More Related Content
Similar to Identity Federation for the Enterprise: Lessons Learned
![Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/apachesparkgettingstarted-260203175547-8361bcc3-thumbnail.jpg?width=640&height=640&fit=bounds)
Identity Federation for the Enterprise: Lessons Learned
- 1. Identity Federation: LessonsFrom the TrenchesNalneesh GaurPrincipal and Chief Security ArchitectNalneesh.Gaur@diamondconsultants.comMobile – 214 649 1261Zach Sachen PrincipalZachary.Sachen@diamondconsultants.comMobile – 541 782 8463Jun 9th | 13:45 – 14:15
- 2. Our JourneyWhat problemdid we solve?How did we do it?What did we learn?What did we do?
- 3. Pain and PromiseLengthyProvisioning Process
- 4.
- 5.
- 6. Collaboration / “User”Growth
- 7.
- 8. CostWhat problem didwe solve?Improved User Experience
- 9.
- 10.
- 11.
Editor's Notes
- #2 Nalneesh opens w/ self intro, then Zach self intros and covers next slide
- #3 ZachOur client recently rolled out <we are in the process of doing this for one app/technology - e.g. for an alliance team site; just didn’t want to over state> an Identity Federation(IdF) solution across their enterprise. While, the (IdF)vision of outsourced Identity Management is real, success requires vision, perseverance, and disciplined execution. The major steps to realize success include an understanding across four areas: Users, Business Architecture (policy and process), Infrastructure, and Applications. <include descriptions of each below - see prior decks for the descriptions>Developing an Architecture that align with the Corporate business and Information Security goalsPlanning the role out by carefully selecting and sequencing the applications that lend themselves to federation both inside and outside the enterpriseLaunching a pilot that tests both the technology and process implications of the solutionIn this talk we will share our experiences regarding building momentum, designing, and realizing Federated Identity. We will use our experience at large organizations (e.g. federal government agency and large pharmaceutical company) as a backdrop. We expect the audience to be able to apply these insights in their own environments.*** Important to let the audience know that the this talk is not about various protocols and technology standards such as SAML, WS-Federation, Microsoft’s roadmap. We however did leverage experts in our journey and the knowledge is incredibly useful ***
- #4 Nalneeshtalk about success measures when talking about benefits/promiseImproved ComplianceSafe Harbor, PII, HIPAA, etc.Improved Securitymultiple options from identity providers – e.g. OTP with Blackberry/cell,securID, etc.Improved Collaboration / User Experienceseamless access and authorization in the cloudmore up front, pays dividends in long runBetter User Experiencefaster, less clicks, self-serviceeSignaturesEconomies of ScaleMetcalf’s network law – the more that join the more valuable it will bevolume discounts with providerssupport modelCost Savingsde/provisioning, resets, troubleshootingreused credentials
- #5 NalneeshDescribe the three scenarios and tie it to pain points and promise
- #6 NalneeshProvide overview of the the four components and why the components were important to our constituents
- #7 NalneeshDiscuss architecture layers
- #8 NalneeshProvide OverviewYou will notice alignment with the Delivery/Operations diagram Nalneesh coveredPolicies, Standards and Guidelines drive the processes and technologies.For policies, be prepared to deal with how policies get defined – contracts, policies, the second key factor here is about rationalizing conflicting policiesProcess and technologis focus on how identities are provisioned and entitled, how policies are enforced on those identities and the operational aspects of those identitiesWe list 6 process and technology areas that must be dealt with in the IDF solutionWe introduce the top down view late in the presentation to emphasize that the top down view could lead you to believe that one must always start with policies. The reality however is different as we cover in the implementation challenges as described on the next slide.
- #9 ZachAgain, FIDisn’t a silver bullet, and although you will have the ability to federate, you still need to federate your applications in a strategic way, and one big part of that is understanding the effort involved with each applicationAdditional Application Considerations:Policy/Regulation: data sensitivity: CFR 11, HIPAA, PIIUser characteristics:numberlocation languagesusage frequencyroles
- #10 ZachNotesWho do I call now? (provisioning, authn, authz)the identity provider’s processes and policiessetting expectations training providedself-servicesupport mechanisms and integration of support (IdP, SP, PM, et. al.)security approach – certificates, tokens, etc. vs. zero footprintnumber of touch points as a measure/metric of success
- #11 ZachSponsorshipexecutive levelMarketing/Educationpithy elevator statementsexecution teams ready?Great Expectationsa pilot is a no loss dealagree on bufferingExecutionsomeone has to be Mr. Incrediblehiccups, resourcesID Federation is expensive, but lets share with you what we would do differently, we should be prepared to share anecdotes here.As we know, flexibility lends itself to complexity, and without the right experts you won’t realize the benefits, and will have an even more uphill battleAssessment Phasebuild momentum / start the conversation - why this? why now? benefits?consider the audience and messaging – executives to “day to day”educate and involve others to create initialvision – think big, start smallPlanning Phaseuse pilots to build/maintain momentumconsider partner (IdP, SP, et. al.) needs and availabilitydon’t repeat mistakes - leverage your networkset realistic expectations - align with culture; scope, schedule, budget, returnsconsider alignment with existing initiativesExecution Phaseconduct pre-execution phase readiness test – budgets and people in place?communicate frequently – is it real?provide perspective – failure isn’t always a “bad thing”have a plan B – what if...ID Federation benefits can be measured both from a user and business perspectiveUnderstand the investment philosophy and approach up frontUse experiments / pilots to learn and mitigate riskDo your homework – understand your industry and vendorsSignup champions and market ID Federation as a business enablerPersevere to succeed!
- #12 ZachLeave the audience with some thought provoking questions and open up the call for questions