#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
Profesia, Lynx Group, presenta la terza puntata di masterclass sulla tecnologia WSO2 di cui è Distributore esclusivo per l'Italia.
Autenticazione e autorizzazione, riconoscimento e abilitazione all'accesso. L'Identity server è uno strumento in grado di gestire l'autenticazione dei vostri utenti, interni ed esterni , di gestire le sessioni di login e di effettuare autenticazioni mirate al contesto applicativo. È consigliabile prediligere sempre un prodotto on-premise o in cloud compatible GDPR che supporta protocolli SAML e oAuth2 e permette la federazione con i maggiori IDP social.
Se stai pensando a una trasformazione digitale per evolvere verso un business agile scrivi a contact@profesia.it e parla con uno dei nostri esperti
This document introduces the business problems of user life-cycle management: slow and complex onboarding; redundant administration effort; slow and unreliable deactivation; excess security entitlements and inconsistent user profile data. It then describes how Hitachi ID Identity Manager addresses these problems using streamlined business processes built on integrated technology. Finally, the benefits of enabling automation and self-service to improve user and security management processes are described.
Evolveum: All you need to know about identity & access managementEvolveum
On these 15 slides, we will explain you what identity & access management is, how it is used and we will also mention 4 major categories of IAM components.
Intel IT's Identity and Access Management JourneyIntel IT Center
Advances in the SMAC stack – social, mobile, analytics, and cloud – have affected every part of the enterprise. Organizations want to move more diverse data to more places, and more people need access via more services and devices. Managing all this is a big task for information security. Learn about Intel IT's approach to IDAM redesign and IT best practices for enhanced security and a better user experience.
Identity Management for the 21st Century IT MissionCA API Management
The 21st century mission is dependent on providing secure and agile access to information across an increasing range of stakeholders, both internal and external to your agency. This comes amidst evolving IT missions, budget challenges, a complete IT compliance landscape and an increased need for rapidly deployable and flexible solutions.
This webinar explores integrated identity management solutions and real life use case examples.
Presented By
• Stephanie McVitty - Account Manager, Compsec
• Paul Grassi - Vice President of Federal Programs, Sila Solutions Group
• Jim Rice - Vice President of Federal, Layer 7
• Dieter Schuller - VP of Sales, Radiant Logic
• Phil McQuitty - Director of Systems Engineering, Sailpoint
• Gerry Gebel - President, Axiomatics Americas
This reference architecture outlines a general solution for a centralized Identity Management (IdM) system without
committing itself to any specific business needs.
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
Profesia, Lynx Group, presenta la terza puntata di masterclass sulla tecnologia WSO2 di cui è Distributore esclusivo per l'Italia.
Autenticazione e autorizzazione, riconoscimento e abilitazione all'accesso. L'Identity server è uno strumento in grado di gestire l'autenticazione dei vostri utenti, interni ed esterni , di gestire le sessioni di login e di effettuare autenticazioni mirate al contesto applicativo. È consigliabile prediligere sempre un prodotto on-premise o in cloud compatible GDPR che supporta protocolli SAML e oAuth2 e permette la federazione con i maggiori IDP social.
Se stai pensando a una trasformazione digitale per evolvere verso un business agile scrivi a contact@profesia.it e parla con uno dei nostri esperti
This document introduces the business problems of user life-cycle management: slow and complex onboarding; redundant administration effort; slow and unreliable deactivation; excess security entitlements and inconsistent user profile data. It then describes how Hitachi ID Identity Manager addresses these problems using streamlined business processes built on integrated technology. Finally, the benefits of enabling automation and self-service to improve user and security management processes are described.
Evolveum: All you need to know about identity & access managementEvolveum
On these 15 slides, we will explain you what identity & access management is, how it is used and we will also mention 4 major categories of IAM components.
Intel IT's Identity and Access Management JourneyIntel IT Center
Advances in the SMAC stack – social, mobile, analytics, and cloud – have affected every part of the enterprise. Organizations want to move more diverse data to more places, and more people need access via more services and devices. Managing all this is a big task for information security. Learn about Intel IT's approach to IDAM redesign and IT best practices for enhanced security and a better user experience.
Identity Management for the 21st Century IT MissionCA API Management
The 21st century mission is dependent on providing secure and agile access to information across an increasing range of stakeholders, both internal and external to your agency. This comes amidst evolving IT missions, budget challenges, a complete IT compliance landscape and an increased need for rapidly deployable and flexible solutions.
This webinar explores integrated identity management solutions and real life use case examples.
Presented By
• Stephanie McVitty - Account Manager, Compsec
• Paul Grassi - Vice President of Federal Programs, Sila Solutions Group
• Jim Rice - Vice President of Federal, Layer 7
• Dieter Schuller - VP of Sales, Radiant Logic
• Phil McQuitty - Director of Systems Engineering, Sailpoint
• Gerry Gebel - President, Axiomatics Americas
This reference architecture outlines a general solution for a centralized Identity Management (IdM) system without
committing itself to any specific business needs.
SailPoint's leading edge multi-tenant cloud offering for Identity Governance helps enterprises gain visibility and control over user access across all applications and data
Identity and access management is a vital information security control for organizations to minimize the insider threats and advanced persistent threats that are caused by mismanaged user's identities and access control on sensitive business applications. Unauthorized access to business critical IT applications results in information disclosure and financial loss for many organizations across the world. Deployment of identity and access management as an essential information security control will enable organizations to detect or even prevent security breaches due to unauthorized access. This paper elaborates necessary facts for making decisions towards protecting the organization's assets using IAM controls. The purpose of this paper to compare various Identity and access management tools. Mr. Vinay Jayprakash Pol ""Identity and Access Management Tools"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd23935.pdf
Paper URL: https://www.ijtsrd.com/management/other/23935/identity-and-access-management-tools/mr-vinay-jayprakash-pol
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid EnvironmentCloudIDSummit
Chris Bauserman, Senior Director of Product Marketing, Cloud and SaaS, SailPoint
This session will discuss how next-generation IAM strategies can holistically address the security and compliance requirements of mission-critical applications and data that span an enterprise's data center, cloud and mobile environments.
Chris Bauserman will also provide technical insights to help attendees answer these questions:
· How do I provide full account lifecycle management?
· How do I ensure consistency across provisioning and runtime access?
· How do I provide a single-point for end user self-service?
· How do I efficiently and securely manage a bridge to on-prem IT?
· How do I implement audit, governance and compliance?
Sailpoint Training is an innovative identity management solution. Best Sailpoint IdentityIQ Online Training gives sailpoint 7.1 version & corporate training
Cybersecurity Identity and Access Management applies to the security architecture and disciplines for digital identity management. It governs the duties and access rights shared with individual customers and the conditions under which such privileges are permitted or refused.
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies
Protecting today’s cloud-based, mobile enterprise requires a new approach – one that focuses on secure identity and access management (IAM), while at the same time driving two critical imperatives:
Learn how to enable business growth by:
• Quickly deploying new online services
• Leveraging new advances in cloud computing and virtualization
• Accommodating the needs of demanding, tech-savvy users
(i.e., customers, partners, employees, etc.)
• Driving greater employee productivity and increasing business intelligence
Protect the business by:
• Mitigating the risk of fraud, breaches, insider threats and improper access – from both internal and external sources
• Safeguarding critical systems, applications and data
Download the eBook today to learn more.
50 data principles for loosely coupled identity management v1 0Ganesh Prasad
In the field of Identity and Access Management (IAM), Data is more important than Technology. A poorly designed data model can cause an IAM initiative to fail even with massive investments in technology products. Yet Data usually receives only superficial treatment, and many practitioners seem unaware of the basic principles to follow when designing Identity-based systems.
This presentation is a succinct summarisation of 50 data-related principles that an organisation overlooks at its peril.
WSO2 provides a state of the art, standards based, scalable and complete platform solution to the problem of building software in this new environment. As an open source company WSO2 is committed to providing the hooks and openness that allows anyone to insert their own customization and special needs into the platform.
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Ping Identity
Ping Identity Principal Technical Architect, Pam Dingle’s slides on how organisations can meet PSD2 and Open Banking Standard requirements while delivering excellent customer experiences in today’s challenging digital business environments. Using software that’s based on the OAuth family of standards, organisations are protecting RESTful APIs, combining a critical blend of intuitive user interactions, highly scalable certification of clients and interoperability.
A Modern Identity Architecture for the Digital Enterprise: http://bit.ly/2lPNiCM
SailPoint's leading edge multi-tenant cloud offering for Identity Governance helps enterprises gain visibility and control over user access across all applications and data
Identity and access management is a vital information security control for organizations to minimize the insider threats and advanced persistent threats that are caused by mismanaged user's identities and access control on sensitive business applications. Unauthorized access to business critical IT applications results in information disclosure and financial loss for many organizations across the world. Deployment of identity and access management as an essential information security control will enable organizations to detect or even prevent security breaches due to unauthorized access. This paper elaborates necessary facts for making decisions towards protecting the organization's assets using IAM controls. The purpose of this paper to compare various Identity and access management tools. Mr. Vinay Jayprakash Pol ""Identity and Access Management Tools"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd23935.pdf
Paper URL: https://www.ijtsrd.com/management/other/23935/identity-and-access-management-tools/mr-vinay-jayprakash-pol
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid EnvironmentCloudIDSummit
Chris Bauserman, Senior Director of Product Marketing, Cloud and SaaS, SailPoint
This session will discuss how next-generation IAM strategies can holistically address the security and compliance requirements of mission-critical applications and data that span an enterprise's data center, cloud and mobile environments.
Chris Bauserman will also provide technical insights to help attendees answer these questions:
· How do I provide full account lifecycle management?
· How do I ensure consistency across provisioning and runtime access?
· How do I provide a single-point for end user self-service?
· How do I efficiently and securely manage a bridge to on-prem IT?
· How do I implement audit, governance and compliance?
Sailpoint Training is an innovative identity management solution. Best Sailpoint IdentityIQ Online Training gives sailpoint 7.1 version & corporate training
Cybersecurity Identity and Access Management applies to the security architecture and disciplines for digital identity management. It governs the duties and access rights shared with individual customers and the conditions under which such privileges are permitted or refused.
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies
Protecting today’s cloud-based, mobile enterprise requires a new approach – one that focuses on secure identity and access management (IAM), while at the same time driving two critical imperatives:
Learn how to enable business growth by:
• Quickly deploying new online services
• Leveraging new advances in cloud computing and virtualization
• Accommodating the needs of demanding, tech-savvy users
(i.e., customers, partners, employees, etc.)
• Driving greater employee productivity and increasing business intelligence
Protect the business by:
• Mitigating the risk of fraud, breaches, insider threats and improper access – from both internal and external sources
• Safeguarding critical systems, applications and data
Download the eBook today to learn more.
50 data principles for loosely coupled identity management v1 0Ganesh Prasad
In the field of Identity and Access Management (IAM), Data is more important than Technology. A poorly designed data model can cause an IAM initiative to fail even with massive investments in technology products. Yet Data usually receives only superficial treatment, and many practitioners seem unaware of the basic principles to follow when designing Identity-based systems.
This presentation is a succinct summarisation of 50 data-related principles that an organisation overlooks at its peril.
WSO2 provides a state of the art, standards based, scalable and complete platform solution to the problem of building software in this new environment. As an open source company WSO2 is committed to providing the hooks and openness that allows anyone to insert their own customization and special needs into the platform.
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Ping Identity
Ping Identity Principal Technical Architect, Pam Dingle’s slides on how organisations can meet PSD2 and Open Banking Standard requirements while delivering excellent customer experiences in today’s challenging digital business environments. Using software that’s based on the OAuth family of standards, organisations are protecting RESTful APIs, combining a critical blend of intuitive user interactions, highly scalable certification of clients and interoperability.
A Modern Identity Architecture for the Digital Enterprise: http://bit.ly/2lPNiCM
I'm presenting the IBM CIO 2010 Outlook at IBM iForum, Zurich (26th November 2007). I can't take the credit for writing it; Dave Newbold did the hard work on this one.
Requirements for Implementing Data-Centric ABAC NextLabs, Inc.
Attribute Based Access Control (ABAC) has long been considered one of the few approaches to data-centric security that is robust enough to keep pace with today’s extended enterprise. However, organizations currently lack process and automation capabilities to supply critical inputs required for the ABAC approach.
This white paper explains how NextLabs Control Center leverages and manages identity and data attributes and dynamically evaluates information access events no matter where they occur. Security Professionals, IT Architects, and System Integrators will understand the requirements for implementing data-centric ABAC, as well as the benefits of NextLabs’ XACML-based approach.
Is your organization thinking about "going to the cloud?" Make sure that you have all facts. We provide you with a good overview of the differences between IaaS, PaaS and SaaS and what considerations you need to make the decision.
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Steven Meister
How to become GDPR & CCPA Compliant. See the complete 5 page GDPR, CCPA Compliancy Plan
Here is the CCPA / GDPR 3 Day Training PowerPoint - https://www.slideshare.net/StevenMeister/ccpa-and-gdpr-three-day-training-with-actual-deliverables-and-the-whys-and-hows-to-do-so
847-440-4439 https://www.youtube.com/channel/UC3F-qrvOIOwDj4ZKBMmoTWA?view_as=subscriber
GDPR 16 page PPT Plan - https://www.slideshare.net/StevenMeister/gdpr-ccpa-automated-compliance-spark-java-application-features-and-functions-of-big-datarevealed-april-version-35
https://youtu.be/JGoQwoicUxw
Comprehensive Metadata Catalog Video for GDPR / CCPA - https://youtu.be/xryESgfzRcc
Governance in the ever-changing PowerBI world for the organization
Best practices
deployment recommendations
Security settings
Reporting on the reports and optimizations
*According to all the new features and capabilities as by March 2019, will probably change again very soon.
Driving Business Applications with Real-Time DataBP Logix
This paper examines how Process Director can help you rapidly build and deploy robust, highly customized applications in a fraction of the time of traditional development efforts.
Business software and information technology are changing rapidly, and so is the terminology used by business professionals, software and IT professionals. For your reference, following is an alphabetical listing of terms that will be updated frequently for accuracy. Have a suggestion for a term?
Similar to Identiverse 2021 enterprise identity: What foundations (20)
CIS 2017 - So you want to use standards to secure your APIs?Bertrand Carlier
Cloud Identity Summit 2017 talk
We will show and explain why APIs are essential in a digital context. We will describe use cases, illustrate with real-life situations where APIs are used and demonstrate that they are a design pattern needed in thousands of different places, following dozens of IT architectures We will present industry’s best practices to design well-secured APIs and explain which particular specification is intended for which use-case. We will present key security aspects to take into account when designing an API and its access infrastructure.
Mes objets sont connectés ! Quels points clés dois-je respecter lors du design de l’objet et de l’architecture IoT pour ne pas me retrouver fournisseur de chair à botnet ?
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
7. Know your
repositories
JUNE 2021
The basics
Whatareyour
repositories?
- Areapplications relying on Active
Directory or anothercentral repository for
identity data?
- Can you map all your key applications?
- Collaboration softwares(O365,G
Suite,Slack, etc.)
- HR, Finance, Marketing,
Procurement,Manufacturing, etc.
Howdotheyrelate?
- Whereareyour sources oftruth regarding
identity data?
- Which repository is authoritative over
which?
- Foremployees,contractors or
business partners
- Forsomespecific attributes
(identifiers,email addresses,etc.)
ACloud directoryora
directoryforthecloud?
How do you provide cloud applications with
identity data?
- Justin time provisioning?
- Directory sync?
- SCIManyone?
The next step
1
9. Know your repositories
JUNE 2021
sf
Active
Directory
Azure AD or
Cloud directory?
Shared authn/authz
directory
10. Know your
identities
JUNE 2021
The basics
Correlateeveryaccount
- Once and then regularly
- Ensurepeople hold only onestandard
account perapp
- Reviewprivileged accounts
- Service accounts should belinked toa
physical personas a custodian
- Question unused accounts
- Getrid of sharedaccounts as much as
possible and enable traceability
Establish joinerand leaver
processes
- Createaccount in central repository when
peoplejoin thecompany
- Bewareof thepayroll latency
- Link account status with person status in
thecompany
- Disable or deleteaccounts when people
leavethecompany
- Consider automating this for high volume
and sensitive apps first and all apps then
Identitiesfor everything
- Notonly users getidentities but every
entityaccessing any resource
(applications, servers,devices, etc.)
- All theseidentities must have their
lifecycle controlled and managed
The next step
2
11.
12. Know your identities
JUNE 2021
sf
Active
Directory
Azure AD or
Cloud directory?
Share authn/authz
directory
13. Know your identities
JUNE 2021
sf
Active
Directory
HR/payroll
Shared authn/authz
directory
IAM
Azure AD or
Cloud directory?
partners
corporate users
Procurement
B2B portal
14. Know your user
rights
JUNE 2021
The basics
DeployRBAC
- Build a rolemodel that fitsyour company
(and not your orgs):
- A handful ofroles pertypical app
- Business roles contain app roles
- Shop floor employeestendtohave mostly
auto-assigned roles
3
15.
16.
17. Know your user
rights
JUNE 2021
The basics
DeployRBAC
and possibly ABAC
- Build a rolemodel that fitsyour company
(and not your orgs):
- A handful ofroles pertypical app
- Business roles contain app roles
- Shop floor employeestendtohave mostly
auto-assigned roles
- Keepin mind theprinciple of “leastprivilege”
- Then,ABAC can provide moreflexibility
- Requiresa good maturity level
- Data quality is paramount
- Involved attributes becomesecurity
attributes
Recertifyuser rights
- Consider application-centric
recertification on a periodic basis
- Startwith risky rights and sensitive apps
first
- Consider manager-centric recertification
whenpeople moveand on aregular basis
Assisted orpredictiveuser
rightsmanagement
- Help end-users seetherelevantroles they
might need
- Help approvers evaluatewhethera
requestshould bemoreclosely looked at
- Help recertification actors todetect
outliers
The next step
3
18. Know your user rights
JUNE 2021
sf
Active
Directory
HR/payroll
Shared authn/authz
directory
IAM
Azure AD or
Cloud directory?
partners
corporate users
Procurement
B2B portal
19. Know your access
control
JUNE 2021
The basics
Centralize
- Delegate authentication to adedicated
identity provider
- Connect your application using standards
like SAML, OpenID Connect, OAuth2
MultiFactorAuthentication
- Connect MFAmethods tothis identity
provider
- Consider deploying MFA toeveryuser
- Aim forboth good security and good UX
4
20.
21. Know your access control
JUNE 2021
sf
Active
Directory
HR/payroll
Shared authn/authz
directory
IAM
Azure AD or
Cloud directory?
partners
corporate users
Procurement
B2B portal
22. Know your access control
JUNE 2021
sf
Active
Directory
HR/payroll
Shared authn/authz
directory
IAM
Azure AD or
Cloud directory?
partners
corporate users
Procurement
B2B portal
Corporate
devices
Third-party
devices
IoT devices
API Gateway
MFA
Single Sign-
On
PKI
Identity
Provider
OAuth2
OpenID
Connect
SAML
23. Know your access
control
JUNE 2021
The basics
Centralize
- Delegate authentication to adedicated
identity provider
- Connect your application using standards
like SAML, OpenID Connect, OAuth2
MultiFactorAuthentication
- Connect MFAmethods tothis identity
provider
- Consider deploying MFA toeveryuser
- Aim forboth good security and good UX
Consider passwordless
- Finally kill thepassword whereveryou can
forboth security and UXreasons
- You might consider targeting some
specific populations first(eg. shop floor
employees,customers)
The next step
4
24.
25. JUNE 201
JUNE 2021
1 Knowyourrepositories
2 Knowyouridentities
3 Knowyouruserrights
4 Knowyouraccesscontrol
Enterprise Identity–What Foundations?