Identity and SecuringContinuous Services inDiscontinuous InfrastructureSteve Coplan, AnalystCLIENT EVENT: BOSTON, DECEMBER 1, 2010
The 451 Group Analyzing the business of Enterprise IT Innovation Unique Analysis of the Hosting, Managed Service, Third-Party Datacenter and Internet Infrastructure sectors The Uptime Institute is the leading independent think tank and research body serving the global datacenter industry.
About§ Longstanding member of the 451 analyst team§ Startup experience at acquired security vendor§ Expertise in M&A, networks§ Only security analyst with a degree in Zulu3 Client Event: Security |
Agenda§ What do mean by identity in the cloud?§ Cloud security models from an IAM perspective§ Security models and compliance§ Cloud, security and identity in the cloud§ The transition from identity in the cloud to cloud identity§ Whats the identity in the cloud opportunity?4 Client Event: Security |
The Intersection of Cloud and IdentityEnterprise identity Cloud service providers§ Authenticated employee § Customer§ Group member § Service provisioning construct (revenue§ Provisioning Target event)§ Role-defined § Customer profile§ Authorization set § Service contention priority § SLA inputCloud can be a: ● Shared resource (customer, partner, employee) ● Private cloud ● Off-premise servers, storage, applications ● HybridCloud users can be: ● IT administrators buying cloud resources ● Enterprise users consuming SaaS applications ● Developers running applications/QA on PaaS ● Cloud service providers running a set of services for enterprises5 Client Event: Security |
Objective and Outcome-Oriented SecurityOutcome: Objective:§ Ensure everyone does what § Secure the infrastructure they are supposed to and IT operations§ Establish a normative set of § Keep out the bad guys behaviors around the • How to translate this objective to transfer and consumption of a discontinuous infrastructure? information • How to translate this outcome to a set of continuous services?6 Client Event: Security |
Defining Outcome-Oriented Security§ Outcome-oriented security is contingent on a set of policy statements§ Policy - A principle or rule to guide decisions and achieve rational outcome(s)Central policy definition is great, but what about exceptions?Policy is king, but a king in a constitutional monarchy§ Business owners, application owners need delegation capabilities7 Client Event: Security |
Outcome-Oriented Security and ComplianceGrowing overlap in spending, definitions and operations between compliance and policy § Need to drive automation of compliance processes leads to governance, eg access certification § Visibility is compliance’s greatest gift88 Client Event: Security |
Defining Outcome-Oriented SecurityQuestions remain: § How can we enforce stated policy?A stated policy does not an enforced policy makeHow do we define current state against stated outcome?Visibility is only a precursor to enforcement § Where does trust, privacy and liability fit in?99 Client Event: Security |
What does this have to do with identity and the cloud?Identity is important because:§ Compliance requirements invoke identity attributes or definitions, access controls and authentication§ Identity pivot construct in defining access controls for the cloud • Need to know who you are to describe what you can/can’t do§ Identity single control construct for multiple resources • SSO functions as a normalized event stream for a user • Cloud Hybridization, Desktop Virtualization, Device Proliferation escalate need for a consolidated identity and abstracted attributes10 Client Event: Security |
What does this have to do with identity and the cloud?Identity in the cloud is important because:§ Identity is the common point of reference for discontinuous infrastructure§ Identity is the a key parameter for making sense of visibility§ Who is the first question from a business context and by extension policy11 Client Event: Security |
The Intersection of Cloud and IdentityIdentity management Cloud service providersvendors are from Venusare from Mars § View identity as a platform§ View identity as a middleware component layer or service § View identity as an service§ View cloud, virtualization and enablement construct mobileDifferent understanding of the function of identity§ Identity management vendors still dealing with technical challenges of portable identity§ Cloud service providers see need for portable identity associated with portable image Need for a match.com broker?13 Client Event: Security |
Identity in the cloud: A maturity model Managed Operational Native Portability portability Portability (Architecture) (Infrastructure)14 Client Event: Security |
From Identity In the Cloud to Cloud Identity: Maturity ModelMaturitystage Customers Technology Elements Providers Delivery ModelOperational Enterprise SSO Identity management Hybrid: On-premise gatewaysPortability (Identity providers) Authentication vendors (Incumbents, Federation gateways Service Providers venture-funded partners) Federation (SAML, Federation hubs (relying parties) OpenID, OAuth, WS-Fed) Platform vendors SaaS providers Application Access Paas Providers ControlInfrastructure Identity Providers Authorization (XACML Paas/SaaS Providers From the cloud Authentication,(Managed Cloud Service Providers Provisioning/Governance Identity management SSO, trust servicesPortability) Identity as a Service Cloud access gateways vendors To the cloud Providers Trust brokers Cloud service providers Provisioning User privacy stores In the cloud: Directory in the cloudArchitecture Enterprise Embedded middleware Cloud service providers In the cloud -service federation, Cloud service providers Attribute sources PaaS providers image federation(Native Attribute assurance Identity Providers Run-time authentication,Portability) authorization and provisioning Trust brokers Identity as a service Cloud federation vendors Incumbents 15 Client Event: Security |
Identity in the cloud: A tale of many markets Enterprise ID Services Transactional Extension (to, from, in the cloud) (Identity providers)17 Client Event: Security |
Identity in the cloud: Meta-issues Liability Trust/Assurance Value18 Client Event: Security |
From Identity In The Cloud to Cloud Identity: RequirementsMaturitystage Characteristics Affinities Meta-IssuesPortability Automation (+++) Compliance Automation Liability (++) Security (+) Governance Trust/Assurance (++) Granularity (+/-) Value (+)Infrastructure Automation (+++) Policy Management Liability (++) Security (++) Information Management Trust/Assurance (++) Granularity (+) Software Infrastructure as a Value (++) ServiceArchitecture Automation (++++) Service Enablement Liability (+++) Security (++) Big Data Trust/Assurance (+++) Granularity (+++) Value (+++) 19 Client Event: Security |
Identity In the Cloud: Strategic But Also Lucrative? Arms dealer Services Transactiona § Incumbents To, from and for l transitioning from the cloud enterprise sales § Diversity of new Model model Consumerization of players § § Architecture enterprise identity § New market question still Trust substrate segments open § unresolved § Tollgate model § Build or embed?20 Client Event: Security |
Identity In the Cloud: Winners and Losers?It’s how you play the gameEnd users§ Getting automation, granularity right yields security§ Sets the stage to answer the question “what could you do in the cloud”Identity management vendors§ Architectural issues, sales model major challenges§ Their game to loseIndependent identity as a service/federation/authorization vendors§ New markets, technology categories opening up21 Client Event: Security |
Identity In the Cloud: Winners and Losers?It’s how you play the gamePlatform vendors forge into the new frontier§ VMWare, Microsoft duke it out for end user tier§ PaaS players make a development, embedded run-time playIdentity providers§ If you build it, they come§ Value contingent on required trust, attribute assurance for transactionCloud service providers§ Associating a portable image with a portable identity§ Unified cloud environment/integration provider22 Client Event: Security |
Identity In The Cloud • Q&A Q&A23 Client Event: Security |
Identity In The Cloud • Q&A Thank You. Questions? firstname.lastname@example.org Client Event: Security |
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.