IBM. How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area?

Similar documents
Security Intelligence Solutions

Security strategies to stay off the Børsen front page

Effectively Using Security Intelligence to Detect Threats and Exceed Compliance

Security Metrics & The Boardroom How does security articulate business value. Rick Miller IBM, Director Managed Security Services

General Introduction to IBM (R) Rational (R) Asset Manager

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

Glinda Cummings World Wide Tivoli Security Product Manager

Acknowledgments. p. 55

Redbook Overview Patterns: SOA Design with WebSphere Message Broker and WebSphere ESB

Realizing business flexibility through integrated SOA policy management.

Avoiding Web Services Chaos with WebSphere Service Registry and Repository

Security as Architecture A fine grained multi-tiered containment strategy

Service management White paper. Manage access control effectively across the enterprise with IBM solutions.

Cybercrime: the New Reality of Information Security

OPENIAM ACCESS MANAGER. Web Access Management made Easy

APIs The Next Hacker Target Or a Business and Security Opportunity?

Web Services Security with SOAP Security Proxies

SOA OPERATIONS EXCELLENCE WITH PROGRESS ACTIONAL WHITE PAPER

Using Security Intelligence to Stay out of the Headlines

goberlin a Trusted Cloud Marketplace for Governmental and Commercial Services

An Open Policy Framework for Cross-vendor Integrated Governance

Managing SOA Security and Operations with SecureSpan

Service Oriented Networks Security. David Brossard, M.Eng, SCEA Senior Security Researcher, BT Innovate Globecom 2008

NCTA Cloud Architecture

Securing Web Services From Encryption to a Web Service Security Infrastructure

Service Oriented Architecture (SOA) Architecture, Governance, Standards and Technologies

Nastel Technologies 48 South Service Road Melville, NY, USA Copyright 2014 Nastel Technologies, Inc.

How Microsoft runs IT. Ludwig Wilhelm CIO Central & Eastern Europe Microsoft IT

Securely Managing and Exposing Web Services & Applications

Redpaper Axel Buecker Craig Forster Sridhar Muppidi Borna Safabakhsh

Secure Identity in Cloud Computing

managing SSO with shared credentials

Unifying IT Vision Through Enterprise Architecture

Federal Enterprise Architecture and Service-Oriented Architecture

Cisco Advanced Malware Protection for Endpoints

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

Creating a Strong Security Infrastructure for Exposing JBoss Services

Service Virtualization: Managing Change in a Service-Oriented Architecture

Data Mining Governance for Service Oriented Architecture

Tomáš Müller IT Architekt 21/04/2010 ČVUT FEL: SOA & Enterprise Service Bus IBM Corporation

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

SOMA, RUP and RMC: the right combination for Service Oriented Architecture

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

API Management: Powered by SOA Software Dedicated Cloud

Integrating Mobile apps with your Enterprise

How To Write An Architecture For An Bm Security Framework

Securing and protecting the organization s most sensitive data

IoT & SCADA Cyber Security Services

Ragy Magdy Regional Channel Manager MEA IBM Security Systems

WebSphere Integration Solutions. IBM Day Minsk Anton Litvinov WebSphere Connectivity Professional Central Eastern Europe

Enterprise Reference Architecture

CA Single Sign-On Migration Guide

Integrated Systems & Solutions. Some Performance and Security Findings Relative to a SOA Ground Implementation. March 28, John Hohwald.

Addressing Cyber Security in Oracle Utilities Applications

Federated Identity and Trust Management

<Insert Picture Here> Oracle Web Services Manager (WSM)

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

IBM Tivoli Federated Identity Manager

Table of Contents. Application Vulnerability Trends Report Introduction. 99% of Tested Applications Have Vulnerabilities

POTENTIAL DHH TECHNICAL ARCHITECTURE

JBOSS ENTERPRISE SOA PLATFORM AND JBOSS ENTERPRISE DATA SERVICES PLATFORM VALUE PROPOSITION AND DIFFERENTIATION

Entitlements Access Management for Software Developers

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

Cloud Essentials for Architects using OpenStack

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems

IBM SOA Foundation products overview

SOA Adoption Challenges

SERVICE ORIENTED ARCHITECTURE

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Safeguarding the cloud with IBM Security solutions

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 5

Beyond the SOA/BPM frontiers Towards a complete open cooperative environment

Improve your mobile application security with IBM Worklight

IBM WebSphere DataPower Integration Appliance XI52

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

SOA and API Management

SOA Design Patterns for VistA Evolution: Web Technologies Data Sharing for VistA Evolution

IBM API Management Overview IBM Corporation

Onegini Token server / Web API Platform

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Introduction to Cyber Security / Information Security

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Exam Name: IBM WebSphere Process Server V6.2,

PTW Exchange Brasil de Setembro, São Paulo, SP, BR. 1

SOA Management with Oracle Enterpise Manager. An Oracle White Paper March 2007

Contents Huntcliff, Suite 1350, Atlanta, Georgia, 30350, USA

SOA Software: Troubleshooting Guide for Policy Manager for DataPower

An Oracle White Paper February Oracle Data Integrator 12c Architecture Overview

Protecting personally identifiable information: What data is at risk and what you can do about it

Approach to Service Management

Policy Driven Practices for SOA

Introducing SOA Governance Suite. Magnus Wettemark, Solution Consultant Manager Software AG

zenterprise The Ideal Platform For Smarter Computing Eliminating Redundant Software

IBM Security Systems Trends and IBM Framework

Business Process Management Tampereen Teknillinen Yliopisto

SOA Governance and the Service Lifecycle

JOURNAL OF OBJECT TECHNOLOGY

Transcription:

IBM How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area? Sven-Erik Vestergaard Nordic Security Architect IBM Software group svest@dk.ibm.com

Security is becoming a board room discussion Business results Brand image Supply chain Legal exposure Impact of hacktivism Audit risk Sony estimates potential $1B long term impact $171M / 100 customers HSBC data breach discloses 24K private banking customers Epsilon breach impacts 100 national brands TJX estimates $150M class action settlement in release of credit / debit card info Lulzsec 50-day hack-at-will spree impacts Nintendo, CIA, PBS, UK NHS, UK SOCA, Sony Zurich Insurance PLc fined 2.275M ($3.8M) for the loss and exposure of 46K customer records Can this happen to us? 2

Security challenges are impacting innovation External threats Sharp rise in external attacks from non-traditional sources Cyber attacks Organized crime Corporate espionage State-sponsored attacks Social engineering Internal threats Ongoing risk of careless and malicious insider behavior Administrative mistakes Careless inside behavior Internal breaches Disgruntled employee actions Mix of private / corporate data Compliance Growing need to address an increasing number of mandates National regulations Industry standards Local mandates Impacting innovation Mobility Cloud / Virtualization Social Business Business Intelligence 3

Do we need Policy Management to handle the challenges? 4

Policy & Policy Management Policy - What is it? Principle or rule to guide decisions and achieve a desired and rational outcome Contains attributes detailing the 'what', the 'how', the 'where', and the 'when' Published, it becomes the standardized guidelines used by a system to govern its behavior within its environment and transactions 5 Policy Management provides an approach for efficiently and effectively addressing the many risks and requirements inherent in electronic communication: Policy definition (structured way to declare policy constraints) Policy enforcement, according to defined policies Policy monitoring (ability to collect and report Policy Analytics)

Policy Reference Architecture Policy Lifecycle Management Business Policy Business Policy domains for behavior and performance Service Development Lifecycle Situational Business Business Service Level Awareness Process Services Management Policy Lifecycle Service Lifecycle & Governance Policy Architectural Policy & Governance Policy Author Transform Architectural Policy domains for SOA Resources Process Service Information Model Assemble Enforce Operational Policy Deploy Monitor Operational Policy domains that are non-functional Manage Enablers Security Monitor Mediation Service Support & Delivery Policy 6

Policy aligns individual roles with broader business objectives Business layer Capture policy as business statements that describe the intent of the business or specific business level policy (e.g.) Compliance officer requires personal information be protected (e.g.) Business requires that information be available within 3 seconds of request Architecture layer Capture policy as requirements and architectural standards that address resources (e.g.) Limit client credit report access to owning managers (e.g.) A particular provider service must respond within 2 seconds in order to meet business need of end to end 3 second response 7 Operational layer Operational Policy are actionable statements that provide specific runtime actions (e.g.) Configure message security to support digital signature and restricted authorization (e.g.) Mediation layer will reroute traffic to secondary endpoint if primary endpoint does not respond in 2 seconds

Policy Tree Example of deriving policy from business requirements through the various policy layers Business Requirement Comply with all laws and regulations Business Policy Keep consumer data private as called for by EU privacy reg. Architectural Policy Encrypt consumer name, address, phone numbers and social security number when such data is stored Encrypt consumer name, address, phone numbers and social security number when such data is transmitted Operational Policy Access control via userid & password sign on to corporate LDAP directory for any attempt to access private consumer data Encrypt consumer name, address, Phone numbers and social security number in ESB gateway before transmitting 8

Same Architectural Pattern applied across key scenarios Architectural Pattern for Service Policy: Key Scenario: SLA Management Author Store Monitor Author Store Monitor Repository WSRR ALE e.g. Consumer Enforce Provider Consumer Enforce Provider Middleware e.g. Key Scenario: Security Key Scenario: Service Support & Delivery Author Store Monitor Author Store Monitor TSPM / WSRR WSRR DP AMCT Consumer Enforce Provider Consumer Deploy Provider 9

Elements of an Policy Lifecycle Management solution 1 2 3 4 Policy Authoring (Author) Policy Selection Creating instances of standard domains (security, transactions) Predefine some domains and provide tooling for those domains Policy Creation Allowing users to create policy Policy Distribution (Transform) Storage and assignment of policies to resources Transform to an actionable form Pushing updates or notifications of change to PEPs / PDPs Policy administration Lifecycle and governance of policies Making service descriptions and/or associated policies available Tivoli NetView Pushing updates or notifications of change to PEPs / PDPs Policy Enforcement (Enforce) Policy Authoring Policy Decision Points (PDPs) and Policy Enforcement Points client (PEPs) DataPower XS40 Enforcement of policies relating to metadata Enforcement of policies relating to SOA endpoint interactions 1 Policy Policy Tivoli NetView icy Registry Repository 2 Record Alerts Distribute Policy Security Enforcement Enforce Middleware 3 Policies Nortel L7 Module DataPower XS40 Tivoli Access Manager Web service DataPower XS40 WebSphere App Server Tivoli Access Manager Monitor 4 Policies MQ S 10 Policy Monitoring (Monitor) DataPower XS40 Recording decisions made by PDPs and PEPs Monitor, measure, and analyze policies Displaying and reporting on information about policy results Web service client Nortel L7 Module MQ Server Web Services Endpoint

Security Infrastructure Security Services Applications & Services Policy Mgmt IBM Reference Architecture for IT Security Integrated Policy Management Services ws-securitypolicy, XACML, etc. Web Services XML Security Gateway ws-security ws-security Enterprise Service Bus Security. Enforcement Presentation/Application Server Enterprise Information System Web Federated SSO (Point of Contact) Security Enforcement ws-trust, XACML ws-trust, XACML AAA Security Services ws-trust, XACML Audit Events Identity and Access Management Enterprise Enterprise Directory Directory Enterprise Auditing & Compliance 11

So how do you start? Get Ecxecutive sponsorship Get Stakeholders Application assement Policies, start with the most strategic and less complicated (don t boil the ocean) Identify opereation requirements But most important, stay faithful to the new strategiy 12

Questions?? z z z z z z z 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information