1 The intersection of IAM and the cloud

Similar documents
1 Introduction to Identity Management. 2 Identity and Access Needs are Ever-Changing

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

On Premise Vs Cloud: Selection Approach & Implementation Strategies

Cloud Computing Technology

Cloud Computing; What is it, How long has it been here, and Where is it going?

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

How cloud computing can transform your business landscape

Cloud Computing. Cloud computing:

The Who, What, When, Where and Why of IAM Bob Bentley

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management

Integrating Active Directory Federation Services (ADFS) with Office 365 through IaaS

Hybrid Cloud Identity and Access Management Challenges

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

Integrating Hitachi ID Suite with WebSSO Systems

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

A Hotel in the Cloud. Bruno Albietz

How cloud computing can transform your business landscape.

How To Run A Cloud Computer System

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

Where in the Cloud are You? Session Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)

Cloud Computing: Making the right choices

White. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013

Approaches to Enterprise Identity Management: Best of Breed vs. Suites

Security Issues in Cloud Computing

Security Considerations for Public Mobile Cloud Computing

Big Data & Its Bigger Possibilities In The Cloud

CHAPTER 8 CLOUD COMPUTING

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Architectural Implications of Cloud Computing

Centrify Cloud Connector Deployment Guide

It s All About Cloud Key Concepts, Players, Platforms And Technologies

Electronic Records Storage Options and Overview

Data Centers and Cloud Computing. Data Centers

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Cloud Computing. What is Cloud Computing?

Identity & Access Management in the Cloud: Fewer passwords, more productivity

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

TECHNOLOGY GUIDE THREE. Emerging Types of Enterprise Computing

How Cloud Computing is Changing the Face of IT. Ketul Parekh HCSS

Cloud Computing. Chapter 1 Introducing Cloud Computing

How To Manage A Plethora Of Identities In A Cloud System (Saas)

CLOUD COMPUTING SECURITY ISSUES

Cloud Computing. Chapter 1 Introducing Cloud Computing

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

What s New in Centrify Privilege Service Centrify Identity Platform 15.4

Turnkey Technologies- A Closer Look

Lecture 02a Cloud Computing I

Guideline on Implementing Cloud Identity and Access Management

Locking down a Hitachi ID Suite server

Abstract 1. INTRODUCTION

IDENTITY & ACCESS MANAGEMENT IN THE CLOUD

Cloud Computing. Bringing the Cloud into Focus

Cloud Services Overview

Extend and Enhance AD FS

Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled

QLIKVIEW AND THE CLOUD

Microsoft Azure Multi-Factor authentication. (Concept Overview Part 1)

White Paper on CLOUD COMPUTING

Configuration Guide. BES12 Cloud

Customer Cloud Architecture for Mobile.

Historians and Production Management as Cloud Applications

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Cloud Computing Terms:

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

CLOUD COMPUTING. A Primer

SINGLE & SAME SIGN-ON ASPECTS

Cloud computing: benefits, risks and recommendations for information security

Cloud Computing in Banking

TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER IT S ALL ABOUT CLOUD CONCEPTS, STRATEGIES, ARCHITECTURES, PLAYERS, AND TECHNOLOGIES

CUMULUX WHICH CLOUD PLATFORM IS RIGHT FOR YOU? COMPARING CLOUD PLATFORMS. Review Business and Technology Series

Cloud Computing Paradigm Shift. Jan Šedivý

MICROSOFT EXAM QUESTIONS & ANSWERS

Third Party Cloud Services Its Adoption in the New Age

Who moved my cloud? Part I: Introduction to Private, Public and Hybrid clouds and smooth migration

Cloud Computing: A Brief Summary. Lucid Communications Limited Prepared by Neil Turner September 2009

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

CLOUD COMPUTING. When It's smarter to rent than to buy

Oracle Applications and Cloud Computing - Future Direction

Radware Cloud Solutions for Enterprises. How to Capitalize on Cloud-based Services in an Enterprise Environment - White Paper

Program. Maria Fiore Business Development Manager Hartco. Hugo Boutet igovirtual. Introduction to MicroAge. SME and «cloud computing» 2006 MicroAge

Data Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center

Building Out Your Cloud-Ready Solutions. Clark D. Richey, Jr., Principal Technologist, DoD

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

Cloud Computing in the Czech Republic

The Cloud. JL Cabrera LTEC 4550

Transcription:

1 The intersection of IAM and the cloud Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Theory, practice, pros and cons with a focus on enterprise deployments of IAM and cloud computing. Idan Shoham, CTO 2011-04-19 2 Agenda Overview of cloud computing. Different types of IAM. Intersection of IAM and cloud computing. Discussion. 2011 Hitachi ID Systems, Inc. All rights reserved. 1

3 Hitachi ID Corporate Overview Hitachi ID is a leading provider of identity and access management solutions. Founded as M-Tech in 1992, a division of Hitachi, Ltd. as of 2008. Hitachi, Ltd.: Founded in 1910. $105 billion revenue in FY2010. 360,000 employees. Hitachi ID has 840+ customers with a combined 10.4M+ licensed users. Offices in North America and partners overseas. Approximately 140 employees. Award: SC Magazine Best Buy for the ID Management Suite. 4 Cloud 4.1 Cloud computing The word cloud... Is a metaphor for the Internet, originating in old network diagrams. The key concept... Is ambiguity we do not specify where a service is running. A cloud service provider... Hosts systems or applications for multiple customers: Must be able to ramp up and down quickly. OpEx replaces CapEx. Delivered over the Internet. A business model... Cloud computing is not about new technology it s about who runs the apps and where. 2011 Hitachi ID Systems, Inc. All rights reserved. 2

4.2 Many meanings of cloud Cloud computing is a marketing buzzword. There is a whole taxonomy of what this might mean. SaaS PaaS IaaS Host a single application. Salesforce.com, Google apps. Software development and runtime environment. Force.com, Microsoft Azure. On-demand virtual network landscape. Amazon EC2, Hosting.com. Location is also a variable: Public. Private (is this still in the cloud?). Hybrid. 4.3 Why cloud computing? Theory SaaS PaaS IaaS General Expert at hosting the app. Zero setup time/effort. Always up-to-date. Scalable. Adaptive capacity. Lower cost. Pay for what you use. Reality Frequent upgrades. Limited features. Platform lock-in. Attractive for low-demand apps. Always-on servers expensive. Dynamic capacity. Replace CapEx with OpEx. 2011 Hitachi ID Systems, Inc. All rights reserved. 3

4.4 Objections and FUD Common concerns Is it secure? High availablity? Performance? Can you imagine a cloud provider staying in business after a security breach or if performance or availability are poor? More serious problems Does the contract support transfer of liability? Vendor viability? Integration with on-premise systems? Data portable to other providers? To what jurisdictions will data be moved? Cloud computing is a business model, not a technology. Real-world problems are mostly business problems. 5 IAM 5.1 Definitions An integration layer linking user lifecycle events to changes in profiles and access rights. Manage: Authenticate with: Authorize: User profiles. Identity attributes. Login accounts. Authentication factors. Group/role memberships. Account and entitlement administration. Passwords. Security questions. OTP tokens. Smart cards / PKI certificates. Biometrics. More (CAPTCHA, mobile phone, etc.) Authentication factor management. Logins. Actions. Single sign-on and access control. 2011 Hitachi ID Systems, Inc. All rights reserved. 4

5.2 The User Lifecycle At a high level, the user lifecycle is essentially the same in all organizations and across all platforms. 5.3 User Lifecycle: Business Challenges More IT more users to manage. There are challenges throughout the user lifecycle. Support cost. User service. Security. Slow: too much paper, too many people. Expensive: too many administrators doing redundant work. Reliable: notification of terminations. Fast: response by sysadmins. Complete: deactivation of all IDs. Role changes: add/remove rights. Policies: enforced? Audit: are privileges appropriate? Org. relationships: track and maintain. Passwords: too many, too weak, often forgotten. Access: Why can t I access that application / folder / etc. 6 Intersection 2011 Hitachi ID Systems, Inc. All rights reserved. 5

Alberta OPERATOR S LICENCE No: 137669-669 Class: 5 Cond/End: A Expires: 18 JAN 2008 0234-69472 Slide Presentation 6.1 IAM in the Cloud There is a lot of marketing buzz around "IAM in the cloud" but what does that actually mean? An on-premise IAM system managing user access to SaaS applications? A SaaS IAM system managing user access to on-premise applications? A SaaS IAM system managing user access to SaaS applications? A SaaS IAM system augmenting an on-premise system? Federated access management for corporate users to access SaaS? An access management for SaaS vendors? 6.2 Moving parts Participants The user signs into... an application after authenticating to... an authentication system which is managed by... an identity and access management system. Each participant could be at any of the locations. Locations The corporate network. The Internet. The cloud service provider. These locations are separated by routers and firewalls. 6.3 Baseline Private Corporate Network Cloud-based Software Provider s Public Network Identity Management System Application Public Internet User Authentication System 6.4 and Well understand architecture. Direct integration (no firewalls to hop over). Typical deployment only gets upgraded every 3 4 years. Costly physical infrastructure. Talent to manage this effectively is scarce. 2011 Hitachi ID Systems, Inc. All rights reserved. 6

Alberta OPERATOR S LICENCE No: 137669-669 Class: 5 Cond/End: A Expires: 18 JAN 2008 0234-69472 Alberta OPERATOR S LICENCE No: 137669-669 Class: 5 Cond/End: A Expires: 18 JAN 2008 0234-69472 Slide Presentation 6.5 IAM hosted in the cloud Private Corporate Network Cloud-based Software Provider s Public Network Application Public Internet Identity Management System User Authentication System 6.6 and No server hardware, DBMS to purchase/deploy. Always running current software. Fewer skilled workers needed in-house? Integration with on-premise applications is hard. Where do you find a vendor that: Operates a reliable 24x7 NOC; and Has a consulting team to implement an IAM? Vendor lock-in? 6.7 Managing access to SaaS/cloud Private Corporate Network Cloud-based Software Provider s Public Network Identity Management System Public Internet Application User Authentication System 2011 Hitachi ID Systems, Inc. All rights reserved. 7

Alberta OPERATOR S LICENCE No: 137669-669 Class: 5 Cond/End: A Expires: 18 JAN 2008 0234-69472 Slide Presentation 6.8 and If this means federated login to a SaaS app: Convenient for users. May reduce admin burden (if no persistent IDs on the SaaS app). Do mobile users have to setup a corporate VPN before they can sign into the SaaS app? What about non-vpn-capable devices? If this means identity administration on a SaaS app: Just another IAM integration. Always good to add "target systems." One more connector. 6.9 Outsource the directory Private Corporate Network Cloud-based Software Provider s Public Network Identity Management System Application Public Internet User Authentication System 2011 Hitachi ID Systems, Inc. All rights reserved. 8

Alberta OPERATOR S LICENCE No: 137669-669 Class: 5 Cond/End: A Expires: 18 JAN 2008 0234-69472 Slide Presentation 6.10 and Users might be happy to sign into corporate apps with their Facebook credentials. Reduce onboarding effort for new hires. Eliminate some costly infrastructure (e.g., AD DCs). Do you trust SaaS authentication inside the corporate perimeter? Can legacy apps integrate with this? Will auditors accept this? 6.11 Remote access for mobile users Private Corporate Network Cloud-based Software Provider s Public Network Identity Management System Application Public Internet Authentication System User 6.12 and Mobile workforce. Lower facility cost. Staff retention. Productivity. Need a VPN. Is the VPN redundant when apps move to SaaS? 6.13 There are 24 base cases Even with just one of each participant, there are 24 arrangements. Each has its own architectural pros and cons. These are in addition to the general pros and cons of moving any part of the infrastructure into the cloud. 2011 Hitachi ID Systems, Inc. All rights reserved. 9

6.14 Architectural considerations Firewalls Trust/compliance Mobility Connectivity Tend to be porous in one direction. Outbound connection easier than inbound. Lead to proxies. Can you trust the CSP? To safeguard data? To stay in business? Users are mobile. Moving apps to the cloud helps. Intense client/server traffic? Low bandwidth to Internet? High latency? Link reliability? OpEx vs. CapEx Dynamic capacity Maturity Retooling Budget impact? Tax treatment? Buying is cheaper for heavy use. Renting is cheaper for sporadic use. Process maturity? Staff skills? SaaS works best with federated access. Apps may not be ready. 6.15 Opinions Baseline Safe. Expensive. Slow. Mature? IAM hosted in the cloud Managing access to SaaS/cloud Outsource the directory Remote access for mobile users Limited examples today. Hosting vendors not good at consulting / implementation. ultants not good at hosting / operations. No different than managing access to internal apps. New, higher risk profile. Sign into work system with facebook account? Everyone already does it. Vendors can outsource VPN, virtual desktop. 2011 Hitachi ID Systems, Inc. All rights reserved. 10

7 Content On-Line Free White Paper: Intersection of identity management and cloud computing: http://tinyurl.com/4cm7baa This presentation: http://tinyurl.com/3rqmkfy QUESTIONS? 500, 1401-1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@hitachi-id.com www.hitachi-id.com File: PRCS:pres Date: April 18, 2011

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information