Downloaded 22 times
Uploaded byIBM Security
Are You Ready to Move Your IAM to the Cloud?
The webinar on February 28, 2018, led by IBM Security experts, discussed the concept of Identity as a Service (IDaaS) and its use cases, highlighting employee and consumer access management. It explored the differences between adopting IDaaS versus on-premises solutions and the responsibilities of organizations in managing IAM programs. Additionally, resources for further information on cloud identity were provided.
More Related Content
Similar to Are You Ready to Move Your IAM to the Cloud?
![Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]](https://cdn.slidesharecdn.com/ss_thumbnails/codedagentsdeck-251215155422-5497c599-thumbnail.jpg?width=640&height=640&fit=bounds)
Are You Ready to Move Your IAM to the Cloud?
- 1. Are You Readyto Move Your IAM to the Cloud? Webinar February 28, 2018 Peter Volckaert Senior Sales Engineer IBM Security peter.volckaert@be.ibm.com Patrik Horemans Senior Sales IBM Security patrik.horemans@be.ibm.com
- 2. 2 IBM SecurityIBM AND BUSINESS PARTNER INTERNAL USE ONLY Agenda • What Is IDaaS? • Typical IDaaS Use Cases • IDaaS or On-Prem? • Question & Answer
- 3. 3 IBM Security WhatIs IDaaS?
- 4. 4 IBM Security WhatIs IDaaS?
- 5. 5 IBM Security TypicalIDaaS Use Cases
- 6. 6 IBM Security TypicalIDaaS Use Cases 1. Employee Access to Web Applications 2. Consumer IAM 3. Traditional/Legacy IAM
- 7. 7 IBM Security EmployeeAccess to Web Applications
- 8. 8 IBM Security EmployeeAccess to Web Applications
- 9. 9 IBM Security EmployeeAccess to Web Applications Company IDaaS - synchronize user data - passthrough authn - single sign-on - IdP-SP federation Cloud Directory Cloud/Internet SaaS Apps User Directory On-Prem Apps App IdP / Proxy Cloud Identity Connect Cloud Identity Service Cloud Identity Connect
- 10.
- 11.
- 12. 12 IBM Security IAMfor Consumers: Another World… Consumer Scale Employee XXL M to XL Distributed Centralized Individual Business Low High Control Focus Complexity Source:Gartner:“ConsumerIdentityandAccessManagementIsaDigitalRelationshipImperative”,30December2015
- 13. 13 IBM Security ConsumerIAM Cloud/InternetCompany Consumer Data Consumer Identity Store IDaaS On-prem Apps App Social Identity Cloud Identity Service
- 14.
- 15.
- 16. 16 IBM Security Traditional/LegacyIAM Company - provisioning - passtru authn - SSO - HR feeds Cloud Directory - provisioning RDBMS SAP Linux HR Data User Directory On-prem Apps App Social Identity Cloud/Internet IDaaS LDAP IdP/ Proxy SaaS Apps Cloud Identity Service
- 17. 17 IBM Security IDaaSor On-Prem?
- 18. 18 IBM Security ToCloud or Not To Cloud … SaaS adaption Internal IAM not delivering Competing IAM implementations Source: Gartner: “How to choose between On-Premises and IDaaS Delivery Models for Identity and Access Management, July 2016 Mature IAM program and implementations Cloud security and data residency concerns Need customized IGA Staffing and TCO
- 19. 19 IBM Security Responsibilities:You? They? Together? You Own It They Own ItShared Responsibility IAM program IAM vision & strategy IDaaS infra Service patch management Service improvements On-prem target integration Bridge components Health target systems Test environment Business continuity User support Source:Gartner:“HowtochoosebetweenOn-PremisesandIDaaSDeliveryModelsforIdentityandAccessManagement,July2016
- 20. 20 IBM Security IBMCloud Identity Resources http://bit.ly/TCOofCloudIAM http://bit.ly/CloudIAMBuyersGuide More resources on Peter Volckaert’s Cloud Identity page: https://ibm.box.com/v/cloudidentity
- 21. 21 IBM Security Question& Answer
- 22. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBMCorporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU
Editor's Notes
- #2 Introduce yourself: good afternoon. I’m … , working within IBM Security, working within services for X years, currently sales engineer. Specialized in IAM. And when talking with customers and prospect the word cloud is unavoidable…
- #7 De IDaaS use cases worden gedreven door de trend van “digital business” / disruption Opm: B2B?
- #10 Access by Anyone, from Anywhere, on Any Device This architecture is assuming an internal, enterprise IdP. Typically provided by an access management solution from IBM, CA, Oracle, etc or AD-FS. Users trying to access SaaS apps will be redirected to their company IdP, where authentication takes place. Then they will be redirected (with a SAML token) to the eventual SaaS app. Alternative: a so-called cloud directory that resides in the IDaaS solution Yes, you can also connect to your on-premises apps. Okta uses SWA for that. The user’s credentials are securily kept in the IDaaS
- #13 Transaction scale can also vary widely depending on the season and the marketing campaign. Control: for employees: centralized, company-owned attributes. For consumers: self-registered, self-managed attributes, spread over multiple data sources (organisations, social media, credit-reporting agencies, public records, financial institutions) hence “distributed”. Ensure scalability. The registration and access services must be able to handle large user volumes. There may be circumstances where thousands, tens of thousands or hundreds of thousands of users are registering for a service within a short period of time. Because consumer-oriented systems often experience highly variable demand due to seasonality and marketing campaigns, many organizations use cloud-based systems
- #19 CIAM: Some organizations in highly regulated industries are still more comfortable with an on-premises solution, and such solutions can be deployed in the cloud, if desired.
- #20 Hier: de markt bespreken. Legt de vendor véél bij zich of toch wat minder? Grote verschillen… Ook bridge componenten: hoe meer on-prem hoe goedkoper, maar wel verantwoordelijk en wat met de TCO? Hier: CIS in de schijnwerper. Belangrijk: jij moet: visie/strategie/planning Policies (entitlements, etc) Integraties: bijv met 3rd party authn systeem en SIEM Infrastructuur: bijv VPNs, onderhoud on-prem stuff (sync) IDaaS is dus vooral: implementatie! Met CIS is er ook prof. services die een klant helpt met strategie