SlideShare uma empresa Scribd logo

Identity Management for the Cloud

Transferir como PPTX, PDF
Horst Walther
Horst Walther

New answers to old questions 10. Anwenderkonferenz Softwarequalität, Test und Innovationen 6. und 7. September 2012 Alpen-Adria-Universität Klagenfurt

SoftwareTecnologiaNegócios
1 de 24
SiGSiG Identity Management for the Cloud New answers to old questions 10. Anwenderkonferenz Softwarequalität, Test und Innovationen 6. und 7. September 2012 Alpen-Adria-Universität Klagenfurt Dr. Horst Walther, Business Advisor Operational Risk Management Member of the VCB & Company LLP, London,
SiG agenda 1. Where is the problem? Why do we need to talk about IdM in the cloud? 2. The slow move towards the cloud The cloud did not come as a surprise 3. Finally the fortress security model fails But corporations had a hard time to accept the facts 4. Models, services & actors become standardised The NIST Conceptual Reference Model 5. Cloud Computing’s deadly sins by Mike Small 6. Often IAM is meant when IM is said IAM = Identity Management (IM) + Access Management (AM) 7. IAM before & in the Cloud What changes for the consumer, when moving into the cloud? 8. OASIS view relevant standards & identified gaps 9. SCIM Simple Cloud Identity Management by IETF 10. IdMaaS - Identity Management as a Service Identity Management Moves into the Cloud 11. Management vs. governance A clear cut between hand-on management & governance is essential 12. Conclusion What changes, when moving into the cloud? www.vcbcompany.com2014-05-21 2
SiG Where is the problem? Why do we need to talk about IdM in the cloud? Since 10 years+ we are discussing Identity Management in the cloud. Obviously there seems to be a major issue. But what makes the difference? What are old – what are the new challenges? How do the solutions look like? What is going on? What comes next? www.vcbcompany.com2014-05-21 4
SiG The slow move towards the cloud The cloud did not come as a surprise  The closed corporate perimeter is blurring  There is a long-term move of sourcing internal services out Internal Systems & Data less knownPartner Weakly coupled, dynamic, external Customer Strongly coupled, static, internal Employee unknown Extranets The cloud www.vcbcompany.com2014-05-21 5
SiG Finally the fortress security model fails But corporations had a hard time to accept the facts  The company perimeter is no longer the line of defence  A virtual enterprise network requires asset centric security. Internal Systems & Data The virtual enterprise network goes beyond phsical borders The cloud less knownPartner Weakly coupled, dynamic, external Customer Strongly coupled, static, internal Employee unknown www.vcbcompany.com2014-05-21 6
SiG Challenges – The CIO’s lament Complexity, cloud & mobile drove the change in the last 5 years.  Increased complexity.  There are more things to connect,  More people to connect  With more data than ever before.  It's an end-to-end situation.  The role of IT has changed  From being the custodians of IT to being brokers of IT.  The all-things cloud lures us.  The infrastructure is moving out of the (direct) control.  The devices too are moving out of control the IT.  BYOD & mobile devices are incompatible with the perimeter security model  We go from managing by our hands on to governing via policies & audits.  But generally IT people are not good at governing  And the outlook is: More of the same. www.vcbcompany.com2014-05-21 7
SiG Models, services & actors become standardised The NIST Conceptual Reference Model NIST: http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505 www.vcbcompany.com2014-05-21 8
SiG The NIST Conceptual Reference Model Cloud Computing obviously raises the overall complexity  5 major participating actors:  Cloud Consumer,  Cloud Provider,  Cloud Broker,  Cloud Auditor,  Cloud Carrier.  3 service:  Cloud software as a service (SaaS),  Cloud platform as a service (PaaS),  Cloud infrastructure as a service (IaaS).  4 deployment models:  private cloud,  community cloud,  public cloud, and hybrid cloud.  5 service characteristics :  on-demand self-service,  broad network access,  resource pooling,  rapid elasticity,  measured service. www.vcbcompany.com2014-05-21 9
SiG Cloud Computing’s deadly sins by Mike Small  Adopting cloud computing can save money.  But many organizations are sleepwalking into the cloud.  Outsourcing the provision of the IT service does not outsource the customer’s responsibilities.  The deadly vice of cloud computing of is sloth by inattention to: 1. Not knowing you are using the Cloud 2. Not assuring legal and regulatory compliance 3. Not knowing what data is in the cloud 4. Not managing identity and access to the cloud 5. Not managing business continuity and the cloud 6. Becoming Locked-in to one provider 7. Not managing your Cloud provider  Of these deadly sins of cloud computing #4 directly applies  Indirectly affected are #2 & # 5 * In medieval times the Christian church created the concept of the seven deadly sins: 1. wrath, 2. greed, 3. sloth, 4. pride, 5. lust, 6. envy and 7. gluttony www.vcbcompany.com2014-05-21 10
SiG Often IAM is meant when IM is said IAM = Identity Management (IM) + Access Management (AM) Identity & Access Management Identity Management Define the digital identity and its life cycle Access Management Model & manage the identity's access to corporate resources. www.vcbcompany.com2014-05-21 11
SiG Grouping processes of the Identity- & Access Management The IAM processes may be viewed from different perspectives*  into Identity management & Access Management  Identity management has a justification sui generis.  It is not an appendix of security management  Access management can be built on top of Identity management  into operational and managerial  operational: identify, authenticate and authorise  managerial: administer digital Identities  governance: supervise & direct  into essential and physical  essential: administer and use the essential business functionality  physical: integrate, transport, transform and “provision” to deal with the “cruel dirty world” outside. * www.GenericIAM.org www.vcbcompany.com2014-05-21 12
SiG IAM before & in the Cloud What changes for the consumer, when moving into the cloud? Enterprise IAM  Mostly partial coverage  Manual & automated processes  Proprietary application interfaces  IAM roles may overlap  Individual, ad-hoc decisions  SSO is a goody  Hands-on management & governance not clearly separated  Low process maturity suffices  Running an IAM is recommended Cloud IAM  Total coverage necessary  Full automation required  Standardised interfacing  Clearly defined IAM roles  Policy driven decisions  SSO is essential  Mandatory separation of hands-on management & governance  High process maturity necessary  Running an IAM is mandatory Well – not much. But it has to be done now. www.vcbcompany.com2014-05-21 13
SiG OASIS view relevant standards & identified gaps Identified relevant standards  SAML  OpenID  OAuth  SPML  SCIM  WS-Federation  IMI  (XACML) ? Identified big / obvious gaps  Configuration and association with an IdP is not standardized  No standards or rules for mapping or transforming attributes between different (cloud) domains.  No profiles or standard roles and related attributes  No standards for attributes  No audit standards for IDM systems www.vcbcompany.com2014-05-21 14
SiG Where can the impact of the cloud be felt? The OASIS ‘identity in the cloud’ use cases  Infrastructure Identity Establishment  Identity Management (IM)  General Identity Management  Infrastructure Identity Management (IIM)  Federated Identity Management (FIM)  Authentication  General Authentication  Single Sign-On (SSO)  Multi-factor  Authorization  Account and Attribute Management  Account and Attribute Provisioning  Security Tokens  Governance  Audit and Compliance www.vcbcompany.com2014-05-21 15 OASIS formalized 29 cloud use cases out of (35 received)
SiG Impact on the Identity Management OASIS: More emphasis on provisioning and configuration  Speed - Rapid provisioning:  Automatically deploying cloud systems based on the requested service/resources/capabilities.  Robustness - Resource changing:  Adjusting configuration/resource assignment for repairs, upgrades and joining new nodes into the cloud.  Compliance - Monitoring and Reporting:  Discovering and monitoring virtual resources, monitoring cloud operations and events and generating performance reports.  Transparency - Metering:  Providing a metering capability at some level of abstraction appropriate to the type of service.  e.g., storage, processing, bandwidth, and active user accounts.  SLA management:  Encompassing the SLA contract definition  SLA monitoring and SLA enforcement according to defined policies. www.vcbcompany.com2014-05-21 16
SiG SCIM Simple Cloud Identity Management by IETF  For provisioning user identity to cloud-based service providers.  The SCIM protocol …  exposes a common user schema and extension model  is expressed in JSON (JavaScript Object Notation) or XML over HTTP  uses a RESTful (Representational State Transfer)-API.  maps to SCIM LDAP inetOrgPerson  binds to SAML  Is supported by several security software & cloud vendors  Cisco, Courion, Ping Identity, UnboundID and SailPoint; Salesforce, Google and VMware.  Version 1.0 of the specification was approved in Dec. 2011.  Proposed milestones …  mid. 2012: the SCIM core schema  mid. 2012: RESTful interface definition,  mid. 2012: use cases as a living document by the end of summer  mid. 2013: formalized SAML bindings  mid. 2013: LDAP mappings. www.vcbcompany.com2014-05-21 17
SiG SCIM - Modes & Flows CSP  CSP Cloud Service Provider to Cloud Service Provider Flows  Create Identity (Push)  Update Identity (Push)  Delete Identity (Push)  Sync Identity (Push & Pull)  SSO Trigger (Push)  SSO Trigger (Pull)  Password Reset (Push) ECS  CSP Enterprise Cloud Subscriber to Cloud Service Provider Flows  Create Identity (Push)  Update Identity (Push)  Delete Identity (Push)  SSO Pull www.vcbcompany.com2014-05-21 18
SiG IdMaaS - Identity Management as a Service Identity Management Moves into the Cloud  IDMaaS = IdM + SaaS  10 key criteria to be considered: 1. Be sure about the service level agreements (SLAs). 2. Explore the compliance / liability ramifications 3. Define how control will be shared? 4. Plan and define the interface with the service provider. 5. Consider the applications to integrate into the solution. 6. Align your security model with the service provider. 7. Understand the business disruption caused by the move. 8. Explore the effort of changing back / to another provider 9. Make sure your provider is the right one for IDMaaS as well. 10. Consider the whole life cycle costs under different scenarios.  If you confidently cover all 10 points you may move to IdMaaS www.vcbcompany.com2014-05-21 19
SiG Management vs. governance A clear cut between hand-on management & governance is essential  Depending on the service model the level from where on governance replaces management is different. governance management Iaas governance management Paas governance management Saas www.vcbcompany.com2014-05-21 20
SiG Big Picture: the Context is the Industrialisation of Service Compliance  Compliance enforces the use of infrastructure standards.  ITIL is just the beginning – CoBIT, ValIT and others will follow.  The cloud offers a framework for the implementation.  ITIL, SOA, compliance frameworks are details of a bigger picture. enterprises Globalisation  Market forces enforce the concentration on core competencies.  Non-competitive activities will be standardised.  They will be sourced globally at low prices,  outsourced / cloud- sourced / off-shored … or performed according to best practice reference models. Standardisation Automation Modularisation continuous improvement core competences 2 global forces change the environment. www.vcbcompany.com2014-05-21 21
SiGwww.vcbcompany.com2014-05-21 22 Conclusion What changes, when moving into the cloud? Well, not much!  Moving to the cloud doesn‘t offer fundamentally new challenges.  Full coverage, automation, single-sign-on, user-self-service, … should have been IAM feature before as well.  Out-sourced & off-site running applications were in use since years.  Cost pressure & increased complexity are the real differentiators  They enforce one more step towards the industrialisation of services. It‘s about … Quantity  Quality
SiG questions - acknowledgements – suggestions? www.vcbcompany.com2014-05-21 23
SiG Attention Backup slides www.vcbcompany.com2014-05-21 24
SiGwww.vcbcompany.com2014-05-21 25 Standards  SAML  Most mature, detailed, and widely adopted specifications family for browser-based federated sign-on for cloud users  Enables delegation (SSO)  Multifactor authentication  Support strong authentication and web SSO, avoid duplication of identity, and share only selected attributes to protect user privacy  Platform neutrality. SAML abstracts the security framework away from platform architectures and particular vendor implementations.  Business-to-business and employee-facing use cases  Shibboleth  Led by Internet2 to provide peer-to-peer collaboration using a federated identity infrastructure based on SAML.  Huge adoption rate in university and research communities  Liberty Alliance  An organization of vendors and enterprises that is largely perceived as having formed in response to Microsoft’s Passport efforts.  Identity federation framework (ID-FF) and identity Web services framework (ID-WSF). Their ID-FF work, which has now been incorporated into SAML 2.0.  Provides testing services for SAML 2.0 as well as their own protocols.  SPML  Emerging  Xml-based framework being developed by oasis for exchanging user, resource, and service provisioning information among cooperating organizations.  XACML  XACML is an oasis-ratified, general-purpose, xml-based access control language for policy management and access decisions.  Xml schema for a general policy language, processing environment model to manage the policies and to conclude the access decisions.  A standard way to express authorization policies across a diverse set of cloud services and externalize authorization and enforcement from the application  OAUTH  OAUTH is an emerging authentication standard that allows consumers to share their private resources (e.g., photos, videos, contact lists, bank accounts) stored on one csp with another csp without having to disclose the authentication information  Supported via an API by service providers including GOOGLE, TWITTER, FACEBOOK, and PLAXO  OPENID  OPENID an open, decentralized standard for user authentication and access control, users can log on to many services with the same digital.  However trust issues remain  WS-*  Driven by a collaborative effort between Microsoft, IBM, VeriSign, RSA Security, Ping Identity and others.  Composable suite of specifications for enabling secure Web services.  WS-Trust, WS-Federation, and WS-Policy are evolving mechanisms for layering authentication, authorization & policy across multiple security domains.

Recomendados

Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ramy Houssaini
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
o-palerra-ROI-QuantifyCASB-WP
o-palerra-ROI-QuantifyCASB-WPo-palerra-ROI-QuantifyCASB-WP
o-palerra-ROI-QuantifyCASB-WPEric Opp
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 
GoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapGoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapAldo Pietropaolo
 
Isaca 2011 trends in virtual security v1.0
Isaca 2011 trends in virtual security v1.0Isaca 2011 trends in virtual security v1.0
Isaca 2011 trends in virtual security v1.0kimwisniewski
 
Cloud ID
Cloud IDCloud ID
Cloud IDOpenSourceCamp
 

Recomendados

Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ramy Houssaini
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
o-palerra-ROI-QuantifyCASB-WP
o-palerra-ROI-QuantifyCASB-WPo-palerra-ROI-QuantifyCASB-WP
o-palerra-ROI-QuantifyCASB-WPEric Opp
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 
GoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapGoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapAldo Pietropaolo
 
Isaca 2011 trends in virtual security v1.0
Isaca 2011 trends in virtual security v1.0Isaca 2011 trends in virtual security v1.0
Isaca 2011 trends in virtual security v1.0kimwisniewski
 
Cloud ID
Cloud IDCloud ID
Cloud IDOpenSourceCamp
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewPeter HJ van Eijk
 
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...DivvyCloud
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend MicroRoadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend MicroPrime Infoserv
 
A Tale of Two Enterprise Public Cloud Applications
A Tale of Two Enterprise Public Cloud ApplicationsA Tale of Two Enterprise Public Cloud Applications
A Tale of Two Enterprise Public Cloud ApplicationsBrian McCallion
 
The Cloud Challenge
The Cloud ChallengeThe Cloud Challenge
The Cloud ChallengeVMware Tanzu
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architectureVladimir Jirasek
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityDhaval Dave
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the CloudEpoch Universal, Inc.
 
Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019Joseph Holbrook, Chief Learning Officer (CLO)
 
Cloud security with Sage Construction Anywhere
Cloud security with Sage Construction AnywhereCloud security with Sage Construction Anywhere
Cloud security with Sage Construction AnywhereSage Construction and Real Estate
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Brian K. Dickard
 
Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011Atlantic Security Conference
 
Presentation cisco cloud security
Presentation cisco cloud securityPresentation cisco cloud security
Presentation cisco cloud securityxKinAnx
 
internal-cloud-audit-risk-guide
internal-cloud-audit-risk-guideinternal-cloud-audit-risk-guide
internal-cloud-audit-risk-guideSatchit Dokras
 
How SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksHow SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksArticulate Marketing
 
Iam cloud security_vision_wp_236732
Iam cloud security_vision_wp_236732Iam cloud security_vision_wp_236732
Iam cloud security_vision_wp_236732Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingAshish Patel
 

Mais conteúdo relacionado

Mais procurados

CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewPeter HJ van Eijk
 
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...DivvyCloud
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend MicroRoadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend MicroPrime Infoserv
 
A Tale of Two Enterprise Public Cloud Applications
A Tale of Two Enterprise Public Cloud ApplicationsA Tale of Two Enterprise Public Cloud Applications
A Tale of Two Enterprise Public Cloud ApplicationsBrian McCallion
 
The Cloud Challenge
The Cloud ChallengeThe Cloud Challenge
The Cloud ChallengeVMware Tanzu
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architectureVladimir Jirasek
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityDhaval Dave
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Brian K. Dickard
 
Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011Atlantic Security Conference
 
Presentation cisco cloud security
Presentation cisco cloud securityPresentation cisco cloud security
Presentation cisco cloud securityxKinAnx
 
internal-cloud-audit-risk-guide
internal-cloud-audit-risk-guideinternal-cloud-audit-risk-guide
internal-cloud-audit-risk-guideSatchit Dokras
 
How SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksHow SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksArticulate Marketing
 

Mais procurados (20)

CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
 
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend MicroRoadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
 
A Tale of Two Enterprise Public Cloud Applications
A Tale of Two Enterprise Public Cloud ApplicationsA Tale of Two Enterprise Public Cloud Applications
A Tale of Two Enterprise Public Cloud Applications
 
The Cloud Challenge
The Cloud ChallengeThe Cloud Challenge
The Cloud Challenge
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architecture
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton Ravindran
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the Cloud
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the Cloud
 
Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019
 
Cloud security with Sage Construction Anywhere
Cloud security with Sage Construction AnywhereCloud security with Sage Construction Anywhere
Cloud security with Sage Construction Anywhere
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
 
Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011
 
Presentation cisco cloud security
Presentation cisco cloud securityPresentation cisco cloud security
Presentation cisco cloud security
 
internal-cloud-audit-risk-guide
internal-cloud-audit-risk-guideinternal-cloud-audit-risk-guide
internal-cloud-audit-risk-guide
 
How SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksHow SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze Networks
 

Semelhante a Identity Management for the Cloud

Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingAshish Patel
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAmazon Web Services
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 
Security and Privacy Challenges in Cloud Computing Environments
Security and Privacy Challenges in Cloud Computing EnvironmentsSecurity and Privacy Challenges in Cloud Computing Environments
Security and Privacy Challenges in Cloud Computing EnvironmentsEyob Sisay
 
Pinning Down Cloud Computing
Pinning Down Cloud ComputingPinning Down Cloud Computing
Pinning Down Cloud ComputingYankee Group
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?Jody Keyser
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huangKen Huang
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Cloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsCloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsIJERA Editor
 
Cloud Scars: Lessons from the Enterprise Pioneers
Cloud Scars: Lessons from the Enterprise PioneersCloud Scars: Lessons from the Enterprise Pioneers
Cloud Scars: Lessons from the Enterprise PioneersDave Roberts
 
Cloud scars: Lessons from the Enterprise Pioneers
Cloud scars: Lessons from the Enterprise PioneersCloud scars: Lessons from the Enterprise Pioneers
Cloud scars: Lessons from the Enterprise PioneersServiceMesh
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinarAlgoSec
 
#bluemixdrone is at Southbank for the IBM Service Advisory Exchange
#bluemixdrone is at Southbank for the IBM Service Advisory Exchange#bluemixdrone is at Southbank for the IBM Service Advisory Exchange
#bluemixdrone is at Southbank for the IBM Service Advisory ExchangeBrandon Jones
 
Authentication in cloud computing
Authentication in cloud computingAuthentication in cloud computing
Authentication in cloud computingvidhya dharmarajan
 
Secure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsSecure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsShaun Thomas
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computingHossam Zein
 

Semelhante a Identity Management for the Cloud (20)

Iam cloud security_vision_wp_236732
Iam cloud security_vision_wp_236732Iam cloud security_vision_wp_236732
Iam cloud security_vision_wp_236732
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
Security and Privacy Challenges in Cloud Computing Environments
Security and Privacy Challenges in Cloud Computing EnvironmentsSecurity and Privacy Challenges in Cloud Computing Environments
Security and Privacy Challenges in Cloud Computing Environments
 
Pinning Down Cloud Computing
Pinning Down Cloud ComputingPinning Down Cloud Computing
Pinning Down Cloud Computing
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huang
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Cloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsCloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patterns
 
Cloud Scars: Lessons from the Enterprise Pioneers
Cloud Scars: Lessons from the Enterprise PioneersCloud Scars: Lessons from the Enterprise Pioneers
Cloud Scars: Lessons from the Enterprise Pioneers
 
Cloud scars: Lessons from the Enterprise Pioneers
Cloud scars: Lessons from the Enterprise PioneersCloud scars: Lessons from the Enterprise Pioneers
Cloud scars: Lessons from the Enterprise Pioneers
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
#bluemixdrone is at Southbank for the IBM Service Advisory Exchange
#bluemixdrone is at Southbank for the IBM Service Advisory Exchange#bluemixdrone is at Southbank for the IBM Service Advisory Exchange
#bluemixdrone is at Southbank for the IBM Service Advisory Exchange
 
Features of cloud
Features of cloudFeatures of cloud
Features of cloud
 
Authentication in cloud computing
Authentication in cloud computingAuthentication in cloud computing
Authentication in cloud computing
 
Secure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsSecure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud Environments
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computing
 

Mais de Horst Walther

Generic Processes for Identity & Access
Generic Processes for Identity & AccessGeneric Processes for Identity & Access
Generic Processes for Identity & AccessHorst Walther
 
Identity & Access Governance versus Process Agility
Identity & Access Governance versus Process AgilityIdentity & Access Governance versus Process Agility
Identity & Access Governance versus Process AgilityHorst Walther
 
Identity & Access Governance
Identity & Access GovernanceIdentity & Access Governance
Identity & Access GovernanceHorst Walther
 
A Practitioner´s Recommendations for successful IAM Programs
A Practitioner´s Recommendations for successful IAM ProgramsA Practitioner´s Recommendations for successful IAM Programs
A Practitioner´s Recommendations for successful IAM ProgramsHorst Walther
 
How to do Business with Germans
How to do Business with GermansHow to do Business with Germans
How to do Business with GermansHorst Walther
 
Cultural limitations to quality
Cultural limitations to qualityCultural limitations to quality
Cultural limitations to qualityHorst Walther
 
Besides Petroleum - The promise of bio fuels to contribute to the solution of...
Besides Petroleum - The promise of bio fuels to contribute to the solution of...Besides Petroleum - The promise of bio fuels to contribute to the solution of...
Besides Petroleum - The promise of bio fuels to contribute to the solution of...Horst Walther
 

Mais de Horst Walther (8)

G2 - US vs. China
G2 - US vs. ChinaG2 - US vs. China
G2 - US vs. China
 
Generic Processes for Identity & Access
Generic Processes for Identity & AccessGeneric Processes for Identity & Access
Generic Processes for Identity & Access
 
Identity & Access Governance versus Process Agility
Identity & Access Governance versus Process AgilityIdentity & Access Governance versus Process Agility
Identity & Access Governance versus Process Agility
 
Identity & Access Governance
Identity & Access GovernanceIdentity & Access Governance
Identity & Access Governance
 
A Practitioner´s Recommendations for successful IAM Programs
A Practitioner´s Recommendations for successful IAM ProgramsA Practitioner´s Recommendations for successful IAM Programs
A Practitioner´s Recommendations for successful IAM Programs
 
How to do Business with Germans
How to do Business with GermansHow to do Business with Germans
How to do Business with Germans
 
Cultural limitations to quality
Cultural limitations to qualityCultural limitations to quality
Cultural limitations to quality
 
Besides Petroleum - The promise of bio fuels to contribute to the solution of...
Besides Petroleum - The promise of bio fuels to contribute to the solution of...Besides Petroleum - The promise of bio fuels to contribute to the solution of...
Besides Petroleum - The promise of bio fuels to contribute to the solution of...
 

Último

Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 

Último (20)

Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 

Identity Management for the Cloud

  • 1. SiGSiG Identity Management for the Cloud New answers to old questions 10. Anwenderkonferenz Softwarequalität, Test und Innovationen 6. und 7. September 2012 Alpen-Adria-Universität Klagenfurt Dr. Horst Walther, Business Advisor Operational Risk Management Member of the VCB & Company LLP, London,
  • 2. SiG agenda 1. Where is the problem? Why do we need to talk about IdM in the cloud? 2. The slow move towards the cloud The cloud did not come as a surprise 3. Finally the fortress security model fails But corporations had a hard time to accept the facts 4. Models, services & actors become standardised The NIST Conceptual Reference Model 5. Cloud Computing’s deadly sins by Mike Small 6. Often IAM is meant when IM is said IAM = Identity Management (IM) + Access Management (AM) 7. IAM before & in the Cloud What changes for the consumer, when moving into the cloud? 8. OASIS view relevant standards & identified gaps 9. SCIM Simple Cloud Identity Management by IETF 10. IdMaaS - Identity Management as a Service Identity Management Moves into the Cloud 11. Management vs. governance A clear cut between hand-on management & governance is essential 12. Conclusion What changes, when moving into the cloud? www.vcbcompany.com2014-05-21 2
  • 3. SiG Where is the problem? Why do we need to talk about IdM in the cloud? Since 10 years+ we are discussing Identity Management in the cloud. Obviously there seems to be a major issue. But what makes the difference? What are old – what are the new challenges? How do the solutions look like? What is going on? What comes next? www.vcbcompany.com2014-05-21 4
  • 4. SiG The slow move towards the cloud The cloud did not come as a surprise  The closed corporate perimeter is blurring  There is a long-term move of sourcing internal services out Internal Systems & Data less knownPartner Weakly coupled, dynamic, external Customer Strongly coupled, static, internal Employee unknown Extranets The cloud www.vcbcompany.com2014-05-21 5
  • 5. SiG Finally the fortress security model fails But corporations had a hard time to accept the facts  The company perimeter is no longer the line of defence  A virtual enterprise network requires asset centric security. Internal Systems & Data The virtual enterprise network goes beyond phsical borders The cloud less knownPartner Weakly coupled, dynamic, external Customer Strongly coupled, static, internal Employee unknown www.vcbcompany.com2014-05-21 6
  • 6. SiG Challenges – The CIO’s lament Complexity, cloud & mobile drove the change in the last 5 years.  Increased complexity.  There are more things to connect,  More people to connect  With more data than ever before.  It's an end-to-end situation.  The role of IT has changed  From being the custodians of IT to being brokers of IT.  The all-things cloud lures us.  The infrastructure is moving out of the (direct) control.  The devices too are moving out of control the IT.  BYOD & mobile devices are incompatible with the perimeter security model  We go from managing by our hands on to governing via policies & audits.  But generally IT people are not good at governing  And the outlook is: More of the same. www.vcbcompany.com2014-05-21 7
  • 7. SiG Models, services & actors become standardised The NIST Conceptual Reference Model NIST: http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505 www.vcbcompany.com2014-05-21 8
  • 8. SiG The NIST Conceptual Reference Model Cloud Computing obviously raises the overall complexity  5 major participating actors:  Cloud Consumer,  Cloud Provider,  Cloud Broker,  Cloud Auditor,  Cloud Carrier.  3 service:  Cloud software as a service (SaaS),  Cloud platform as a service (PaaS),  Cloud infrastructure as a service (IaaS).  4 deployment models:  private cloud,  community cloud,  public cloud, and hybrid cloud.  5 service characteristics :  on-demand self-service,  broad network access,  resource pooling,  rapid elasticity,  measured service. www.vcbcompany.com2014-05-21 9
  • 9. SiG Cloud Computing’s deadly sins by Mike Small  Adopting cloud computing can save money.  But many organizations are sleepwalking into the cloud.  Outsourcing the provision of the IT service does not outsource the customer’s responsibilities.  The deadly vice of cloud computing of is sloth by inattention to: 1. Not knowing you are using the Cloud 2. Not assuring legal and regulatory compliance 3. Not knowing what data is in the cloud 4. Not managing identity and access to the cloud 5. Not managing business continuity and the cloud 6. Becoming Locked-in to one provider 7. Not managing your Cloud provider  Of these deadly sins of cloud computing #4 directly applies  Indirectly affected are #2 & # 5 * In medieval times the Christian church created the concept of the seven deadly sins: 1. wrath, 2. greed, 3. sloth, 4. pride, 5. lust, 6. envy and 7. gluttony www.vcbcompany.com2014-05-21 10
  • 10. SiG Often IAM is meant when IM is said IAM = Identity Management (IM) + Access Management (AM) Identity & Access Management Identity Management Define the digital identity and its life cycle Access Management Model & manage the identity's access to corporate resources. www.vcbcompany.com2014-05-21 11
  • 11. SiG Grouping processes of the Identity- & Access Management The IAM processes may be viewed from different perspectives*  into Identity management & Access Management  Identity management has a justification sui generis.  It is not an appendix of security management  Access management can be built on top of Identity management  into operational and managerial  operational: identify, authenticate and authorise  managerial: administer digital Identities  governance: supervise & direct  into essential and physical  essential: administer and use the essential business functionality  physical: integrate, transport, transform and “provision” to deal with the “cruel dirty world” outside. * www.GenericIAM.org www.vcbcompany.com2014-05-21 12
  • 12. SiG IAM before & in the Cloud What changes for the consumer, when moving into the cloud? Enterprise IAM  Mostly partial coverage  Manual & automated processes  Proprietary application interfaces  IAM roles may overlap  Individual, ad-hoc decisions  SSO is a goody  Hands-on management & governance not clearly separated  Low process maturity suffices  Running an IAM is recommended Cloud IAM  Total coverage necessary  Full automation required  Standardised interfacing  Clearly defined IAM roles  Policy driven decisions  SSO is essential  Mandatory separation of hands-on management & governance  High process maturity necessary  Running an IAM is mandatory Well – not much. But it has to be done now. www.vcbcompany.com2014-05-21 13
  • 13. SiG OASIS view relevant standards & identified gaps Identified relevant standards  SAML  OpenID  OAuth  SPML  SCIM  WS-Federation  IMI  (XACML) ? Identified big / obvious gaps  Configuration and association with an IdP is not standardized  No standards or rules for mapping or transforming attributes between different (cloud) domains.  No profiles or standard roles and related attributes  No standards for attributes  No audit standards for IDM systems www.vcbcompany.com2014-05-21 14
  • 14. SiG Where can the impact of the cloud be felt? The OASIS ‘identity in the cloud’ use cases  Infrastructure Identity Establishment  Identity Management (IM)  General Identity Management  Infrastructure Identity Management (IIM)  Federated Identity Management (FIM)  Authentication  General Authentication  Single Sign-On (SSO)  Multi-factor  Authorization  Account and Attribute Management  Account and Attribute Provisioning  Security Tokens  Governance  Audit and Compliance www.vcbcompany.com2014-05-21 15 OASIS formalized 29 cloud use cases out of (35 received)
  • 15. SiG Impact on the Identity Management OASIS: More emphasis on provisioning and configuration  Speed - Rapid provisioning:  Automatically deploying cloud systems based on the requested service/resources/capabilities.  Robustness - Resource changing:  Adjusting configuration/resource assignment for repairs, upgrades and joining new nodes into the cloud.  Compliance - Monitoring and Reporting:  Discovering and monitoring virtual resources, monitoring cloud operations and events and generating performance reports.  Transparency - Metering:  Providing a metering capability at some level of abstraction appropriate to the type of service.  e.g., storage, processing, bandwidth, and active user accounts.  SLA management:  Encompassing the SLA contract definition  SLA monitoring and SLA enforcement according to defined policies. www.vcbcompany.com2014-05-21 16
  • 16. SiG SCIM Simple Cloud Identity Management by IETF  For provisioning user identity to cloud-based service providers.  The SCIM protocol …  exposes a common user schema and extension model  is expressed in JSON (JavaScript Object Notation) or XML over HTTP  uses a RESTful (Representational State Transfer)-API.  maps to SCIM LDAP inetOrgPerson  binds to SAML  Is supported by several security software & cloud vendors  Cisco, Courion, Ping Identity, UnboundID and SailPoint; Salesforce, Google and VMware.  Version 1.0 of the specification was approved in Dec. 2011.  Proposed milestones …  mid. 2012: the SCIM core schema  mid. 2012: RESTful interface definition,  mid. 2012: use cases as a living document by the end of summer  mid. 2013: formalized SAML bindings  mid. 2013: LDAP mappings. www.vcbcompany.com2014-05-21 17
  • 17. SiG SCIM - Modes & Flows CSP  CSP Cloud Service Provider to Cloud Service Provider Flows  Create Identity (Push)  Update Identity (Push)  Delete Identity (Push)  Sync Identity (Push & Pull)  SSO Trigger (Push)  SSO Trigger (Pull)  Password Reset (Push) ECS  CSP Enterprise Cloud Subscriber to Cloud Service Provider Flows  Create Identity (Push)  Update Identity (Push)  Delete Identity (Push)  SSO Pull www.vcbcompany.com2014-05-21 18
  • 18. SiG IdMaaS - Identity Management as a Service Identity Management Moves into the Cloud  IDMaaS = IdM + SaaS  10 key criteria to be considered: 1. Be sure about the service level agreements (SLAs). 2. Explore the compliance / liability ramifications 3. Define how control will be shared? 4. Plan and define the interface with the service provider. 5. Consider the applications to integrate into the solution. 6. Align your security model with the service provider. 7. Understand the business disruption caused by the move. 8. Explore the effort of changing back / to another provider 9. Make sure your provider is the right one for IDMaaS as well. 10. Consider the whole life cycle costs under different scenarios.  If you confidently cover all 10 points you may move to IdMaaS www.vcbcompany.com2014-05-21 19
  • 19. SiG Management vs. governance A clear cut between hand-on management & governance is essential  Depending on the service model the level from where on governance replaces management is different. governance management Iaas governance management Paas governance management Saas www.vcbcompany.com2014-05-21 20
  • 20. SiG Big Picture: the Context is the Industrialisation of Service Compliance  Compliance enforces the use of infrastructure standards.  ITIL is just the beginning – CoBIT, ValIT and others will follow.  The cloud offers a framework for the implementation.  ITIL, SOA, compliance frameworks are details of a bigger picture. enterprises Globalisation  Market forces enforce the concentration on core competencies.  Non-competitive activities will be standardised.  They will be sourced globally at low prices,  outsourced / cloud- sourced / off-shored … or performed according to best practice reference models. Standardisation Automation Modularisation continuous improvement core competences 2 global forces change the environment. www.vcbcompany.com2014-05-21 21
  • 21. SiGwww.vcbcompany.com2014-05-21 22 Conclusion What changes, when moving into the cloud? Well, not much!  Moving to the cloud doesn‘t offer fundamentally new challenges.  Full coverage, automation, single-sign-on, user-self-service, … should have been IAM feature before as well.  Out-sourced & off-site running applications were in use since years.  Cost pressure & increased complexity are the real differentiators  They enforce one more step towards the industrialisation of services. It‘s about … Quantity  Quality
  • 22. SiG questions - acknowledgements – suggestions? www.vcbcompany.com2014-05-21 23
  • 24. SiGwww.vcbcompany.com2014-05-21 25 Standards  SAML  Most mature, detailed, and widely adopted specifications family for browser-based federated sign-on for cloud users  Enables delegation (SSO)  Multifactor authentication  Support strong authentication and web SSO, avoid duplication of identity, and share only selected attributes to protect user privacy  Platform neutrality. SAML abstracts the security framework away from platform architectures and particular vendor implementations.  Business-to-business and employee-facing use cases  Shibboleth  Led by Internet2 to provide peer-to-peer collaboration using a federated identity infrastructure based on SAML.  Huge adoption rate in university and research communities  Liberty Alliance  An organization of vendors and enterprises that is largely perceived as having formed in response to Microsoft’s Passport efforts.  Identity federation framework (ID-FF) and identity Web services framework (ID-WSF). Their ID-FF work, which has now been incorporated into SAML 2.0.  Provides testing services for SAML 2.0 as well as their own protocols.  SPML  Emerging  Xml-based framework being developed by oasis for exchanging user, resource, and service provisioning information among cooperating organizations.  XACML  XACML is an oasis-ratified, general-purpose, xml-based access control language for policy management and access decisions.  Xml schema for a general policy language, processing environment model to manage the policies and to conclude the access decisions.  A standard way to express authorization policies across a diverse set of cloud services and externalize authorization and enforcement from the application  OAUTH  OAUTH is an emerging authentication standard that allows consumers to share their private resources (e.g., photos, videos, contact lists, bank accounts) stored on one csp with another csp without having to disclose the authentication information  Supported via an API by service providers including GOOGLE, TWITTER, FACEBOOK, and PLAXO  OPENID  OPENID an open, decentralized standard for user authentication and access control, users can log on to many services with the same digital.  However trust issues remain  WS-*  Driven by a collaborative effort between Microsoft, IBM, VeriSign, RSA Security, Ping Identity and others.  Composable suite of specifications for enabling secure Web services.  WS-Trust, WS-Federation, and WS-Policy are evolving mechanisms for layering authentication, authorization & policy across multiple security domains.