SlideShare a Scribd company logo

Cloud computing identity management summary

Brandon Dunlap
Brandon Dunlap

Deloitte Consulting's slide deck on Cloud Computing and Identity Management mentioned on the (ISC)2 ThinkT@nk roundtable from October 13th, 2010.

TechnologyBusiness
1 of 12
Download to read offline
Leveraging existing IAM systems in a new cloud computing environment Overview Deloitte & Touche LLP October O t b 2010
Cloud computing adoption is growing with mainstream organizations piloting targeted deployments…… Business models are Business models are evolving to partnerships and shaping cloud networks of companies, forming a product or service adoption… delivery chain to the end customer. Traditional IT is being Executives are demanding increased agility and highly challenged… collaborative IT architectures, challenging traditional IT and resulting in increased demand for cloud computing. Identity is key to Identity is key to the operation and delivery of any cloud y y y y p y y enabling services in the services. Authentication of users and control of access cloud. . . to services is inherent to the success of cloud computing. Solutions exist today for S l ti i tt d f Existing E i ti IAM vendors are making a play i th market d ki l in the k t cloud environments and place. Industry standards like SAML 2.0, WS-* etc. the industry is provide an open and interoperable way to enable innovating… federation and trust in a cloud. 2 Copyright © 2010 Deloitte Development LLC. All rights reserved.
… with various business services and deployment models. Cloud Families Cloud computing can be broken down into SaaS, PaaS and IaaS Software-as-a-Service (SaaS) Platform-as-a-Service (PaaS) Infrastructure-as-a-Service (IaaS) As-a-service delivery of applications As-a-service delivery of tools for targeted at private users (e.g. social As-a-service delivery of virtual CPUs, disk development, testing, deployment, hosting networking, micro-blogging) and business space, and database services and application maintenance users (e.g. ERP, CRM) Cloud Implementation Models Other groupings of Cloud offerings can be made such as the distinction between public (or vendor), private, and hybrid Clouds Public Private Hybrid Services from vendors can be accessed Computing architectures are built , across the Internet using systems in one or managed, and used internally in an Environment in which an organization more data centers shared among multiple centers, enterprise using a shared services model provides and manages some resource in in- customers, and with varying degrees of with variable usage of a common pool of house and has others provided externally data privacy controls virtualized computing resources 3 Copyright © 2010 Deloitte Development LLC. All rights reserved.
As organizations adopt a cloud model, there are many questions around identity management in a cloud environment... y g Where can identity How can I leverage an IDM infrastructure to manage various cloud deployment management help? models? How are trust relationships established between my organization and the cloud vendor? What are the risks What are the top IDM risks when I move to a cloud environment and why? and challenges? Are there any unique challenges related to Provisioning, Role management, Entitlement management / certification? What standards exist How does a IDM technical architecture / solution deployment look in a cloud? today? What standards exist today? What are the gaps? What can be expected in next 1-2 years? What does vendor roadmap look like? p What is the path to What is the process of transition and What are questions to ask? adoption? What are solutions to consider? Are there any liability concerns? What other Are there opportunities to put my IDM infrastructure into the cloud? opportunities exist? What does that architecture/solution look like? What are the risks? How do I overcome them? How to assess and How should I assess IDM infrastructure supporting a cloud deployment? operate? What does the audit plan look like, what questions must it include? What testing should be conducted? 4 Copyright © 2010 Deloitte Development LLC. All rights reserved.
Identity management fits into the cloud computing equation in two operating models … p g Description • Extends the functionality of an existing Identity and Access Management infrastructure to manage Cloud Service the identities and services in a cloud. Providers • Standards defined to provide interoperability IDM for a between on-premises and in-cloud applications Identity & Access Cloud g Management • Strong authentication and encryption for added security and protection to data and assets it d t ti t d t d t • Ability to leverage and sustain existing risk, compliance, and privacy controls built within the enterprise • An IAM solution hosted in a cloud may be used to managed identities and services in a cloud or Cloud outside a cloud. Service Providers • Ability to pay only for the IAM functionality required IDM in a Identity & • Reduction in costs related to maintenance of IAM Cloud Access solutions Management • Limited in-house expertise required to support the IAM infrastructure and business processes p • On-demand increase of capacity, functionality, pre-determined SLAs, and accountability 5 Copyright © 2010 Deloitte Development LLC. All rights reserved.
Integration is achieved by leveraging existing IAM technology and standards… Hybrid Cloud Public Cloud IaaS / PaaS Provider IaaS / PaaS Provider SaaS Provider Identity & Access Management Identity & Access Users Management Users Corporate Directory Corporate Directory Secure Enterprise Network • Establishes a site-to-site VPN or similar secure connectivity • Leverages widely accepted standards such as Security with the Cloud Service Provider (CSP) Assertion Markup Language (SAML) and WS-Federation WS Federation • Integrates the existing IAM solution with the CSP platform for authentication and authorization (IaaS / PaaS) in a less complex manner • Provisions using standards such as Security Provisioning • Flexible to use a centralized directory or localized directory Markup Language (SPML) for user authentication • Integration with the CSP may have some technical g challenges 6 Copyright © 2010 Deloitte Development LLC. All rights reserved.
While IDM solutions continue to face challenges in the context of cloud computing, these are not new and can be addressed… p g, Challenges What Can you Do? • Cross domain user provisioning • Segregation of the user management activities • Single directory authentication • SLAs and contractual agreements with CSP User • De-provisioning of users • Maturity of existing solution Provisioning • Limited connectors for cloud • Interoperability with cloud systems • Integration with on-demand applications • Standards adoption (XACML) • Proliferating on demand user accounts on-demand • Cross-domain, web-based single sign-on and cross-domain user attribute exchange. • Authentication and Authorization standards Access • Interoperability of proprietary solutions with leveraged (e.g. SAML, SPML, etc.) Management new IAM cloud solutions. • Identity Assurance and Credentialized solutions y • Supporting non-repudiation • Certifying access across disparate systems • Adequacy of access control solutions • Cross-domain role/entitlement management • Access Certification - Integration with existing • Role Based vs. C a s Based Access o e ased s Claims ased ccess processes. • Maintenance and management of the Role/Entitlement entitlement warehouse • Lack of transparency into proprietary Management components • Existing in-house proprietary solutions • Restructuring of the role management • Hosted IAM vendor’s role and entitlement vision framework to meet the needs of the cloud 7 Copyright © 2010 Deloitte Development LLC. All rights reserved.
Adoption of an IDM cloud solution requires organizations to take key first steps… p Identify Shape Execute Identify optimal solution – IDM Articulate a IDM cloud strategy Execute IDM cloud strategy and for cloud or IDM in the Cloud and vision and determine deploy IDM cloud solution readiness • Identify the service model and • Evaluate the CSPs IDM • Develop a migration/ the role of IDM for the cloud practices/procedures implementation plan deployment model • Determine the standards for the IDM • Execute management, monitoring • Define the operating model for functionality to adopt in the near and migration IDM (IDM for a Cloud or IDM in a future • Conduct training and awareness cloud) • Define IDM in/for cloud architecture sessions for stakeholders and end • Conduct a TCO analysis and conduct a readiness users including future growth assessment • Determine the security and • Determine ownership, maintenance, compliance requirements and liability of data. • Identify the impact to current IDM • Define contractual requirements with strategy CSPs 8 Copyright © 2010 Deloitte Development LLC. All rights reserved.
Periodic assessment of IDM solutions supporting the clouds is critical to successful adoption… p Input Assessment Activities Output Provisioning / De- Step 1 provisioning; Review IAM requirements for Requirements and Authentication cloud based services & architecture gap analysis Federation; Assess Architecture Solution User Profile Management; Compliance Management; Step 2 Risk matrix including Data Privacy Risks; Data Determine Risks associated potential vulnerabilities and Ownership; Organizational with each architecture / risk ratings Standards solution Step 3 Current Controls Control gaps and Review security and Planned/Modified Controls recommendations compliance controls Step 4 Violations and remediation User Access Snapshot Access Recertification requirements 9 Copyright © 2010 Deloitte Development LLC. All rights reserved.
Key Takeaways.. Cloud computing is a reality. It is happening and organizations need to address the security and risk components of clouds -- IDM solutions can help. p Federation is key to enable IDM for cloud computing. Organizations need to address liability, trust, and privacy issues as they embark upon the IDM and cloud journey. Vendors are developing innovative solutions to help accelerate IDM adoption p g p p for cloud computing. Organizations need to develop a comprehensive approach to IDM that g p p pp includes an assessment/measurement component. THE KEY TO SUCCESS IS BEING ON THE PATH TO ADOPTION. 10 Copyright © 2010 Deloitte Development LLC. All rights reserved.
Contact information For additional information p please contact: Irfan Saif Principal Enterprise Risk Services isaif@deloitte.com i if@d l itt +1 408 704 4109 11 Copyright © 2010 Deloitte Development LLC. All rights reserved.
Cloud computing identity management summary

Recommended

IAM Tools
IAM ToolsIAM Tools
IAM ToolsAidy Tificate
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference ArchitectureHannu Kasanen
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT Center
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies
 
Mt26 identity management as a service
Mt26 identity management as a serviceMt26 identity management as a service
Mt26 identity management as a serviceDell World
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum
 

Recommended

IAM Tools
IAM ToolsIAM Tools
IAM ToolsAidy Tificate
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference ArchitectureHannu Kasanen
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT Center
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies
 
Mt26 identity management as a service
Mt26 identity management as a serviceMt26 identity management as a service
Mt26 identity management as a serviceDell World
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access ManagementPrashanth BS
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTProf. Jacques Folon (Ph.D)
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Systems, Inc.
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyNetwork Intelligence India
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Toolsijtsrd
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode
 
IAM Cloud
IAM CloudIAM Cloud
IAM CloudAidy Tificate
 
Identity as a Service: a missing gap for moving enterprise applications in In...
Identity as a Service: a missing gap for moving enterprise applications in In...Identity as a Service: a missing gap for moving enterprise applications in In...
Identity as a Service: a missing gap for moving enterprise applications in In...Hoang Tri Vo
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - finalOracleIDM
 
5 reasons your iam solution will fail
5 reasons your iam solution will fail5 reasons your iam solution will fail
5 reasons your iam solution will failIBM Security
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...CloudEntr
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM Sverige
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
IntraLinks Company Overview
IntraLinks Company OverviewIntraLinks Company Overview
IntraLinks Company Overviewtillbrennan
 
SailPoint - IdentityNow Identity Governance
SailPoint - IdentityNow Identity GovernanceSailPoint - IdentityNow Identity Governance
SailPoint - IdentityNow Identity GovernanceArijan Horvat
 
IBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Sverige
 
IdM vs. IDaaS
IdM vs. IDaaSIdM vs. IDaaS
IdM vs. IDaaSDrew Koenig
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIBM Security
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securityn|u - The Open Security Community
 

More Related Content

What's hot

Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access ManagementPrashanth BS
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Systems, Inc.
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Toolsijtsrd
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode
 
Identity as a Service: a missing gap for moving enterprise applications in In...
Identity as a Service: a missing gap for moving enterprise applications in In...Identity as a Service: a missing gap for moving enterprise applications in In...
Identity as a Service: a missing gap for moving enterprise applications in In...Hoang Tri Vo
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - finalOracleIDM
 
5 reasons your iam solution will fail
5 reasons your iam solution will fail5 reasons your iam solution will fail
5 reasons your iam solution will failIBM Security
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...CloudEntr
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM Sverige
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
IntraLinks Company Overview
IntraLinks Company OverviewIntraLinks Company Overview
IntraLinks Company Overviewtillbrennan
 
SailPoint - IdentityNow Identity Governance
SailPoint - IdentityNow Identity GovernanceSailPoint - IdentityNow Identity Governance
SailPoint - IdentityNow Identity GovernanceArijan Horvat
 
IBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Sverige
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIBM Security
 

What's hot (20)

Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Tools
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solution
 
IAM Cloud
IAM CloudIAM Cloud
IAM Cloud
 
Identity as a Service: a missing gap for moving enterprise applications in In...
Identity as a Service: a missing gap for moving enterprise applications in In...Identity as a Service: a missing gap for moving enterprise applications in In...
Identity as a Service: a missing gap for moving enterprise applications in In...
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - final
 
5 reasons your iam solution will fail
5 reasons your iam solution will fail5 reasons your iam solution will fail
5 reasons your iam solution will fail
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and Trends
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity Manager
 
IntraLinks Company Overview
IntraLinks Company OverviewIntraLinks Company Overview
IntraLinks Company Overview
 
SailPoint - IdentityNow Identity Governance
SailPoint - IdentityNow Identity GovernanceSailPoint - IdentityNow Identity Governance
SailPoint - IdentityNow Identity Governance
 
IBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - Portfolio
 
IdM vs. IDaaS
IdM vs. IDaaSIdM vs. IDaaS
IdM vs. IDaaS
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For Compliance
 

Similar to Cloud computing identity management summary

The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...Intergen
 
Contrast cbt cloud computing - v.2
Contrast cbt cloud computing - v.2Contrast cbt cloud computing - v.2
Contrast cbt cloud computing - v.2contrastcbt
 
Cloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaCloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaAsheem Chandna
 
Private cloudoverview
Private cloudoverviewPrivate cloudoverview
Private cloudoverviewCynthia Sech
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...ptaglephd
 
Perfect Storm: HR in the Cloud
Perfect Storm: HR in the CloudPerfect Storm: HR in the Cloud
Perfect Storm: HR in the CloudStanton Jones
 
Intel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntelAPAC
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4EnterpriseGRC Solutions, Inc.
 
Business and Online Services - Ben Kepes
Business and Online Services - Ben KepesBusiness and Online Services - Ben Kepes
Business and Online Services - Ben KepesIntergen
 
Intel Cloud Summit 2012 ODCA + NAB
Intel Cloud Summit 2012 ODCA + NABIntel Cloud Summit 2012 ODCA + NAB
Intel Cloud Summit 2012 ODCA + NABIntelAPAC
 
ON event - May 2010
ON event - May 2010ON event - May 2010
ON event - May 2010Ben Kepes
 
Cloud Computing Webinar
Cloud Computing WebinarCloud Computing Webinar
Cloud Computing WebinarSaif Ahmad
 
2010 Cloud Computing
2010 Cloud Computing2010 Cloud Computing
2010 Cloud Computingck4eric
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?doan_slideshares
 
Enabling Innovation & Integration to the Cloud
Enabling Innovation & Integration to the CloudEnabling Innovation & Integration to the Cloud
Enabling Innovation & Integration to the CloudInnoTech
 
Cloud Computing for Banking - Accenture
Cloud Computing for Banking - AccentureCloud Computing for Banking - Accenture
Cloud Computing for Banking - AccentureKim Jensen
 

Similar to Cloud computing identity management summary (20)

The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...
 
Contrast cbt cloud computing - v.2
Contrast cbt cloud computing - v.2Contrast cbt cloud computing - v.2
Contrast cbt cloud computing - v.2
 
Cloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaCloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - Chandna
 
Private cloudoverview
Private cloudoverviewPrivate cloudoverview
Private cloudoverview
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
 
Perfect Storm: HR in the Cloud
Perfect Storm: HR in the CloudPerfect Storm: HR in the Cloud
Perfect Storm: HR in the Cloud
 
Intel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentation
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
 
Business and Online Services - Ben Kepes
Business and Online Services - Ben KepesBusiness and Online Services - Ben Kepes
Business and Online Services - Ben Kepes
 
Intel Cloud Summit 2012 ODCA + NAB
Intel Cloud Summit 2012 ODCA + NABIntel Cloud Summit 2012 ODCA + NAB
Intel Cloud Summit 2012 ODCA + NAB
 
Leverage Cloud Computing for the enterprise market
Leverage Cloud Computing for the enterprise marketLeverage Cloud Computing for the enterprise market
Leverage Cloud Computing for the enterprise market
 
ON event - May 2010
ON event - May 2010ON event - May 2010
ON event - May 2010
 
Sukhbir jasuja digital_trends_11
Sukhbir jasuja digital_trends_11Sukhbir jasuja digital_trends_11
Sukhbir jasuja digital_trends_11
 
Cloud Computing Webinar
Cloud Computing WebinarCloud Computing Webinar
Cloud Computing Webinar
 
2010 Cloud Computing
2010 Cloud Computing2010 Cloud Computing
2010 Cloud Computing
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?
 
Enabling Innovation & Integration to the Cloud
Enabling Innovation & Integration to the CloudEnabling Innovation & Integration to the Cloud
Enabling Innovation & Integration to the Cloud
 
Cloud Computing for Banking - Accenture
Cloud Computing for Banking - AccentureCloud Computing for Banking - Accenture
Cloud Computing for Banking - Accenture
 

Recently uploaded

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Cloud computing identity management summary

  • 1. Leveraging existing IAM systems in a new cloud computing environment Overview Deloitte & Touche LLP October O t b 2010
  • 2. Cloud computing adoption is growing with mainstream organizations piloting targeted deployments…… Business models are Business models are evolving to partnerships and shaping cloud networks of companies, forming a product or service adoption… delivery chain to the end customer. Traditional IT is being Executives are demanding increased agility and highly challenged… collaborative IT architectures, challenging traditional IT and resulting in increased demand for cloud computing. Identity is key to Identity is key to the operation and delivery of any cloud y y y y p y y enabling services in the services. Authentication of users and control of access cloud. . . to services is inherent to the success of cloud computing. Solutions exist today for S l ti i tt d f Existing E i ti IAM vendors are making a play i th market d ki l in the k t cloud environments and place. Industry standards like SAML 2.0, WS-* etc. the industry is provide an open and interoperable way to enable innovating… federation and trust in a cloud. 2 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  • 3. … with various business services and deployment models. Cloud Families Cloud computing can be broken down into SaaS, PaaS and IaaS Software-as-a-Service (SaaS) Platform-as-a-Service (PaaS) Infrastructure-as-a-Service (IaaS) As-a-service delivery of applications As-a-service delivery of tools for targeted at private users (e.g. social As-a-service delivery of virtual CPUs, disk development, testing, deployment, hosting networking, micro-blogging) and business space, and database services and application maintenance users (e.g. ERP, CRM) Cloud Implementation Models Other groupings of Cloud offerings can be made such as the distinction between public (or vendor), private, and hybrid Clouds Public Private Hybrid Services from vendors can be accessed Computing architectures are built , across the Internet using systems in one or managed, and used internally in an Environment in which an organization more data centers shared among multiple centers, enterprise using a shared services model provides and manages some resource in in- customers, and with varying degrees of with variable usage of a common pool of house and has others provided externally data privacy controls virtualized computing resources 3 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  • 4. As organizations adopt a cloud model, there are many questions around identity management in a cloud environment... y g Where can identity How can I leverage an IDM infrastructure to manage various cloud deployment management help? models? How are trust relationships established between my organization and the cloud vendor? What are the risks What are the top IDM risks when I move to a cloud environment and why? and challenges? Are there any unique challenges related to Provisioning, Role management, Entitlement management / certification? What standards exist How does a IDM technical architecture / solution deployment look in a cloud? today? What standards exist today? What are the gaps? What can be expected in next 1-2 years? What does vendor roadmap look like? p What is the path to What is the process of transition and What are questions to ask? adoption? What are solutions to consider? Are there any liability concerns? What other Are there opportunities to put my IDM infrastructure into the cloud? opportunities exist? What does that architecture/solution look like? What are the risks? How do I overcome them? How to assess and How should I assess IDM infrastructure supporting a cloud deployment? operate? What does the audit plan look like, what questions must it include? What testing should be conducted? 4 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  • 5. Identity management fits into the cloud computing equation in two operating models … p g Description • Extends the functionality of an existing Identity and Access Management infrastructure to manage Cloud Service the identities and services in a cloud. Providers • Standards defined to provide interoperability IDM for a between on-premises and in-cloud applications Identity & Access Cloud g Management • Strong authentication and encryption for added security and protection to data and assets it d t ti t d t d t • Ability to leverage and sustain existing risk, compliance, and privacy controls built within the enterprise • An IAM solution hosted in a cloud may be used to managed identities and services in a cloud or Cloud outside a cloud. Service Providers • Ability to pay only for the IAM functionality required IDM in a Identity & • Reduction in costs related to maintenance of IAM Cloud Access solutions Management • Limited in-house expertise required to support the IAM infrastructure and business processes p • On-demand increase of capacity, functionality, pre-determined SLAs, and accountability 5 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  • 6. Integration is achieved by leveraging existing IAM technology and standards… Hybrid Cloud Public Cloud IaaS / PaaS Provider IaaS / PaaS Provider SaaS Provider Identity & Access Management Identity & Access Users Management Users Corporate Directory Corporate Directory Secure Enterprise Network • Establishes a site-to-site VPN or similar secure connectivity • Leverages widely accepted standards such as Security with the Cloud Service Provider (CSP) Assertion Markup Language (SAML) and WS-Federation WS Federation • Integrates the existing IAM solution with the CSP platform for authentication and authorization (IaaS / PaaS) in a less complex manner • Provisions using standards such as Security Provisioning • Flexible to use a centralized directory or localized directory Markup Language (SPML) for user authentication • Integration with the CSP may have some technical g challenges 6 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  • 7. While IDM solutions continue to face challenges in the context of cloud computing, these are not new and can be addressed… p g, Challenges What Can you Do? • Cross domain user provisioning • Segregation of the user management activities • Single directory authentication • SLAs and contractual agreements with CSP User • De-provisioning of users • Maturity of existing solution Provisioning • Limited connectors for cloud • Interoperability with cloud systems • Integration with on-demand applications • Standards adoption (XACML) • Proliferating on demand user accounts on-demand • Cross-domain, web-based single sign-on and cross-domain user attribute exchange. • Authentication and Authorization standards Access • Interoperability of proprietary solutions with leveraged (e.g. SAML, SPML, etc.) Management new IAM cloud solutions. • Identity Assurance and Credentialized solutions y • Supporting non-repudiation • Certifying access across disparate systems • Adequacy of access control solutions • Cross-domain role/entitlement management • Access Certification - Integration with existing • Role Based vs. C a s Based Access o e ased s Claims ased ccess processes. • Maintenance and management of the Role/Entitlement entitlement warehouse • Lack of transparency into proprietary Management components • Existing in-house proprietary solutions • Restructuring of the role management • Hosted IAM vendor’s role and entitlement vision framework to meet the needs of the cloud 7 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  • 8. Adoption of an IDM cloud solution requires organizations to take key first steps… p Identify Shape Execute Identify optimal solution – IDM Articulate a IDM cloud strategy Execute IDM cloud strategy and for cloud or IDM in the Cloud and vision and determine deploy IDM cloud solution readiness • Identify the service model and • Evaluate the CSPs IDM • Develop a migration/ the role of IDM for the cloud practices/procedures implementation plan deployment model • Determine the standards for the IDM • Execute management, monitoring • Define the operating model for functionality to adopt in the near and migration IDM (IDM for a Cloud or IDM in a future • Conduct training and awareness cloud) • Define IDM in/for cloud architecture sessions for stakeholders and end • Conduct a TCO analysis and conduct a readiness users including future growth assessment • Determine the security and • Determine ownership, maintenance, compliance requirements and liability of data. • Identify the impact to current IDM • Define contractual requirements with strategy CSPs 8 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  • 9. Periodic assessment of IDM solutions supporting the clouds is critical to successful adoption… p Input Assessment Activities Output Provisioning / De- Step 1 provisioning; Review IAM requirements for Requirements and Authentication cloud based services & architecture gap analysis Federation; Assess Architecture Solution User Profile Management; Compliance Management; Step 2 Risk matrix including Data Privacy Risks; Data Determine Risks associated potential vulnerabilities and Ownership; Organizational with each architecture / risk ratings Standards solution Step 3 Current Controls Control gaps and Review security and Planned/Modified Controls recommendations compliance controls Step 4 Violations and remediation User Access Snapshot Access Recertification requirements 9 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  • 10. Key Takeaways.. Cloud computing is a reality. It is happening and organizations need to address the security and risk components of clouds -- IDM solutions can help. p Federation is key to enable IDM for cloud computing. Organizations need to address liability, trust, and privacy issues as they embark upon the IDM and cloud journey. Vendors are developing innovative solutions to help accelerate IDM adoption p g p p for cloud computing. Organizations need to develop a comprehensive approach to IDM that g p p pp includes an assessment/measurement component. THE KEY TO SUCCESS IS BEING ON THE PATH TO ADOPTION. 10 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  • 11. Contact information For additional information p please contact: Irfan Saif Principal Enterprise Risk Services isaif@deloitte.com i if@d l itt +1 408 704 4109 11 Copyright © 2010 Deloitte Development LLC. All rights reserved.