SlideShare a Scribd company logo

Veriphyr bright talk 20120523

Accenture
Accenture

The document discusses user access governance and compliance challenges in the cloud. It notes that cloud computing shifts ownership and control of resources to multiple independent providers. This makes it important to build or contract identity and access management (IAM) services that work across cloud vendors, and to use identity and access intelligence (IAI) to analyze user access and activity across different cloud resource types. IAI can help identify when user access does not match job responsibilities, revealing inappropriate access. The document promotes contacting the author for more information on IAM as a service and IAI solutions.

1 of 15
Download to read offline
Chase Away Cloud Challenges: User Access Governance & Compliance Alan Norquist, CEO & Founder Veriphyr, Inc. VERIPHYR PROPRIETARY
Goals of User Access Governance & Compliance  User System Access = User’s Responsibilities  Bank – “Access to everything and nobody knows it”  User Activity Access = User’s Responsibilities  Finance – “Can’t both approve PO and approve payment”  User Data Access = User’s Responsibilities  Healthcare – Only view patients under one’s care May 27, 2012 VERIPHYR PROPRIETARY 2
Requirement Across Industries Healthcare “access … must be restricted to those who have been (HIPAA) granted access rights” Banking “employee’s levels of online access .. match (FFIEC) current job responsibilities” Brokerage “employee’s access … limited strictly to … (FINRA) employee’s function” Utilities “access permissions are consistent with … (NERC) work functions performed” Retail “Limit access to … only individuals whose (PCI) job requires such access” Public Companies “user access rights … in line with … (SOX - COBIT) business needs” May 27, 2012 VERIPHYR PROPRIETARY 3
What is the Effect of the Cloud?  Reduced Cost from Resource Pooling  Rapid Implementation and Elasticity  Ubiquitous Broad Network Access  Accessible from outside your organization perimeter  Accessible from variety of devices  Shift in Ownership and Control  Resource layers controlled by multiple independent providers  Multi-Tenancy (Resource Pooling)  Resources shared across multiple independent consumers  Split in User Access Management  Data center vs. cloud May 27, 2012 VERIPHYR PROPRIETARY 4
Cloud Models – Build vs. Contract RFP or Contract Software It In “The lower down the stack the Cloud provider as a Stops, the more security the consumer is Service (SaaS) tactically responsible for implementing and managing” – CSA Guidance v3.0 Platform Build it in as a Infrastructure Service (PaaS) as a Service (IaaS) May 27, 2012 VERIPHYR PROPRIETARY 5 Source: Cloud Security Alliance 2011
User Access Governance and Compliance Build or Contract What? 1. Identity Stores 2. Logging (Both Access and Activity) 3. Key Data Entities (customers, patients, partners, etc)  Critical Issues  Interfaces  Insufficient - User interface  Required – Standard-based APIs  Capabilities  Detailed logs showing access to sensitive transactions and date (patient, customer, etc.)  Ability to Extract Data  Insufficient - Reports showing single identity’s activity over 2 weeks  Required – Formatted file of all identities and all activity for all time May 27, 2012 VERIPHYR PROPRIETARY 6
Cloud Providers’ Native Identity Mgmt?  Manage Each Cloud Separately? Cloud Consumer Cloud Provider Cloud Provider Cloud Provider Cloud Provider May 27, 2012 VERIPHYR PROPRIETARY 7
IAM as a Service  Centralized federated identity across cloud vendors  Build in or contract requirements for support of standards like SAML, OpenID and Oauth Cloud Consumer IAM as a Service Cloud Provider Cloud Provider Cloud Provider Cloud Provider May 27, 2012 VERIPHYR PROPRIETARY 8
Cloud Provider Compliance Reports?  Cloud facilitates departments use of “best of breed”  Need to integrate compliance reporting across many separate cloud vendors Cloud Consumer Cloud Provider Cloud Provider Cloud Provider Cloud Provider May 27, 2012 VERIPHYR PROPRIETARY 9
Identity and Access Intelligence (IAI)  "Joining together data in identity and access management (IAM) systems and security logs with other data could be massively valuable to both IT and the business." - James Richardson, Gartner  Build or contract in the ability for bulk export of identity store info, logs (both access and activity), and key data (customers, patients, partners, etc). Identity and Access Cloud Consumer Intelligence Cloud Provider Cloud Provider Cloud Provider Cloud Provider May 27, 2012 VERIPHYR PROPRIETARY 10
Identity and Access Intelligence (IAI)  “Access reports of users and applications are requirements in information security and IT governance, risk and compliance management programs, and Identity and Access Intelligence is needed to address those requirements.” – Gartner  Identifies policy violations - identity, rights, activity & data  Determines if policy violation have been exploited  Different from SIEM  SIEM focused on packets and IP addresses  IAI focused on people and data  Works across Cloud Providers  Audit (access and activity) log from all cloud applications  Identity stores from all IAM as a Service vendors  Patient, customer, partner data from applications such as HR May 27, 2012 VERIPHYR PROPRIETARY 11
Revealing - User Access ≠ User’s Responsibilities User Access Activity Across Resources Resources Identity May 27, 2012 VERIPHYR PROPRIETARY 12
Revealing - User Access ≠ User’s Responsibilities IAI Analytics Reveal Inappropriate Access Resources Identity May 27, 2012 VERIPHYR PROPRIETARY 13
Summary  Goal of Access Governance and Compliance  User Access = User’s Responsibility  Cloud Changes Underlying Architecture  Need to “Build or Contract In”  Standards for IAM as a Service  Data Sources for Identity and Access Intelligence (IAI)  For more information contact me  anorquist@veriphyr.com  # 650.384.0560 May 27, 2012 VERIPHYR PROPRIETARY 14
For more information  Whitepaper on IAM as a Service https://cloudsecurityalliance.org/research/  Whitepaper on Identity and Access Intelligence http://bit.ly/IAI-whitepaper Alan Norquist CEO, Veriphyr anorquist@veriphyr.com www.Veriphyr.com # 650.384.0560 May 27, 2012 VERIPHYR PROPRIETARY 15

Recommended

Cloud computing identity management summary
Cloud computing identity management summaryCloud computing identity management summary
Cloud computing identity management summary
Brandon Dunlap
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
Prashanth BS
 
Identity as a Service: a missing gap for moving enterprise applications in In...
Identity as a Service: a missing gap for moving enterprise applications in In...Identity as a Service: a missing gap for moving enterprise applications in In...
Identity as a Service: a missing gap for moving enterprise applications in In...
Hoang Tri Vo
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
Intel IT Center
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
Hitachi ID Systems, Inc.
 
Identiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundationsIdentiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundations
Bertrand Carlier
 
IdM vs. IDaaS
IdM vs. IDaaSIdM vs. IDaaS
IdM vs. IDaaS
Drew Koenig
 

Recommended

Cloud computing identity management summary
Cloud computing identity management summaryCloud computing identity management summary
Cloud computing identity management summary
Brandon Dunlap
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
Prashanth BS
 
Identity as a Service: a missing gap for moving enterprise applications in In...
Identity as a Service: a missing gap for moving enterprise applications in In...Identity as a Service: a missing gap for moving enterprise applications in In...
Identity as a Service: a missing gap for moving enterprise applications in In...
Hoang Tri Vo
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
Intel IT Center
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
Hitachi ID Systems, Inc.
 
Identiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundationsIdentiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundations
Bertrand Carlier
 
IdM vs. IDaaS
IdM vs. IDaaSIdM vs. IDaaS
IdM vs. IDaaS
Drew Koenig
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - final
OracleIDM
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity Manager
Hitachi ID Systems, Inc.
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solution
Hexnode
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Tools
ijtsrd
 
AWS Identity Access Management
AWS Identity Access ManagementAWS Identity Access Management
AWS Identity Access Management
Richard Harvey
 
SELECTION MECHANISM OF MICRO-SERVICES ORCHESTRATION VS. CHOREOGRAPHY
SELECTION MECHANISM OF MICRO-SERVICES ORCHESTRATION VS. CHOREOGRAPHY SELECTION MECHANISM OF MICRO-SERVICES ORCHESTRATION VS. CHOREOGRAPHY
SELECTION MECHANISM OF MICRO-SERVICES ORCHESTRATION VS. CHOREOGRAPHY
IJwest
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
PROACTEYE ACCESS MANAGEMENT
PROACTEYE ACCESS MANAGEMENTPROACTEYE ACCESS MANAGEMENT
PROACTEYE ACCESS MANAGEMENT
hardik soni
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
CloudEntr
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMA
kantarainitiative
 
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENTFUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
ForgeRock
 
Authentication and Privacy in Cloud
Authentication and Privacy in CloudAuthentication and Privacy in Cloud
Authentication and Privacy in Cloud
Mphasis
 
Smart Analytics for The Big Unknown
Smart Analytics for The Big UnknownSmart Analytics for The Big Unknown
Smart Analytics for The Big Unknown
Adrian Dumitrescu
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product Line
Novell
 
Mt26 identity management as a service
Mt26 identity management as a serviceMt26 identity management as a service
Mt26 identity management as a service
Dell World
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
Katherine Cola
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloud
Azure Group
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
Raleigh ISSA
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyNetwork Intelligence India
 
Empowered customer
Empowered customerEmpowered customer
Empowered customerAccenture
 
Gdfs sg246374
Gdfs sg246374Gdfs sg246374
Gdfs sg246374Accenture
 

More Related Content

What's hot

Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - final
OracleIDM
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity Manager
Hitachi ID Systems, Inc.
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solution
Hexnode
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Tools
ijtsrd
 
AWS Identity Access Management
AWS Identity Access ManagementAWS Identity Access Management
AWS Identity Access Management
Richard Harvey
 
SELECTION MECHANISM OF MICRO-SERVICES ORCHESTRATION VS. CHOREOGRAPHY
SELECTION MECHANISM OF MICRO-SERVICES ORCHESTRATION VS. CHOREOGRAPHY SELECTION MECHANISM OF MICRO-SERVICES ORCHESTRATION VS. CHOREOGRAPHY
SELECTION MECHANISM OF MICRO-SERVICES ORCHESTRATION VS. CHOREOGRAPHY
IJwest
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
PROACTEYE ACCESS MANAGEMENT
PROACTEYE ACCESS MANAGEMENTPROACTEYE ACCESS MANAGEMENT
PROACTEYE ACCESS MANAGEMENT
hardik soni
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
CloudEntr
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMA
kantarainitiative
 
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENTFUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
ForgeRock
 
Authentication and Privacy in Cloud
Authentication and Privacy in CloudAuthentication and Privacy in Cloud
Authentication and Privacy in Cloud
Mphasis
 
Smart Analytics for The Big Unknown
Smart Analytics for The Big UnknownSmart Analytics for The Big Unknown
Smart Analytics for The Big Unknown
Adrian Dumitrescu
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product Line
Novell
 
Mt26 identity management as a service
Mt26 identity management as a serviceMt26 identity management as a service
Mt26 identity management as a service
Dell World
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
Katherine Cola
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloud
Azure Group
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
Raleigh ISSA
 

What's hot (20)

Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - final
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity Manager
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solution
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Tools
 
AWS Identity Access Management
AWS Identity Access ManagementAWS Identity Access Management
AWS Identity Access Management
 
SELECTION MECHANISM OF MICRO-SERVICES ORCHESTRATION VS. CHOREOGRAPHY
SELECTION MECHANISM OF MICRO-SERVICES ORCHESTRATION VS. CHOREOGRAPHY SELECTION MECHANISM OF MICRO-SERVICES ORCHESTRATION VS. CHOREOGRAPHY
SELECTION MECHANISM OF MICRO-SERVICES ORCHESTRATION VS. CHOREOGRAPHY
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
 
PROACTEYE ACCESS MANAGEMENT
PROACTEYE ACCESS MANAGEMENTPROACTEYE ACCESS MANAGEMENT
PROACTEYE ACCESS MANAGEMENT
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMA
 
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENTFUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
 
Authentication and Privacy in Cloud
Authentication and Privacy in CloudAuthentication and Privacy in Cloud
Authentication and Privacy in Cloud
 
Smart Analytics for The Big Unknown
Smart Analytics for The Big UnknownSmart Analytics for The Big Unknown
Smart Analytics for The Big Unknown
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product Line
 
Mt26 identity management as a service
Mt26 identity management as a serviceMt26 identity management as a service
Mt26 identity management as a service
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloud
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
 

Viewers also liked

Empowered customer
Empowered customerEmpowered customer
Empowered customerAccenture
 
Gdfs sg246374
Gdfs sg246374Gdfs sg246374
Gdfs sg246374Accenture
 
Silverton cleversafe-object-based-dispersed-storage
Silverton cleversafe-object-based-dispersed-storageSilverton cleversafe-object-based-dispersed-storage
Silverton cleversafe-object-based-dispersed-storageAccenture
 
Na vsc install
Na vsc installNa vsc install
Na vsc installAccenture
 
Ibm 1129-the big data zoo
Ibm 1129-the big data zooIbm 1129-the big data zoo
Ibm 1129-the big data zooAccenture
 
PAM g.tr 3832
PAM g.tr 3832PAM g.tr 3832
PAM g.tr 3832Accenture
 
Pg cloud sla040512mgreer
Pg cloud sla040512mgreerPg cloud sla040512mgreer
Pg cloud sla040512mgreerAccenture
 
Guide to design_global_infrastructure
Guide to design_global_infrastructureGuide to design_global_infrastructure
Guide to design_global_infrastructureAccenture
 
Eiu china country_report_april_2012
Eiu china country_report_april_2012Eiu china country_report_april_2012
Eiu china country_report_april_2012Accenture
 

Viewers also liked (10)

Empowered customer
Empowered customerEmpowered customer
Empowered customer
 
Gdfs sg246374
Gdfs sg246374Gdfs sg246374
Gdfs sg246374
 
Ak13 pam
Ak13 pamAk13 pam
Ak13 pam
 
Silverton cleversafe-object-based-dispersed-storage
Silverton cleversafe-object-based-dispersed-storageSilverton cleversafe-object-based-dispersed-storage
Silverton cleversafe-object-based-dispersed-storage
 
Na vsc install
Na vsc installNa vsc install
Na vsc install
 
Ibm 1129-the big data zoo
Ibm 1129-the big data zooIbm 1129-the big data zoo
Ibm 1129-the big data zoo
 
PAM g.tr 3832
PAM g.tr 3832PAM g.tr 3832
PAM g.tr 3832
 
Pg cloud sla040512mgreer
Pg cloud sla040512mgreerPg cloud sla040512mgreer
Pg cloud sla040512mgreer
 
Guide to design_global_infrastructure
Guide to design_global_infrastructureGuide to design_global_infrastructure
Guide to design_global_infrastructure
 
Eiu china country_report_april_2012
Eiu china country_report_april_2012Eiu china country_report_april_2012
Eiu china country_report_april_2012
 

Similar to Veriphyr bright talk 20120523

Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and Complexity
NetIQ
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
IBM Security
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance
1CloudRoad.com
 
451 Research Client Event Nov 10
451 Research Client Event Nov 10451 Research Client Event Nov 10
451 Research Client Event Nov 10stavvmc
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Standards Customer Council
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Ping Identity
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 
Perfect Storm: HR in the Cloud
Perfect Storm: HR in the CloudPerfect Storm: HR in the Cloud
Perfect Storm: HR in the CloudStanton Jones
 
Intel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntelAPAC
 
Executive Briefing: Strategic Issues Surrounding Cloud Services
Executive Briefing: Strategic Issues Surrounding Cloud ServicesExecutive Briefing: Strategic Issues Surrounding Cloud Services
Executive Briefing: Strategic Issues Surrounding Cloud ServicesWhitmeyerTuffin
 
Intel Cloud Summit 2012 ODCA + NAB
Intel Cloud Summit 2012 ODCA + NABIntel Cloud Summit 2012 ODCA + NAB
Intel Cloud Summit 2012 ODCA + NABIntelAPAC
 
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
IndicThreads
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huang
Ken Huang
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
IBM Security
 
J3602068071
J3602068071J3602068071
J3602068071
ijceronline
 
Extending Enterprise Security into the Cloud
Extending Enterprise Security into the CloudExtending Enterprise Security into the Cloud
Extending Enterprise Security into the Cloud
CA API Management
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial services
Moshe Ferber
 
The New Venn of Access Control in the API-Mobile-IOT Era
The New Venn of Access Control in the API-Mobile-IOT EraThe New Venn of Access Control in the API-Mobile-IOT Era
The New Venn of Access Control in the API-Mobile-IOT Era
ForgeRock
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Arrow ECS UK
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
Ashish Patel
 

Similar to Veriphyr bright talk 20120523 (20)

Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and Complexity
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance
 
451 Research Client Event Nov 10
451 Research Client Event Nov 10451 Research Client Event Nov 10
451 Research Client Event Nov 10
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
 
Perfect Storm: HR in the Cloud
Perfect Storm: HR in the CloudPerfect Storm: HR in the Cloud
Perfect Storm: HR in the Cloud
 
Intel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentation
 
Executive Briefing: Strategic Issues Surrounding Cloud Services
Executive Briefing: Strategic Issues Surrounding Cloud ServicesExecutive Briefing: Strategic Issues Surrounding Cloud Services
Executive Briefing: Strategic Issues Surrounding Cloud Services
 
Intel Cloud Summit 2012 ODCA + NAB
Intel Cloud Summit 2012 ODCA + NABIntel Cloud Summit 2012 ODCA + NAB
Intel Cloud Summit 2012 ODCA + NAB
 
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huang
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
J3602068071
J3602068071J3602068071
J3602068071
 
Extending Enterprise Security into the Cloud
Extending Enterprise Security into the CloudExtending Enterprise Security into the Cloud
Extending Enterprise Security into the Cloud
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial services
 
The New Venn of Access Control in the API-Mobile-IOT Era
The New Venn of Access Control in the API-Mobile-IOT EraThe New Venn of Access Control in the API-Mobile-IOT Era
The New Venn of Access Control in the API-Mobile-IOT Era
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 

More from Accenture

Certify 2014trends-report
Certify 2014trends-reportCertify 2014trends-report
Certify 2014trends-report
Accenture
 
Calabrio analyze
Calabrio analyzeCalabrio analyze
Calabrio analyze
Accenture
 
Tier 2 net app baseline design standard revised nov 2011
Tier 2 net app baseline design standard revised nov 2011Tier 2 net app baseline design standard revised nov 2011
Tier 2 net app baseline design standard revised nov 2011Accenture
 
Perf stat windows
Perf stat windowsPerf stat windows
Perf stat windowsAccenture
 
Performance problems on ethernet networks when the e0m management interface i...
Performance problems on ethernet networks when the e0m management interface i...Performance problems on ethernet networks when the e0m management interface i...
Performance problems on ethernet networks when the e0m management interface i...Accenture
 
NetApp system installation workbook Spokane
NetApp system installation workbook SpokaneNetApp system installation workbook Spokane
NetApp system installation workbook SpokaneAccenture
 
Migrate volume in akfiler7
Migrate volume in akfiler7Migrate volume in akfiler7
Migrate volume in akfiler7Accenture
 
Migrate vol in akfiler7
Migrate vol in akfiler7Migrate vol in akfiler7
Migrate vol in akfiler7Accenture
 
Data storage requirements AK
Data storage requirements AKData storage requirements AK
Data storage requirements AKAccenture
 
C mode class
C mode classC mode class
C mode classAccenture
 
Akfiler upgrades providence july 2012
Akfiler upgrades providence july 2012Akfiler upgrades providence july 2012
Akfiler upgrades providence july 2012Accenture
 
Reporting demo
Reporting demoReporting demo
Reporting demoAccenture
 
Net app virtualization preso
Net app virtualization presoNet app virtualization preso
Net app virtualization presoAccenture
 
Providence net app upgrade plan PPMC
Providence net app upgrade plan PPMCProvidence net app upgrade plan PPMC
Providence net app upgrade plan PPMCAccenture
 
WSC Net App storage for windows challenges and solutions
WSC Net App storage for windows challenges and solutionsWSC Net App storage for windows challenges and solutions
WSC Net App storage for windows challenges and solutionsAccenture
 
50,000-seat_VMware_view_deployment
50,000-seat_VMware_view_deployment50,000-seat_VMware_view_deployment
50,000-seat_VMware_view_deploymentAccenture
 
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...Accenture
 
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11Accenture
 
Snap mirror source to tape to destination scenario
Snap mirror source to tape to destination scenarioSnap mirror source to tape to destination scenario
Snap mirror source to tape to destination scenarioAccenture
 

More from Accenture (20)

Certify 2014trends-report
Certify 2014trends-reportCertify 2014trends-report
Certify 2014trends-report
 
Calabrio analyze
Calabrio analyzeCalabrio analyze
Calabrio analyze
 
Tier 2 net app baseline design standard revised nov 2011
Tier 2 net app baseline design standard revised nov 2011Tier 2 net app baseline design standard revised nov 2011
Tier 2 net app baseline design standard revised nov 2011
 
Perf stat windows
Perf stat windowsPerf stat windows
Perf stat windows
 
Performance problems on ethernet networks when the e0m management interface i...
Performance problems on ethernet networks when the e0m management interface i...Performance problems on ethernet networks when the e0m management interface i...
Performance problems on ethernet networks when the e0m management interface i...
 
NetApp system installation workbook Spokane
NetApp system installation workbook SpokaneNetApp system installation workbook Spokane
NetApp system installation workbook Spokane
 
Migrate volume in akfiler7
Migrate volume in akfiler7Migrate volume in akfiler7
Migrate volume in akfiler7
 
Migrate vol in akfiler7
Migrate vol in akfiler7Migrate vol in akfiler7
Migrate vol in akfiler7
 
Data storage requirements AK
Data storage requirements AKData storage requirements AK
Data storage requirements AK
 
C mode class
C mode classC mode class
C mode class
 
Akfiler upgrades providence july 2012
Akfiler upgrades providence july 2012Akfiler upgrades providence july 2012
Akfiler upgrades providence july 2012
 
NA notes
NA notesNA notes
NA notes
 
Reporting demo
Reporting demoReporting demo
Reporting demo
 
Net app virtualization preso
Net app virtualization presoNet app virtualization preso
Net app virtualization preso
 
Providence net app upgrade plan PPMC
Providence net app upgrade plan PPMCProvidence net app upgrade plan PPMC
Providence net app upgrade plan PPMC
 
WSC Net App storage for windows challenges and solutions
WSC Net App storage for windows challenges and solutionsWSC Net App storage for windows challenges and solutions
WSC Net App storage for windows challenges and solutions
 
50,000-seat_VMware_view_deployment
50,000-seat_VMware_view_deployment50,000-seat_VMware_view_deployment
50,000-seat_VMware_view_deployment
 
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
 
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
 
Snap mirror source to tape to destination scenario
Snap mirror source to tape to destination scenarioSnap mirror source to tape to destination scenario
Snap mirror source to tape to destination scenario
 

Veriphyr bright talk 20120523

  • 1. Chase Away Cloud Challenges: User Access Governance & Compliance Alan Norquist, CEO & Founder Veriphyr, Inc. VERIPHYR PROPRIETARY
  • 2. Goals of User Access Governance & Compliance  User System Access = User’s Responsibilities  Bank – “Access to everything and nobody knows it”  User Activity Access = User’s Responsibilities  Finance – “Can’t both approve PO and approve payment”  User Data Access = User’s Responsibilities  Healthcare – Only view patients under one’s care May 27, 2012 VERIPHYR PROPRIETARY 2
  • 3. Requirement Across Industries Healthcare “access … must be restricted to those who have been (HIPAA) granted access rights” Banking “employee’s levels of online access .. match (FFIEC) current job responsibilities” Brokerage “employee’s access … limited strictly to … (FINRA) employee’s function” Utilities “access permissions are consistent with … (NERC) work functions performed” Retail “Limit access to … only individuals whose (PCI) job requires such access” Public Companies “user access rights … in line with … (SOX - COBIT) business needs” May 27, 2012 VERIPHYR PROPRIETARY 3
  • 4. What is the Effect of the Cloud?  Reduced Cost from Resource Pooling  Rapid Implementation and Elasticity  Ubiquitous Broad Network Access  Accessible from outside your organization perimeter  Accessible from variety of devices  Shift in Ownership and Control  Resource layers controlled by multiple independent providers  Multi-Tenancy (Resource Pooling)  Resources shared across multiple independent consumers  Split in User Access Management  Data center vs. cloud May 27, 2012 VERIPHYR PROPRIETARY 4
  • 5. Cloud Models – Build vs. Contract RFP or Contract Software It In “The lower down the stack the Cloud provider as a Stops, the more security the consumer is Service (SaaS) tactically responsible for implementing and managing” – CSA Guidance v3.0 Platform Build it in as a Infrastructure Service (PaaS) as a Service (IaaS) May 27, 2012 VERIPHYR PROPRIETARY 5 Source: Cloud Security Alliance 2011
  • 6. User Access Governance and Compliance Build or Contract What? 1. Identity Stores 2. Logging (Both Access and Activity) 3. Key Data Entities (customers, patients, partners, etc)  Critical Issues  Interfaces  Insufficient - User interface  Required – Standard-based APIs  Capabilities  Detailed logs showing access to sensitive transactions and date (patient, customer, etc.)  Ability to Extract Data  Insufficient - Reports showing single identity’s activity over 2 weeks  Required – Formatted file of all identities and all activity for all time May 27, 2012 VERIPHYR PROPRIETARY 6
  • 7. Cloud Providers’ Native Identity Mgmt?  Manage Each Cloud Separately? Cloud Consumer Cloud Provider Cloud Provider Cloud Provider Cloud Provider May 27, 2012 VERIPHYR PROPRIETARY 7
  • 8. IAM as a Service  Centralized federated identity across cloud vendors  Build in or contract requirements for support of standards like SAML, OpenID and Oauth Cloud Consumer IAM as a Service Cloud Provider Cloud Provider Cloud Provider Cloud Provider May 27, 2012 VERIPHYR PROPRIETARY 8
  • 9. Cloud Provider Compliance Reports?  Cloud facilitates departments use of “best of breed”  Need to integrate compliance reporting across many separate cloud vendors Cloud Consumer Cloud Provider Cloud Provider Cloud Provider Cloud Provider May 27, 2012 VERIPHYR PROPRIETARY 9
  • 10. Identity and Access Intelligence (IAI)  "Joining together data in identity and access management (IAM) systems and security logs with other data could be massively valuable to both IT and the business." - James Richardson, Gartner  Build or contract in the ability for bulk export of identity store info, logs (both access and activity), and key data (customers, patients, partners, etc). Identity and Access Cloud Consumer Intelligence Cloud Provider Cloud Provider Cloud Provider Cloud Provider May 27, 2012 VERIPHYR PROPRIETARY 10
  • 11. Identity and Access Intelligence (IAI)  “Access reports of users and applications are requirements in information security and IT governance, risk and compliance management programs, and Identity and Access Intelligence is needed to address those requirements.” – Gartner  Identifies policy violations - identity, rights, activity & data  Determines if policy violation have been exploited  Different from SIEM  SIEM focused on packets and IP addresses  IAI focused on people and data  Works across Cloud Providers  Audit (access and activity) log from all cloud applications  Identity stores from all IAM as a Service vendors  Patient, customer, partner data from applications such as HR May 27, 2012 VERIPHYR PROPRIETARY 11
  • 12. Revealing - User Access ≠ User’s Responsibilities User Access Activity Across Resources Resources Identity May 27, 2012 VERIPHYR PROPRIETARY 12
  • 13. Revealing - User Access ≠ User’s Responsibilities IAI Analytics Reveal Inappropriate Access Resources Identity May 27, 2012 VERIPHYR PROPRIETARY 13
  • 14. Summary  Goal of Access Governance and Compliance  User Access = User’s Responsibility  Cloud Changes Underlying Architecture  Need to “Build or Contract In”  Standards for IAM as a Service  Data Sources for Identity and Access Intelligence (IAI)  For more information contact me  anorquist@veriphyr.com  # 650.384.0560 May 27, 2012 VERIPHYR PROPRIETARY 14
  • 15. For more information  Whitepaper on IAM as a Service https://cloudsecurityalliance.org/research/  Whitepaper on Identity and Access Intelligence http://bit.ly/IAI-whitepaper Alan Norquist CEO, Veriphyr anorquist@veriphyr.com www.Veriphyr.com # 650.384.0560 May 27, 2012 VERIPHYR PROPRIETARY 15