SlideShare a Scribd company logo

Red Hat Summit - OpenShift Identity Management and Compliance

M
Marc Boorshtein

Our presentation from Red Hat Summit on OpenShift, Identity Management and Compliance. We talk about how to apply DevOps to identity management in OpenShift and make everyone happy.

Technology
1 of 15
Download to read offline
Identity Management and Compliance in OpenShift Or “Use DevOps to Make Your Auditors and Suits Happy” Marc Boorshtein CTO, Tremolo Security Ellen Newlands Senior Security Product Manager, Cloud Business Unit at Red Hat May 3, 2017
Who Are We? Marc Boorshtein - CTO Tremolo Security, Inc. ● 15+ years of identity management implementation experience ● Multiple deployments across large commercial and federal customers Ellen Newlands - Senior Security Product Manager, Cloud Business Unit at Red Hat ● Red Hat Product Manager for Identity and Access Management ● Extensive experience in enterprise and WEB identity management and single sign-on
Why is Compliance Important to You? It’s not just for meetings and auditors... DevOps + Identity Management = ( )+
What is Compliance? When someone asks if you’re compliant... NIST 800-53 Criminal Justice Information Systems (CJIS) Step 1 - Define Your Policy Step 2 - Follow Your Policy NIST 800-53 Framework CJIS Implementation
Where Does Identity Management Fit? NIST 800-53 Criminal Justice Information Systems (CJIS) AC-2 / Authorizes access to the information system based on: 1. A valid access authorization; Request for access is approved by your manager Section 5.6.2.1.1 - Passwords Identity Management Identity Management
Identity Management Compliance Without DevOps User needs access to an application User emails boss asking for access Boss forward to admin with the word “approved” Admin creates access and stores email in special folder Auditor asks for approval trail Admin forward emails Admin tells user they’re approved :-(
Identity Management Compliance With DevOps User needs access to an application Logs into IDM and requests access Boss clicks “Approve” IDM system creates access and builds audit trail Auditor logs into IDM system Auditor pulls reports IDM system notifies user of access :-D
How this applies to OpenShift WHO? ● User Object in EtcD ● LDAP ● OpenID Connect ● Reverse Proxy + Header WHAT? ● Subject + Role + Project = RoleBinding ● Local Objects ● LDAP Sync ● oadm ● Web services WHY? ● External Workflow
Demo
DEMO
Shameless Self Promotion ● Booth 145 ○ Mobile Battery Chargers ○ Screen Cleaners ● Web - http://tremolo.io ● Twitter - @tremolosecurity / @mlbiam ● Github - https://www.github.com/tremolosecurity/ ● Blog this session is based on - https://www.tremolosecurity.com/openshift-compliance-and-identity-management/
THANK YOU plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews
How this applies to OpenShift Layer Technology In Demo Cloud ● OpenStack - Keystone ● Amazon - IAM ● etc N/A Operating System 1. LDAP 2. AD 3. SSSD Red Hat Identity Management
How this applies to OpenShift Layer Technology In Demo OpenShift Console and CLI Authentication ● LDAP ● Password File ● OpenID Connect ● Header + Reverse Proxy Authorization ● Internal User and Group objects ● Web services ● LDAP Sync Authentication ● Username + Password - KeyCloak ● U2F - Unison ● Compliance Banner - Unison ● OpenID Connect Authorization ● Unison self service Container 1. External Identity Provider 2. External User System N/A
Red Hat Summit - OpenShift Identity Management and Compliance

Recommended

The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas WSO2
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCloudIDSummit
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Vishwas Manral
 
Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Ravikumar Sathyamurthy
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou00zzj
 

Recommended

The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas WSO2
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCloudIDSummit
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Vishwas Manral
 
Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Ravikumar Sathyamurthy
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou00zzj
 
Extending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementExtending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementOkta-Inc
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice ArchitectureMatt McLarty
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT PlatformRanjith Kumar
 
Password Express - Data Sheet
Password Express - Data SheetPassword Express - Data Sheet
Password Express - Data SheetILANTUS Technologies
 
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web Day
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web DayAWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web Day
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web DayAWS Germany
 
20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD PremiumRobin Vermeirsch
 
How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS EnvironmentLahav Savir
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 
PingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to KnowPingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to KnowCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
APIs from the Edge to the Mesh
APIs from the Edge to the MeshAPIs from the Edge to the Mesh
APIs from the Edge to the MeshNordic APIs
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructuresFrancesco Chicchiriccò
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerNCCOMMS
 
Microservices: Aren't Microservices Just SOA?
Microservices: Aren't Microservices Just SOA?Microservices: Aren't Microservices Just SOA?
Microservices: Aren't Microservices Just SOA?Chris Sterling
 
Cloud Native Application Integration With APIs
Cloud Native Application Integration With APIsCloud Native Application Integration With APIs
Cloud Native Application Integration With APIsNirmal Fernando
 
Bevywise - IoT / IIoT Portfolio
Bevywise - IoT / IIoT PortfolioBevywise - IoT / IIoT Portfolio
Bevywise - IoT / IIoT PortfolioRanjith Kumar
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT PlatformRanjith Kumar
 
Identity as a Service
Identity as a ServiceIdentity as a Service
Identity as a ServicePrabath Siriwardena
 
Message based microservices architectures driven with docker
Message based microservices architectures driven with dockerMessage based microservices architectures driven with docker
Message based microservices architectures driven with dockerDocker, Inc.
 
Windows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanWindows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanDavid J Rosenthal
 
UiPath - IT Automation.pdf
UiPath - IT Automation.pdfUiPath - IT Automation.pdf
UiPath - IT Automation.pdfCristina Vidu
 
UiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdfUiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdfCristina Vidu
 

More Related Content

What's hot

Extending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementExtending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementOkta-Inc
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice ArchitectureMatt McLarty
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT PlatformRanjith Kumar
 
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web Day
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web DayAWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web Day
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web DayAWS Germany
 
20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD PremiumRobin Vermeirsch
 
How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS EnvironmentLahav Savir
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 
PingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to KnowPingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to KnowCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
APIs from the Edge to the Mesh
APIs from the Edge to the MeshAPIs from the Edge to the Mesh
APIs from the Edge to the MeshNordic APIs
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructuresFrancesco Chicchiriccò
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerNCCOMMS
 
Microservices: Aren't Microservices Just SOA?
Microservices: Aren't Microservices Just SOA?Microservices: Aren't Microservices Just SOA?
Microservices: Aren't Microservices Just SOA?Chris Sterling
 
Cloud Native Application Integration With APIs
Cloud Native Application Integration With APIsCloud Native Application Integration With APIs
Cloud Native Application Integration With APIsNirmal Fernando
 
Bevywise - IoT / IIoT Portfolio
Bevywise - IoT / IIoT PortfolioBevywise - IoT / IIoT Portfolio
Bevywise - IoT / IIoT PortfolioRanjith Kumar
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT PlatformRanjith Kumar
 
Message based microservices architectures driven with docker
Message based microservices architectures driven with dockerMessage based microservices architectures driven with docker
Message based microservices architectures driven with dockerDocker, Inc.
 
Windows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanWindows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanDavid J Rosenthal
 

What's hot (20)

Extending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementExtending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT Management
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT Platform
 
Password Express - Data Sheet
Password Express - Data SheetPassword Express - Data Sheet
Password Express - Data Sheet
 
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web Day
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web DayAWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web Day
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web Day
 
20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium
 
How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS Environment
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
 
PingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to KnowPingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to Know
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
APIs from the Edge to the Mesh
APIs from the Edge to the MeshAPIs from the Edge to the Mesh
APIs from the Edge to the Mesh
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructures
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
 
Microservices: Aren't Microservices Just SOA?
Microservices: Aren't Microservices Just SOA?Microservices: Aren't Microservices Just SOA?
Microservices: Aren't Microservices Just SOA?
 
Cloud Native Application Integration With APIs
Cloud Native Application Integration With APIsCloud Native Application Integration With APIs
Cloud Native Application Integration With APIs
 
Bevywise - IoT / IIoT Portfolio
Bevywise - IoT / IIoT PortfolioBevywise - IoT / IIoT Portfolio
Bevywise - IoT / IIoT Portfolio
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT Platform
 
Identity as a Service
Identity as a ServiceIdentity as a Service
Identity as a Service
 
Message based microservices architectures driven with docker
Message based microservices architectures driven with dockerMessage based microservices architectures driven with docker
Message based microservices architectures driven with docker
 
Windows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanWindows Azure Active Directory - from Atidan
Windows Azure Active Directory - from Atidan
 

Similar to Red Hat Summit - OpenShift Identity Management and Compliance

UiPath - IT Automation.pdf
UiPath - IT Automation.pdfUiPath - IT Automation.pdf
UiPath - IT Automation.pdfCristina Vidu
 
UiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdfUiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdfCristina Vidu
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock
 
How to Deliver Closed-Loop Compliance
How to Deliver Closed-Loop ComplianceHow to Deliver Closed-Loop Compliance
How to Deliver Closed-Loop ComplianceForgeRock
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicNCCOMMS
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?conjur_inc
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018
Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018
Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018Guillaume Meyer
 
Proven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementProven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementPerficient, Inc.
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015Shannon Lietz
 
Making the Move to Behavior-Driven Development
Making the Move to Behavior-Driven DevelopmentMaking the Move to Behavior-Driven Development
Making the Move to Behavior-Driven DevelopmentTechWell
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfErikHof4
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
Choosing the Best Business Intelligence Security Model for Your App
Choosing the Best Business Intelligence Security Model for Your AppChoosing the Best Business Intelligence Security Model for Your App
Choosing the Best Business Intelligence Security Model for Your AppLogi Analytics
 

Similar to Red Hat Summit - OpenShift Identity Management and Compliance (20)

UiPath - IT Automation.pdf
UiPath - IT Automation.pdfUiPath - IT Automation.pdf
UiPath - IT Automation.pdf
 
UiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdfUiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdf
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
 
How to Deliver Closed-Loop Compliance
How to Deliver Closed-Loop ComplianceHow to Deliver Closed-Loop Compliance
How to Deliver Closed-Loop Compliance
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav Lulic
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018
Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018
Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018
 
IDM Introduction
IDM IntroductionIDM Introduction
IDM Introduction
 
Proven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementProven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and Management
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
 
DevSecCon Keynote
DevSecCon KeynoteDevSecCon Keynote
DevSecCon Keynote
 
Making the Move to Behavior-Driven Development
Making the Move to Behavior-Driven DevelopmentMaking the Move to Behavior-Driven Development
Making the Move to Behavior-Driven Development
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdf
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
Choosing the Best Business Intelligence Security Model for Your App
Choosing the Best Business Intelligence Security Model for Your AppChoosing the Best Business Intelligence Security Model for Your App
Choosing the Best Business Intelligence Security Model for Your App
 
Defence
DefenceDefence
Defence
 

Recently uploaded

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Red Hat Summit - OpenShift Identity Management and Compliance

  • 1. Identity Management and Compliance in OpenShift Or “Use DevOps to Make Your Auditors and Suits Happy” Marc Boorshtein CTO, Tremolo Security Ellen Newlands Senior Security Product Manager, Cloud Business Unit at Red Hat May 3, 2017
  • 2. Who Are We? Marc Boorshtein - CTO Tremolo Security, Inc. ● 15+ years of identity management implementation experience ● Multiple deployments across large commercial and federal customers Ellen Newlands - Senior Security Product Manager, Cloud Business Unit at Red Hat ● Red Hat Product Manager for Identity and Access Management ● Extensive experience in enterprise and WEB identity management and single sign-on
  • 3. Why is Compliance Important to You? It’s not just for meetings and auditors... DevOps + Identity Management = ( )+
  • 4. What is Compliance? When someone asks if you’re compliant... NIST 800-53 Criminal Justice Information Systems (CJIS) Step 1 - Define Your Policy Step 2 - Follow Your Policy NIST 800-53 Framework CJIS Implementation
  • 5. Where Does Identity Management Fit? NIST 800-53 Criminal Justice Information Systems (CJIS) AC-2 / Authorizes access to the information system based on: 1. A valid access authorization; Request for access is approved by your manager Section 5.6.2.1.1 - Passwords Identity Management Identity Management
  • 6. Identity Management Compliance Without DevOps User needs access to an application User emails boss asking for access Boss forward to admin with the word “approved” Admin creates access and stores email in special folder Auditor asks for approval trail Admin forward emails Admin tells user they’re approved :-(
  • 7. Identity Management Compliance With DevOps User needs access to an application Logs into IDM and requests access Boss clicks “Approve” IDM system creates access and builds audit trail Auditor logs into IDM system Auditor pulls reports IDM system notifies user of access :-D
  • 8. How this applies to OpenShift WHO? ● User Object in EtcD ● LDAP ● OpenID Connect ● Reverse Proxy + Header WHAT? ● Subject + Role + Project = RoleBinding ● Local Objects ● LDAP Sync ● oadm ● Web services WHY? ● External Workflow
  • 10. DEMO
  • 11. Shameless Self Promotion ● Booth 145 ○ Mobile Battery Chargers ○ Screen Cleaners ● Web - http://tremolo.io ● Twitter - @tremolosecurity / @mlbiam ● Github - https://www.github.com/tremolosecurity/ ● Blog this session is based on - https://www.tremolosecurity.com/openshift-compliance-and-identity-management/
  • 13. How this applies to OpenShift Layer Technology In Demo Cloud ● OpenStack - Keystone ● Amazon - IAM ● etc N/A Operating System 1. LDAP 2. AD 3. SSSD Red Hat Identity Management
  • 14. How this applies to OpenShift Layer Technology In Demo OpenShift Console and CLI Authentication ● LDAP ● Password File ● OpenID Connect ● Header + Reverse Proxy Authorization ● Internal User and Group objects ● Web services ● LDAP Sync Authentication ● Username + Password - KeyCloak ● U2F - Unison ● Compliance Banner - Unison ● OpenID Connect Authorization ● Unison self service Container 1. External Identity Provider 2. External User System N/A