CloudIDSummit, profile picture
Uploaded byCloudIDSummit
PDF, PPTX1,011 views

CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment

The document discusses the challenges and solutions in managing Identity and Access Management (IAM) for hybrid IT environments. It highlights the shift towards cloud-based and mobile solutions while avoiding pitfalls such as fragmentation and lack of governance. The presentation also includes case studies that illustrate successful IAM implementations and the importance of a cohesive approach to identity management.

Embed presentation

Download as PDF, PPTX
Echo in the Silo Avoiding the Pitfalls of Managing IAM for a Hybrid Environment Chris Bauserman, Director of Product Marketing Cloud Identity Summit 2013
2 Goals for this Session § Recap challenges in IAM for today’s Hybrid IT § Explore approaches that avoid these pitfalls §  How do I provide full account lifecycle management? §  How do I ensure consistency across provisioning & runtime access? §  How do I provide a single-point for end user self-service? §  How do I efficiently and securely manage a bridge to on-prem IT? §  How do I implement audit, governance & compliance? § See this approaches in action with customer case studies
ECHO IN THE SILO
4 Echo in the Silo § IAM was born in a world of change & isolation… §  Mainframe -> Distributed -> Web §  “Silos of management” – designed for IT users §  Fragmented, isolated, stand-alone tools & management processes
5 Echo in the Silo § But we learned our lessons well… §  A single point of visibility, management & controls §  Built for the business user §  Focus on business models with sustainable controls & governance
6 Echo in the Silo § Now infrastructure change is accelerating again… §  Cloud, mobile and social - distribution at a new level §  User experience is king §  Cost reduction is mandatory
7 Echo in the Silo § And silo is creeping back! §  Management by infrastructure type §  Stand-alone tools and administration processes §  Fragmentation & isolation of IAM processes & practices CloudIAM AWSIAM MDM SharePoint
8 Echo in the Silo § Can you hear the echo? §  How do I provide full account lifecycle management? §  How do I ensure consistency across provisioning & runtime access? §  How do I provide a single-point for end user self-service? §  How do I implement audit, governance & compliance?
THE PITFALLS
10 The Red Pill or the Blue Pill?
11 Cloud (network) Centric Identity Enterprise (domain) Centric Identity The Blue Pill - How We’d Like Things To Be MobileCloud Social Enterprise Applications LAN HR Business Process Policy & Control Process Identity & Attribute Data Session & User Experience
12 Cloud Cloud (network) Centric Identity Enterprise (domain) Centric Identity The Red Pill – How Things Often Really Are MobileCloud Enterprise Applications LAN HR Business Process Social MDM Active Directory Sync
13 Cloud IAM Pitfalls § Pure AD sync cloud propagation for SSO & provisioning §  Firewall & agent issues §  The group overloading and de-provisioning issues §  No business engagement / oversight / controls § Account-level provisioning §  Lack of fine-grained entitlements §  No understanding of “entitlement” §  Loosely attached to corporate JML § Making it stand-alone! §  Isolated user experience §  No common policy or controls §  Not integrated with enterprise IAM
14 Mobile IAM Pitfalls § AD sync for mobile account propagation §  Infrastructure focused & “fragile” §  The group overloading and de-provisioning issues §  No business engagement / oversight / controls § SSO model inconsistencies §  Lack of a commonly adopted standards for mobile app SSO §  No common keychain or account store §  Separate platforms, approaches and user experiences § MDM Tools are not IAM centric §  Device centric not identity centric §  Everything's the same but everything is different… §  Not integrated with enterprise IAM processes
AVOIDING THE PITFALLS
16 Cloud (network) Centric Identity Enterprise (domain) Centric Identity Avoiding the Pitfalls MobileCloud Social Enterprise Applications LAN HR Business Process Policy & Control Process Identity & Attribute Data Session & User Experience
17 Avoiding the Pitfalls Cloud (network) Centric Identity Enterprise (domain) Centric Identity MobileCloud Social Enterprise Applications LAN HR Business Process Internal IAM Control Point External IAM Control Point Identity Data Access Data Controls Context Policy Data
18 Avoiding the Pitfalls Cloud (network) Centric Identity Enterprise (domain) Centric Identity MobileCloud Social Enterprise Applications LAN HR Business Process IAM Gateway IDaaS Control Point Push Change Pull Change
19 Avoiding the Pitfalls § Extend enterprise IAM to meet the cloud §  Connectors for leading SaaS apps §  Provisioning & SSO working hand-in-hand §  Connected business processes § Inter-connected IAM & Mobile Device Management (MDM) §  Treat the MDM platform like a provisioning connector §  Connect & model “entitlements” §  Provision as part of existing Joiner/Mover/Leaver flows § Full governance visibility and control §  Capture and correlate full record of app usage: cloud and internal §  Drive additional AuthN requirements based on ‘whole identity’ §  Incorporate SaaS and BYOA in certifications and self-attestations
20 Avoiding the Pitfalls § Resiliency to operate ‘disconnected’ from cloud §  Avoid unnecessary cloud to on-premises round trips §  Cache policy and sessions for local app SSO § Firewall-friendly, self-managing on-prem integration point §  Don’t expose inbound firewall ports or use costly VPNs §  Consolidate with self-updating, self-monitoring virtual appliance § Remember what we’ve learned so far §  Consistent business-level user interface §  Integrated visibility, controls & governance §  IAM does not work in a silo!
21 A Secure IAM Gateway Appliance SailPoint Access Management Managed Virtual Appliance Request Queue REST/SSL Request REST/SSL Response Identity & Access Management Payload Standard 443 Port Long Polling
22 Virtual Appliance Organization Authentication Pass Phrase Managed Virtual Appliance The Gateway Process… Organization Customer REST API Managed Virtual Appliance Reverse Proxy Gateway Management Management Queue Config & State Request Response Registration Code & Configuration Cloud Connector Gateway
23 Deployment Scenario On-PremEnterpriseIDaaSCloud SailPoint Access Management Active Directory SAP SharePoint Concur TripIt Box LinkedIn SFDC SAML Service Now Gmail Workday RACF Portal IWA & PTA Password Managed IAM Appliance Reverse Proxy Managed IAM Appliance Cloud Connector Gateway
CUSTOMER CASE STUDIES
25 Manufacturer Transitioning to “Cloud First” Business Drivers §  Increased SaaS adoption §  Internal WAM missing SLAs Solution §  Hybrid IAM: SSO as SaaS, IAG/provisioning on-premises §  Web-proxy virtual appliance Results §  Greater SSO uptime §  Cost savings via soft tokens §  Smarter certifications based on actual usage
26 Retailer Creates 360o Consumer Experience Business Drivers §  Build interactive community §  Support huge traffic spikes Solution §  B2C portal with social sign-on and step-up assurance §  SaaS IdP to partner apps §  REST APIs to analytics Results §  Elastic capacity to handle peak loads at substantial cost saving §  Lowers user registration friction while meeting PCI §  Rich set of data for marketing
27 “Those who cannot remember the past are condemned to repeat it” George Santayana
Q&A

More Related Content

PPTX
Identity and Access Management (IAM)
byIdentacor
 
PPTX
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
byGlobal Online Trinings
 
PDF
Identity Management for the 21st Century IT Mission
byCA API Management
 
PPTX
The Path to IAM Maturity
byJerod Brennen
 
PPTX
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
byGlobal Online Trainings
 
PPSX
ITIL - IAM (Access Management)
byJosep Bardallo
 
PDF
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
byIBM Danmark
 
PDF
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
byCloudIDSummit
 
Identity and Access Management (IAM)
byIdentacor
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
byGlobal Online Trinings
 
Identity Management for the 21st Century IT Mission
byCA API Management
 
The Path to IAM Maturity
byJerod Brennen
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
byGlobal Online Trainings
 
ITIL - IAM (Access Management)
byJosep Bardallo
 
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
byIBM Danmark
 
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
byCloudIDSummit
 

What's hot

PPT
Iam suite introduction
bywardell henley
 
PDF
IBM Security Identity & Access Manager
byIBM Sverige
 
PPTX
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
byKelly Grizzle
 
PPTX
Oracle Identity Governance - Customer Presentation
byDelivery Centric
 
PPTX
Identity and Access Management Introduction
byAidy Tificate
 
PDF
IDENTITY ACCESS MANAGEMENT
byProf. Jacques Folon (Ph.D)
 
PDF
Oracle_Cisco identity platform approach_webcast
byOracleIDM
 
PDF
SailPoint - IdentityNow Identity Governance
byArijan Horvat
 
PDF
SAP Identity Management Overview
bySAP Technology
 
PDF
Open iam technicalarchitecture-v3-a
byBibhuti Kr Jha +91-9810016292
 
PPTX
Standardizing Identity Provisioning with SCIM
byHasiniG
 
PDF
Identity and Access Management 101
byJerod Brennen
 
PPTX
Sailpoint Online Training on IAM overview
byITJobZone.biz
 
PDF
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
byCA Technologies
 
PPTX
Identiverse 2021 enterprise identity: What foundations
byBertrand Carlier
 
PPTX
Master IAM in the Cloud with SCIM v2.0
byKelly Grizzle
 
PDF
Identity and Access Management - Data modeling concepts
byAlain Huet
 
PDF
Comparing forefront identity manager vs. other identity managers
byInfraMatix Inc.
 
PDF
Platform approach-series-building a-roadmap-finalv1
byOracleIDM
 
PDF
Manpower group idm-platform
byOracleIDM
 
Iam suite introduction
bywardell henley
 
IBM Security Identity & Access Manager
byIBM Sverige
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
byKelly Grizzle
 
Oracle Identity Governance - Customer Presentation
byDelivery Centric
 
Identity and Access Management Introduction
byAidy Tificate
 
IDENTITY ACCESS MANAGEMENT
byProf. Jacques Folon (Ph.D)
 
Oracle_Cisco identity platform approach_webcast
byOracleIDM
 
SailPoint - IdentityNow Identity Governance
byArijan Horvat
 
SAP Identity Management Overview
bySAP Technology
 
Open iam technicalarchitecture-v3-a
byBibhuti Kr Jha +91-9810016292
 
Standardizing Identity Provisioning with SCIM
byHasiniG
 
Identity and Access Management 101
byJerod Brennen
 
Sailpoint Online Training on IAM overview
byITJobZone.biz
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
byCA Technologies
 
Identiverse 2021 enterprise identity: What foundations
byBertrand Carlier
 
Master IAM in the Cloud with SCIM v2.0
byKelly Grizzle
 
Identity and Access Management - Data modeling concepts
byAlain Huet
 
Comparing forefront identity manager vs. other identity managers
byInfraMatix Inc.
 
Platform approach-series-building a-roadmap-finalv1
byOracleIDM
 
Manpower group idm-platform
byOracleIDM
 

Viewers also liked

PDF
CIS14: PingAccess 101
byCloudIDSummit
 
PDF
CIS13: Policy Enabled Access Control: Meeting “Need to Share” Business Requir...
byCloudIDSummit
 
PDF
CIS13: Security's New Normal: Is Cloud the Answer?
byCloudIDSummit
 
PDF
CIS13: How Enterprises Go Mobile: An Introduction to MobileIT
byCloudIDSummit
 
PDF
CIS13: Managing Mobility with Identity Standards
byCloudIDSummit
 
PDF
CIS13: Don't Panic! How to Apply Identity Concepts to the Business
byCloudIDSummit
 
PDF
CIS13: Impact of Mobile Computing on IT
byCloudIDSummit
 
PDF
CIS14: The Very Latest in Authorization Standards
byCloudIDSummit
 
PDF
CIS13: From Governance to Virtualization: The Expanding Arena of Privileged I...
byCloudIDSummit
 
PDF
CIS13: A Question of Scale: Mapping Authentication to the Modern Computing Ec...
byCloudIDSummit
 
PDF
CIS13: Re-Engineering Identity
byCloudIDSummit
 
PDF
CIS13: Identity—The Great Enabler of Next
byCloudIDSummit
 
PDF
CIS13: Which Way Forward
byCloudIDSummit
 
PDF
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
byCloudIDSummit
 
PDF
CIS14: Identity Management is a People Problem (But It Shouldn’t Be!)
byCloudIDSummit
 
CIS14: PingAccess 101
byCloudIDSummit
 
CIS13: Policy Enabled Access Control: Meeting “Need to Share” Business Requir...
byCloudIDSummit
 
CIS13: Security's New Normal: Is Cloud the Answer?
byCloudIDSummit
 
CIS13: How Enterprises Go Mobile: An Introduction to MobileIT
byCloudIDSummit
 
CIS13: Managing Mobility with Identity Standards
byCloudIDSummit
 
CIS13: Don't Panic! How to Apply Identity Concepts to the Business
byCloudIDSummit
 
CIS13: Impact of Mobile Computing on IT
byCloudIDSummit
 
CIS14: The Very Latest in Authorization Standards
byCloudIDSummit
 
CIS13: From Governance to Virtualization: The Expanding Arena of Privileged I...
byCloudIDSummit
 
CIS13: A Question of Scale: Mapping Authentication to the Modern Computing Ec...
byCloudIDSummit
 
CIS13: Re-Engineering Identity
byCloudIDSummit
 
CIS13: Identity—The Great Enabler of Next
byCloudIDSummit
 
CIS13: Which Way Forward
byCloudIDSummit
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
byCloudIDSummit
 
CIS14: Identity Management is a People Problem (But It Shouldn’t Be!)
byCloudIDSummit
 

Similar to CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment

PPTX
Identity Management for the Cloud
byHorst Walther
 
PPTX
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
byIBM Security
 
PPTX
The Future of Enterprise Identity Management
byOneLogin
 
PPT
Up 2011-ken huang
byKen Huang
 
PPTX
IAM Cloud
byAidy Tificate
 
PDF
okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...
byAbhishek Sood
 
PPTX
Developing an IAM Roadmap that Fits Your Business
byForgeRock
 
PDF
Cloud computing identity management summary
byBrandon Dunlap
 
PPTX
IAM.pptxIAM.pptxIAM.pptxIAM.pptxIAM.pptx
byGangujyothi
 
PPT
Lecture5
byjosephineusha
 
PPTX
I am sharing 'unit 3' with youuuuuu.PPTX
bypadhaipadhai639
 
PDF
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...
byCA Technologies
 
PDF
Migrating and Modernizing Identity on the Path to Multi Cloud
byStrata Identity
 
PDF
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
byPing Identity
 
PPTX
20170912_Identity_and_Access_Management.pptx
byAnand Dhouni
 
PPT
Lecture31.ppt
byamanyosama21
 
PDF
Trusted Cloud Initiative: Identity Management Research
byguestba832ad
 
PDF
451 Research Client Event Nov 10
bystavvmc
 
PPTX
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
byPing Identity
 
PPTX
I am sharing 'unit 3' with youuuuuu.PPTX
bypadhaipadhai639
 
Identity Management for the Cloud
byHorst Walther
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
byIBM Security
 
The Future of Enterprise Identity Management
byOneLogin
 
Up 2011-ken huang
byKen Huang
 
IAM Cloud
byAidy Tificate
 
okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...
byAbhishek Sood
 
Developing an IAM Roadmap that Fits Your Business
byForgeRock
 
Cloud computing identity management summary
byBrandon Dunlap
 
IAM.pptxIAM.pptxIAM.pptxIAM.pptxIAM.pptx
byGangujyothi
 
Lecture5
byjosephineusha
 
I am sharing 'unit 3' with youuuuuu.PPTX
bypadhaipadhai639
 
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...
byCA Technologies
 
Migrating and Modernizing Identity on the Path to Multi Cloud
byStrata Identity
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
byPing Identity
 
20170912_Identity_and_Access_Management.pptx
byAnand Dhouni
 
Lecture31.ppt
byamanyosama21
 
Trusted Cloud Initiative: Identity Management Research
byguestba832ad
 
451 Research Client Event Nov 10
bystavvmc
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
byPing Identity
 
I am sharing 'unit 3' with youuuuuu.PPTX
bypadhaipadhai639
 

More from CloudIDSummit

PDF
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
byCloudIDSummit
 
PDF
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
byCloudIDSummit
 
PDF
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
byCloudIDSummit
 
PPTX
CIS 2016 Content Highlights
byCloudIDSummit
 
PDF
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
byCloudIDSummit
 
PDF
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
byCloudIDSummit
 
PDF
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
byCloudIDSummit
 
PDF
CIS 2015 The IDaaS Dating Game - Sean Deuby
byCloudIDSummit
 
PDF
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
byCloudIDSummit
 
PDF
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
byCloudIDSummit
 
PDF
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
byCloudIDSummit
 
PDF
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
byCloudIDSummit
 
PDF
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
byCloudIDSummit
 
PDF
CIS 2015 Identity Relationship Management in the Internet of Things
byCloudIDSummit
 
PDF
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
byCloudIDSummit
 
PDF
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
byCloudIDSummit
 
PDF
Mobile security, identity & authentication reasons for optimism 20150607 v2
byCloudIDSummit
 
PDF
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
byCloudIDSummit
 
PDF
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
byCloudIDSummit
 
PPTX
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
byCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
byCloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
byCloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
byCloudIDSummit
 
CIS 2016 Content Highlights
byCloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
byCloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
byCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
byCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
byCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
byCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
byCloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
byCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
byCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
byCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
byCloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
byCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
byCloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
byCloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
byCloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
byCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
byCloudIDSummit
 

Recently uploaded

PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
API-First Architecture in Financial Systems
bycyy111112
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 

CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment

  • 1.
    Echo in theSilo Avoiding the Pitfalls of Managing IAM for a Hybrid Environment Chris Bauserman, Director of Product Marketing Cloud Identity Summit 2013
  • 2.
    2 Goals for thisSession § Recap challenges in IAM for today’s Hybrid IT § Explore approaches that avoid these pitfalls §  How do I provide full account lifecycle management? §  How do I ensure consistency across provisioning & runtime access? §  How do I provide a single-point for end user self-service? §  How do I efficiently and securely manage a bridge to on-prem IT? §  How do I implement audit, governance & compliance? § See this approaches in action with customer case studies
  • 3.
  • 4.
    4 Echo in theSilo § IAM was born in a world of change & isolation… §  Mainframe -> Distributed -> Web §  “Silos of management” – designed for IT users §  Fragmented, isolated, stand-alone tools & management processes
  • 5.
    5 Echo in theSilo § But we learned our lessons well… §  A single point of visibility, management & controls §  Built for the business user §  Focus on business models with sustainable controls & governance
  • 6.
    6 Echo in theSilo § Now infrastructure change is accelerating again… §  Cloud, mobile and social - distribution at a new level §  User experience is king §  Cost reduction is mandatory
  • 7.
    7 Echo in theSilo § And silo is creeping back! §  Management by infrastructure type §  Stand-alone tools and administration processes §  Fragmentation & isolation of IAM processes & practices CloudIAM AWSIAM MDM SharePoint
  • 8.
    8 Echo in theSilo § Can you hear the echo? §  How do I provide full account lifecycle management? §  How do I ensure consistency across provisioning & runtime access? §  How do I provide a single-point for end user self-service? §  How do I implement audit, governance & compliance?
  • 9.
  • 10.
    10 The Red Pillor the Blue Pill?
  • 11.
    11 Cloud (network) Centric Identity Enterprise(domain) Centric Identity The Blue Pill - How We’d Like Things To Be MobileCloud Social Enterprise Applications LAN HR Business Process Policy & Control Process Identity & Attribute Data Session & User Experience
  • 12.
    12 Cloud Cloud (network) Centric Identity Enterprise(domain) Centric Identity The Red Pill – How Things Often Really Are MobileCloud Enterprise Applications LAN HR Business Process Social MDM Active Directory Sync
  • 13.
    13 Cloud IAM Pitfalls § PureAD sync cloud propagation for SSO & provisioning §  Firewall & agent issues §  The group overloading and de-provisioning issues §  No business engagement / oversight / controls § Account-level provisioning §  Lack of fine-grained entitlements §  No understanding of “entitlement” §  Loosely attached to corporate JML § Making it stand-alone! §  Isolated user experience §  No common policy or controls §  Not integrated with enterprise IAM
  • 14.
    14 Mobile IAM Pitfalls § ADsync for mobile account propagation §  Infrastructure focused & “fragile” §  The group overloading and de-provisioning issues §  No business engagement / oversight / controls § SSO model inconsistencies §  Lack of a commonly adopted standards for mobile app SSO §  No common keychain or account store §  Separate platforms, approaches and user experiences § MDM Tools are not IAM centric §  Device centric not identity centric §  Everything's the same but everything is different… §  Not integrated with enterprise IAM processes
  • 15.
  • 16.
    16 Cloud (network) Centric Identity Enterprise(domain) Centric Identity Avoiding the Pitfalls MobileCloud Social Enterprise Applications LAN HR Business Process Policy & Control Process Identity & Attribute Data Session & User Experience
  • 17.
    17 Avoiding the Pitfalls Cloud(network) Centric Identity Enterprise (domain) Centric Identity MobileCloud Social Enterprise Applications LAN HR Business Process Internal IAM Control Point External IAM Control Point Identity Data Access Data Controls Context Policy Data
  • 18.
    18 Avoiding the Pitfalls Cloud(network) Centric Identity Enterprise (domain) Centric Identity MobileCloud Social Enterprise Applications LAN HR Business Process IAM Gateway IDaaS Control Point Push Change Pull Change
  • 19.
    19 Avoiding the Pitfalls § Extendenterprise IAM to meet the cloud §  Connectors for leading SaaS apps §  Provisioning & SSO working hand-in-hand §  Connected business processes § Inter-connected IAM & Mobile Device Management (MDM) §  Treat the MDM platform like a provisioning connector §  Connect & model “entitlements” §  Provision as part of existing Joiner/Mover/Leaver flows § Full governance visibility and control §  Capture and correlate full record of app usage: cloud and internal §  Drive additional AuthN requirements based on ‘whole identity’ §  Incorporate SaaS and BYOA in certifications and self-attestations
  • 20.
    20 Avoiding the Pitfalls § Resiliencyto operate ‘disconnected’ from cloud §  Avoid unnecessary cloud to on-premises round trips §  Cache policy and sessions for local app SSO § Firewall-friendly, self-managing on-prem integration point §  Don’t expose inbound firewall ports or use costly VPNs §  Consolidate with self-updating, self-monitoring virtual appliance § Remember what we’ve learned so far §  Consistent business-level user interface §  Integrated visibility, controls & governance §  IAM does not work in a silo!
  • 21.
    21 A Secure IAMGateway Appliance SailPoint Access Management Managed Virtual Appliance Request Queue REST/SSL Request REST/SSL Response Identity & Access Management Payload Standard 443 Port Long Polling
  • 22.
    22 Virtual Appliance Organization Authentication Pass Phrase ManagedVirtual Appliance The Gateway Process… Organization Customer REST API Managed Virtual Appliance Reverse Proxy Gateway Management Management Queue Config & State Request Response Registration Code & Configuration Cloud Connector Gateway
  • 23.
    23 Deployment Scenario On-PremEnterpriseIDaaSCloud SailPoint AccessManagement Active Directory SAP SharePoint Concur TripIt Box LinkedIn SFDC SAML Service Now Gmail Workday RACF Portal IWA & PTA Password Managed IAM Appliance Reverse Proxy Managed IAM Appliance Cloud Connector Gateway
  • 24.
  • 25.
    25 Manufacturer Transitioning to“Cloud First” Business Drivers §  Increased SaaS adoption §  Internal WAM missing SLAs Solution §  Hybrid IAM: SSO as SaaS, IAG/provisioning on-premises §  Web-proxy virtual appliance Results §  Greater SSO uptime §  Cost savings via soft tokens §  Smarter certifications based on actual usage
  • 26.
    26 Retailer Creates 360oConsumer Experience Business Drivers §  Build interactive community §  Support huge traffic spikes Solution §  B2C portal with social sign-on and step-up assurance §  SaaS IdP to partner apps §  REST APIs to analytics Results §  Elastic capacity to handle peak loads at substantial cost saving §  Lowers user registration friction while meeting PCI §  Rich set of data for marketing
  • 27.
    27 “Those who cannotremember the past are condemned to repeat it” George Santayana
  • 28.