Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Neo4j GraphTalk Düsseldorf - How Graphs revolutionise Identity & Access Management

27 views

Published on

GraphTalk Düsseldorf
Kees Vegter, Neo4j

Published in: Software
  • Be the first to comment

  • Be the first to like this

Neo4j GraphTalk Düsseldorf - How Graphs revolutionise Identity & Access Management

  1. 1. How Graphs Revolutionize Identity & Access Management Kees Vegter Presales Engineer @Neo4j kees@neo4j.com
  2. 2. • Identity and Access Management Overview • What is a graph database? • Why is Neo4j a great fit for IAM? • Great customer stories 2 Agenda
  3. 3. “Ensuring the right Identity have access to the right resources at the right times and for the right reasons” What do we need to do (at least)? • Define identity • Define the structure of an organization 3 What is Identity and Access Management?
  4. 4. Device <-> Service Security End to EndIdentity of users Identity of things Applications and services Complexity of Digital Identities
  5. 5. Jane Smith the… • Business Analyst for Customer Support at ABC Inc. • interim Head of BI and Reporting at ABC Inc. • line manager of Joe Brown, who’s working on a Strictly Confidential portfolio at ABC Inc. • employee of ABC Inc. • and so on... 5 The Identity?
  6. 6. It looks like a hierarchy... 6 So what does ABC Inc. look like?
  7. 7. Access Management is traditionally designed with the underlying assumption that everything is hierarchal
  8. 8. 8 What about the non-hierarchy links?
  9. 9. 9 What about “dotted lines”? ABC Inc (CEO) IT Dept Risk Analysis “Security and Compliance”
  10. 10. 10 What about “Conditional Approvals”? ABC Inc (CEO) IT Dept General access “acess to sensitive data” “Security and Compliance”
  11. 11. • Distributed access across on premise and in the cloud for in- house/custom off the shelf/SaaS applications • De-centralized resources that are assigned to people rather than roles • The rise of IoT and different identities that people and services assume in different contexts 11 Modern challenges for IAM
  12. 12. • Multiple and conditional approval levels • History of approval chains / time series (eg „who approved at 5th of July User xyc access to system abc?“) • GDRP and Compliance • Performance • Intuitivity • Agility: • Adding new use cases as needed • Changing hierarchies on the fly12 … other challenges for IAM
  13. 13. Parent-Child relationships Traditional World Query complex relationships in real-time Real World
  14. 14. 14 Perhaps a better fit?
  15. 15. What is a Graph Database? 15
  16. 16. 16 Graph Databases are Designed for Connected Data TRADITIONAL DATABASES BIG DATA TECHNOLOGY Store and retrieve data Aggregate and filter data Connections in data Real time storage & retrieval Real-Time Connected Insights Long running queries aggregation & filtering “Our Neo4j solution is literally thousands of times faster than the prior MySQL solution, with queries that require 10-100 times less code” Volker Pacher, Senior Developer Up to 3 Max # of hops 1 Millions
  17. 17. 17 What is a graph database? HAS_ROLE name: “Joe Brown” employeeID: 456 name: “Jane Smith” employeeID: 123 from: 1/3/2018 Nodes • Can have Labels to classify nodes • Can have more than one label Relationships • Relate nodes by type and direction Properties • Attributes of Nodes & Relationships MANAGES HAS_ROLE Employee Employee from: 1/6/2017 from: 1/3/2018 name: “Business Analyst” Role
  18. 18. 18 The GQL ISO Standard: gqlstandard.org • Introduced in May 2018: https://gql.today/ • An initiative to immediately rally support for a unified Graph Query Language • Standards meetings are ongoing • Significant Upvote •Databricks & Apache Spark accepted Cypher project
  19. 19. Design • Authorization data model maps closely to the conceptual view • Closer alignment to processes Maintenance • Easy to understand code to query and explore the data • Pain-free to update and modify model structure as and when required Performance • Traversing the authorization tree is fast, providing real-time authorization capability 19 Why Neo4j is a great fit for IAM
  20. 20. Three potential approaches: • Create a graph-based repository to store identity and access information metadata • Integrate Neo4j with current IAM data for authorization • Import IAM data into Neo4j to perform audit • For instance load AD structures to find security risks 20 How can Neo4j fit into IAM approaches?
  21. 21. 21 Demo
  22. 22. Find out more about IAM implementations in Neo4j: • Telenor: www.youtube.com/watch?v=kM2NWM0t-2s • ForgeRock/Nulli: www.youtube.com/watch?v=R9Vdm2ZqlpQ Have a go with Neo4j and an IAM example: • https://neo4j.com/graphgist/entitlements-and-access-control 22 Check it out

×