SlideShare a Scribd company logo

Red Hat Summit - OpenShift Identity Management and Compliance

M
Marc Boorshtein

Our presentation from Red Hat Summit on OpenShift, Identity Management and Compliance. We talk about how to apply DevOps to identity management in OpenShift and make everyone happy.

Technology
1 of 15
Download to read offline
Identity Management and Compliance in OpenShift Or “Use DevOps to Make Your Auditors and Suits Happy” Marc Boorshtein CTO, Tremolo Security Ellen Newlands Senior Security Product Manager, Cloud Business Unit at Red Hat May 3, 2017
Who Are We? Marc Boorshtein - CTO Tremolo Security, Inc. ● 15+ years of identity management implementation experience ● Multiple deployments across large commercial and federal customers Ellen Newlands - Senior Security Product Manager, Cloud Business Unit at Red Hat ● Red Hat Product Manager for Identity and Access Management ● Extensive experience in enterprise and WEB identity management and single sign-on
Why is Compliance Important to You? It’s not just for meetings and auditors... DevOps + Identity Management = ( )+
What is Compliance? When someone asks if you’re compliant... NIST 800-53 Criminal Justice Information Systems (CJIS) Step 1 - Define Your Policy Step 2 - Follow Your Policy NIST 800-53 Framework CJIS Implementation
Where Does Identity Management Fit? NIST 800-53 Criminal Justice Information Systems (CJIS) AC-2 / Authorizes access to the information system based on: 1. A valid access authorization; Request for access is approved by your manager Section 5.6.2.1.1 - Passwords Identity Management Identity Management
Identity Management Compliance Without DevOps User needs access to an application User emails boss asking for access Boss forward to admin with the word “approved” Admin creates access and stores email in special folder Auditor asks for approval trail Admin forward emails Admin tells user they’re approved :-(
Identity Management Compliance With DevOps User needs access to an application Logs into IDM and requests access Boss clicks “Approve” IDM system creates access and builds audit trail Auditor logs into IDM system Auditor pulls reports IDM system notifies user of access :-D
How this applies to OpenShift WHO? ● User Object in EtcD ● LDAP ● OpenID Connect ● Reverse Proxy + Header WHAT? ● Subject + Role + Project = RoleBinding ● Local Objects ● LDAP Sync ● oadm ● Web services WHY? ● External Workflow
Demo
DEMO
Shameless Self Promotion ● Booth 145 ○ Mobile Battery Chargers ○ Screen Cleaners ● Web - http://tremolo.io ● Twitter - @tremolosecurity / @mlbiam ● Github - https://www.github.com/tremolosecurity/ ● Blog this session is based on - https://www.tremolosecurity.com/openshift-compliance-and-identity-management/
THANK YOU plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews
How this applies to OpenShift Layer Technology In Demo Cloud ● OpenStack - Keystone ● Amazon - IAM ● etc N/A Operating System 1. LDAP 2. AD 3. SSSD Red Hat Identity Management
How this applies to OpenShift Layer Technology In Demo OpenShift Console and CLI Authentication ● LDAP ● Password File ● OpenID Connect ● Header + Reverse Proxy Authorization ● Internal User and Group objects ● Web services ● LDAP Sync Authentication ● Username + Password - KeyCloak ● U2F - Unison ● Compliance Banner - Unison ● OpenID Connect Authorization ● Unison self service Container 1. External Identity Provider 2. External User System N/A
Red Hat Summit - OpenShift Identity Management and Compliance

Recommended

The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas WSO2
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCloudIDSummit
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Vishwas Manral
 
Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Ravikumar Sathyamurthy
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou00zzj
 

Recommended

The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas WSO2
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCloudIDSummit
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Vishwas Manral
 
Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Ravikumar Sathyamurthy
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou00zzj
 
Extending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementExtending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementOkta-Inc
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice ArchitectureMatt McLarty
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT PlatformRanjith Kumar
 
Password Express - Data Sheet
Password Express - Data SheetPassword Express - Data Sheet
Password Express - Data SheetILANTUS Technologies
 
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web Day
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web DayAWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web Day
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web DayAWS Germany
 
20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD PremiumRobin Vermeirsch
 
How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS EnvironmentLahav Savir
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 
PingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to KnowPingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to KnowCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
APIs from the Edge to the Mesh
APIs from the Edge to the MeshAPIs from the Edge to the Mesh
APIs from the Edge to the MeshNordic APIs
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructuresFrancesco Chicchiriccò
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerNCCOMMS
 
Microservices: Aren't Microservices Just SOA?
Microservices: Aren't Microservices Just SOA?Microservices: Aren't Microservices Just SOA?
Microservices: Aren't Microservices Just SOA?Chris Sterling
 
Cloud Native Application Integration With APIs
Cloud Native Application Integration With APIsCloud Native Application Integration With APIs
Cloud Native Application Integration With APIsNirmal Fernando
 
Bevywise - IoT / IIoT Portfolio
Bevywise - IoT / IIoT PortfolioBevywise - IoT / IIoT Portfolio
Bevywise - IoT / IIoT PortfolioRanjith Kumar
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT PlatformRanjith Kumar
 
Identity as a Service
Identity as a ServiceIdentity as a Service
Identity as a ServicePrabath Siriwardena
 
Message based microservices architectures driven with docker
Message based microservices architectures driven with dockerMessage based microservices architectures driven with docker
Message based microservices architectures driven with dockerDocker, Inc.
 
Windows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanWindows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanDavid J Rosenthal
 
UiPath - IT Automation.pdf
UiPath - IT Automation.pdfUiPath - IT Automation.pdf
UiPath - IT Automation.pdfCristina Vidu
 
UiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdfUiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdfCristina Vidu
 

More Related Content

What's hot

Extending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementExtending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementOkta-Inc
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice ArchitectureMatt McLarty
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT PlatformRanjith Kumar
 
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web Day
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web DayAWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web Day
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web DayAWS Germany
 
20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD PremiumRobin Vermeirsch
 
How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS EnvironmentLahav Savir
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 
PingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to KnowPingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to KnowCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
APIs from the Edge to the Mesh
APIs from the Edge to the MeshAPIs from the Edge to the Mesh
APIs from the Edge to the MeshNordic APIs
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructuresFrancesco Chicchiriccò
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerNCCOMMS
 
Microservices: Aren't Microservices Just SOA?
Microservices: Aren't Microservices Just SOA?Microservices: Aren't Microservices Just SOA?
Microservices: Aren't Microservices Just SOA?Chris Sterling
 
Cloud Native Application Integration With APIs
Cloud Native Application Integration With APIsCloud Native Application Integration With APIs
Cloud Native Application Integration With APIsNirmal Fernando
 
Bevywise - IoT / IIoT Portfolio
Bevywise - IoT / IIoT PortfolioBevywise - IoT / IIoT Portfolio
Bevywise - IoT / IIoT PortfolioRanjith Kumar
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT PlatformRanjith Kumar
 
Message based microservices architectures driven with docker
Message based microservices architectures driven with dockerMessage based microservices architectures driven with docker
Message based microservices architectures driven with dockerDocker, Inc.
 
Windows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanWindows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanDavid J Rosenthal
 

What's hot (20)

Extending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementExtending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT Management
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT Platform
 
Password Express - Data Sheet
Password Express - Data SheetPassword Express - Data Sheet
Password Express - Data Sheet
 
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web Day
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web DayAWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web Day
AWS IoT Button and Lambda to power a blockchain project - AWS Serverless Web Day
 
20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium
 
How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS Environment
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
 
PingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to KnowPingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to Know
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
APIs from the Edge to the Mesh
APIs from the Edge to the MeshAPIs from the Edge to the Mesh
APIs from the Edge to the Mesh
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructures
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
 
Microservices: Aren't Microservices Just SOA?
Microservices: Aren't Microservices Just SOA?Microservices: Aren't Microservices Just SOA?
Microservices: Aren't Microservices Just SOA?
 
Cloud Native Application Integration With APIs
Cloud Native Application Integration With APIsCloud Native Application Integration With APIs
Cloud Native Application Integration With APIs
 
Bevywise - IoT / IIoT Portfolio
Bevywise - IoT / IIoT PortfolioBevywise - IoT / IIoT Portfolio
Bevywise - IoT / IIoT Portfolio
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT Platform
 
Identity as a Service
Identity as a ServiceIdentity as a Service
Identity as a Service
 
Message based microservices architectures driven with docker
Message based microservices architectures driven with dockerMessage based microservices architectures driven with docker
Message based microservices architectures driven with docker
 
Windows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanWindows Azure Active Directory - from Atidan
Windows Azure Active Directory - from Atidan
 

Similar to Red Hat Summit - OpenShift Identity Management and Compliance

UiPath - IT Automation.pdf
UiPath - IT Automation.pdfUiPath - IT Automation.pdf
UiPath - IT Automation.pdfCristina Vidu
 
UiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdfUiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdfCristina Vidu
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock
 
How to Deliver Closed-Loop Compliance
How to Deliver Closed-Loop ComplianceHow to Deliver Closed-Loop Compliance
How to Deliver Closed-Loop ComplianceForgeRock
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicNCCOMMS
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?conjur_inc
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018
Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018
Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018Guillaume Meyer
 
Proven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementProven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementPerficient, Inc.
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015Shannon Lietz
 
Making the Move to Behavior-Driven Development
Making the Move to Behavior-Driven DevelopmentMaking the Move to Behavior-Driven Development
Making the Move to Behavior-Driven DevelopmentTechWell
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfErikHof4
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
Choosing the Best Business Intelligence Security Model for Your App
Choosing the Best Business Intelligence Security Model for Your AppChoosing the Best Business Intelligence Security Model for Your App
Choosing the Best Business Intelligence Security Model for Your AppLogi Analytics
 

Similar to Red Hat Summit - OpenShift Identity Management and Compliance (20)

UiPath - IT Automation.pdf
UiPath - IT Automation.pdfUiPath - IT Automation.pdf
UiPath - IT Automation.pdf
 
UiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdfUiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdf
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
 
How to Deliver Closed-Loop Compliance
How to Deliver Closed-Loop ComplianceHow to Deliver Closed-Loop Compliance
How to Deliver Closed-Loop Compliance
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav Lulic
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018
Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018
Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018
 
IDM Introduction
IDM IntroductionIDM Introduction
IDM Introduction
 
Proven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementProven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and Management
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
 
DevSecCon Keynote
DevSecCon KeynoteDevSecCon Keynote
DevSecCon Keynote
 
Making the Move to Behavior-Driven Development
Making the Move to Behavior-Driven DevelopmentMaking the Move to Behavior-Driven Development
Making the Move to Behavior-Driven Development
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdf
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
Choosing the Best Business Intelligence Security Model for Your App
Choosing the Best Business Intelligence Security Model for Your AppChoosing the Best Business Intelligence Security Model for Your App
Choosing the Best Business Intelligence Security Model for Your App
 
Defence
DefenceDefence
Defence
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 

Red Hat Summit - OpenShift Identity Management and Compliance

  • 1. Identity Management and Compliance in OpenShift Or “Use DevOps to Make Your Auditors and Suits Happy” Marc Boorshtein CTO, Tremolo Security Ellen Newlands Senior Security Product Manager, Cloud Business Unit at Red Hat May 3, 2017
  • 2. Who Are We? Marc Boorshtein - CTO Tremolo Security, Inc. ● 15+ years of identity management implementation experience ● Multiple deployments across large commercial and federal customers Ellen Newlands - Senior Security Product Manager, Cloud Business Unit at Red Hat ● Red Hat Product Manager for Identity and Access Management ● Extensive experience in enterprise and WEB identity management and single sign-on
  • 3. Why is Compliance Important to You? It’s not just for meetings and auditors... DevOps + Identity Management = ( )+
  • 4. What is Compliance? When someone asks if you’re compliant... NIST 800-53 Criminal Justice Information Systems (CJIS) Step 1 - Define Your Policy Step 2 - Follow Your Policy NIST 800-53 Framework CJIS Implementation
  • 5. Where Does Identity Management Fit? NIST 800-53 Criminal Justice Information Systems (CJIS) AC-2 / Authorizes access to the information system based on: 1. A valid access authorization; Request for access is approved by your manager Section 5.6.2.1.1 - Passwords Identity Management Identity Management
  • 6. Identity Management Compliance Without DevOps User needs access to an application User emails boss asking for access Boss forward to admin with the word “approved” Admin creates access and stores email in special folder Auditor asks for approval trail Admin forward emails Admin tells user they’re approved :-(
  • 7. Identity Management Compliance With DevOps User needs access to an application Logs into IDM and requests access Boss clicks “Approve” IDM system creates access and builds audit trail Auditor logs into IDM system Auditor pulls reports IDM system notifies user of access :-D
  • 8. How this applies to OpenShift WHO? ● User Object in EtcD ● LDAP ● OpenID Connect ● Reverse Proxy + Header WHAT? ● Subject + Role + Project = RoleBinding ● Local Objects ● LDAP Sync ● oadm ● Web services WHY? ● External Workflow
  • 10. DEMO
  • 11. Shameless Self Promotion ● Booth 145 ○ Mobile Battery Chargers ○ Screen Cleaners ● Web - http://tremolo.io ● Twitter - @tremolosecurity / @mlbiam ● Github - https://www.github.com/tremolosecurity/ ● Blog this session is based on - https://www.tremolosecurity.com/openshift-compliance-and-identity-management/
  • 13. How this applies to OpenShift Layer Technology In Demo Cloud ● OpenStack - Keystone ● Amazon - IAM ● etc N/A Operating System 1. LDAP 2. AD 3. SSSD Red Hat Identity Management
  • 14. How this applies to OpenShift Layer Technology In Demo OpenShift Console and CLI Authentication ● LDAP ● Password File ● OpenID Connect ● Header + Reverse Proxy Authorization ● Internal User and Group objects ● Web services ● LDAP Sync Authentication ● Username + Password - KeyCloak ● U2F - Unison ● Compliance Banner - Unison ● OpenID Connect Authorization ● Unison self service Container 1. External Identity Provider 2. External User System N/A