Define project plan, approach and timelines.
• Access Management infrastructure will be used by approximately 2 million mobile banking app: • Define scope and prioritize business problems to solve.
users that will exist in LDAP. • Understand the customer on-boarding and interaction • Define high-level conceptual solution architecture
• Implementation of IBM Security Verify Access v10 for providing
authentication, authorization, web SSO and MFA
journeys for the digital mobile app overview.
• Access Management infrastructure will be architected for high-availability • Identify the CIAM interaction points as part of the digital • Perform assessment of current requirements
in 1 production environments mobile app customer journeys and define the flows associated with the business and technical
• Access Management solution shall be deployed on Yes Bank data centre
• Access Management Solution will be deployed in 3 environments - DEV, • Define a customer identity profile in under lying environment.
TEST, & PROD repository that accommodates the current and future • Implement latest version of the following IBM Security
• Consolidation of user repository to have single source of customer data apps Verify Access solution in development, test, and
for authentication and coarse-grained authorization
- Recommendations for any data cleansing to Yes Bank • Define customer registration flows production environments
- Migration from one existing user repository • Define customer authentication flows • Expose the REST APIs for the following user
- Establish single identity profile for all customer users with basic info as • Define customer self-service to manage customer management functions:
required
• Streamlined & seamless access management to the mobile channel
identity profile and any related information - Create users
- Integration with one digital mobile banking app • Define customer credential management - Modify users
- Authentication support for digital mobile banking app • Define multi-factor authentication scenarios and types - Delete users
- Centralized Authentication & Coarse-grained authorization
- Session Management
to improve the level of security assurance - Read users
- Single Sign-on • Define Single Sign-On scenarios • Implement OIDC authentication flow for integration with
• Social Id Integration • Define password reset and change flows new digital mobile banking app
- Integration with up to two social id platforms
- Support for sign-up using Social Id to fetch profile data • Define the audit logs to be provided • Implement the MFA based on one of the supported
- Support for Login using Social Id • Migration of existing users from current Yes Bank factors available in IBM Security Verify Access to be
• Support of user account administration via exposed Access Management application platform to the new platform used for new digital banking app under which scenarios
API’s
- API’s for Creating, Reading, Updating & Deleting user accounts • Implement Password Selfcare – forgot user ID and
- API’s for Authentication, Authorization forgot password scenario
- Digital mobile banking app would call exposed API’s • Expose identity context and make them available
- Digital mobile banking app would implement user self-service – sign-up,
forgot/change password, profile management capabilities using the IBM through REST APIs for digital banking app
Security Verify Access APIs consumption
• Expose REST APIs for user authentication and
authorization.
23
CIAM: Project plan
W1 W2 W3 W4 W5 W6 W7 W8 W9 W10 W11 W12 W13 W14 W15 W16 W17 W18 W19 W20 W21 W22 W23 W24 W25 W26 W27 W28 W29 W30 W31 W32 W33 W34 W35 W36 W37 W38 W39 W40
PMO
Discovery
Env. Build
Design
Env. Build
Design Sprint Demo
CIAM API
Development Sprint Demo
CIAM API
Development
Sprint Demo
Refinement
Integration
Sprint Demo
Refinement
Refinement CS
PT
Yes Bank
24
CIAM: Project plan – 1a Soft Launch
W1 W2 W3 W4 W5 W6 W7 W8 W9 W10 W11 W12 W13 W14 W15 W16 W17 W18 W19 W20 W21 W22 W23 W24 W25 W26 W27 W28 W29 W30 W31 W32 W33 W34 W35 W36 W37 W38 W39 W40
PMO
Discovery
Env. Build
Design
Env. Build
Design
CIAM API
Development
CIAM API
Development
Refinement CS
IBM VAPT 1
Yes Bank
25
Why IBM?
• IBM is the only OEM to combine CIAM + RBA (Fraud Management) Capabilities in single Integrated Platform
• IBM Security Verify Integrated Platform is powered by AI / ML stack for prevention and detection of Digital Identity
risks that leverages multiple parameters of Anomaly detection, Velocity patterns, Known fraud patterns and
Consortium data
• IBM provides Fraud Analytics specialist services team of fraud and identity risk experts to support for policy tuning /
continuous improvement
• IBM provides Customer Success Manager (CSM) to ensure deployment is a success
• IBM is the only OEM ranked in Leader’s quadrant by Forrester Wave for Combined CIAM + RBA (Fraud Management)
Capabilities
• IBM is the only OEM ranked in Leader’s quadrant by Kuppingercole Wave for Combined CIAM + Fraud Reduction
Intelligence Platforms (FRIP) Capabilities
• IBM is the only OEM to provide complete ownership of Software + Infra + Implementation Services that helps to
achieve Cost Effective TCO and provides single accountability, reduced costs and better ROI for Yes Bank
• IBM provides bundled Trusteer Rapport solution that can help Yes bank to achieve remediation on customer's
infected endpoint by automatically blocking, removing financial malware and help to detect phishing sites
IBM AND <CLIENT> CONFIDENTIAL
Thank you
Follow us on: © Copyright IBM Corporation 2020. All rights reserved. The information contained in these materials is provided for
informational purposes only, and is provided AS IS without warranty, of any kind, express or implied. Any statement of
direction represents IBM’s current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM,
the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in
ibm.com/security the United States, other countries or both. Other company, product, or service names may be trademarks or service marks
of others.
securityintelligence.com Statement of Good Security Practices: IT system security involves protecting systems and information through prevention,
detection and response to improper access from within and outside your enterprise. Improper access can result in
information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems,
ibm.com/security/community including for use in attacks on others. No IT system or product should be considered completely secure and no single
product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve
additional operational procedures, and may require other systems, products or services to be most effective. IBM does not
xforce.ibmcloud.com warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious
or illegal conduct of any party.
@ibmsecurity
youtube.com/ibmsecurity