Building a Strong Foundation for Your Cloud with Identity Management

Nishant Kaushik
Nishant KaushikChief Architect at Identropy
<Insert Picture Here> Building a Strong Foundation for Your Cloud with Identity Management Nishant Kaushik Lead Strategist, Oracle Identity & Access Management
Before We Start Oracle OpenWorld Join The Conversation Latin America 2010 On Twitter December 7–9, 2010 #OOW10 #IDM @NishantK Oracle OpenWorld @OracleIDM Beijing 2010 December 13–16, 2010 2
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle‟s products remains at the sole discretion of Oracle. 3
Enterprises are Moving Towards the Cloud “ The future is looking very cloudy. Yes, very cloud indeed! 4
But there are Concerns 74% 74% rate cloud security issues as “very significant” Source: IDC Security Compliance Control 5
Cloud and the Loss of Control Built by Cloud Built by Customer Cloud Built by Customer Cloud Customer - Provided Control by Cloud Provided + by Cloud Provided by Cloud Infrastructure Platform Application (IaaS) e.g. Amazon EC2 (PaaS) e.g. Google App Engine (SaaS) e.g. Oracle On Demand 6
But that’s Predicated on Classic Security Approach 7
An Approach that has become Outdated Borderless networks subject to user mobility and asset distribution. Business processes are fluid Closed Perimeter with Controlled Entry Vision Restricted User Base Disruption Low Frequency of Change Adoption of cloud computing Stable Business Processes changes the equation for the business Convention 8
A New Approach to Security Secured by Policy, not Topology Loosely coupled, services-based Standards-based Rationalized, Integrated 9
Cloud Risk Assessment For an SME using a Cloud Service 0-2: Low Risk 3-5: Medium Risk 6-9: High Risk ENISA report on Cloud Computing – Benefits, risks and recommendations for information security 10
Cloud Risk Assessment For an SME using a Cloud Service Medium Impact – High Probability • Vendor/Service Lock-In • Isolation Failure • Cloud Provider Malicious Insider (Abuse of High Privilege Roles) • Management Interface Compromise (Manipulation, Availability of Infrastructure) • Legal Risks 0-2: Low Risk 3-5: Medium Risk 6-9: High Risk ENISA report on Cloud Computing – Benefits, risks and recommendations for information security 11
Cloud Risk Assessment For an SME using a Cloud Service High Impact – High Probability • Loss of Governance • Compliance Challenges • Changes of Jurisdiction • Data Protection Risks 0-2: Low Risk 3-5: Medium Risk 6-9: High Risk ENISA report on Cloud Computing – Benefits, risks and recommendations for information security 12
How do we Tame the Monster? “ You won’t like me when I’m angry! 13 Image: Incredible Hulk, TM and Copyright 2010 Marvel Comics
Cloud Security Starts with Identity “ The basis of security in a borderless environment, only something that can transcend domain boundaries, like identity, can be! 14 Image: Yoda, TM and Copyright 2010 Lucasfilm
IdM For The Cloud: Foundational Elements 15
Extend Enterprise IAM to the Cloud Cloud Apps Enterprise Apps Enterprise IAM Core Authentication Account Lifecycle Management Core Extended Claims-based Identity Authorization Policy Rationalization 16
Managing Authentication for the Cloud • For business critical • Provide internet applications, extend identity (e.g. User-Centric in-house SSO to Federation OpenID, OAuth) Identity cloud apps through AuthN schemes for SAML-based Cloud corporate users to federation AuthN use at non-critical cloud services (like open-source projects, Privileged Account community forums) Management • Don‟t give users direct access to the privileged account for a contracted cloud service • Use PAM to track, monitor and control access 17
Account Lifecycle Management Implement Implement Integrate Automate Self-Registration Access Provisioning Provisioning & Role-based Certification with PAM Provisioning processes Develop automated provisioning & de-provisioning for cloud services Leverage SPML when available; native APIs if forced to Roll out self-registration for users to request access through corporate portal. Support role-based provisioning when possible Attestation processes should identify high-risk cloud services based on management capabilities (No federation = high risk) Build assignment of PAM privileges into provisioning processes 18
Claims-based Identity AuthN token w/ Claims Cloud Apps Enterprise IAM Claims-based Provisioning Federation (SAML) token contains added identity data used by service to create an account (on first use) Claims-based Authorization Federation (SAML) token contains added identity assertions (attributes, roles) used by service to make AuthZ decisions 19
Authorization Policy Rationalization Cloud Apps AuthZ Engine XACML Document Entitlement Management Export AuthZ policies defined in Enterprise Entitlement Management system to import into Cloud service AuthZ engine Based on XACML standard Must be part of overall entitlement policy rationalization effort (one policy honored by multiple systems) 20
IdM For The Cloud: Platform for the Future 21
Become an Identity Services Provider Standards-based Simple APIs Identity Services Platform Partner SaaS Apps Cloud Apps In-house IdM Service Provider Cloud IdM Service Provider Allows Partner SaaS Apps and Cloud Apps to plug into and leverage IAM services exposed by the enterprise customer Secure “IAM Cloud” Services SDK via RESTful Interfaces Identity & Context Propagation, Claims-based access control Allows enterprise to leverage 3rd Party and Cloud-based Providers of Identity Services in addition to rolling out their own 22
Built on Vision of Service-Oriented Security Applications Cloud Service Providers Declarative Security Services Authorization Federation Authentication Audit Provisioning Role Mgmt Identity Hub A new architectural approach to building security into applications that leverages two key trends – SOA and Application Frameworks The goal: To provide security functionality in a consistent, reusable service-oriented model to all applications/services Promotes loose coupling to ensure long term viability and heterogeneity of business solutions 23
Security Glue For The Cloud Identity Services Platform Identity Services Platform Identity Identity Identity Identity Hub Administration Assurance Audit Service Service Service Service IAM Service Provider Business Service Provider Identity Services Platform Identity Identity Authorization Assurance Service Service Consumer All participants have interoperable identity services Every participant can be both the service provider and service consumer 24
Why Oracle? 25
<Insert Picture Here> @sheeri “Oracle is not a database company...Oracle is now an adjective, not a noun, as in „Oracle apps‟ or „Oracle middleware‟ ” 26
Oracle Fusion Middleware 27
Oracle Identity Management Oracle + Sun Combination Provisioning & Identity Access Directory Administration Management Services Roles-based User Authentication, SSO & LDAP Storage Provisioning Fraud Prevention Virtualized Identity Access Password Management Authorization & Self Service Request & Entitlements Approval Web Services Security Information Rights Management Identity Governance Platform Security Services Analytics Fraud Prevention Privacy Controls Identity Services for Developers 28
Oracle Identity Management Comprehensive and Best-of-Breed Identity Administration Access Management * Directory Services Access Manager Identity Manager Adaptive Access Manager Directory Server EE Enterprise Single Sign-On Internet Directory Entitlements Server Virtual Directory Identity Federation Information Rights Management Web Services Manager Identity & Access Governance Identity Analytics Security Governor Oracle Platform Security Services Operational Manageability Management Pack For Identity Management *Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet 29
Oracle OpenSSO Fedlet SAML Enablement of SaaS Applications Identity Provider SaaS App OIF .NET Fedlet OpenSSO SaaS App 3rd Party Java Fedlet Oracle OpenSSO Fedlet is a lightweight SP-only implementation of SAML 2.0 SSO protocols Flexible integration framework Can be used by a SaaS App Provider to Federation-enable their application Standard-based cross-domain authentication and SSO Standard-based attribute exchange with advanced identity attribute mapping and filtering Multi-Tenant 30
Oracle Enterprise Single Sign-On Suite Plus On the Go Install of Enterprise Single Sign-On Anytime, Anywhere Remote ESSO Anywhere Client Download Enterprise Credential Applications Store Authenticate Validate Access Enterprise Applications Access Applications from Anywhere Faster Deployment and Version Control on the Deployment Packages Automate Updates and Rollbacks Reduce Overall Deployment Costs 31
Security with Oracle Cloud Platform Third Party ISV Oracle Applications Applications Applications Platform as a Service Cloud Management Shared Services Oracle Enterprise Manager Integration: Process Mgmt: Security: User Interaction: SOA Suite BPM Suite Identity Mgmt WebCenter Configuration Mgmt Application Grid: WebLogic Server, Coherence, Tuxedo, JRockit Lifecycle Management Database Grid: Oracle Database, RAC, ASM, Partitioning, Application Performance IMDB Cache, Active Data Guard, Database Security Management Infrastructure as a Service Application Quality Management Oracle Solaris Operating Systems: Oracle Enterprise LinuxLinux Oracle Enterprise Oracle VM for SPARC (LDom) Solaris Containers Oracle VM for x86 Ops Center Servers Physical and Virtual Systems Management Storage 32
Oracle Platform Security Services (OPSS) Oracle Platform Security Services Authentication Authorization Roles & Auditing Directory User Policy Store Session Data Entitlements Services Provisioning Management Standards-based Interfaces Oracle Identity Management Identity Store, Credential Store, and Policy Store Providers Access Management Identity Administration Directory Services Declarative Security Framework optimizes application lifecycle support Standards-based and Hot-Pluggable with Identity Management Systems Security Platform for Oracle Fusion Middleware and Fusion Apps 33
Cloud IdM Success Stories Identity Assurance BT Identity Services includes Managed Fraud and URU Identity Verification Services that relies on OAAM Identity Administration NetApp is provisioning Oracle CRM OnDemand from an on-premise OIM deployment Identity Administration Embry Riddle is provisioning Microsoft Live from an on- premise OIM deployment 34
Oracle IAM: Aiming for the Unbreakable Cloud 35
Addressing the 3 Dimensions of Cloud Identity Are you leveraging Do you need IAM, but don’t SaaS applications and want to maintain it? Cloud platforms? IAM for Cloud IAM as SaaS IAM in PaaS Are you building SaaS applications? 36
IAM for SaaS and Cloud Platforms Providing out-of-the-box support for common Cloud Platforms and SaaS applications OIM Provisioning Connectors for Salesforce, Google Apps, Amazon AWS, Microsoft Live, Oracle OnDemand OIF Federated SSO for Google Apps, Salesforce, Oracle OnDemand Securing Web & Cloud Services with OWSM Managing API Keys required for AuthN Managing connections SPML Enablement of SaaS Applications 37
SPML Enablement of SaaS Applications OIM Provlet Provisioning SaaS App System Provlet OIM SaaS App 3rd Party Provlet OIM Provlet is a lightweight SP-only implementation of SPML 2.0 provisioning protocol Web Application co-located with target Can be used by a SaaS App Provider to expose standards- based provisioning interfaces Built on same ICF-based connectors deployed in OIM Server REST or SOAP based Web Services Multi-Tenant 38
Provlet Deployment Architecture Oracle Identity Manager Provlet Web App SPML Web Services App 1 App 1 Metadata Connector Connector Bundle (LDAP Connector Framework LDAP AD Config) Connector Config 39
IAM as SaaS Client Enterprise 1 Cloud Apps Cloud IAM Client Enterprise 2 Customers are looking to outsource IAM Don‟t want to maintain in-house IAM IT Staff expertise is a challenge MSPs looking to offer IAM as a Service Cost benefits of shared service model over hosted instances Maintenance simplicity Requires many technical features: M/T, Federation, Metering/Billing 40
Deploying IAM as SaaS OIM Provisioning Gateway Provisioning App 1 Oracle Identity Manager Gateway DB Connector Bundle App App Connector App Connector Connector Metadata Metadata Framework Bundle Config Metadata Connector Bundle App 2 Deploy provisioning gateway at a customer site with a single connection back to the IAM service at the SP Limit number of firewall holes SP has to open to one per customer Limit number of firewall holes customer has to open to their IAM SP 41
IAM in PaaS Identity Services Cloud Apps SaaS Apps Partner SaaS Apps IAM Providers Private, Public or Hybrid Cloud Customers looking to build Cloud Services Telco Clouds and SDPs Trust and Federation Clouds Consumer Services MSPs that need to manage customer identities across environments Leverages new IAM infrastructure or existing IAM system 42
IDaaS APIs for OPSS Service-Oriented Security Optimized for the Cloud Cloud SP System Tenant Cloud Service Services Administrator Administrator Developer IDaaS Framework IDaaS Interfaces IDaaS Admin Interfaces (REST) (REST, SOAP) Oracle Platform Security Services Shared Services for Shared Services for Access Identity Oracle Identity Management LDAP Tenant Config Metadata 43
Cloud + Identity-based Security = IT Nirvana “ Well, when we do it, cloud-based defenses can be more robust, scalable and cost- effective. And we’ll throw in business differentiator to boot! 44 Image: Iron Man, TM and Copyright 2010 MVLFFLLC and 2010 Marvel
Questions Learn More Connect, Discuss oracle.com/identity @NishantK bit.ly/oracleidm11g blog.talkingidentity.com 45 45
46
1 of 46

Building a Strong Foundation for Your Cloud with Identity Management

Technology

My Oracle OpenWorld 2010 presentation on building a secure cloud using identity management

Nishant Kaushik
Nishant KaushikChief Architect at Identropy

Recommended

Building a Secure Cloud with Identity Management by
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementOracleIDM
1.6K views24 slides
Enterprise Strategy for Cloud Security by
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityBob Rhubart
3.1K views37 slides
Oracle cloud strategy by
Oracle cloud strategyOracle cloud strategy
Oracle cloud strategyAgora Group
3K views45 slides
VMware Zimbra vs. Novell Groupwise by
VMware Zimbra vs. Novell GroupwiseVMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseMike K
617 views48 slides
Deadly Sins Bcs Elite by
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs EliteJon G. Hall
1.1K views52 slides
Oracle Cloud Computing Strategy (EMO) by
Oracle Cloud Computing Strategy (EMO)Oracle Cloud Computing Strategy (EMO)
Oracle Cloud Computing Strategy (EMO)rachgregs
3.2K views19 slides

More Related Content

What's hot

Infrastructure Consolidation and Virtualization by
Infrastructure Consolidation and VirtualizationInfrastructure Consolidation and Virtualization
Infrastructure Consolidation and VirtualizationBob Rhubart
1.5K views22 slides
Round table guide by
Round table guideRound table guide
Round table guideOracleIDM
544 views12 slides
Oracle Cloud Reference Architecture by
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureBob Rhubart
5.1K views43 slides
Manpower group idm-platform by
Manpower group idm-platformManpower group idm-platform
Manpower group idm-platformOracleIDM
783 views18 slides
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ... by
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...Eucalyptus Systems, Inc.
1.3K views36 slides
Healthcare it consolidated by
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidatedOracleIDM
3.8K views22 slides

What's hot(19)

Infrastructure Consolidation and Virtualization by Bob Rhubart
Infrastructure Consolidation and VirtualizationInfrastructure Consolidation and Virtualization
Infrastructure Consolidation and Virtualization
Bob Rhubart1.5K views
Round table guide by OracleIDM
Round table guideRound table guide
Round table guide
OracleIDM544 views
Oracle Cloud Reference Architecture by Bob Rhubart
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference Architecture
Bob Rhubart5.1K views
Manpower group idm-platform by OracleIDM
Manpower group idm-platformManpower group idm-platform
Manpower group idm-platform
OracleIDM783 views
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ... by Eucalyptus Systems, Inc.
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
Eucalyptus Systems, Inc.1.3K views
Healthcare it consolidated by OracleIDM
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidated
OracleIDM3.8K views
Securing Your Cloud Servers with Halo NetSec by CloudPassage
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSec
CloudPassage2.8K views
Alta 3-2013 by HartVidaRaffo
Alta 3-2013Alta 3-2013
Alta 3-2013
HartVidaRaffo253 views
Making Sense of the Cloud by Spiceworks
Making Sense of the CloudMaking Sense of the Cloud
Making Sense of the Cloud
Spiceworks723 views
Security in a Cloudy Architecture by Bob Rhubart
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy Architecture
Bob Rhubart1.6K views
Oracle tech fmw-03-cloud-computing-neum-15.04.2010 by Oracle BH
Oracle tech fmw-03-cloud-computing-neum-15.04.2010Oracle tech fmw-03-cloud-computing-neum-15.04.2010
Oracle tech fmw-03-cloud-computing-neum-15.04.2010
Oracle BH1K views
Ioug webcast entitlements in check by OracleIDM
Ioug webcast entitlements in checkIoug webcast entitlements in check
Ioug webcast entitlements in check
OracleIDM602 views
Scaling identity to internet proportions by OracleIDM
Scaling identity to internet proportionsScaling identity to internet proportions
Scaling identity to internet proportions
OracleIDM599 views
Gartner iam 2011-analytics-aj-orig-recordednp-final by OracleIDM
Gartner iam 2011-analytics-aj-orig-recordednp-finalGartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-final
OracleIDM2.5K views
A better waytosecureapps-finalv1 by OracleIDM
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
OracleIDM559 views
Oracle_Cisco identity platform approach_webcast by OracleIDM
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcast
OracleIDM745 views
How Cloud Providers' Business Needs Drive Enterprise Identity & Security by Novell
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
Novell6.8K views
Cloud Is Built, Now Who's Managing It? by doan_slideshares
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?
doan_slideshares652 views
Cloud Adoption - A Practical Approach by LicensingLive! - SafeNet
Cloud Adoption - A Practical ApproachCloud Adoption - A Practical Approach
Cloud Adoption - A Practical Approach
LicensingLive! - SafeNet594 views

Viewers also liked

CIO's Guide to Enterprise Cloud Adoption by
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCipherCloud
1.6K views16 slides
Acxiom presentation to Forrester Marketing Forum Nov 2009 by
Acxiom presentation to Forrester Marketing Forum Nov 2009Acxiom presentation to Forrester Marketing Forum Nov 2009
Acxiom presentation to Forrester Marketing Forum Nov 2009Tim Suther
1.5K views26 slides
Experian dv2020 - the new rules of customer engagement - emea research report by
Experian dv2020 - the new rules of customer engagement - emea research reportExperian dv2020 - the new rules of customer engagement - emea research report
Experian dv2020 - the new rules of customer engagement - emea research reportAltan Atabarut, MSc.
816 views28 slides
Tues11 0815 live_ramp by
Tues11 0815 live_rampTues11 0815 live_ramp
Tues11 0815 live_rampMediaPost
296 views11 slides
Big data, big deal, Acxiom by
Big data, big deal, Acxiom Big data, big deal, Acxiom
Big data, big deal, Acxiom Internet World
837 views16 slides
Sanal siniflar by
Sanal siniflarSanal siniflar
Sanal siniflarGÜRKAN AKKAN
1K views21 slides

Viewers also liked(20)

CIO's Guide to Enterprise Cloud Adoption by CipherCloud
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud Adoption
CipherCloud1.6K views
Acxiom presentation to Forrester Marketing Forum Nov 2009 by Tim Suther
Acxiom presentation to Forrester Marketing Forum Nov 2009Acxiom presentation to Forrester Marketing Forum Nov 2009
Acxiom presentation to Forrester Marketing Forum Nov 2009
Tim Suther1.5K views
Experian dv2020 - the new rules of customer engagement - emea research report by Altan Atabarut, MSc.
Experian dv2020 - the new rules of customer engagement - emea research reportExperian dv2020 - the new rules of customer engagement - emea research report
Experian dv2020 - the new rules of customer engagement - emea research report
Altan Atabarut, MSc.816 views
Tues11 0815 live_ramp by MediaPost
Tues11 0815 live_rampTues11 0815 live_ramp
Tues11 0815 live_ramp
MediaPost296 views
Big data, big deal, Acxiom by Internet World
Big data, big deal, Acxiom Big data, big deal, Acxiom
Big data, big deal, Acxiom
Internet World837 views
Sanal siniflar by GÜRKAN AKKAN
Sanal siniflarSanal siniflar
Sanal siniflar
GÜRKAN AKKAN1K views
Marketing Suite brochure - June 2015 by Joshua Soros
Marketing Suite brochure - June 2015Marketing Suite brochure - June 2015
Marketing Suite brochure - June 2015
Joshua Soros369 views
Oracle Directory Services - Customer Presentation by Delivery Centric
Oracle Directory Services - Customer PresentationOracle Directory Services - Customer Presentation
Oracle Directory Services - Customer Presentation
Delivery Centric783 views
OOW13: Next Generation Optimized Directory (CON9024) by GregOracle
OOW13: Next Generation Optimized Directory (CON9024)OOW13: Next Generation Optimized Directory (CON9024)
OOW13: Next Generation Optimized Directory (CON9024)
GregOracle1.4K views
Nielsen's Marketing Effectiveness Philosophy; utilising innovative marketing ... by MRS
Nielsen's Marketing Effectiveness Philosophy; utilising innovative marketing ...Nielsen's Marketing Effectiveness Philosophy; utilising innovative marketing ...
Nielsen's Marketing Effectiveness Philosophy; utilising innovative marketing ...
MRS532 views
Edge 2016 measuring what matters by akamaidevrel
Edge 2016 measuring what mattersEdge 2016 measuring what matters
Edge 2016 measuring what matters
akamaidevrel448 views
Overview Oracle Identity Management tijdens AMIS Simplified Security seminar by Getting value from IoT, Integration and Data Analytics
Overview Oracle Identity Management tijdens AMIS Simplified Security seminarOverview Oracle Identity Management tijdens AMIS Simplified Security seminar
Overview Oracle Identity Management tijdens AMIS Simplified Security seminar
Getting value from IoT, Integration and Data Analytics1.3K views
Adometry - LiveRamp Webinar Deck: The Missing Link by Adometry by Google
Adometry - LiveRamp Webinar Deck: The Missing LinkAdometry - LiveRamp Webinar Deck: The Missing Link
Adometry - LiveRamp Webinar Deck: The Missing Link
Adometry by Google4.6K views
Loyalty Platform Bro. Final 9_24_2015 by Mary Anne Faneuf
Loyalty Platform Bro. Final 9_24_2015Loyalty Platform Bro. Final 9_24_2015
Loyalty Platform Bro. Final 9_24_2015
Mary Anne Faneuf614 views
Security Transformation Services by xband
Security Transformation ServicesSecurity Transformation Services
Security Transformation Services
xband2.1K views
THE NIELSEN TOTAL AUDIENCE REPORT: Q2 2016 by Filipp Paster
THE NIELSEN TOTAL AUDIENCE REPORT: Q2 2016THE NIELSEN TOTAL AUDIENCE REPORT: Q2 2016
THE NIELSEN TOTAL AUDIENCE REPORT: Q2 2016
Filipp Paster1.3K views
About Experian by deenabarnes
About ExperianAbout Experian
About Experian
deenabarnes2.1K views
Big Data and Analytics by Cameron. A. Bradbury
Big Data and AnalyticsBig Data and Analytics
Big Data and Analytics
Cameron. A. Bradbury522 views
Iam suite introduction by wardell henley
Iam suite introductionIam suite introduction
Iam suite introduction
wardell henley2.4K views
Adobe Brochure by Mary Anne Faneuf
Adobe BrochureAdobe Brochure
Adobe Brochure
Mary Anne Faneuf288 views

Similar to Building a Strong Foundation for Your Cloud with Identity Management

Protecting Data in the Cloud by
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the CloudNeil Readshaw
316 views12 slides
Cloud Seminar Feb 4 2010 by
Cloud Seminar Feb 4 2010Cloud Seminar Feb 4 2010
Cloud Seminar Feb 4 2010Vince Santo
575 views49 slides
null Bangalore meet - Cloud Computing and Security by
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securityn|u - The Open Security Community
2.6K views34 slides
Cloud securityperspectives cmg by
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmgNeha Dhawan
233 views12 slides
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f... by
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Enterprise
379 views20 slides
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet by
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAmazon Web Services
957 views24 slides

Similar to Building a Strong Foundation for Your Cloud with Identity Management(20)

Protecting Data in the Cloud by Neil Readshaw
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the Cloud
Neil Readshaw316 views
Cloud Seminar Feb 4 2010 by Vince Santo
Cloud Seminar Feb 4 2010Cloud Seminar Feb 4 2010
Cloud Seminar Feb 4 2010
Vince Santo575 views
null Bangalore meet - Cloud Computing and Security by n|u - The Open Security Community
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
n|u - The Open Security Community2.6K views
Cloud securityperspectives cmg by Neha Dhawan
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmg
Neha Dhawan233 views
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f... by Windstream Enterprise
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Enterprise379 views
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet by Amazon Web Services
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
Amazon Web Services957 views
Becloud hybrid cloud by Becloud
Becloud hybrid cloudBecloud hybrid cloud
Becloud hybrid cloud
Becloud597 views
PCI and the Cloud by CloudPassage
PCI and the CloudPCI and the Cloud
PCI and the Cloud
CloudPassage729 views
Neupart Isaca April 2012 by Lars Neupart
Neupart Isaca April 2012Neupart Isaca April 2012
Neupart Isaca April 2012
Lars Neupart446 views
Risk Factory: PCI Compliance in the Cloud by Risk Crew
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
Risk Crew828 views
CCSK, cloud security framework, Indonesia by Wise Pacific Venture
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
Wise Pacific Venture2.9K views
Enterprise Security in Cloud by Lenin Aboagye
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
Lenin Aboagye693 views
Enterprise Security in Hybrid Cloud ISACA-SV 2012 by Symosis Security (Previously C-Level Security)
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Symosis Security (Previously C-Level Security)6.2K views
The Cloud according to VMware by OpSource
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
OpSource294 views
Ccsw by Vinit Zunjarrao
CcswCcsw
Ccsw
Vinit Zunjarrao802 views
Appistry Cloud Computing for Government Featuring FedEx by Appistry
Appistry Cloud Computing for Government Featuring FedExAppistry Cloud Computing for Government Featuring FedEx
Appistry Cloud Computing for Government Featuring FedEx
Appistry987 views
Lss implementing cyber security in the cloud, and from the cloud-feb14 by L S Subramanian
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
L S Subramanian535 views
Who owns security in the cloud by Trend Micro
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
Trend Micro959 views
Intel Cloud Summit ODCA - NAB Customer presentation by IntelAPAC
Intel Cloud Summit ODCA - NAB Customer presentationIntel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentation
IntelAPAC331 views
Cloud Security: Perception Vs. Reality by Internap
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
Internap716 views

Recently uploaded

NTGapps NTG LowCode Platform by
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform Mustafa Kuğu
423 views30 slides
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...ShapeBlue
126 views10 slides
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ... by
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...ShapeBlue
184 views12 slides
"Surviving highload with Node.js", Andrii Shumada by
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada Fwdays
56 views29 slides
Future of AR - Facebook Presentation by
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook PresentationRob McCarty
64 views27 slides
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue by
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlueMigrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlueShapeBlue
218 views20 slides

Recently uploaded(20)

NTGapps NTG LowCode Platform by Mustafa Kuğu
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform
Mustafa Kuğu423 views
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by ShapeBlue
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
ShapeBlue126 views
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ... by ShapeBlue
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...
ShapeBlue184 views
"Surviving highload with Node.js", Andrii Shumada by Fwdays
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada
Fwdays56 views
Future of AR - Facebook Presentation by Rob McCarty
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
Rob McCarty64 views
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue by ShapeBlue
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlueMigrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue
ShapeBlue218 views
State of the Union - Rohit Yadav - Apache CloudStack by ShapeBlue
State of the Union - Rohit Yadav - Apache CloudStackState of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStack
ShapeBlue297 views
Ransomware is Knocking your Door_Final.pdf by Security Bootcamp
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
Security Bootcamp96 views
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit... by ShapeBlue
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
ShapeBlue159 views
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... by The Digital Insurer
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
The Digital Insurer90 views
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T by ShapeBlue
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TCloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
ShapeBlue152 views
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue by ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueCloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
ShapeBlue135 views
Business Analyst Series 2023 - Week 4 Session 7 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 7Business Analyst Series 2023 - Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7
DianaGray10139 views
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker54 views
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool by ShapeBlue
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPoolExtending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool
ShapeBlue123 views
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P... by ShapeBlue
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
ShapeBlue194 views
Cencora Executive Symposium by marketingcommunicati21
Cencora Executive SymposiumCencora Executive Symposium
Cencora Executive Symposium
marketingcommunicati21159 views
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue by ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
ShapeBlue263 views
Digital Personal Data Protection (DPDP) Practical Approach For CISOs by Priyanka Aash
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash158 views
Business Analyst Series 2023 - Week 4 Session 8 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 8Business Analyst Series 2023 - Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8
DianaGray10123 views

Building a Strong Foundation for Your Cloud with Identity Management

  • 1. <Insert Picture Here> Building a Strong Foundation for Your Cloud with Identity Management Nishant Kaushik Lead Strategist, Oracle Identity & Access Management
  • 2. Before We Start Oracle OpenWorld Join The Conversation Latin America 2010 On Twitter December 7–9, 2010 #OOW10 #IDM @NishantK Oracle OpenWorld @OracleIDM Beijing 2010 December 13–16, 2010 2
  • 3. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle‟s products remains at the sole discretion of Oracle. 3
  • 4. Enterprises are Moving Towards the Cloud “ The future is looking very cloudy. Yes, very cloud indeed! 4
  • 5. But there are Concerns 74% 74% rate cloud security issues as “very significant” Source: IDC Security Compliance Control 5
  • 6. Cloud and the Loss of Control Built by Cloud Built by Customer Cloud Built by Customer Cloud Customer - Provided Control by Cloud Provided + by Cloud Provided by Cloud Infrastructure Platform Application (IaaS) e.g. Amazon EC2 (PaaS) e.g. Google App Engine (SaaS) e.g. Oracle On Demand 6
  • 7. But that’s Predicated on Classic Security Approach 7
  • 8. An Approach that has become Outdated Borderless networks subject to user mobility and asset distribution. Business processes are fluid Closed Perimeter with Controlled Entry Vision Restricted User Base Disruption Low Frequency of Change Adoption of cloud computing Stable Business Processes changes the equation for the business Convention 8
  • 9. A New Approach to Security Secured by Policy, not Topology Loosely coupled, services-based Standards-based Rationalized, Integrated 9
  • 10. Cloud Risk Assessment For an SME using a Cloud Service 0-2: Low Risk 3-5: Medium Risk 6-9: High Risk ENISA report on Cloud Computing – Benefits, risks and recommendations for information security 10
  • 11. Cloud Risk Assessment For an SME using a Cloud Service Medium Impact – High Probability • Vendor/Service Lock-In • Isolation Failure • Cloud Provider Malicious Insider (Abuse of High Privilege Roles) • Management Interface Compromise (Manipulation, Availability of Infrastructure) • Legal Risks 0-2: Low Risk 3-5: Medium Risk 6-9: High Risk ENISA report on Cloud Computing – Benefits, risks and recommendations for information security 11
  • 12. Cloud Risk Assessment For an SME using a Cloud Service High Impact – High Probability • Loss of Governance • Compliance Challenges • Changes of Jurisdiction • Data Protection Risks 0-2: Low Risk 3-5: Medium Risk 6-9: High Risk ENISA report on Cloud Computing – Benefits, risks and recommendations for information security 12
  • 13. How do we Tame the Monster? “ You won’t like me when I’m angry! 13 Image: Incredible Hulk, TM and Copyright 2010 Marvel Comics
  • 14. Cloud Security Starts with Identity “ The basis of security in a borderless environment, only something that can transcend domain boundaries, like identity, can be! 14 Image: Yoda, TM and Copyright 2010 Lucasfilm
  • 15. IdM For The Cloud: Foundational Elements 15
  • 16. Extend Enterprise IAM to the Cloud Cloud Apps Enterprise Apps Enterprise IAM Core Authentication Account Lifecycle Management Core Extended Claims-based Identity Authorization Policy Rationalization 16
  • 17. Managing Authentication for the Cloud • For business critical • Provide internet applications, extend identity (e.g. User-Centric in-house SSO to Federation OpenID, OAuth) Identity cloud apps through AuthN schemes for SAML-based Cloud corporate users to federation AuthN use at non-critical cloud services (like open-source projects, Privileged Account community forums) Management • Don‟t give users direct access to the privileged account for a contracted cloud service • Use PAM to track, monitor and control access 17
  • 18. Account Lifecycle Management Implement Implement Integrate Automate Self-Registration Access Provisioning Provisioning & Role-based Certification with PAM Provisioning processes Develop automated provisioning & de-provisioning for cloud services Leverage SPML when available; native APIs if forced to Roll out self-registration for users to request access through corporate portal. Support role-based provisioning when possible Attestation processes should identify high-risk cloud services based on management capabilities (No federation = high risk) Build assignment of PAM privileges into provisioning processes 18
  • 19. Claims-based Identity AuthN token w/ Claims Cloud Apps Enterprise IAM Claims-based Provisioning Federation (SAML) token contains added identity data used by service to create an account (on first use) Claims-based Authorization Federation (SAML) token contains added identity assertions (attributes, roles) used by service to make AuthZ decisions 19
  • 20. Authorization Policy Rationalization Cloud Apps AuthZ Engine XACML Document Entitlement Management Export AuthZ policies defined in Enterprise Entitlement Management system to import into Cloud service AuthZ engine Based on XACML standard Must be part of overall entitlement policy rationalization effort (one policy honored by multiple systems) 20
  • 21. IdM For The Cloud: Platform for the Future 21
  • 22. Become an Identity Services Provider Standards-based Simple APIs Identity Services Platform Partner SaaS Apps Cloud Apps In-house IdM Service Provider Cloud IdM Service Provider Allows Partner SaaS Apps and Cloud Apps to plug into and leverage IAM services exposed by the enterprise customer Secure “IAM Cloud” Services SDK via RESTful Interfaces Identity & Context Propagation, Claims-based access control Allows enterprise to leverage 3rd Party and Cloud-based Providers of Identity Services in addition to rolling out their own 22
  • 23. Built on Vision of Service-Oriented Security Applications Cloud Service Providers Declarative Security Services Authorization Federation Authentication Audit Provisioning Role Mgmt Identity Hub A new architectural approach to building security into applications that leverages two key trends – SOA and Application Frameworks The goal: To provide security functionality in a consistent, reusable service-oriented model to all applications/services Promotes loose coupling to ensure long term viability and heterogeneity of business solutions 23
  • 24. Security Glue For The Cloud Identity Services Platform Identity Services Platform Identity Identity Identity Identity Hub Administration Assurance Audit Service Service Service Service IAM Service Provider Business Service Provider Identity Services Platform Identity Identity Authorization Assurance Service Service Consumer All participants have interoperable identity services Every participant can be both the service provider and service consumer 24
  • 26. <Insert Picture Here> @sheeri “Oracle is not a database company...Oracle is now an adjective, not a noun, as in „Oracle apps‟ or „Oracle middleware‟ ” 26
  • 28. Oracle Identity Management Oracle + Sun Combination Provisioning & Identity Access Directory Administration Management Services Roles-based User Authentication, SSO & LDAP Storage Provisioning Fraud Prevention Virtualized Identity Access Password Management Authorization & Self Service Request & Entitlements Approval Web Services Security Information Rights Management Identity Governance Platform Security Services Analytics Fraud Prevention Privacy Controls Identity Services for Developers 28
  • 29. Oracle Identity Management Comprehensive and Best-of-Breed Identity Administration Access Management * Directory Services Access Manager Identity Manager Adaptive Access Manager Directory Server EE Enterprise Single Sign-On Internet Directory Entitlements Server Virtual Directory Identity Federation Information Rights Management Web Services Manager Identity & Access Governance Identity Analytics Security Governor Oracle Platform Security Services Operational Manageability Management Pack For Identity Management *Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet 29
  • 30. Oracle OpenSSO Fedlet SAML Enablement of SaaS Applications Identity Provider SaaS App OIF .NET Fedlet OpenSSO SaaS App 3rd Party Java Fedlet Oracle OpenSSO Fedlet is a lightweight SP-only implementation of SAML 2.0 SSO protocols Flexible integration framework Can be used by a SaaS App Provider to Federation-enable their application Standard-based cross-domain authentication and SSO Standard-based attribute exchange with advanced identity attribute mapping and filtering Multi-Tenant 30
  • 31. Oracle Enterprise Single Sign-On Suite Plus On the Go Install of Enterprise Single Sign-On Anytime, Anywhere Remote ESSO Anywhere Client Download Enterprise Credential Applications Store Authenticate Validate Access Enterprise Applications Access Applications from Anywhere Faster Deployment and Version Control on the Deployment Packages Automate Updates and Rollbacks Reduce Overall Deployment Costs 31
  • 32. Security with Oracle Cloud Platform Third Party ISV Oracle Applications Applications Applications Platform as a Service Cloud Management Shared Services Oracle Enterprise Manager Integration: Process Mgmt: Security: User Interaction: SOA Suite BPM Suite Identity Mgmt WebCenter Configuration Mgmt Application Grid: WebLogic Server, Coherence, Tuxedo, JRockit Lifecycle Management Database Grid: Oracle Database, RAC, ASM, Partitioning, Application Performance IMDB Cache, Active Data Guard, Database Security Management Infrastructure as a Service Application Quality Management Oracle Solaris Operating Systems: Oracle Enterprise LinuxLinux Oracle Enterprise Oracle VM for SPARC (LDom) Solaris Containers Oracle VM for x86 Ops Center Servers Physical and Virtual Systems Management Storage 32
  • 33. Oracle Platform Security Services (OPSS) Oracle Platform Security Services Authentication Authorization Roles & Auditing Directory User Policy Store Session Data Entitlements Services Provisioning Management Standards-based Interfaces Oracle Identity Management Identity Store, Credential Store, and Policy Store Providers Access Management Identity Administration Directory Services Declarative Security Framework optimizes application lifecycle support Standards-based and Hot-Pluggable with Identity Management Systems Security Platform for Oracle Fusion Middleware and Fusion Apps 33
  • 34. Cloud IdM Success Stories Identity Assurance BT Identity Services includes Managed Fraud and URU Identity Verification Services that relies on OAAM Identity Administration NetApp is provisioning Oracle CRM OnDemand from an on-premise OIM deployment Identity Administration Embry Riddle is provisioning Microsoft Live from an on- premise OIM deployment 34
  • 35. Oracle IAM: Aiming for the Unbreakable Cloud 35
  • 36. Addressing the 3 Dimensions of Cloud Identity Are you leveraging Do you need IAM, but don’t SaaS applications and want to maintain it? Cloud platforms? IAM for Cloud IAM as SaaS IAM in PaaS Are you building SaaS applications? 36
  • 37. IAM for SaaS and Cloud Platforms Providing out-of-the-box support for common Cloud Platforms and SaaS applications OIM Provisioning Connectors for Salesforce, Google Apps, Amazon AWS, Microsoft Live, Oracle OnDemand OIF Federated SSO for Google Apps, Salesforce, Oracle OnDemand Securing Web & Cloud Services with OWSM Managing API Keys required for AuthN Managing connections SPML Enablement of SaaS Applications 37
  • 38. SPML Enablement of SaaS Applications OIM Provlet Provisioning SaaS App System Provlet OIM SaaS App 3rd Party Provlet OIM Provlet is a lightweight SP-only implementation of SPML 2.0 provisioning protocol Web Application co-located with target Can be used by a SaaS App Provider to expose standards- based provisioning interfaces Built on same ICF-based connectors deployed in OIM Server REST or SOAP based Web Services Multi-Tenant 38
  • 39. Provlet Deployment Architecture Oracle Identity Manager Provlet Web App SPML Web Services App 1 App 1 Metadata Connector Connector Bundle (LDAP Connector Framework LDAP AD Config) Connector Config 39
  • 40. IAM as SaaS Client Enterprise 1 Cloud Apps Cloud IAM Client Enterprise 2 Customers are looking to outsource IAM Don‟t want to maintain in-house IAM IT Staff expertise is a challenge MSPs looking to offer IAM as a Service Cost benefits of shared service model over hosted instances Maintenance simplicity Requires many technical features: M/T, Federation, Metering/Billing 40
  • 41. Deploying IAM as SaaS OIM Provisioning Gateway Provisioning App 1 Oracle Identity Manager Gateway DB Connector Bundle App App Connector App Connector Connector Metadata Metadata Framework Bundle Config Metadata Connector Bundle App 2 Deploy provisioning gateway at a customer site with a single connection back to the IAM service at the SP Limit number of firewall holes SP has to open to one per customer Limit number of firewall holes customer has to open to their IAM SP 41
  • 42. IAM in PaaS Identity Services Cloud Apps SaaS Apps Partner SaaS Apps IAM Providers Private, Public or Hybrid Cloud Customers looking to build Cloud Services Telco Clouds and SDPs Trust and Federation Clouds Consumer Services MSPs that need to manage customer identities across environments Leverages new IAM infrastructure or existing IAM system 42
  • 43. IDaaS APIs for OPSS Service-Oriented Security Optimized for the Cloud Cloud SP System Tenant Cloud Service Services Administrator Administrator Developer IDaaS Framework IDaaS Interfaces IDaaS Admin Interfaces (REST) (REST, SOAP) Oracle Platform Security Services Shared Services for Shared Services for Access Identity Oracle Identity Management LDAP Tenant Config Metadata 43
  • 44. Cloud + Identity-based Security = IT Nirvana “ Well, when we do it, cloud-based defenses can be more robust, scalable and cost- effective. And we’ll throw in business differentiator to boot! 44 Image: Iron Man, TM and Copyright 2010 MVLFFLLC and 2010 Marvel
  • 45. Questions Learn More Connect, Discuss oracle.com/identity @NishantK bit.ly/oracleidm11g blog.talkingidentity.com 45 45
  • 46. 46