Your SlideShare is downloading. ×
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?

164

Published on

John Tolbert, Fortune 50 Company …

John Tolbert, Fortune 50 Company

An examination of the often complex mix of scalability, interoperability, and security requirements that certain industries face, and what is needed for these types of organizations to be able to fully leverage the benefits of the cloud.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
164
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
17
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Is The Cloud Ready for Enterprise Security Requirements? John Tolbert
  • 2. The Cloud A Huge Success Story Rent what you need, rather than buy Simplify data center management Scalable Fast provisioning and de-provisioning
  • 3. Security Requirements Consumer Privacy Regulatory compliance SOX HIPAA Export regulations
  • 4. More Security Requirements Intellectual Property Licensing and Collaboration Background and Foreground IP Trade Secret Protection High Security / High Assurance NIST 800-63 Level 3 and 4 authentication Fine-grained access controls Need-to-know
  • 5. Authorization is like fashion Informal Attire For a Day at The Lake
  • 6. Admission to certain venues requires formal wear http://upload.wikimedia.org/wikipedia/commons/3/39/MITO_Orchestra_Sinfonica_RAI.jpg
  • 7. Access Control X OK
  • 8. Organizations need to collaborate with business partners The cloud is a natural place for collaboration Easy to set up workspaces as needed Identity management can be a combination of federated identities for those with robust IAM infrastructures and cloud-managed identities for business partners without the heavy-duty IAM infrastructures Protecting intellectual property in collaborative environments can be a challenge
  • 9. Enterprise IAM infrastructure in place LDAP SAML XACML PAP Enterprise IAM Infrastructure SSO XACML PEP XACML PDP The Cloud SaaS IaaS PaaS File Repositories Web Apps Cloud IAM Enterprise Applications SCIM
  • 10. Evolution of access controls Time IAM Solution Complexity Evolves To Meet Scalability and Granularity Requirements Users Groups RBAC ABAC PBAC
  • 11. Union of Attribute and Policy Policy Attribute Based Access Control
  • 12. Policy/Attribute-based access control XACML for consistent attribute-based access control in both the cloud and on-premise infrastructure Profiles for privacy, export controls, intellectual property controls, and data loss prevention Interoperability at the transport layer Can facilitate the migration to Mandatory Access Control (MAC) model
  • 13. Fine-grained Authorization Subject identity is just one variable in the authorization equation Resources have identities too! Resource attributes must also be evaluated in runtime authorization decisions Subject Resource Environment Action
  • 14. Fine-grained AuthZ Two major categories of data necessitate two different approaches: Unstructured data: standardized metadata tags on data objects Structured data: policy-based access controls applied via SQL and web application proxies Backend Attribute Exchange: one domain trusts another to provide authoritative attributes for authenticated users
  • 15. Metadata tagging and AuthZ Create Document Content Analysis Metadata Application XACML PEP XACML PDP By United States Air Force.718 Bot at en.wikipedia [Public domain], from Wikimedia Commons http://upload.wikimedia.org/wikipedia/commons/6/62/1948_Top_Secret_USAF_UFO_extraterrestrial_document.png Read Metadata Class: Top Secret Decision Pass Metadata as Resource Attributes LDAP Subject User Subject Attributes
  • 16. Policy-based SQL and application proxies LDAP XACML PAP SQL/ XACML PEP XACML PDP Thick Client App DB Web App WAF/XACML PEP DB Certain row/column Results match policies Certain application Actions match policies
  • 17. Backend Attribute Exchange User authenticates in Domain A Domain B SSO gets attributes from Domain A User receives access in Domain B User requests access to resource in Domain B Assumption: Domain B trusts that Domain A is authoritative for specific attributes about users originating from there. SSO LDAP SAML SSO SSO SAML SSO Web App 1 2 4 3 5 6 7 8 9
  • 18. Mandatory Access Control Gov't Classification Commercial Analogs Unclassified Public Domain Confidential Confidential Secret Competition Sensitive / Restricted Top Secret Limited Distribution No Read Up No Write Down Bell-LaPadula No Read Down No Write Up Biba Integrity
  • 19. Compliance Monitoring and Risk Management Standardized authentication and authorization mechanisms for consistent enforcement and reporting Integration with Security Incident and Event Management for real-time alerting Integration with GRC software
  • 20. Conclusion Is the cloud ready for enterprise security? Yes, some providers offer solutions in most areas described above. Cloud service providers will capture more customers with high security service offerings Resource identities (attributes) are just as important in access control decisions as subject identities

×