• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
IdM And The Cloud: Stormy Days Ahead?
 

IdM And The Cloud: Stormy Days Ahead?

on

  • 6,031 views

[With Slidecast discontinued, you can see the video (presentation + audio) on my blog at http://blog.talkingidentity.com/2009/10/screencast-of-my-openworld-session-on-idm-and-the-cloud.html] ...

[With Slidecast discontinued, you can see the video (presentation + audio) on my blog at http://blog.talkingidentity.com/2009/10/screencast-of-my-openworld-session-on-idm-and-the-cloud.html]

Cloud computing is about to revolutionize enterprise IT and architecture. But leading industry analysts see security as a gating factor preventing enterprise adoption of cloud solutions, as enterprises grapple with the unique characteristics of cloud security and the challenges of compliance and governance. This presentation I gave at OpenWorld 2009 outlines key identity management considerations for evaluating a move to the cloud. It discusses how enterprises can leverage their existing identity and access management infrastructure and the principles of service-oriented security and standards-based interactions to secure their assets in the cloud. It also looks at the prospects for identity management as a service and how it will affect cloud computing's future.

Statistics

Views

Total Views
6,031
Views on SlideShare
5,743
Embed Views
288

Actions

Likes
9
Downloads
0
Comments
2

5 Embeds 288

http://blog.talkingidentity.com 225
http://www.ukocn.com 42
http://www.slideshare.net 13
http://static.slidesharecdn.com 4
http://www.linkedin.com 4

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

12 of 2 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Hi Nishant,

    I find this presentation very clear. Is it possible to get the ppt or pdf file?

    Thanks.
    Are you sure you want to
    Your message goes here
    Processing…
  • Thanks for the presentation. Now embedded at UKOCN, Oracle User Community at:

    http://www.ukocn.com/forums/oracle-related-technologies/cloud-computing/idm-and-cloud-stormy-days-ahead
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    IdM And The Cloud: Stormy Days Ahead? IdM And The Cloud: Stormy Days Ahead? Presentation Transcript

    • Identity Management and the Cloud: Stormy Days Ahead? Nishant Kaushik Architect, Oracle Identity Management
    • The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
    • Agenda
      • The X’s of Cloud Computing
      • The Identity Factor
      • The Identity Platform for the Cloud
      • Putting it All Together
      <Insert Picture Here>
    • The Allure of Cloud Computing
      • Pay As You Go
      • Availability
      • Flexibility
      • Time To Value
      • Simplicity
      A New Paradigm Cloud Computing is about the on-demand, elastic and scalable consumption of computing resources.
    • The Basics of Cloud Computing
      • It is service-based
      • It is scalable and elastic
      • It shares a pool of resources
      • It is metered by use
      • It uses internet technologies
      Basic Attributes Gartner has said there are 5 basic attributes of a cloud computing model.
    • The Myths of Cloud Computing
      • The Cloud Computing model should be viewed as any other utility - a black box that seamlessly presents your information on demand
      IT As Utility Pay no attention to how it works under the hood
    • The Reality of Cloud Computing
      • SLAs = Inadequate; Usually favoring provider
      • Transparency = Missing
      • Standards = Few in practice
      • Security Concerns = Unresolved
      • Interoperability = Coming…?
      Dig A Little Deeper Cloud Computing lacks some of the characteristics expected of a utility.
    • The Risks of Cloud Computing
      • Information Protection Challenges
      • Governance Models in Jeopardy
      • Strategic Vulnerability
      Mind The Gap IDC survey: 74% rate cloud security issues as “very significant”
    • Agenda
      • The X’s of Cloud Computing
      • The Identity Factor
      • The Identity Platform for the Cloud
      • Putting it All Together
      <Insert Picture Here>
    • It’s Déjà Vu All Over Again… Who has access? How is the access controlled? What about Privileged Access? Is data encrypted, segregated? Is data located in correct jurisdictions? Am I in compliance with regulations? How are breaches detected? Do I have audit & investigative capability? Can I switch services to another vendor? Cloud Security Challenges
    • It’s Déjà Vu All Over Again… Who has access? How is the access controlled? What about Privileged Access? Is data encrypted, segregated? Is data located in correct jurisdictions? Am I in compliance with regulations? How are breaches detected? Do I have audit & investigative capability? Can I switch services to another vendor? Cloud Security Challenges Enterprise Security Challenges
    • Identity – The Key to Enterprise Security
      • Compliance with business policies & regulations
      • Make governance sustainable by driving down administration cost & improving service levels
      • Enables business agility & collaboration
      • Improved risk management & customer satisfaction
      • The 3 A’s of Identity are core to the Information Protection challenge
      Access Controls Strategic Advantage
    • Identity – The Key to Enterprise Security
      • Compliance with business policies & regulations
      • Make governance sustainable by driving down administration cost & improving service levels
      • Enables business agility & collaboration
      • Improved risk management & customer satisfaction
      • The 3 A’s of Identity are core to the Information Protection challenge
      Access Controls Strategic Advantage and Cloud
    • Considerations for a Move to the Cloud
      • Single-Sign On for users of enterprise and cloud based assets
      • Ability to quickly provision and de-provision access to cloud assets
      • Granular access controls that can be managed externally
      • Privileged Account Management
      • Audit capabilities in support of compliance requirements
      • Standards-based Interfaces
    • Having Said All That While Cloud Computing is more… … this… …than this… Each evolutionary jump does introduce variables and characteristics that change the game
      • Cloud computing has “unique attributes that require risk assessment in areas such as data integrity, recovery and privacy, and an evaluation of legal issues in areas such as e-discovery, regulatory compliance and auditing,”
      • Assessing the Security Risks of Cloud Computing, June 2009
      What Gartner Is Saying
    • Enterprise IdM, Interrupted Convention Traditional Enterprise IdM relies on tight integration and heavy customization, with direct access to data stores
    • Enterprise IdM, Interrupted Convention Disruption Traditional Enterprise IdM relies on tight integration and heavy customization, with direct access to data stores The cloud’s model of sharing resources makes tight coupling a non starter
    • Enterprise IdM, Interrupted Convention Disruption Traditional Enterprise IdM relies on tight integration and heavy customization, with direct access to data stores Vision Identity infrastructure that seamlessly spans an enterprises internal & cloud environments The cloud’s model of sharing resources makes tight coupling a non starter
    • Agenda
      • The X’s of Cloud Computing
      • The Identity Factor
      • The Identity Platform for the Cloud
      • Putting it All Together
      <Insert Picture Here>
    • Enter the Identity Services Model
      • The goal: To provide identity functionality in a consistent, reusable service-oriented model to all applications/services
      • Identity, access and compliance management functionality implemented as services in a SOA
      • Promotes loose coupling to ensure long term viability and heterogeneity of business solutions
      Applications/Services/Platforms Sharing Services Shared, Reusable Services Service Infrastructure Service 1 Service 2 Service 3 Retail Customer Service Partner Application Employee Portal Cloud Service Identity Services
    • Cloud Computing Tiered Architecture Software as a Service (SaaS) Platform as a Service (PaaS) Software Infrastructure as a Service (SIaaS) Hardware Infrastructure as a Service (HIaaS) Identity Services Cloud Computing: Transforming IT – Burton Group Report, 2009
    • Extending Enterprise IdM to the Cloud SaaS PaaS IaaS Enterprise Identity Management Identity Services Platform Adopting the Identity Service Platform allows compliant services to plug into your identity infrastructure
    • Identity Services Platform for the Cloud
      • The Identity Services Platform contains the set of identity services needed to extend Enterprise Identity to the cloud
        • Could be deployed internally or in the cloud itself
      Enterprise Identity Providers protected by IGF-style policy controls Identity Assurance Identity Administration Identity Authorization Identity Hub Federated Authentication & User-Centric Identity that spans the enterprise environment and cloud environment Strong User and Access Lifecycle Management (Provisioning/De-Provisioning Capabilities) A Claims-Based Authorization model, coupled with strong XACML-based Entitlement Management A standardized Audit Framework for creating, managing and analyzing audit trails across cloud services Identity Audit Interfaces Identity Services Platform
    • Identity Assurance
      • Federated Authentication (including MFA) for high-assurance identity verification
      • User-Centric Identity Schemes (like OpenID and OAuth) for consumer authentication and lightweight federation
      • Fraud Prevention
        • Identity Proofing
        • Risk Forensics
    • Identity Administration
      • User and Role Lifecycle Management
        • Approval-based Administration
        • Account Provisioning and De-Provisioning
        • Change Notification
      • Credential Management
      • Centralized Self-Service
        • Profile and Password Management
    • Identity Authorization
      • Policy Definition and Management
        • Standard-based
        • Replication and Synchronization of policies
      • Fine-Grained Policy Enforcement
        • Support for Distributed, real-time, high performance Policy Enforcement Points
        • Enforce Separation of Duties policies
        • Support Claims-based model
    • Identity Hub
      • Identity Service that provides access to Identity Data
        • Support for Virtualization over multiple authoritative sources
      • Secure storage of Credentials
      • Privacy Controls with Identity Governance Framework
        • Declarative Governance Model for how identity data is provided and consumed
        • Implements the Principle of Least Knowledge and Minimal Disclosure
        • Support both definitive (date of birth) and derived (over 21) identity data
        • Attribute declaration
        • Usage Constraints
    • Identity Audit
      • Identity Auditing
        • Common Audit Framework
        • Centralized Identity Warehouse
      • Compliance Reporting
      • Access Certification Services
      • Analytics
        • Preventive and Detective Controls
        • Mining
        • Event Correlation
        • Activity Monitoring
    • Moving IdM Services into the Cloud Enterprise Identity Management Cloud-based Identity Service Providers Adopting the Identity Service Platform means never having to worry about where your Identity Service is deployed
    • Many Services already in the Cloud
      • User Authentication
      • Identity Proofing based on Public Databases
      • Identity Risk Assessment
      • Identity Oracles
      • User Provisioning
    • Becoming a Cloud Service Provider Enterprise Identity Management Cloud-based Relying Parties Adopting the Identity Service Platform enables an enterprise to become an Identity SP for other Cloud Services (RPs)
    • The Cloud Identity Model IAM Service Provider Identity Administration Service Identity Services Platform Identity Hub Service Business Service Provider Consumer Identity Authorization Service Identity Assurance Service Identity Assurance Service Identity Audit Service Identity Services Platform Identity Services Platform
      • All participants have interoperable identity services
      • Every participant can be both the service provider and service consumer
    • Agenda
      • The X’s of Cloud Computing
      • The Identity Factor
      • The Identity Platform for the Cloud
      • Putting it All Together
      <Insert Picture Here>
    • A Path into the Cloud Service Externalization Build A Private Cloud Extend to Hybrid/Public Clouds
      • Develop your company's security policy toward cloud computing
      • Implement IdS platform by leveraging standards-based IdM tools
      • Use private cloud build-out to validate policies, controls & interfaces
      • Evaluate cloud providers the same way you would internal systems
        • Insist they be interoperable with your identity services
      • Put in place detective controls
      Define Cloud Security Policy
    • Oracle Identity Management Can Help Audit & Compliance Manageability Access Management Identity Administration Directory Services
      • Access Manager
      • Adaptive Access Manager
      • Enterprise Single Sign-On
      • Identity Federation
      • Entitlements Server
      • Identity Manager
      • Role Manager
      • Internet Directory
      • Virtual Directory
      • Identity Management Suite
      • Enterprise Manager IdM Pack
    • Build your Identity Services Platform Check out my OpenWorld 2008 session (S298923) on “Building an Identity Services Layer with Oracle Identity Management OIM + OIA + CAF Identity Audit OPSS Interfaces OIM Identity Administration OES + OAAM Identity Authorization OAM + OAAM Identity Assurance OVD + IGF (+ OID, if needed) Identity Hub Implement Using Identity Service
    • Oracle IdM in the Cloud
      • Identity Assurance
      • BT Identity Services includes Managed Fraud and URU Identity Verification Services that relies on OAAM
      • Identity Administration
      • CUNY provisioning deployment spans Peoplesoft hosted by Cedar-Crestone and other apps in their datacenter
      • Identity Administration
      • Embry Riddle is provisioning to hosted Microsoft Online
      • Identity Services
      • EDS offering the whole Identity Management suite to partners as a hosted/managed service
    • Unlocking the Potential
      • Security built right into the platform
      • Multi-Tenant model spreads the cost of security across
      • Vendors have incentive to standardize, interoperate
      • Introduce greater rigor and best practices into business policy and governance
      Transforming IT Cloud architecture actually lends itself to a far more robust and reliable security architecture.
    • To Learn More
      • Oracle Identity Management
      • Visit: www.oracle.com/identity
      • Oracle Cloud Computing
      • Visit: www.oracle.com/us/technologies/cloud
      • Continue the Discussion
      • Blog: blog.talkingidentity.com
      • Twitter: @ nishantk
    • While at OpenWorld
      • EDS Automates Infrastructure Outsourcing Provisioning Processes with Oracle Identity Manager
      • Monday October 12 | 2:30pm | Marriot Hotel Salon 2
      • Quantifying the Benefits of Oracle Identity Management at the City of University of New York
      • Monday October 12 | 4:00pm | Moscone South 308
      • Benefits and Challenges of Centralized Entitlements
      • Tuesday October 13 | 11:30am | Marriott Hotel Salon 3
      • Identity Administration Services and Standards
      • Thursday October 15 | 9:00am | Marriott Hotel Salon 8
    •