PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY



Similar documents
GETTING STARTED WITH IDENTITY AND ACCESS MANAGEMENT

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Interoperate in Cloud with Federation

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Enabling SSO for native applications

Single Sign On. SSO & ID Management for Web and Mobile Applications

The Top 5 Federated Single Sign-On Scenarios

TrustedX: eidas Platform

Identity Management with Spring Security. Dave Syer, VMware, SpringOne 2011

Integrating Single Sign-on Across the Cloud By David Strom

HOL9449 Access Management: Secure web, mobile and cloud access

Identity and Access Management for the Hybrid Enterprise

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems

A Standards-based Mobile Application IdM Architecture

OPENIAM ACCESS MANAGER. Web Access Management made Easy

How To Use Salesforce Identity Features

MY1LOGIN SOLUTION BRIEF: PROVISIONING. Automated Provisioning of Users Access to Apps

Identity. Provide. ...to Office 365 & Beyond

The Role of Identity Enabled Web Services in Cloud Computing

SINGLE & SAME SIGN-ON ASPECTS

Domain 12: Guidance for Identity & Access Management V2.1

The Future of Cloud Identity Security. Michael Schwartz Founder / CEO Gluu

SECUREAUTH IDP AND OFFICE 365

Connecting Users with Identity as a Service

Hybrid Cloud Identity and Access Management Challenges

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

The Essential OAuth Primer: Understanding OAuth for Securing Cloud APIs

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

An Introduction to SCIM: System for Cross-Domain Identity Management

NCSU SSO. Case Study

Flexible Identity Federation

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

The Primer: Nuts and Bolts of Federated Identity Management

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

The increasing popularity of mobile devices is rapidly changing how and where we

The Password Problem Will Only Get Worse

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

UNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL SS. Single Sign-On (SSO) Solution

CLAIMS-BASED IDENTITY FOR WINDOWS

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

Sugar Professional. Approvals Competitor tracking Territory management Third-party sales methodologies

Globus Auth. Steve Tuecke. The University of Chicago

Customer Cloud Architecture for Mobile.

Federated Identity for Cloud Computing and Cross-organization Collaboration

SAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT. How to Create a Frictionless, Secure Customer Identity Management Strategy

BYE BYE PASSWORDS. The Future of Online Identity. Hans Zandbelt Sr. Technical Architect. CTO Office - Ping Identity

TrustedX - PKI Authentication. Whitepaper

SAP HANA Cloud Portal Overview and Scenarios

Extend and Enhance AD FS

White. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013

Secure Access Control for Mobile, Cloud, and Web Apps

Delivering value to the business with IAM

Securing WebFOCUS A Primer. Bob Hoffman Information Builders

OpenLogin: PTA, SAML, and OAuth/OpenID

Seeing Shapes in the Cloud How Identity & Security Give the Cloud Shape

Guideline on Implementing Cloud Identity and Access Management

managing SSO with shared credentials

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Sugar Professional. Approvals Competitor tracking Territory management Third-party sales methodologies

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

CA Technologies Strategy and Vision for Cloud Identity and Access Management

Identity Implementation Guide

Identity in the Cloud

Authorization Federation in IaaS Multi Cloud

User Identity and Authentication

People-Focused Access Management. Software Consulting Support Services

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

Deploying ArcGIS for Server using Managed Services

SUPERVALU Successfully Leverages Tablet Technology and Identity and Access Management Infrastructure for Increased Security and Business Productivity

EXECUTIVE VIEW. Centrify Identity Service. KuppingerCole Report. by Martin Kuppinger January 2015

Securing Cloud Applications Using Windows Azure Access Control

Glinda Cummings World Wide Tivoli Security Product Manager

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

UW System Identity & Access Management (IAM) Recommended Strategic Roadmap

Secure Identity in Cloud Computing

Cloud-based Identity and Access Control for Diagnostic Imaging Systems

NCTA Cloud Architecture

Secure Cloud Computing

Editions Comparison Chart

White Paper: Security and Agility in the API Economy. Optimizing and securing your APIs with ViewDS Identity Solutions and Layer 7

Transcription:

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY Shane Weeden IBM Session ID: CLD-W01 Session Classification: Advanced

Agenda Cloud security in context Maturity Model Cloud Security Adoption Patterns Demonstrations as we go Tips for getting started

Cloud security in context Cloud offerings IaaS PaaS SaaS Rackspace Amazon Openstack Azure Heroku CloudFoundry GoogleApps Salesforce Workday API s & Social Security Standards OAuth WS-* SCIM SAML Basic- Auth SSL/TLS Clients OpenID OpenID Connect XACML Browsers Mobile B2B

Cloud Security Maturity Model for IAM Security Intelligence: User activity monitoring, Anomaly detection, Identity Analytics & Reporting Optimized User Certification for SaaS applications access IAM-as-a-Service User Certification for SaaS application access Federation to/from IaaS and PaaS Proficient Application based Just-in time Provisioning. Increased Assurance (OTP) Risk / Context-based Access Application-to-Application token exchange Mobile Application Access to SaaS Bring Your Own Identity with Increased Assurance Enterprise based Just-in-time provisioning Risk / Context-based Access Identity Propagation Mobile Application Access to SaaS Basic Federated SSO Directory Synchronization for Cloud/SaaS providers Web Application Protection Federated SSO User Provisioning for Cloud/SaaS provider. Securing Web Infrastructure Owner Line of Business Enterprise IT Operations

Integrating with SaaS Pattern: Identity and access to the cloud Examples: Salesforce, GoogleApps, Workday, Office365, IBM SmartCloud for Social Business Target: B2E Technologies: Federated provisioning and single sign-on Enterprise Federated Provisioning SaaS Enterprise Provisioning Enterprise Directory jboyle jboyle@federativo.com Enterprise Website jboyle@federativo.com Federated Single Sign-on Other SaaS Vendors Jason Boyle

Integrating with SaaS Questions to ask How will I provision users to the SaaS offering? Automated? What SSO technologies and standards do they support? What are the deployment requirements (POST, artifact, discovery)? Do you already have the IDP capability? Is user identity mapping required as part of SSO? What about de-provisioning? Is access required when employees are not in the office? Is mobile or thick client interaction available and how does authentication work for that?

Implementing BYO-ID Pattern: Bring your own identity Examples: LinkedIn, Facebook, Twitter, Google, Yahoo Target: B2C Technologies: Self-registration, single sign-on, user self-care Making access easy, with a familiar, fast, fun and secure user experience is key to attaining and retaining new customers. Other Online Identities Enterprise Directory jboyle@federativo.com Linked Identities jboyle@google.com jboyle73 Jason Boyle

Implementing BYO-ID Questions to ask Which IDP s should I use, and how much trust should I place on the data they assert? What will I use external identities for (self-reg, SSO, data)? What SSO technologies and standards do they support? Loosely coupled rather than strong B2B, so usually OpenID, OAuth. Google OpenID 2.0, Twitter, LinkedIn - OAuth 1.0, Facebook OAuth 2.0 (early draft) Have I considered the full account and identity lifecycle? There are a lot of edge cases. If I adopt this technology, are there additional use cases that could be leveraged beyond BYO-ID for self-reg and SSO? Example: integration with social media API s that provides a fun user experience, but which may also attract new customers.

Business via API No IT Internal IT Web 1.0 Business via API Pattern: Exposing services via API Examples: Google API s, Twilio, Facebook, CloudFoundry See www.programmableweb.com Target: Mobile, B2B Technologies: OAuth, Basic-Auth, Mutual SSL, WS-* User Native / hybrid mobile Business Applications and Data User Security Services 3 rd Party Web Application API Security Gateway

Implementing Business via API Questions to ask What business services do I want to expose? Do they required different levels of access (scope)? What is the revenue model? What standards / patterns am I going to support? Consider client types browsers (Web 2.0), mobile, B2B Do I want to whitelist clients, or adopt a Field of Dreams model? Do my end-users need to have a say? What interfaces will I expose to users and administrators for managing delegated trust, including revocation? What interfaces will I expose to application developers for self-serivce? NFR s: If this is successful, can I scale it, monitor, etc?

Getting started Pick a business problem, get a sponsor Maybe that s already been done for you! Focus on the customer experience Example mobile security device registration Research, experiment, evaluate Design for the future, e.g. business via API supports many channels. Manage and balance security risk against business value and user experience

Thank you!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information