Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Identity and Access Management in the Era of Digital Transformation
1. Identity and Access Management in the
Era of Digital Transformation
Selvaratnam Uthaiyashankar
VP – Engineering
WSO2
2. Identity and Digital Business
• Identity is at the heart of
Digital Business
Image source: http://coranet.com/images/network-security.png
3. Identity Centric
• Digital Business is all about “User”
– How do we know who is accessing
– Things user can access or do
– User’s preferences
– Rules User has to adhere
– Relationship with other entities
7. Identity Challenges When Integrating Multiple Systems
• Different username, password (credential) for different
systems
– Preferred username is already taken
– Using same username/password might become a security risk
• Too many username, password
• Loosing possible collaborations between applications
8. Authentication
• Brokered Authentication
– SAML
– OAuth : SAML2/JWT grant type
– OpenID
– OpenID Connect
• Single Sign-On
Service Providers
Service Providers
Service Providers
Identity Provider
Service Providers
Authentication
Service Consumption
Trust
Image source: http://savepic.ru/6463149.gif
10. Users Might Want to Use Their Enterprise Identity
• Trust between different Identity Domains
• Identity Federation
Service Providers
Service Providers
Service Providers
Identity Provider B
Service Providers
Authentication
Service Consumption
Trust
Identity Provider A Trust
13. Identity links all the systems. You just increased the
risk of attack on your identity…
14. Often, weak link is poor user credential
https://www.infosecurity-magazine.com/news/compromised-credentials-quarter/
15. Multi Factor Authentication
• What you know
• What you have
• What you are
Image source: http://it.miami.edu/_assets/images/multifactor1.png
16. Adaptive Authentication
• Ability to change authentication options based on the context
https://3c1703fe8d.site.internapcdn.net/newman/gfx/news/hires/2013/howdochamele.jpg
17. Provisioning Users
• Self Service
– Complete user management
– User Portal
• Approvals and Workflows
• Just In Time Provisioning
http://blog.genesys.com/wp-content/uploads/2014/07/Road-Sign-Self-Service.jpg
19. Access Control
• Principle of least privilege
• Role based access control
• Attribute based access control
• Fine-grained access control
with XACML
http://findbiometrics.com/assets/iStock_Access-300x225.jpg
20. Auditing User Activities
• You might not know who will access
your system (BYOID)
• Full Audit on user activities are
important
– Specially on User Management, Admin
operations
– Who, What, From Where, When, How
• Accountability, Reconstruction, Problem
Detection, Intrusion Detection
http://cdn.gocertify.com/images/Auditing%20team%20going%20over%20report.jpg
22. API Security
• APIs are powering the Digital Business
• Ability to secure the API (OAuth)
• Identity delegation
https://edinversity.files.wordpress.com/2013/07/handing-over-car-keys.jpg
23. IoT is an Essential Element in Digital Business
• Identity Include “Things”
• Securing your IoT devices is a must
• Consider scalability of your IAM System
https://media.licdn.com/mpr/mpr/shrinknp_400_400/AAEAAQAAAAAAAAWRAAAAJDkwODMwYzIyLTA5MzktNDAwZi05ZmI4LWJkYT
AyM2U4MDBlNQ.jpg
24. Perimeter of Your Digital Business will Increase
• Data is in cloud, mobile devices
• Borders across systems don’t work anymore
• Your Attack Surface increases
– you can’t remove unused features in the cloud services
• Security by obscurity doesn’t work anymore
• Expect hacking, DoS attacks, phishing attack
• Controlling access, monitoring, analyzing and predicting attacks
are the way forward
25. Bridging Cloud and Internal Systems
• Connectors to bridge Cloud Systems
and Internal Systems
– Might not be able to open ports for
outside world
http://www.stratoscale.com/wp-content/uploads/gap-1080x1080.jpg
26. Digital Business Requires Agility
• Should be able to connect new systems
easily
• Frequent changes to external system
• Future Proof
• Needs some Identity Mediation
Concepts
http://s3-us-west-2.amazonaws.com/abacus-blog/wp-content/uploads/2015/10/dog-agility.png
27. Digital Business Encourages Innovation
• Often, security strategy is viewed as restrictive for Innovation
– Specially, when involving with public services, APIs
• Security should be transparent to the user for better user
experience
https://www.gatesnotes.com/~/media/Images/Articles/About-Bill-Gates/Accelerating-
Innovation/innovation_2016_article_1200px_v1.jpg
28. Digital Transformation Requires Cultural Changes
• More and more, business units
are in control rather than IT and
security teams
– Yet you need to know who is
accessing, what they are
accessing, etc.
• Understanding this cultural shift
will reduce frustrations
http://www.leehopkins.net/wp-content/uploads/2010/11/iStock_000010822711XSmall_thumb.jpg