User Centric Access Control in Cloud Using Identity Management Karunanithi. D, Shiyamala Devi V. P, Sambath. M
|
|
- Timothy Powers
- 8 years ago
- Views:
Transcription
1 User Centric Access Control in Cloud Using Identity Management Karunanithi. D, Shiyamala Devi V. P, Sambath. M Abstract Having numerous login for many service providers brought an pathetic situation among many organizations in order to avoid verifying identity of each individual every time when they login the challenge to overcome the multiple accounts is by providing Identity as a Service (IaaS).The overall objective of security, private and trust challenges arise from the technological underpinnings of cloud computing is a principle to guide decisions and achieve rational outcomes to confirm that users of cloud environments are given total protections, to strengthen and stabilize a world leading cloud ecosystem. Hence, our concern is that currently a number of challenges and risks in respect of security, privacy and trust exist that may damage the fulfilment of these policy and so we upgrade in various implementations of cloud computing through identity management which reduces the burden associated with user accounts and privileges across multiple target resources, improves the Qos for users through measures such as self service password reset,real time synchronisation of changes from authoritative identity data sources across multiple target resources. Index Terms Cloud Computing, Identity Management, OpenIDSecurity, Privacy and Trust. I. INTRODUCTION Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction [1]. The literature identifies four different broad service models for cloud computing: 1.Software as a Service (SaaS), where applications are hosted and delivered online via a web browser offering traditional desktop functionality, eg, Google Docs, Gmail and MySAP [2][Fig.1]. 2. Platform as a Service (PaaS), where the cloud provides the software platform for systems (as opposed to just software), the best current example being the Google App Engine [2]. 3. Infrastructure as a Service (IaaS), where a set of virtualized computing re sources, such as storage and computing capacity, are hosted in the cloud; customers deploy and run their own software stacks to obtain services. Current examples are Amazon Elastic Compute Cloud (EC2), Simple Storage Service (S3) and Simple DB [3]. 4. Hardware as a Service (HaaS), where the cloud provides access to dedicated firmware via the Internet, eg, XEN and VMWare [4]. Fig. 1 Customer View vs. Provider View II. EVOLUTION OF CLOUD A. Private clouds, services are provided exclusively to trusted users via a single-tenant operating environment. Essentially, an organizations data centre delivers cloud computing services to clients who may or may not be in the premises [2]. B. Public clouds are the opposite: services are offered to individuals and organizations who want to retain elasticity and accountability without absorbing the full costs of in-house infrastructures. Public cloud users are by default treated as untrustworthy [2]. C. Inter Clouds, Combining both private and public cloud service offerings [2] [Fig.2]. Fig 2. Types of Clouds 136
2 I. ARCHITECTURE OF CLOUD COMPUTING 5. Respond to the pressure from the growing numbers of Web-based business applications that need more integration for activities such as single sign-on [8]. Fig 3. Cloud Reference Architechture The cloud computing architecture of a cloud solution is the structure of the system, which comprises on-premise and cloud resources, resources, services, middleware, and software components, geo-location, the externally visible properties of these, and the relationship between them. The term also refers to documentation of a system s cloud computing architecture. Documenting facilities communication between stakeholders, documents early decisions about high level design components and patterns between project [5]. A. Reference Architecture: Basis for documentation, stakeholder and team communication, payment, contract and cost models [5]. B. Technical Architecture: Structuring according to XaaStack, adopting cloud platform paradigms, structuring cloud services and cloud components, showing relationships and external endpoints, middleware and communication, management and security [6][Fig.3]. C. Deployment Operation Architecture: Geo-location check, operation and monitoring [7]. III. IDENTITY MANAGEMENT Identity Management (IdM) is a convergence of technologies and business processes. There is no single approach to identity management because the strategy must reflect specific requirements within the business and technology context of each organization. This convergence has drivers from both the business and technology perspective to: 1. Enable a higher level of e-business by accelerating movement to a consistent set of identity management standards. 2. Reduce the complexity of integrating business applications. 3. Manage the flow of users entering, using, and leaving the organization. 4. Support global approaches/schemas for certain categories of operational tasks. IV. ARCHITECTURE OF IDENTITY MANAGEMENT Open AM takes a unique architectural approach to addressing the Identity Management challenge. The following benefits: Faster Time to Market Allows companies to rapidly respond to changing business and regulatory needs. Scalability Scales from hundreds to millions of users. Portability Allows integration across technologies such as Java,.NET, PHP, Groovy as well as across operating systems and repositories. Simplified integration resulting from adherence to standards and service architecture. Lower implementation and total cost of ownership [3]. At the heart of the OpenIAM architecture is an Enterprise Service Bus (ESB). It is through the ESB that the 20+ IDM services are exposed. The ESB which allows for protocol translation allows these services to be consumed by a wide variety of technologies. Such flexibility allows an ESB based architecture to scale as an enterprise grows: Service mediation - independent, re-usable services are separated from protocol definitions and network requirements. Data Transformation - data may be exchanged across different formats and transport protocols. Routing - route, filter, aggregate and enrich messages depending on content. Following common IDM use cases, users are usually created from an authoritative source. Common examples of authoritative sources include Human Resources systems, Registration pages, or Identity Administration tools such as those found in the OpenIAM IDM system. Once an employee has been created in the Authoritative Data Source, they can be synchronized with the Identity system and the systems are involved in synchronization. These may include Active Directory, LDAP and other repositories. Based on the organizations rules, the synchronization and provisioning processes may leverage job roles to automatically provision the user into systems that a person needs for their specific job. For example, if an employee joins the firm as a sales person, they may be provisioned into systems that have been identified as being necessary for a sales person. These may include: LAN, and CRM. Automating these routine tasks achieves a number of objectives. First it achieves the 137
3 concept of a zero-day start where employees can be productive on the day they join the firm. Next, since these tasks are defined in a workflow, we can monitor their execution and maintain an audit trail. The audit information can be used to monitor security as well as compliance needs. Once an employee or user has been granted access, they can then access the appropriate applications. These applications may be web- based and non-web-based applications. These applications can be configured to make use of the other identity services found in OpenIAM. This approach allows corporations to centrally enforce security policies in a consistent manner across a heterogeneous set of systems and devices. Once the user has been provisioned, they may use the self service application to carry out a number of common tasks including: Changing your password Updating your profile Directory lookup The identity manager removes the user from the systems that they no longer need and adds the user to systems that they do need access to. Similarly, if a user leaves the company, all access would be promptly terminated. All of these changes are logged in the audit sub-system. The audit service may be configured to capture a broad set of events ranging from the provisioning of an employee, accessing of corporate resources, authentication, and to the changing of an object in a custom application through the use of API. The level of detail that is captured in each event is configurable through tools in the centralized web based administration console. Once audit events have been captured, the information can be presented through a series of reports and graphs [11]. A. Identity Middleware Enterprise Service Bus (ESB): The ESB is a central component in the OpenIAM SOA technology stack. An ESB works by acting as a transit system for carrying data between applications within or outside your intranet. The ESB defines a series of stops, or "endpoints", through which applications can send or receive data onto or from the system. The heart of the system, the messaging bus, routes messages between endpoints. These endpoints provide a simple and consistent interface to vastly disparate technologies such as HTTP(S), JMS, SMTP, JDBC, TCP or file [Fig.4] Services: The services layer represents an exhaustive set of services that serve as the foundation of the identity system. These services provide features such as Authentication, Authorization, Password Management, Provisioning, and Policy. These services have been designed for scalability and extensibility. For example, the Authentication service has a pluggable architecture that allows you to introduce new methods of authentication. The service end-points are through the ESB and can be easily consumed by applications regardless of technology [10]. Fig 4. IDM Architecture Business Process Engine: The Business process tier consists of a standards based business process engine that executes processes that have been created using the graphical process modeling tool. The modeling tool runs within the Eclipse IDE and can be deployed onto the process server from Eclipse. Processes may be triggered in a variety of ways. This includes identity events such as a request approval, removal of access, audit events, etc. These processes can interact with the underlying identity services, provisioning connectors, and other services that may exist within the enterprise. For example, a CRM system may publish data to a pre-defined address. The OpenIAM process engine can be configured to listen to that address and take action based on the s coming through. The process engine has been pre-configured to the work with the ESB. OpenIAM provides a number of process templates that address common use cases and allow the process designer to rapidly adopt this process to meet a customer's unique needs [11]. Scripting: Every customer is different and a certain amount of business logic needs to be customized to meet an organization's unique needs. To simplify this task, OpenIAM provides integration for a scripting language. By default, the scripting technology is Groovy Script - a java-like scripting language that integrates well into the OpenIAM framework as well other technologies found within the enterprise. Using the scripting tools, its possible to rapidly customize rules and other tasks for a customer's needs with a simple text editor and not have to venture down the path of having to set up complex development environments and packaging tools [12]. B. Audit and Compliance The audit and compliance solution consists of the following three components. 1. Event Collectors: Data collectors are responsible for capturing audit events based on the collector s configuration. These collectors capture events and publish them to the ESB. On the ESB, these events may be further manipulated using the rules or process engine [9]. 2. Event Receiver: 138
4 Data published to the ESB by a Data Collector is received by an Event Receiver that will log the event to a relational database [9]. 3. Reporting: The reporting engine provides a sophisticated set of tools to create reports and graphs. These reports may be delivered in real time, published to user-based access control rights, scheduled for delivery or rolled up into a dashboard. The diagram below provides a high level conceptual architecture of the Identity Management system and how it can fit into the enterprise. The following section describes how the components of the architecture interact with each other. V. OVERCOMING CHALLENGES IN IM SYSTEM Cameron s Seven Laws of identity are a good starting point for building our analysis criteria. The laws discuss common issues regarding today s IM and has spurred some good exchanges of ideas between Cameron Law 1: User Control and Consent The system must put users in control of what digital identities are used and released, protect users against deception, and verify the identity of any party who asks for user information. This law is essential for today s IM. In the introduction, we gave our definition of user control and consent; users must know what they consent to and be able to view what they had consented. Law 2: Minimal Disclosure. Since security breach can happen, the IM system should limit the disclosure of identity information for a constraint use. The domain centric IM research strongly supports this view. For example, the use of anonymous access is an attempt to prevent the correlation of IDs this law becomes less relevant if users are in control of their identity data. However, anonymity can be also useful in some cases. Law 3: Justifiable Parties. An IM system must only disclose identity information to parties having a necessary and justifiable place in a given identity relationship. Cameron s position is vague on this law. He does not want to get involved in the fabric of trust. Instead, he simply suggests that users should determine whom they can trust, and the IM system should provide the necessary information for the users to make these decisions (e.g., Info Card alerts users and gives the RP information when users access an RP site for the first time). We consider this law as allowing users to decide whom they should trust. Law 4: Directed Identity. An IM system must support both omni-directional (public) identity to facilitate the discovery and unidirectional (private) identity to prevent unnecessary release of correlation identity information. In the real world, people need to know with whom they are dealing with, which should not be different on the Internet. Since RPs has different levels of security, supporting multiple IDs is essentials in a modern IM system, which is the same for the identity discovery. Law 5: Pluralism of Operators and Technologies The IM system should be able to work with multiple IdPs. Obviously, for scalability, the IM framework must continue to support multiple IdPs, but it does not mean that a user must have more than one IdP. This paper has shown that the IM framework design simpler and provides a stronger security. Law 6: Human Integration The IM system must define the human user to be a component of the distributed system integrated through unambiguous human/machine communication mechanisms. User centric IM and, in particular, PIM strongly support this view. User participation is central to the PIM framework design, and this design principle is reflected in the user control and consent of an IM system. Law 7: Consistent Experience across Contexts The IM system must provide users with a simple and consistent experience while enabling separation of contexts through multiple operators and technologies. By definition, SSO provides consistent user experience across multiple contexts. Users authenticate to an IdP and are able to access resources on different service providers [6]. VI. IMPLEMENTAIONS USER CENTRIC ACCESS CONTROL The traditional model of application-centric access control, where each application keeps track of its collection of users and manages them, is not feasible in cloud based architectures. This is more so, because the user space maybe shared across applications that can lead to data replication, making mapping of users and their privileges a herculean task. Also, it requires the user to remember multiple accounts/passwords and maintain them. Cloud requires a user centric access control where every user request to any service provider is bundled with the user identity and entitlement information. User identity will have identifiers or attributes that identity and define the user. The identity is tied to a domain, but is portable. User centric approach leaves the user with the ultimate control of their digital identities. User centric approach also implies that the system maintains a context of information for every user, in order to find how best to react to in a given situation to a given user request. It should support pseudonyms and multiple and discrete identities to protect user privacy. This can be achieved easily by using one of the open standards like OpenID or SAML [10]. A. Scalability: Cloud requires the ability to scale to hundreds of millions of transactions for millions of identities and thousands of connections with short/rapid deployment cycles [5]. B. Interoperability: The mass expects the cloud to provide a IDM solution that can interoperate with all existing IT systems and existing solutions as such or with minimum changes. Seamless interoperation with different kinds of authentication mechanism such as the Microsoft Windows authentication, SSO, LDAP, SAML, OPENID and OAUTH, Open Social, FaceBookConnect, etc., is what is expected of cloud. The 139
5 syntactical barriers have to be bridged. It requires an authentication layer of abstraction to which any model of authentication can be plugged in and off dynamically [8]. C. Compliance: Greater harmonization of relevant legal and regulatory frameworks to be better suited to help provide for a high level of privacy, security and trust in cloud computing environments [1]. D. Accountability: Improvement of rules enabling cloud users (especially consumers) to exercise their rights as well as improvement of models of Service Level Agreements (SLAs) as the principle vehicle to provide accountability in meeting security, privacy and trust obligations [4]. 5. Transparency: Improving to way in which levels of security, privacy or trust afforded to cloud customers and end-users can be discerned, measured and managed, including research into security best practices, automated means for citizens to exercise rights and establishment of incident response guidelines [5]. VII. CONCLUSION Cloud computing with various applications being performed has several logins are used widely in enterprise hence, By implementing Identity Management established unique login credentials for all its users and gave IT the ability to manage users in one central location. IM provide with productivity enhancing tools for all users. Using a secure user name and password user access their One Login Portal where all web applications are just one click away. Inturn, IT can efficiently manage access to the organisation portfolio of cloud application. The following features influenced the Organisation decision to use one login 1.Authentication 2.Password management 3.Security Policies VIII. FUTURE WORK Our future works leads to process of implanting the federated cum personnel identity management leading to steps as follows 1. Delivers integrated security management solution 2. Simplifies administration through a unified Identity Management solution 3. Provides rapid deployment of consistently secure applications based on a single security model in the Cloud 4.Improves governance and simplifies compliance management 5. Delivers common security management best practices and industry leadership. ACKNOWLEDGMENT My hearty thanks to my guru Dr. Paul Rodrigues. My heartfelt thanks to my family for their endless support and our sincere thanks to University for their encouragements and last but not least my friends who always with me at all times. REFERENCES [1] Amazon Web Services, Overview of Security Processes, August As of November 2010: epaper.pdf. [2] Armbrust, Michael et al., Above the Clouds: A Berkeley View of Cloud Computing, University of California at Berkeley, Technical Report No. UCB/EECS , 10 February As of 25 November 2010: Pubs/ TechRpts/2009/EECS pdf. [3] Article 29 Data Protection Working Party & Working Party on Police and Justice, The Future of Privacy: Joint contribution to the Consultation of the European Commission on the legal framework for the fundamental right to protection of personal data, WP168, As of 25 November wp168_en.pdf. [4] Amazon, resources, Google App Engine articles, The Open Group, The Open Group Architecture Framework (TOGAF), Definition of the term Architectural Principle, arch/chap29.html. [5] Armbrust, Michael et al., Above the Clouds: A Berkeley View of Cloud Computing, University of California at Berkeley, Technical Report No. UCB/EECS , 10 February As of 25 November 2010: ttp:// Pubs/TechRpts/2009/CS pdf. [6] 7 Laws of Identity The Case for Privacy-Embedded Laws Of Identity in the Digital Age. [7] Sun Microsystems, Inc. Sun ONE Identity Management. tity_mgnt.pdf (26 Jan 2003). [8] Identity Management Strategy Overview Post Sun Acquisition Update Cullen Landrum. [9] Identity Management in SharePoint 2010 Rick Taylor, Senior Technical Architect, Proficient. [10] Birman, Ken, Gregory Chockler & Robbert van Renesse, Toward a Cloud Computing Research Agenda, ACM SIGACT News, 2009/40(2). [11] Securing the Cloud through Comprehensive Identity Management Solution Millie Mak Senior IT Specialist. [12] SETLabs Briefings VOL 7, NO 7, 2009, Cloud Computing Identity Management, By Anu Gopalakrishnan. AUTHOR S PROFILE Karunanithi. D M.Tech in Computer Science and published papers in 10 International and 2 National Conferences. I had been designated as a reviewer of the papers in International Conference. Won second prize in Project Competition Techie Track conducted by Infosys, Chennai.Having Membership in ACM Professional Chapter V. P. Shiyamala Devi Msc, M.C.A., M.Phil., Ph.D (Pursuing) had published papers in International Conference. Sambath. M.E had published four papers in International Conference and Journals. 140
Different Patterns of Identity Management Implemented in Cloud Computing
2011 International Conference on Advancements in Information Technology With workshop of ICBMG 2011 IPCSIT vol.20 (2011) (2011) IACSIT Press, Singapore Different Patterns of Identity Management Implemented
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationHow To Compare Cloud Computing To Cloud Platforms And Cloud Computing
Volume 3, Issue 11, November 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Cloud Platforms
More informationWhite paper December 2008. Addressing single sign-on inside, outside, and between organizations
White paper December 2008 Addressing single sign-on inside, outside, and between organizations Page 2 Contents 2 Overview 4 IBM Tivoli Unified Single Sign-On: Comprehensively addressing SSO 5 IBM Tivoli
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationWhite Pages Managed Service Solution Rapid Global Directory Implementation. White Paper
White Pages Managed Service Solution Rapid Global Directory Implementation White Paper December 2014 Author: Tom Eggleston Version: 1.0 Status: FINAL Reference: DA-WP01 Creation Date: 03/12/14 Revision
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES
pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon
More informationAn enterprise- grade cloud management platform that enables on- demand, self- service IT operating models for Global 2000 enterprises
agility PLATFORM Product Whitepaper An enterprise- grade cloud management platform that enables on- demand, self- service IT operating models for Global 2000 enterprises ServiceMesh 233 Wilshire Blvd,
More informationCLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service
CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service Open Data Center Alliance, Inc. 3855 SW 153 rd Dr. Beaverton, OR 97003 USA Phone +1 503-619-2368 Fax: +1 503-644-6708 Email:
More informationCloud Computing Security Issues and Access Control Solutions
보안공학연구논문지 (Journal of Security Engineering), 제 9권 제 2호 2012년 4월 Cloud Computing Security Issues and Access Control Solutions Young-Gi Min 1), Hyo-Jin Shin 2), Young-Hwan Bang 3) Abstract Cloud computing
More informationFederated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.
PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading
More informationThe Role of Federation in Identity Management
The Role of Federation in Identity Management August 19, 2008 Andrew Latham Solutions Architect Identity Management 1 The Role of Federation in Identity Management Agenda Federation Backgrounder Federation
More informationjourney to a hybrid cloud
journey to a hybrid cloud Virtualization and Automation VI015SN journey to a hybrid cloud Jim Sweeney, CTO GTSI about the speaker Jim Sweeney GTSI, Chief Technology Officer 35 years of engineering experience
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationCloud Security/Access Control and Identity Management. Patrick McLaughlin, Oracle Fellow SAOUG: 14 November, 2011
Cloud Security/Access Control and Identity Management Patrick McLaughlin, Oracle Fellow SAOUG: 14 November, 2011 Agenda Evolution of IT and IdM Requirements Building and Securing Clouds Oracle Public Cloud
More informationSingle Sign On. SSO & ID Management for Web and Mobile Applications
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
More informationAPI Management: Powered by SOA Software Dedicated Cloud
Software Dedicated Cloud The Challenge Smartphones, mobility and the IoT are changing the way users consume digital information. They re changing the expectations and experience of customers interacting
More informationIBM Tivoli Federated Identity Manager
IBM Tivoli Federated Identity Manager Employ user-centric federated access management to enable secure online business collaboration Highlights Enhance business-to-business and business-to-consumer collaborations
More information1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges
1 Building an Identity Management Business Case Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Justifying investment in identity management automation. 2 Agenda Business challenges
More informationHow to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications
SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this
More informationHow To Secure Cloud Computing
Next Generation Cloud Computing Issues and Solutions Jeon SeungHwan 1, Yvette E. Gelogo 1 and Byungjoo Park 1 * 1 Department of Multimedia Engineering, Hannam University 133 Ojeong-dong, Daeduk-gu, Daejeon,
More informationScale Cloud Across the Enterprise
Scale Cloud Across the Enterprise Chris Haddad Vice President, Technology Evangelism Follow me on Twitter @cobiacomm Read architecture guidance at http://blog.cobia.net/cobiacomm Skate towards the puck
More informationMitra Innovation Leverages WSO2's Open Source Middleware to Build BIM Exchange Platform
Mitra Innovation Leverages WSO2's Open Source Middleware to Build BIM Exchange Platform May 2015 Contents 1. Introduction... 3 2. What is BIM... 3 2.1. History of BIM... 3 2.2. Why Implement BIM... 4 2.3.
More informationAPI Architecture. for the Data Interoperability at OSU initiative
API Architecture for the Data Interoperability at OSU initiative Introduction Principles and Standards OSU s current approach to data interoperability consists of low level access and custom data models
More informationBuild A private PaaS. www.redhat.com
Build A private PaaS WITH Red Hat CloudForms and JBoss Enterprise Middleware www.redhat.com Introduction Platform-as-a-service (PaaS) is a cloud service model that provides consumers 1 with services for
More informationInteroperate in Cloud with Federation
Interoperate in Cloud with Federation - Leveraging federation standards can accelerate Cloud computing adoption by resolving vendor lock-in issues and facilitate On Demand business requirements Neha Mehrotra
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationSecuring the Cloud through Comprehensive Identity Management Solution
Securing the Cloud through Comprehensive Identity Management Solution Millie Mak Senior IT Specialist What is Cloud Computing? A user experience and a business model Cloud computing is an emerging style
More informationWhite Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0
White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative
More informationCloud Computing Technology
Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures
More informationHOL9449 Access Management: Secure web, mobile and cloud access
HOL9449 Access Management: Secure web, mobile and cloud access Kanishk Mahajan Principal Product Manager, Oracle September, 2014 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle
More informationData Integration Checklist
The need for data integration tools exists in every company, small to large. Whether it is extracting data that exists in spreadsheets, packaged applications, databases, sensor networks or social media
More informationCentrify Cloud Connector Deployment Guide
C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as
More informationTransformation to a ITaaS Model & the Cloud
Transformation to a ITaaS Model & the Cloud CIO Summit - Miami November, 2014 John Cullen Laddie Suk EMC Global Professional Services John.cullen@emc.com Laddie.suk@emc.com 1 Agenda Business Challenges
More informationIdentity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE
Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication
More informationKenneth Hee Director, Business Development Security & Identity Management. Oracle Identity Management 11g R2 Securing The New Digital Experience
Kenneth Hee Director, Business Development Security & Identity Management Oracle Identity Management 11g R2 Securing The New Digital Experience This document is for informational purposes. It is not a
More informationWHITE PAPER. Active Directory and the Cloud
WHITE PAPER Active Directory and the Cloud HyperOffice, 2011 What is Active Directory? What are its benefits? Active Directory (AD) is a directory service created by Microsoft. Active Directory is popularly
More informationSeeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
More informationBuilding a Cloud-Ready, Future-Proof Identity Infrastructure:
Building a Cloud-Ready, Future-Proof Identity Infrastructure: Three Keys to Success UnboundID Corp. 13809 Research Blvd Suite 500 Austin, TX 78750 512-600-7700 www.unboundid.com Executive Summary Social
More informationRSA Identity Management & Governance (Aveksa)
RSA Identity Management & Governance (Aveksa) 1 RSA IAM Enabling trusted interactions between identities and information Access Platform Authentication Federation/SSO Employees/Partners/Customers Identity
More informationIdentity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities
Identity and Access Management Integration with PowerBroker Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 4 BeyondTrust
More informationIBM 000-281 EXAM QUESTIONS & ANSWERS
IBM 000-281 EXAM QUESTIONS & ANSWERS Number: 000-281 Passing Score: 800 Time Limit: 120 min File Version: 58.8 http://www.gratisexam.com/ IBM 000-281 EXAM QUESTIONS & ANSWERS Exam Name: Foundations of
More informationCloudy Middleware MARK LITTLE <MLITTLE@REDHAT.COM> TOBIAS KUNZE <TKUNZE@REDHAT.COM>
Cloudy Middleware MARK LITTLE TOBIAS KUNZE About Mark Little Sr Director of Engineering, Red Hat Tobias Kunze PaaS Architect, Red Hat CTO/Co-founder of Makara 2
More informationWhite Paper. FFIEC Authentication Compliance Using SecureAuth IdP
White Paper FFIEC Authentication Compliance Using SecureAuth IdP September 2015 Introduction Financial institutions today face an important challenge: They need to comply with guidelines established by
More informationSECURITY AND REGULATORY COMPLIANCE OVERVIEW
Powering Cloud IT SECURITY AND REGULATORY COMPLIANCE OVERVIEW Executive Summary BetterCloud provides critical insights, automated management, and intelligent data security for cloud office platforms. As
More informationMANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS
VCE Word Template Table of Contents www.vce.com MANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS January 2012 VCE Authors: Changbin Gong: Lead Solution Architect Michael
More informationDirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet
Technical Data Sheet DirX Identity V8.5 Secure and flexible Password Management DirX Identity provides a comprehensive password management solution for enterprises and organizations. It delivers self-service
More informationCompetitive Comparison Between Microsoft and VMware Cloud Computing Solutions
Competitive Comparison Between Microsoft and VMware Cloud Computing Solutions Introduction As organizations evaluate how cloud computing can help them improve business agility, reduce management complexity
More informationGetting Started with Clearlogin A Guide for Administrators V1.01
Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality
More informationSERVICE-ORIENTED MODELING FRAMEWORK (SOMF ) SERVICE-ORIENTED SOFTWARE ARCHITECTURE MODEL LANGUAGE SPECIFICATIONS
SERVICE-ORIENTED MODELING FRAMEWORK (SOMF ) VERSION 2.1 SERVICE-ORIENTED SOFTWARE ARCHITECTURE MODEL LANGUAGE SPECIFICATIONS 1 TABLE OF CONTENTS INTRODUCTION... 3 About The Service-Oriented Modeling Framework
More informationWhere in the Cloud are You? Session 17032 Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)
Where in the Cloud are You? Session 17032 Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle) Abstract The goal of this session is to understanding what is meant when we say Where in the
More informationDirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet
Technical Data Sheet DirX Identity V8.4 Secure and flexible Password Management DirX Identity provides a comprehensive password management solution for enterprises and organizations. It delivers self-service
More informationADAPTABLE IDENTITY GOVERNANCE AND MANAGEMENT
OMADA IDENTITY SUITE - Adaptable Identity Management and Access Governance Governance Compliance Identity Management Cloud Self-Service Security Complete control of who has access to what is an essential
More informationManaging Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015
Managing Your Microsoft Windows Server Fleet with AWS Directory Service May 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational
More informationPing Identity, Euro Cloud award entry
Ping Identity, Euro Cloud award entry Category: Best Cloud Offering Product: PingFederate 6.6 About Ping Identity Ping Identity is the cloud identity security leader, specialising in cloud identity, security,
More informationLatest technology facilitates different service
SETLabs Briefings VOL 7 NO 7 2009 Cloud Computing Identity Management By Anu Gopalakrishnan Online security concerns are on the rise and a robust identity management is what cloud needs now Latest technology
More informationHow To Secure Your Data Center From Hackers
Xerox DocuShare Private Cloud Service Security White Paper Table of Contents Overview 3 Adherence to Proven Security Practices 3 Highly Secure Data Centers 4 Three-Tier Architecture 4 Security Layers Safeguard
More informationEnterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.
ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationOracle Reference Architecture and Oracle Cloud
Oracle Reference Architecture and Oracle Cloud Anbu Krishnaswamy Anbarasu Enterprise Architect Social. Mobile. Complete. Global Enterprise Architecture Program Safe Harbor Statement The following is intended
More informationVIEW POINT. Getting cloud management and sustenance right! It is not about cloud, it s about tomorrow s enterprise
VIEW POINT Getting cloud management and sustenance right! It is not about cloud, it s about tomorrow s enterprise Soma Sekhar Pamidi, Vinay Srivastava, Mayur Chakravarty The dynamic technologies of cloud
More informationOracle SOA Suite: The Evaluation from 10g to 11g
KATTA Durga Reddy TATA Consultancy Services. Oracle SOA Suite: The Evaluation from 10g to 11g Introduction Oracle SOA Suite is an essential middleware layer of Oracle Fusion Middleware. It provides a complete
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationTake Control of Identities & Data Loss. Vipul Kumra
Take Control of Identities & Data Loss Vipul Kumra Security Risks - Results Whom you should fear the most when it comes to securing your environment? 4. 3. 2. 1. Hackers / script kiddies Insiders Ex-employees
More informationConnecting Users with Identity as a Service
Ping Identity has demonstrated support for multiple workforce and external identity use cases, as well as strong service provider support. Gregg Kreizman Gartner 1 Connecting Users with Identity as a Service
More informationHow To Understand Cloud Computing
Overview of Cloud Computing (ENCS 691K Chapter 1) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ Overview of Cloud Computing Towards a definition
More informationOracle Data Integrator 11g New Features & OBIEE Integration. Presented by: Arun K. Chaturvedi Business Intelligence Consultant/Architect
Oracle Data Integrator 11g New Features & OBIEE Integration Presented by: Arun K. Chaturvedi Business Intelligence Consultant/Architect Agenda 01. Overview & The Architecture 02. New Features Productivity,
More informationIdentity Governance Evolution
Identity Governance Evolution Paola Marino Principal Sales Consultant Agenda Oracle Identity Governance Innovation Cloud Scenarios enabled by Oracle Identity Platform Agenda Oracle
More informationCloud Computing Architecture: A Survey
Cloud Computing Architecture: A Survey Abstract Now a day s Cloud computing is a complex and very rapidly evolving and emerging area that affects IT infrastructure, network services, data management and
More informationSaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology
SaaS at Pfizer Challenges, Solutions, Recommendations Agenda How are Cloud and SaaS different in practice? What does Pfizer s SaaS footprint look like? Identity is the Issue: Federation (SSO) and Provisioning/De-provisioning
More informationOracle SOA Suite Then and Now:
Oracle SOA Suite Then and Now: The Evolution from 10g to 11g Shane Goss Impac Services Agenda SOA Suite 11g New Features Highlight new features of SOA 11g Some products have added features and functionality
More informationIDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation
IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Author: Creation Date: Last Updated: Version: I. Bailey May 28, 2008 March 23, 2009 0.7 Reviewed By Name Organization
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationArchitectural Implications of Cloud Computing
Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationPROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud
PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud Blue skies ahead? Yes if you are protected when you move to the cloud. Lately, it seems as if every enterprise
More informationDell Active System, Enabling service-centric IT, the path to the Cloud. Pavlos Kitsanelis Enterprise Solutions Lead Greece, Cyprus, Malta
Dell Active System, Enabling service-centric IT, the path to the Cloud Pavlos Kitsanelis Enterprise Solutions Lead Greece, Cyprus, Malta Delivery Deployment Cloud models & approaches Private Operated and
More informationCA Federation Manager
PRODUCT BRIEF: CA FEDERATION MANAGER CA FEDERATION MANAGER PROVIDES STANDARDS-BASED IDENTITY FEDERATION CAPABILITIES THAT ENABLE THE USERS OF ONE ORGANIZATION TO EASILY AND SECURELY ACCESS THE DATA AND
More informationNCSU SSO. Case Study
NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must
More informationVALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud
VALUE PROPOSITION FOR SERVICE PROVIDERS Helping Service Providers accelerate adoption of the cloud Partnership with Service Providers Enabling Your Cloud Services in Complex Environments Today s challenge
More informationHow To Use Salesforce Identity Features
Identity Implementation Guide Version 35.0, Winter 16 @salesforcedocs Last updated: October 27, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of
More informationPermeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions
Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an
More informationCloud Computing 159.735. Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009
Cloud Computing 159.735 Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009 Table of Contents Introduction... 3 What is Cloud Computing?... 3 Key Characteristics...
More informationOkta Identity Management for Portals Built on Salesforce.com. An Architecture Review. Okta Inc. 301 Brannan Street San Francisco, CA 94107
Okta Identity Management for Portals Built on Salesforce.com An Architecture Review Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 Okta: A Platform for Cloud
More informationService management White paper. Manage access control effectively across the enterprise with IBM solutions.
Service management White paper Manage access control effectively across the enterprise with IBM solutions. July 2008 2 Contents 2 Overview 2 Understand today s requirements for developing effective access
More informationHow To Get A Cloud Platform To Work For A Company
GROUP ENTERPRISE PPT Templates Refresh A practical approach to Cloud adoption Tan Teck Sun, Snr Consultant Name 13 November 2013 date Disclaimer: This material that follows is a presentation of general
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationIBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, 2016. Integration Guide IBM
IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, 2016 Integration Guide IBM Note Before using this information and the product it supports, read the information
More informationWhite Paper on CLOUD COMPUTING
White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples
More informationService-Oriented Architecture and Software Engineering
-Oriented Architecture and Software Engineering T-86.5165 Seminar on Enterprise Information Systems (2008) 1.4.2008 Characteristics of SOA The software resources in a SOA are represented as services based
More informationVistara Lifecycle Management
Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationSentinet for Windows Azure SENTINET
Sentinet for Windows Azure SENTINET Sentinet for Windows Azure 1 Contents Introduction... 2 Customer Benefits... 2 Deployment Topologies... 3 Isolated Deployment Model... 3 Collocated Deployment Model...
More informationCisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture
Reference Architecture Cisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture 2015 Cisco and/or its affiliates. All rights reserved.
More informationCisco Enterprise Mobility Services Platform
Data Sheet Cisco Enterprise Mobility Services Platform Reduce development time and simplify deployment of context-aware mobile experiences. Product Overview The Cisco Enterprise Mobility Services Platform
More informationOracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007
Oracle Identity Management for SAP in Heterogeneous IT Environments An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments Executive Overview... 3 Introduction...
More informationCHAPTER 8 CLOUD COMPUTING
CHAPTER 8 CLOUD COMPUTING SE 458 SERVICE ORIENTED ARCHITECTURE Assist. Prof. Dr. Volkan TUNALI Faculty of Engineering and Natural Sciences / Maltepe University Topics 2 Cloud Computing Essential Characteristics
More informationEasy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant
Easy as 1-2-3: The Steps to XE Mark Hoye Services Portfolio Consultant September 25, 2015 Objective / Agenda Objective Provide relevant information about Banner XE Provide a framework for understanding
More information