Mais conteúdo relacionado Semelhante a Intel IT's Identity and Access Management Journey (20) Mais de Intel IT Center (20) Intel IT's Identity and Access Management Journey1. Intel IT’s Identity and Access
Management Journey
July 2014
Copyright © 2014, Intel Corporation. All rights reserved
2. Legal Notices
This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR
IMPLIED, IN THIS SUMMARY.
Intel, and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
* Other names and brands may be claimed as the property of others.
Copyright © 2014, Intel Corporation. All rights reserved.
Copyright © 2014, Intel Corporation. All rights reserved
2
3. The SMAC Stack Requires Agile
Security Capabilities
Copyright © 2014, Intel Corporation. All rights reserved
• Enable movement of diverse information to more places
• Variety and growth in devices, internet touch points, and access methods
• More custom mobile applications and services within the enterprise
• The need to adopt standard applications for SaaS in the public cloud
MobileSocial CloudAnalytics
The increase in devices, applications and use of the cloud requires a new
approach to provisioning and managing identities.
3
4. The IdAM Challenge
Copyright © 2014, Intel Corporation. All rights reserved
• A 20 year old custom solution
• A need for a new approach:
• Building with a small set of off-the-shelf solutions
• Utilizing Web Services to “wrap” solutions
• Driving for a small set of businesses processes
4
5. IdAM Vision & Goals
Vision: Simple, easy and controlled solutions that enable
access to anything, from anywhere, to any device.
Drive Business ValueProgram CSIs
(Critical Success Factor)
Agility
Improved UX
Flexibility
Risk Mitigation
Reduce:
Unmanaged accounts
Access approval TPT
Application Setup
Audit Excursions
5
Copyright © 2014, Intel Corporation. All rights reserved
6. High-Level Reference Architecture
Copyright © 2014, Intel Corporation. All rights reserved
Enterprise
Directory
Services
Core(Management)Periphery
(Runtime)
Provisioning Third Party
Applications
Services
Enterprise Login Performance
Stability
User
Experience
User Experience
Service
Oriented
Architecture
KEY
Biz Value
6
Access Request Interface
Identity
Management
Services
Data Quality
ID Attestation
Entitlement
Management
Services
Access Certification
Business / Tech Roles
AppsAppsAppsApps
AuthN
Step-Up AuthN
Inbound Federation
Outbound Federation
Social Login
AuthZ
Fine-Grained AuthZ
7. Co-Existence Implementation
(versus Big Bang)
Copyright © 2014, Intel Corporation. All rights reserved
• The new platform will be the master system and will treat the legacy
platform as a managed source
• As applications are migrated to the new platform, the management of
access will also move
• Ahead of migration, legacy applications can take advantage of features
in the new platform, for example, access certification
New IdAM
Platform
Old IdAM
Platform
IdAM Web
Services
AGGREGATE
PROVISION
READ
CREATE, UPDATE
Legacy
Applications
New/
Migrated
Applications
7
8. Integration Principles
Purchased 3rd Party
Applications:
Integrate with directory directly
or web services
IdAM Web
Services
New IdAM
Platform Enterprise
Directory
Enterprise
Applications
Purchased
Applications
8
Custom Written
Applications:
Integrate with IdAM
web services
Provisioning:
Outside on
exception basis
Copyright © 2014, Intel Corporation. All rights reserved
9. Workers,
Trading Partners
& Consumers
Any Device
Federated Identity Management
in the Cloud
Copyright © 2014, Intel Corporation. All rights reserved
Intel
Access Governance
(Core Platform)
Intel Applications
Anywhere
Cloud AppsCloud Apps
Cloud Apps
Internal Apps
Internal Apps
Internal Apps
Mobile AppsMobile Apps
Mobile Apps
Federated
Identity
Management
Strong
Authentication
Internal External
B2C
(Social)
B2B
Inbound SSO
OTP
SSO
Provisioning
Active
Provisioning
JIT
Provisioning
Registration
CURRENT
• Multiple IT and Business Group solutions
• Cannot integrate at the cadence of business
• Lacking key capabilities (multi-factor
authentication, inbound federation)
FUTURE
• Unified & IT delivered solution
• Single day startup of Cloud SSO in most cases
• Rich capability set proactively meeting business
needs
9
10. Summary
Copyright © 2014, Intel Corporation. All rights reserved
• Significant progress made but this is a long journey
and we are only at the beginning.
• Co-existence allows us to achieve value incrementally over
time.
• Focusing on a service-oriented architecture approach
allows for quick wins on which we can continue to build.
• Align and adopt industry best practices.
• Strong leadership and management is key.
10
Notas do Editor 2 Jason to provide speaker notes