Naresh Era

Alright. So could you help me understand more about your, uh, background, like giving a brief introduction about yourself? Well, my name is Narish Kumar Era. I got 11 years of experience into IT infrastructure management, of which I got 7 plus, uh, years of experience into Azure and AWS, you know, uh, cloud operation support and, uh, you know, administration. And I got 5 plus into Azure DevOps and I am practices. And, um, I got a good amount of experience. Uh, I worked for 4 to 5 companies, all of which I worked for LDI Mindtree for four and a half years. And prior to that, I was working with Maniscal Technologies. And, uh, prior to that, I was with IBM for a good amount of time. And, uh, coming to certifications, I hold a Red Hat certified engineer, Linux Red Hat certified engineer, and, um, uh, I got, uh, d e nine hundred from Microsoft. And I'm planning to take, uh, you know, I'm certification from Microsoft Azure, like, e z 104 where it covers governance and, um, and I'm practices from Azure side. So that's pretty much about myself.

Can you provide an example of a complex IAM workflow you have automated? Well, uh, yeah. I mean, there are a lot many out of which, uh, if I could think of to my head, uh, um, um, one such example is that I have automated the onboarding and offboarding process for the employees. So, uh, yeah, so when a new employee joins the company, the workflow involves creating a new user account, assigning the appropriate roles and permissions based on their job role, and, uh, provisioning access to the necessary systems and applications. So this process, basically, you know, it includes, uh, setting up multifactor authentication and ensuring proper compliance with security policies. And, uh, Yeah. Well, uh, when an employee leaves the company, the off boarding process involves revoking access to all systems and applications, deactivating deactivating their user account, and, uh, you know, ensuring all the sensitive data and credentials are properly, you know, uh, secured. Right? And, uh, apart from that, I have automated this, like, this particular workflow by creating a series of scripts and workflows, uh, that, you know, integrate with our HR system and IBM platform. So this automation ensures that the onboarding and offboarding process are consistent, uh, efficient, and secure while they reduce the potential harm for any such human errors.

Alright, can you name a few IAM protocols and standards that are commonly used, okay. So well, a few IAM protocols and standards that I have commonly used are, well, yeah, some like security SAML, like S-M-A-L, that is Security Assertion Markup Language. So it's an XML-based, basically I'll define it, so I'll say a protocol and then I'll define it briefly, I'll explain what it is. So S-M-A-L is an XML-based open standard for exchanging authentication and authorization data between parties, particularly between identity provider and a service provider. And next one is open authorization. Open authorization is an open standard for access delegation commonly used for, you know, granting access to the resources on one site to another site without having to, you know, sharing the credentials. And then we have Open ID Connect. So Open ID Connect is an authentication layer built on top of, you know, OAuth 2.0, I guess, providing a way to verify the identity of the end user based on authentication performed by an authorization server. Then we have LDAP, that is Lightweight Directory Access Protocol. LDAP is a protocol for accessing and, you know, maintaining distributed directory information services that's over the IP network commonly used for, you know, authentication and authorization, right? And then what else we have, I think we have something called RADIUS also. RADIUS is Remote Authentication Dialing User Service. So RADIUS is a networking protocol that provides centralized authorization, authentication, and account management for users who connect and use a network service. So this is pretty much I know about IAM protocols and standards that I have commonly used.

Okay. Uh, what steps would you take to integrate, within organization's existing systems. Okay. So what what steps? Um, integrate Savvy in in organization existing systems. Okay. So we'll, uh, what steps would you take to integrate Savion with an organization's existing systems? Okay. Well, uh, there are a lot of money actually uh, to dissect that if I segregate the question, uh, the steps is, uh, let's let's, uh, follow step by step here. The 1st and foremost, uh, step would be, uh, that basically, that follows, uh, several steps. But if I go step by step, first, I'll assess the existing systems. The first step is to conduct a thorough assign, uh, you know, assessment of the organization's existing systems, uh, including identity and access management solutions, HR systems, uh, directory services, and other applications that manage user access and permissions. Uh, then we once we assess the existing systems, then we define define the integration requirement. So I we have to identify, uh, identify the specific integration requirements such as, uh, user provisioning, single sign on SSO, role based, our our, uh, our mandate tool basis access control and compliance needs. Then, uh, then, uh, then we'll help in determining the scope and objective of an integration. Uh, and then again, which is the the next one would be compatibility check. So and we have to make sure that the CV is compatible with organizations, existing systems, and applications. Uh, because it's it's very much important to, uh, understand how this, uh, how how savings is fitting into the organization requirements and policies. So, well, this may include defining user roles, access policies, and authentication methods based on existing, uh, system configurations. Then, again, uh, the next one would be to test it. Like, test and test and validation. So So we have to conduct a load testing to ensure that the integration works as expected. So this involves testing user provisioning, authentication flows, SSO functionalities, and access control policies to validate the, um, you know, integration. Then we have, uh, some we also make sure that, you know, something called deployment and rollout. One thing once the integration has been tested and validated, deploy the solution in in in a phased approach. So this will basically ensure the minimal disruption to the organization's operations, current operations. And we have to make sure we have enough training and documentation required, uh, for to help fellow engineers, uh, to have all of what is,

What are the main features of IBM, ISIM? Okay. Um, well, uh, if I could think of to my head, uh, the main feature is like, um, IBM ISBM. So this this is this, uh, Yeah. So IBM security identity manager, like it's a basically comprehensive, uh, identity and access management solution, uh, from IBM. Well, uh, Autoface, the main feature is identity life cycle management. So it provides a capability for managing the entire life cycle of user entities, including user provisions, uh, deprovisioning, and role based access control. It allows organization to automate the process of creating, modifying, and revoking user access based on the pre predefined policies. And, uh, the next main, uh, feature I could say is self-service dedicated administration. So it should provide a sales, uh, service capabilities that enable users to perform certain identity management tasks such as as for research and profile updates without ID intervention. And then we have, um, access certification and compliance. Uh, this is very important. Like, um, basically, this allow organizations to uh, to disallow organizations to, the this allow organizations, uh, you know, to to be compliant, like, you know, um, to create, like it it it helps to, you know, uh, create organizations to create custom workflows. And then we have something called, uh, reporting and analytics. So IESIM, uh, includes reporting and analytics capabilities to provide visibility into user access, compliance status, and identity related activities. Then we also have multifactor authenticate authentication authentication. Right? Right? So, uh, basically, it controls, like, you know, uh, uh, this, uh, MFA, uh, and adaptive access controls to basically, it helps to enhance the security and mitigate risks associated with user access. So it enables organizations to enforce strong authentication, uh, methods and, uh, adaptive access policies based on the contextual factors. So these are the few, uh, features of IBM ISIM, I

Could you describe the process of user provisioning in IAM? Well, yeah, there are different processes but my approach would be always like to simplify the stuff. So let me, so I will explain you the simple process like you know, user provisioning is basically the process of creating, modifying and managing users, user accounts and access rights across the organizations, right. So I will go step by step here again because I work in a segregation manner, break down the question into different pieces and then I will explain it, right, that is how I explain things. So the first one would be user onboarding, when a new employee joins the organization, the user provisioning process begins with creating the new user account in organization's IAM system. So basically this involves capturing the user's identity information such as name, email address, job role and assigning initial access rights based on the role and responsibilities, this is the first one. Second one is role based access control, right. So well, basically this is giving access and permissions to the user based on the job function. So this may include granting access to the specific applications or systems or any data based on the predefined role definitions and we also have something called automated provisioning. Many organizations use automated provisioning tools and workflows to streamline the user provisioning process. So automated provisioning helps ensure consistency and accuracy by automatically provisioning access based on predefined rules and policies. So that is the third one basically. So the next one what I could say is access request and approval. In some cases, user provisioning may involve access requests and approval workflows. When a user requires additional access beyond their initial provisioning, they can submit access requests which are then reviewed and approved by designated administrators. And the next one I could say is deprovisioning. So basically, let's say for example, if an employee leaves the organization or changes the role, deprovisioning involves revoking access rights, disabling user accounts and ensuring that the user no longer has access to the organizational resources in case if he leaves it or in case if he moves to another role, previous role has to be revoked, new role has to be given. So that's pretty much. And then we have something called integration which has HR systems and next one would be compliance and audit stuff. So basically, I can explain all these two points as well, but I ran out of time.

Explain the significance of privileged access management in I'm and describe how it's implemented. Okay. Um, if I could see the what many approaches and the simplified version, like, my approach is, it's a critical, like, you know, if I could think of privileged access, this is one of the critical component of IAM. And, um, the significance, like, um, the significance of privileged access management, uh, lies in mitigating the risks associated with the unauthorized access. So misuse of, um, privileged credentials and, uh, potential security breaches that could, you know, that could result from compromised privileged accounts. So, basically, uh, family. Privileged access management helps organization enforce strict controls, monitors, and audit privileges, and reduce the attack surface by, um, limiting the exposure to critical systems and data. So, like, how it is implemented, I'm gonna give you step by step process, like privileged account discovery, the 1st complement, like, the 1st step in time is doing the implementation is to identify and inventory all the privileged accounts across the organizational IT infrastructure. So this includes local and domain administrative accounts, service accounts, and other privileged accounts or privileged identities, I could say. The second 1 would be, uh, privileged password management. So it provides a capability of securely, uh, storing, managing, and, uh, you know, using, like, uh, managing, like, updating, uh, in case, I could say, recruiting privileged passwords. So using a secure vault to store privileged credentials, enforcing its strong password policies, and, uh, automating password, uh, rotation to reduce the recovery, uh, you know, risk of credential theft and misuse. And, uh, we could also implement, like, just in time privilege elevation. Um, solutions often include just in time access scheme with these, allowing users to request a temporary, uh, elevated privileges for, uh, specified tasks. And, um, it will have, uh, you know, time limit, basically. In case if you wanna, uh, prolong it, you can request another or you can extend it for as per the usage capabilities, we can make some changes. And next 1 would be it's the session monitoring and recording. So, uh, it's it's it's enabled real time monitoring and, uh, you know, recording of privileged user sessions, providing visibility into user activities and ensuring that all actions are logged for audit and compliance purposes. And then we have, uh, privileged, uh, privileged delegation and workflow. So PAM solution support the delegation of privileges to specific users or roles, enabling granular control or who can

Let's explain how IAM reduces security risks within an organization. Yeah. Uh, so majorly, it would, uh, uh, reduce the, you know, security risk within an organization. Uh, 1, uh, like, it's it's it's it's IBM basically plays a crucial role in reducing the security risks, um, but providing a framework. Basically, it provides a, uh, framework for managing user identities, controlling access to resources, and enforcing, uh, security policies. Uh, so I'm gonna tell you a few steps, like, uh, few ways where we can, uh, where we can, uh, IAM helps mitigate security risks. So first one is centralized identity management. Right? Uh, IAM centralizes the management of user entities, ensuring that the user accounts are created, modified, and deactivated in a consistent and controlled manner. Then we have role based access control. Well, it it I am basically enables organizations to implement our back, which sign user rights based on the, uh, job roles and responsibilities. Then, uh, next 1 would be, uh, next step. You know, basically, I step by step. I'm going step by step. So we'll then have single sign on, uh, something called single sign on. So I'm solutions often includes, uh, SSO capabilities allowing users to access multiple application and SSO systems with, uh, single set of, uh, credentials. SSO reduces the risk of, uh, password related issues. Um, Yeah. Password password related security, uh, incidents like weak passwords or password reuse or phishing attacks. Then we have, um, multifactor authentication where, um, you know, it's it it it provides multiple form of authentication, like passwords, biometric, one time password. So all these things which basically strengthens the security by adding an extra layer of protection. Uh, and, um, access, uh, then something called as access and governance access governance and, uh, compliance. And we have governance and compliance stuff. Uh, so I am basically provides capabilities for access, uh, you know, governments, access certification and compliance management. So this ensures that access rights are regularly reviewed, certified, and aligned with internal policies and regulatory requirements. Like, reducing the risk of, uh, you know, uh, unauthorized access. Right? And there is, uh, something called privileged access management. Then we have user behavior analytics, and then we have integration and visibility. So the these are all the few steps by which we can, uh, you know, reduce the securities risks within an organization using I'm

So how will you implement a zero trust architecture within an IEM framework? Alright. Um, Yeah. Um, definitely, we can we can definitely we can implement a zero cost architecture within an I'm framework. But, uh, I'm just thinking the approach what approach they have to like, you know, implementing, uh, zero trust architecture with an I'm framework, uh, framework involves adopting the security model that assumes no, uh, implicit trust regardless of whether the user is inside or outside the organization's network parameter. So, basically, uh, 0 trust focuses on verifying and securing every access request, minimizing the attacks of attacks surfers, and, uh, enforcing security access controls. So let's go step by step. Uh, we have 2 minutes. Okay. So we have something called identity centric approach. So zero trust start with strong identity verification. Implement multifactor authentication for all the users, including employees, partners, top or the third party vendors. So this ensures the access is granted only for after the successful identity verification. Second 1 would be, uh, least privileged access. Right? NAFTA enforce the principle of least privilege, ensuring the users have access only to the resources necessary to perform their specific roles and responsibilities to implement RBAC and, uh, ABAC. ABAC is something called attribute based access control to granularly, uh, manage access rights. Then we have something called microsegmentation. Well, um, microsegmentation is, uh, you know, network segmentation and micro segmentation to isolate critical systems and data. So this limits lateral moments within the network to reduce the impact of potential breach. We have continuous monitoring and analytics. We have to implement user, uh, behavior analytics and continuous monitoring to detect anomalies, activities, and potential security threats. So this includes, uh, monitoring access patterns, user activities, and data usage to identify deviation from normal Then we have something called secure access management, Sam. Um, so we'll we'll basically, uh, this solution allows you to manage and securely access to applications, systems, and data. And, uh, um, then we have to implement, like, um, secure remote access as well. So within the increasing trend of, uh, within the increasing trend of remote work, secure remote access is crucial. So, uh, implementing the SecureVPN virtual desktop, uh, desktop infrastructure and Secure Access Service Edge solutions to ensure secure access for remote users. And then we have something called Application Centric Security. So when implementing application level security controls such as application firewalls, data encryption, and the security coding practices will help. And they have lot many points as well, like 0 plus network access. We have continuous education and awareness programs that have to run, uh, within the organization. And

Can you discuss a project where you enabled single sign-on for suite of applications? Well, sure, yeah, I mean definitely I am going to explain that because I have done multiple projects where the requirement is such, right. So well, I will explain you with an example, okay. So imagine you have a scenario where an organization wants to streamline access to the suite of cloud-based applications which includes CRM application, ERM, and document management system, right. So I am going to explain you the steps. The first one would be access and planning. The project begins with assessment of the existing applications like you have to understand like the existing applications and the authentication mechanisms and the requirement of requirement for the SSO. So the team identifies the application that will be integrated with the SSO solution and defines the scope of the project, that is number one. And secondly, we have SSO solution selection. The team evaluates SSO solutions that are compatible with the suite of applications and align with the organization's security and usability requirements. And then we have something called integration and configuration. So the chosen SSO process like the chosen SSO solution is integrated with the suite of applications. So basically this involves configuring the SSO solutions to establish trust relationships with each application enabling seamless authentication and user provisioning. Then we also have user identity management. It defines user identities and access policies with SSO solution. So basically this may involve mapping user attributes, roles, and permissions to ensure consistent access controls across the suite of applications. Then we have testing and validations. Once a rigorous testing is conducted to ensure the SSO works seamlessly across the suite of applications and then we have to check the rollout and user training. Once the SSO solution is successfully integrated and tested, the rollout plan is executed. So users are informed about the new SSO capabilities and trainings to be provided to ensure that they understand how to access the suite of applications using SSO. And then we have monitoring and support. After the rollout, the project team monitors the SSO solution to ensure its stability and performance. And we have something called ongoing maintenance like there would be some maintenance, the project initial, after initial rollout is something called that needs to be improvised. So for that purpose, there should be some ongoing maintenance work has to be done to ensure the plans are correct.

Have you ever had a had to mentor or train team members on I'm best practices? How did you approach it? Well, I I was a part of team. I personally I did did ment mentored it, but I did had an opportunity, uh, uh, I I didn't have an opportunity to work as a on a collaborative effort like, uh, it's not like whether there would be 1 mentor who would be mentoring the entire team. We, as a team, used to work amongst ourselves. Um, so I can tell you the basic approaches, like, how it works actually. So the first step is I assist the team's knowledge and skills, understand existing knowledge, IIM skills of the team members regarding IIM, identifying the area of, uh, you know, uh, improvements or guidance. And then once I get to know the that information, then I'll define the learning objective. Clearly define the, uh, learning objective for the training. So this includes, uh, understanding I'm fundamentals or risk practices for user provisioning, access control, authentication methods, compliance requirements, and security principles. And then, uh, now next step will provide context and relevance. So explain the importance of, uh, I'm in in the context of security, compliance, and user experience. So, basically, it helped team members understand how I'm practices contribute to organization's overall security postures and operational efficiency. And, uh, basically, we need to use the real time, uh, examples to help, uh, understand the team members better. We have to explain the case studies or real world scenarios, uh, real time scenarios to to help them understand, uh, in a better way. Uh, then we we also ensure that we have to provide interactive training sessions. We have to encourage the team members to team members' teams to be interactive, like, providing the workshops and group discussions, hands on exercises, which will reinforce learning. Right? And, uh, um, then we can demonstrate IIM tools and technologies if applicable, like, at the moment. If your project permits or company, uh, permits, then, um, demonstrate I'm tools and technologies that teams will be working team will be working with. If possible, provide a practical demonstration of, uh, the I'm solutions. And we should be always open to questions and feedback. So a good, uh, you know, uh, healthy environment that we need to create to encourage the questions. Teams should come up with questions. And, uh, in case, uh, if anything anywhere or any person needs improvement, there should be a transparent treatment that needs to be provided. And we have to provide all the resources and references to the team just to ensure that, you know, they're following the best of the practices in the latest time. And uh, there's something called role based training. So based on the roles, you have to provide the training to the team members. For example, system administrators may require different, uh, training compared to the security analyst or compliance officers.