Cloud computing identity management summary


Published on

Deloitte Consulting's slide deck on Cloud Computing and Identity Management mentioned on the (ISC)2 ThinkT@nk roundtable from October 13th, 2010.

Published in: Technology, Business
  • Be the first to comment

Cloud computing identity management summary

  1. 1. Leveraging existing IAM systems in a new cloud computing environment Overview Deloitte & Touche LLP October O t b 2010
  2. 2. Cloud computing adoption is growing with mainstream organizations piloting targeted deployments…… Business models are Business models are evolving to partnerships and shaping cloud networks of companies, forming a product or service adoption… delivery chain to the end customer. Traditional IT is being Executives are demanding increased agility and highly challenged… collaborative IT architectures, challenging traditional IT and resulting in increased demand for cloud computing. Identity is key to Identity is key to the operation and delivery of any cloud y y y y p y y enabling services in the services. Authentication of users and control of access cloud. . . to services is inherent to the success of cloud computing. Solutions exist today for S l ti i tt d f Existing E i ti IAM vendors are making a play i th market d ki l in the k t cloud environments and place. Industry standards like SAML 2.0, WS-* etc. the industry is provide an open and interoperable way to enable innovating… federation and trust in a cloud. 2 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  3. 3. … with various business services and deployment models. Cloud Families Cloud computing can be broken down into SaaS, PaaS and IaaS Software-as-a-Service (SaaS) Platform-as-a-Service (PaaS) Infrastructure-as-a-Service (IaaS) As-a-service delivery of applications As-a-service delivery of tools for targeted at private users (e.g. social As-a-service delivery of virtual CPUs, disk development, testing, deployment, hosting networking, micro-blogging) and business space, and database services and application maintenance users (e.g. ERP, CRM) Cloud Implementation Models Other groupings of Cloud offerings can be made such as the distinction between public (or vendor), private, and hybrid Clouds Public Private Hybrid Services from vendors can be accessed Computing architectures are built , across the Internet using systems in one or managed, and used internally in an Environment in which an organization more data centers shared among multiple centers, enterprise using a shared services model provides and manages some resource in in- customers, and with varying degrees of with variable usage of a common pool of house and has others provided externally data privacy controls virtualized computing resources 3 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  4. 4. As organizations adopt a cloud model, there are many questions around identity management in a cloud environment... y g Where can identity How can I leverage an IDM infrastructure to manage various cloud deployment management help? models? How are trust relationships established between my organization and the cloud vendor? What are the risks What are the top IDM risks when I move to a cloud environment and why? and challenges? Are there any unique challenges related to Provisioning, Role management, Entitlement management / certification? What standards exist How does a IDM technical architecture / solution deployment look in a cloud? today? What standards exist today? What are the gaps? What can be expected in next 1-2 years? What does vendor roadmap look like? p What is the path to What is the process of transition and What are questions to ask? adoption? What are solutions to consider? Are there any liability concerns? What other Are there opportunities to put my IDM infrastructure into the cloud? opportunities exist? What does that architecture/solution look like? What are the risks? How do I overcome them? How to assess and How should I assess IDM infrastructure supporting a cloud deployment? operate? What does the audit plan look like, what questions must it include? What testing should be conducted? 4 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  5. 5. Identity management fits into the cloud computing equation in two operating models … p g Description • Extends the functionality of an existing Identity and Access Management infrastructure to manage Cloud Service the identities and services in a cloud. Providers • Standards defined to provide interoperability IDM for a between on-premises and in-cloud applications Identity & Access Cloud g Management • Strong authentication and encryption for added security and protection to data and assets it d t ti t d t d t • Ability to leverage and sustain existing risk, compliance, and privacy controls built within the enterprise • An IAM solution hosted in a cloud may be used to managed identities and services in a cloud or Cloud outside a cloud. Service Providers • Ability to pay only for the IAM functionality required IDM in a Identity & • Reduction in costs related to maintenance of IAM Cloud Access solutions Management • Limited in-house expertise required to support the IAM infrastructure and business processes p • On-demand increase of capacity, functionality, pre-determined SLAs, and accountability 5 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  6. 6. Integration is achieved by leveraging existing IAM technology and standards… Hybrid Cloud Public Cloud IaaS / PaaS Provider IaaS / PaaS Provider SaaS Provider Identity & Access Management Identity & Access Users Management Users Corporate Directory Corporate Directory Secure Enterprise Network • Establishes a site-to-site VPN or similar secure connectivity • Leverages widely accepted standards such as Security with the Cloud Service Provider (CSP) Assertion Markup Language (SAML) and WS-Federation WS Federation • Integrates the existing IAM solution with the CSP platform for authentication and authorization (IaaS / PaaS) in a less complex manner • Provisions using standards such as Security Provisioning • Flexible to use a centralized directory or localized directory Markup Language (SPML) for user authentication • Integration with the CSP may have some technical g challenges 6 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  7. 7. While IDM solutions continue to face challenges in the context of cloud computing, these are not new and can be addressed… p g, Challenges What Can you Do? • Cross domain user provisioning • Segregation of the user management activities • Single directory authentication • SLAs and contractual agreements with CSP User • De-provisioning of users • Maturity of existing solution Provisioning • Limited connectors for cloud • Interoperability with cloud systems • Integration with on-demand applications • Standards adoption (XACML) • Proliferating on demand user accounts on-demand • Cross-domain, web-based single sign-on and cross-domain user attribute exchange. • Authentication and Authorization standards Access • Interoperability of proprietary solutions with leveraged (e.g. SAML, SPML, etc.) Management new IAM cloud solutions. • Identity Assurance and Credentialized solutions y • Supporting non-repudiation • Certifying access across disparate systems • Adequacy of access control solutions • Cross-domain role/entitlement management • Access Certification - Integration with existing • Role Based vs. C a s Based Access o e ased s Claims ased ccess processes. • Maintenance and management of the Role/Entitlement entitlement warehouse • Lack of transparency into proprietary Management components • Existing in-house proprietary solutions • Restructuring of the role management • Hosted IAM vendor’s role and entitlement vision framework to meet the needs of the cloud 7 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  8. 8. Adoption of an IDM cloud solution requires organizations to take key first steps… p Identify Shape Execute Identify optimal solution – IDM Articulate a IDM cloud strategy Execute IDM cloud strategy and for cloud or IDM in the Cloud and vision and determine deploy IDM cloud solution readiness • Identify the service model and • Evaluate the CSPs IDM • Develop a migration/ the role of IDM for the cloud practices/procedures implementation plan deployment model • Determine the standards for the IDM • Execute management, monitoring • Define the operating model for functionality to adopt in the near and migration IDM (IDM for a Cloud or IDM in a future • Conduct training and awareness cloud) • Define IDM in/for cloud architecture sessions for stakeholders and end • Conduct a TCO analysis and conduct a readiness users including future growth assessment • Determine the security and • Determine ownership, maintenance, compliance requirements and liability of data. • Identify the impact to current IDM • Define contractual requirements with strategy CSPs 8 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  9. 9. Periodic assessment of IDM solutions supporting the clouds is critical to successful adoption… p Input Assessment Activities Output Provisioning / De- Step 1 provisioning; Review IAM requirements for Requirements and Authentication cloud based services & architecture gap analysis Federation; Assess Architecture Solution User Profile Management; Compliance Management; Step 2 Risk matrix including Data Privacy Risks; Data Determine Risks associated potential vulnerabilities and Ownership; Organizational with each architecture / risk ratings Standards solution Step 3 Current Controls Control gaps and Review security and Planned/Modified Controls recommendations compliance controls Step 4 Violations and remediation User Access Snapshot Access Recertification requirements 9 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  10. 10. Key Takeaways.. Cloud computing is a reality. It is happening and organizations need to address the security and risk components of clouds -- IDM solutions can help. p Federation is key to enable IDM for cloud computing. Organizations need to address liability, trust, and privacy issues as they embark upon the IDM and cloud journey. Vendors are developing innovative solutions to help accelerate IDM adoption p g p p for cloud computing. Organizations need to develop a comprehensive approach to IDM that g p p pp includes an assessment/measurement component. THE KEY TO SUCCESS IS BEING ON THE PATH TO ADOPTION. 10 Copyright © 2010 Deloitte Development LLC. All rights reserved.
  11. 11. Contact information For additional information p please contact: Irfan Saif Principal Enterprise Risk Services i if@d l itt +1 408 704 4109 11 Copyright © 2010 Deloitte Development LLC. All rights reserved.