Identity and Access Management & The Cloud, conflicting or collaborating? NetIQ - All Rights Reserved

Similar documents
Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications

The Who, What, When, Where and Why of IAM Bob Bentley

Strong authentication. NetIQ - All Rights Reserved

Extending Access Control to the Cloud

CAS8489 Delivering Security as a Service (SIEMaaS) November 2014

NetIQ Aegis Adapter for Databases

Executing Large-Scale Data Center Transformation Projects with PlateSpin Migrate 12

NetIQ Free/Busy Consolidator

The Challenges of Administering Active Directory

Security and HIPAA Compliance

NetIQ Update October 31, 2013 Michel van der Laan

The Challenges of Administering Active Directory

Optimizing Business Continuity Management with NetIQ PlateSpin Protect and AppManager. Best Practices and Reference Architecture

NetIQ Aegis Adapter for VMware vcenter Server

Real-Time Security Intelligence for Greater Visibility and Information-Asset Protection

NetIQ Access Manager. Developer Kit 3.2. May 2012

Virtualization Management Survey Analysis White Paper August 2008

Real-Time Security for Active Directory

A Practical Guide to Cost-Effective Disaster Recovery Planning

NetIQ Präsentation. 9. Oktober Otto W. Schäfer. Account Manager

TUT8173 Best Practices for Security Monitoring in Distributed Environments November 2014

Hybrid Cloud Identity and Access Management Challenges

CAS8491 Data Center Transformation as Service

Reduce Your Breach Risk: File Integrity Monitoring for PCI Compliance and Data Security

Identity and Access Management for the Hybrid Enterprise

Google Apps Deployment Guide

Interoperate in Cloud with Federation

HP Software as a Service. Federated SSO Guide

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY

SAML Security Option White Paper

Installation and Configuration Guide. NetIQ Security and Compliance Dashboard

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Agenda. How to configure

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

NetIQ AppManager for Cisco Interactive Voice Response. Management Guide

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Guideline on Implementing Cloud Identity and Access Management

NetIQ AppManager for Cisco Intelligent Contact Management. Management Guide

NetIQ AppManager ResponseTime for Microsoft Active Directory Management Guide

Single Sign On. SSO & ID Management for Web and Mobile Applications

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

Secure Identity in Cloud Computing

The increasing popularity of mobile devices is rapidly changing how and where we

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Cloud Computing Technology

How To Compare Cloud Computing To Cloud Platforms And Cloud Computing

User Guide. NetIQ Domain Migration Administrator TM. May 2012

HP Software as a Service

User Guide. NetIQ Change Guardian for Group Policy. March 2010

NetIQ AppManager for NetBackup UNIX

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

How To Use Salesforce Identity Features

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

SOA and Cloud in practice - An Example Case Study

LICENSTJEK OUTSOURCING

Configuring Salesforce

The Top 5 Federated Single Sign-On Scenarios

Today s Risks Require Tomorrow s Authentication

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

NCSU SSO. Case Study

User Guide. Directory and Resource Administrator Exchange Administrator. Directory and Resource Administrator Exchange Administrator User Guide

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

Consolidation and integration aspects of cloud services

Configuring Parature Self-Service Portal

Extend and Enhance AD FS

Novell Access Manager

Identity Implementation Guide

Implementing Microsoft Azure Infrastructure Solutions

SAML SSO Configuration

QLIKVIEW AND THE CLOUD

User Guide. NetIQ Exchange Migrator. December 2011

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

managing SSO with shared credentials

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Architectural Implications of Cloud Computing

Manage all your Office365 users and licenses

OPENIAM ACCESS MANAGER. Web Access Management made Easy

NetIQ Identity Manager Setup Guide

Cloud Courses Description

User Guide. NetIQ VigilEnt Policy Center. August 2011

The Private Cloud Your Controlled Access Infrastructure

NCTA Cloud Architecture

Cloud Computing. Chapter 5 Identity as a Service (IDaaS)

Flexible Identity Federation

Security in Changing IT Ecosystem: Virtualization and Cloud Computing

Configuring user provisioning for Amazon Web Services (Amazon Specific)

Architecture Guidelines Application Security

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Okta Identity Management for Portals Built on Salesforce.com. An Architecture Review. Okta Inc. 301 Brannan Street San Francisco, CA 94107

Trust but Verify. Vincent Campitelli. VP IT Risk Management

Transcription:

Identity and Access Management & The Cloud, conflicting or collaborating? NetIQ - All Rights Reserved

Agenda The cloud (re)defined Identity & Access Management infrastructures Conflicts Collaboration: products tips & tricks 2

The Cloud

What is the Cloud Wikipedia: Cloud computing refers to the delivery of computing and storage capacity as a service to a heterogeneous community of end-recipients. The name comes from the use of clouds as an abstraction for the complex infrastructure it contains in system diagrams. Cloud computing entrusts services with a user's data, software and computation over a network.

What is the Cloud

What is the Cloud Hybrid Public Google Apps, Salesforce.com O365 HRM-CRM SaaS Windows Azure, Google App Engine IBM IT Factory Heroku PaaS Amazon EC2, Rackspace Cloud IBM Blue Private Intranet software Windows Azure Platform Appliance Storage IaaS Servers DaaS? Networks VMWare, OpenStack, KVM Idaas?

We're talking about Identity & Access Hybrid Public Google Apps, Salesforce.com O365 HRM-CRM SaaS Windows Azure, Google App Engine IBM IT Factory Heroku PaaS Amazon EC2, Rackspace Cloud IBM Blue Private Intranet software Windows Azure Platform Appliance Storage IaaS Servers DaaS? Networks VMWare, OpenStack, KVM Idaas?

Hosted Software & the Cloud Public Google Apps, Salesforce.com O365 HRM-CRM Fake Cloud Providers HRM-CRM Hybrid SaaS Private Intranet software On Premise Let's treat them equally in the eyes of IAM

Software services for Education Google Apps Social media Google Apps, Salesforce.com O365 HRM-CRM Cloud & Hosted! O365 ADP RAET Blackboard Osiris Magister SOMToday It's Learning Banner Procuro N@tSchool Tribe/KRD Live@EDU @VO Infinite Campus SIS PeopleSoft AFAS...

Why should we go to the Cloud Flexibiliteit Cost Control Access Anywhere Scalable On demand deployment Google Apps Social media O365 ADP RAET Blackboard Osiris Magister SOMToday It's Learning Banner Procuro N@tSchool Tribe/KRD Live@EDU @VO PeopleSoft AFAS...

Why should we NOT go to the Cloud Loss of control over business assets (data) Dependency Lack of audibility Lack of transparancy Compliance Fail (new dutch law!) Migration, Backup and updates Security, privacy and compliancy Lack of automated processes I(dentification)A(uthenthication) A(utorisation)A(uditing) Google Apps Social media O365 ADP RAET Blackboard Osiris Magister SOMToday It's Learning Banner Procuro N@tSchool Tribe/KRD Live@EDU @VO PeopleSoft AFAS...

And what if... The cloud is down (Real vs Fake) Updates changes usability Performance is poor The Bad Boys show up Google Apps Social media O365 ADP RAET Blackboard Osiris Magister SOMToday It's Learning Banner Procuro N@tSchool Tribe/KRD Live@EDU @VO PeopleSoft AFAS...

Identity & Access Management Infrastructures

What is in the IAM Infrastructure Authentication Authorisation Identification Governance User provisioning Information Store Single Sign On Self service Compliancy Risk Management Role based management Claim Context Based Corporate Identity Federated Identity Law's and regulation Password Synchronisation Information Consistency Attestation WorkFlow (Businessflow) Access management & control Auditing Cloud

And what if... System users Employees Students Federation Systems Security Vault Access Management Authentication Services Presentation Identity Vault User interfaces Identity Management Queries Provisioning Monitoring, logging, auditing Authentication, federation, SSO Services App layer Data layer Self Service Other

Conflicting areas

Warning NetIQ - All Rights Reserved

What we get Corporate credentials in the cloud SaaS No single sign-on or strong authentication Compliance reporting Manual process Security Cost No reporting Business user experience IT Department Business flexibility

What we want SaaS Single sign-on and strong authentication Compliance reporting Automated process Security Full reporting Cost Business user experience Corporate credentials secured IT Department Business flexibility

Requirements for Cloud Services Automated (de)provisioning (Identity Management) Identification Authentication & Authorization (Access Management) (web) Single Sign On User Self Service Auditing Monitoring

NetIQ Products involved l Identity Manager Drivers BlackBoard (On Premise) Google Apps O365 SOAP JDBC (Over the internet?) CSV Scripting Access Manager or Cloud Access Federation Strong Authentication Sentinel edirectory l l l l l l l l l l l l

Product Tips, Tricks & Pitfalls

edirectory

edirectory Scalable Edirectory (Security Vault Setup) EduRoam/VPN/Wifi l

IDM Drivers

Google Apps Driver Like AD Driver: very elaborated Easy to deploy Tip: keep all business logic local to IV; Synchronise results Alternative Scripting against interface Pitfalls Speed of development at Google Connection changes Many policies in the driver, difficult to change

O365 Driver Like AD Driver: very elaborated Easy to deploy Tip : keep all business logic local to IV. Synchronise results Specials with PSExecute Pitfalls Difference in On-Prem Hybrid & Cloud PSExecute limitations Hard to customize Comparison with DirSync ;-)

Blackboard Driver Like AD Driver: very elaborated because of Ease of Use Blackboard interface Uses special schema Tip: keep all business logic local to IV. Synchronize results Tip: Do Users, Courses & Enrollments

SOAP REST Driver Fall back for non dedicated drivers. Like LDAP/JDBC/CSV/Scripting etc Most commonly used for Cloud services (de)provisioning

Proper way to develop SOAP Driver Is a standard? No, it is a protocol specification. Examine WSDL Analyse data with SoapUI Build the Soap Output Transforms (xslt) Build the Soap Input Transforms (xslt) Build the rest of the logic No issue, no pitfalls...?!?

Soap output can be surprising...

Soap output can be surprising...

Soap output can be surprising...

Soap input can be surprising...

Soap input can be surprising... EventID

Soap input can be surprising...

Soap input can be surprising...

Soap input can be surprising...

Soap input can be surprising...

Flexibility

Flexibility

Authentication & Authorization

Products involved CloudAccess NetIQ Access Manager

CloudAccess Appliance with IDM/NAM IDP/Sentinel Had own delevopment track Great features: Mobile Apps External DB @ login Fallback for any SAML based application

CloudAccess Suited for CSP's or sites without NAM Focussed on Authentication en Autorisation

Access Manager

Access Manager Besides User/Browser 1 Google Apps (Service Provider) 1. 2. 3. 4. 5. 3 Access Manager (Identity Provider) User accesses Google Apps Google generates SAML request and redirects user to IdP. User logs into IdP and gets SAML response (assertion) User is redirected back to Google and sends SAML response Google verifies response and allows user into application

Access Manager

Access Manager

Access Manager Insanity: doing the same thing over and over again and expecting different results. Consensus of SAML configuration!!!

Access Manager l Federation configuration

Access Manager Like SOAP, protocol with many many implementations Compliancy to SAML Standards AuthContextClassRef, Weird implementations

NetIQ - All Rights Reserved

NetIQ - All Rights Reserved

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. Copyright 2015 NetIQ Corporation. All rights reserved. ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information