Are the Enterprises Ready for
Identity of Everything?
Ranjan Jain
Enterprise IT Architect
Cisco Systems Inc.
July 2014
Cisco Confidential 2© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 3© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Agenda
Iden%ty	
  and	
  Not-­‐so-­‐Fun	...
Cisco Confidential 4© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Iden%ty	
  and	
  Not-­‐so-­‐Fun	
  fact...
Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Identity De!ned
•  Digital Identity is d...
Cisco Confidential 6© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Identity – Not So Fun Facts
 Identities...
Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Security Incident Examples
Impacted 148 ...
Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Security Incident Examples
Impacted 110 ...
Cisco Confidential 9© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Security Incident Examples
Refrigerator ...
Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Trends	
  &	
  Impact	
  on	
  Iden%ty	...
Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Trends Elevating the Importance of Iden...
Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Trends Elevating the Importance of Iden...
Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Iden%ty	
  of	
  Everything	
  &	
  Fra...
Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved.
IDentity of Everything (IDoE) Vision
Lo...
Cisco Confidential 15© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Everything Will Have an Identity
Identi...
Cisco Confidential 16© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Getting GRIP on Identity
Each user, dev...
Cisco Confidential 17© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Getting GRIP on Identity
Each user, dev...
Cisco Confidential 18© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Data Model to Encompass All Types of Id...
Cisco Confidential 19© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Identity Framework
Auditing of Policies...
Cisco Confidential 20© 2013-2014 Cisco and/or its affiliates. All rights reserved.
IT	
  Architecture	
  Requirements	
  
Cisco Confidential 21© 2013-2014 Cisco and/or its affiliates. All rights reserved.
IDoE Vision Realization Factors
The 4 M...
Cisco Confidential 22© 2013-2014 Cisco and/or its affiliates. All rights reserved.
IT Architecture for IDoE
The 4 Must-Hav...
Cisco Confidential 23© 2013-2014 Cisco and/or its affiliates. All rights reserved.
In Closing
•  IoT will Connect the Un-c...
Cisco Confidential 24© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Q&A
Thank you.
Upcoming SlideShare
Loading in...5
×

CIS14: Are the Enterprises Ready for Identity of Everything?

345

Published on

Ranjan Jain, Cisco Systems
A NextGen architectural approach which enterprise IT architects and management need to consider if they plan to ride the IoT wave.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
345
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
23
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

CIS14: Are the Enterprises Ready for Identity of Everything?

  1. 1. Are the Enterprises Ready for Identity of Everything? Ranjan Jain Enterprise IT Architect Cisco Systems Inc. July 2014
  2. 2. Cisco Confidential 2© 2013-2014 Cisco and/or its affiliates. All rights reserved.
  3. 3. Cisco Confidential 3© 2013-2014 Cisco and/or its affiliates. All rights reserved. Agenda Iden%ty  and  Not-­‐so-­‐Fun  facts   Trends  &  Impact  on  Iden%ty   IT  Architecture  Requirements   Iden%ty  of  Everything  &  Framework   Q  &  A  
  4. 4. Cisco Confidential 4© 2013-2014 Cisco and/or its affiliates. All rights reserved. Iden%ty  and  Not-­‐so-­‐Fun  facts  
  5. 5. Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved. Identity De!ned •  Digital Identity is defined as a set of data that uniquely describes a person or thing. •  Identity Types:   Human   Devices  Applications (APIs) and many more •  Identity is core to trust model and security principles of confidentiality, integrity, and availability.
  6. 6. Cisco Confidential 6© 2013-2014 Cisco and/or its affiliates. All rights reserved. Identity – Not So Fun Facts  Identities frequently targeted for attack:   Executives   Administrators   Outsourced vendors  Unable to quantify loss due to lack of visibility  Trend in targeted attacks are many occurrences over an extended period of time Cyber-attackers need to be right once. Enterprise security need to be right every time.
  7. 7. Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved. Security Incident Examples Impacted 148 million users
  8. 8. Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved. Security Incident Examples Impacted 110 million users
  9. 9. Cisco Confidential 9© 2013-2014 Cisco and/or its affiliates. All rights reserved. Security Incident Examples Refrigerator got hacked & more to come Courtesy: www.readwrite.com
  10. 10. Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved. Trends  &  Impact  on  Iden%ty  
  11. 11. Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved. Trends Elevating the Importance of Identity Enabling New Business Models Security User Experience Ease of Doing Business Operational Expense Reduction 50 Business Source: http://share.cisco.com/internet-of-things.html
  12. 12. Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved. Trends Elevating the Importance of Identity Enabling New Business Models Security User Experience Ease of Doing Business Operational Expense Reduction 50 Business Technology Internet of Everything Mobile / Cloud Externalizing Data via API’s Collaboration / Social / Data Analytics Advanced Threats XaaS / Automation Source: http://share.cisco.com/internet-of-things.html
  13. 13. Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved. Iden%ty  of  Everything  &  Framework  
  14. 14. Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved. IDentity of Everything (IDoE) Vision Location IT Managed Un-managed Device IT Managed Personal Any Device “Enable secure access from any client, on any device, to any service, located anywhere.” From Anywhere Any Resource (Anyone, Anything, Anywhere – For Right Business Outcome) Identities depicted are only representative, and not the comprehensive list Identity Human Device Application API Resource Web Apps Mobile Apps API Devices SaaS Service Providers
  15. 15. Cisco Confidential 15© 2013-2014 Cisco and/or its affiliates. All rights reserved. Everything Will Have an Identity Identity Each user, device, and resource has a unique identity. These identities must be non-overlapping Any On Any Accessing Any User Device Resource NetworkOn Any To Enable “Internet of Everything” Human / Non-human identity
  16. 16. Cisco Confidential 16© 2013-2014 Cisco and/or its affiliates. All rights reserved. Getting GRIP on Identity Each user, device, and resource has a unique identity. Any On Any Accessing Any User Device Resource NetworkOn Any To Enable “Right Authorization” Identity GRoups A set of users, devices, or resources are grouped together to create a composite identity (Group) based on one or more sets of attributes. Human / Non-human identity
  17. 17. Cisco Confidential 17© 2013-2014 Cisco and/or its affiliates. All rights reserved. Getting GRIP on Identity Each user, device, and resource has a unique identity. Any On Any Accessing Any User Device Resource NetworkOn Any To Enable “Right Authorization” A set of identities are grouped together to create a composite identity (Group) based on one or more sets of attributes. Identity GRoups Policy One or more policies are created and applied. It binds the entitlement of an identity to the required resources. Auditing Identity Policy EnforcementGroups Right Authorization++ = Human / Non-human identity
  18. 18. Cisco Confidential 18© 2013-2014 Cisco and/or its affiliates. All rights reserved. Data Model to Encompass All Types of Identities Badged Non-Badged FTEOutsourced Regular New Acq’stn Guest User Device ResourceLocation Partner Customer End User Server IT Asset BYOD Host Network PC Mac Linux iOS Android IT Mn’gd Un-Mn’gd DMZ Internal Protected Partner Sites Public Internet Default SimDMZ IT Hosted Ext Hosted Service Asset Data Application - Each User, Device, and Resource has a unique Identity. •  Campus / FSO •  Data Center •  Bandwidth •  … Additional Attributes •  Data Classification •  Regulatory Comp. •  Access Protocol •  … Additional Attributes •  OS •  Version •  Display Size •  … Additional Attributes - Each Identity has several attributes that describe its type and their attributes. - One or more of these attributes can then be combined to create a composite identity. Additional Attributes •  First Name •  Last Name •  Email •  …
  19. 19. Cisco Confidential 19© 2013-2014 Cisco and/or its affiliates. All rights reserved. Identity Framework Auditing of Policies & Data Analytics Authentication Coarse Grain Authorization Fine Grain Authorization SSO Access Service Registration Provisioning De- provisioning Identity Service Data Stores Federation And Various Lifecycles Identity Human Device Application API Identity PolicyAttributes APIs & Web Services User Apps Devices Authc Authz Entitlement Attestation Resource Web Apps Mobile Apps API Devices SaaS Service Providers
  20. 20. Cisco Confidential 20© 2013-2014 Cisco and/or its affiliates. All rights reserved. IT  Architecture  Requirements  
  21. 21. Cisco Confidential 21© 2013-2014 Cisco and/or its affiliates. All rights reserved. IDoE Vision Realization Factors The 4 Must-Haves Federa&on  and  API   Will  be  Ubiquitous   Iden&ty  for  Everything   -­‐Human   -­‐Device   -­‐App,  API  etc.   Mul&-­‐factor  Authen&ca&on     -­‐  It  will  be  a  Must   -­‐  Context  will  be   new  dimension   Standards  Driven   P2P,  M2M,  P2M    
  22. 22. Cisco Confidential 22© 2013-2014 Cisco and/or its affiliates. All rights reserved. IT Architecture for IDoE The 4 Must-Haves Security   Scalable  for  Billions   Elas&c  BYoT  
  23. 23. Cisco Confidential 23© 2013-2014 Cisco and/or its affiliates. All rights reserved. In Closing •  IoT will Connect the Un-connected •  Identity will be the core for IoT to happen •  Securing IAM will be more important than ever •  Open Standards (OAuth, SCIM, OpenID Connect and more to come) will provide the federation grid for NextGen IAM to work •  We need to work more closely and openly to ride the IoT wave
  24. 24. Cisco Confidential 24© 2013-2014 Cisco and/or its affiliates. All rights reserved. Q&A
  25. 25. Thank you.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×