Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Identity Summit 2015: Aol Case Study. Multi-Tenancy in the Enterprise.

2,850 views

Published on

As security threats become more sophisticated and the network security perimeter falls to an identity based solution, it becomes critical to centralize the identity services function in order to apply expert knowledge to combat these attacks. At the same time, corporations are constantly acquiring new companies that have their own, often insecure, identity solutions that need to be addressed in a timely manner. Trying to assimilate all these acquisitions into a single corporate identity namespace is not tenable from a time-frame perspective. One solution is to support multi-tenancy within the enterprise to allow these acquisitions, or even disparate groups within the enterprise, to have their “own” identity solution that is centrally managed and protected. This talk will explore the rationale and projected path for multi-tenancy within AOL.

Published in: Technology
  • Be the first to comment

Identity Summit 2015: Aol Case Study. Multi-Tenancy in the Enterprise.

  1. 1. MULTI-TENANCY IN THE ENTERPRISE AN AOL CASE STUDY
  2. 2. Copyright © Identity Summit 2015, all rights reserved. MEET AOL NOT AMERICA ONLINE MEMBERSHIPCONTENTADVERTISING
  3. 3. Copyright © Identity Summit 2015, all rights reserved. CULTURE AND CODE
  4. 4. Copyright © Identity Summit 2015, all rights reserved. ACQUISITIONS
  5. 5. Copyright © Identity Summit 2015, all rights reserved. AOL: A COMPANY OF BRANDS ADVERTISING CONTENT MEMBERSHIP
  6. 6. EXAMPLE: AOL CORP • Specialized corp password policy • Highly integrated with onboarding/offboarding process • Leverages identity data store external to identity system • Branded identity management UI Copyright © Identity Summit 2015, all rights reserved.
  7. 7. EXAMPLE: AOL ADVERTISING • Support external customers • Different password policy requirements • Roles and access control Copyright © Identity Summit 2015, all rights reserved.
  8. 8. LET THE EXPERTS BE EXPERTS! • A brand needs to remain laser-focused on its product • Identity management requires a focused skillset Copyright © Identity Summit 2015, all rights reserved.
  9. 9. Copyright © Identity Summit 2015, all rights reserved. SECURITY THREATS
  10. 10. SECURITY THREATS ON THE RISE • Over the last 10 years the number of data breaches has been steadily growing • An astounding 43% of companies in the US were hit by a data breach, according to a 2014 study by Experian and Ponemon – a 10% increase from the previous year Copyright © Identity Summit 2015, all rights reserved. http://www.informationisbeautiful.net/vis ualizations/worlds-biggest-data- breaches-hacks/
  11. 11. SECURITY ATTACKS CONSTANTLY CHANGING POS SYSTEM COMPROMISECopyright © Identity Summit 2015, all rights reserved. SOPHISTICATED NATION-STATE ATTACK CONTENT BREACH
  12. 12. Copyright © Identity Summit 2015, all rights reserved. GONE ARE THE DAYS OF FAIL-SAFE FIREWALLS“ “
  13. 13. BENEFITS OF A CENTRAL IDENTITY SYSTEM • Maximize specific skill sets • Protect critical enterprise assets • Enhance security • Provide autonomy and customization Copyright © Identity Summit 2015, all rights reserved.
  14. 14. Copyright © Identity Summit 2015, all rights reserved. THE SOLUTION
  15. 15. MULTI-TENANT SOLUTION • Standards Based (OpenID Connect & OAuth2) • Single-Sign-On only within a Tenant • Self-Provisioning Tools • Dynamic risk-based security protections Copyright © Identity Summit 2015, all rights reserved.
  16. 16. DEPLOYMENT STRATEGY: DEVOPS Copyright © Identity Summit 2015, all rights reserved. Automated Tests Continuous Security Testing Monitor and Alarm Dynamic Provisioning of Test Environments A/B Deployment Strategy Source Quality Gates
  17. 17. PUBLIC CLOUD DEPLOYMENT • Encryption of data at rest • Risk-based security protections • API Authorization (PKI-based) Copyright © Identity Summit 2015, all rights reserved.
  18. 18. ARCHITECTURE DIAGRAM Copyright © Identity Summit 2015, all rights reserved.
  19. 19. FEATURES AND BENEFITS Copyright © Identity Summit 2015, all rights reserved. • Customizable workflows for partners • Cost effective and quick-to-market customer onboarding • Automated provisioning capabilities • End-user and admin email notifications • Dashboard for partners to track registrations and AuthN/AuthZ requests • Enhanced audit controls
  20. 20. CHALLENGES • Tools to simplify standard deployments • Authorized access to on-premise Identity stores (e.g. brand specific Active Directory) • Self-provisioning tools that support necessary roles within the multi-tenant ecosystem • Federations between tenants and/or consumer facing systems • Registration fraud (when self-provisioning allowed) • Securing data access in multi-tenant deployment Copyright © Identity Summit 2015, all rights reserved.
  21. 21. Q&A Copyright © Identity Summit 2015, all rights reserved.

×