3. Cloud computing
Why IAM?
IAM Challenges
IAM Definitions
IAM Architecture and Practice
Relevant IAM Standards and Protocols for Cloud Services
IAM Practices in the Cloud
Cloud Authorization Management
5. Employees and on-site contractors of an organization
accessing a SaaS service using identity federation (e.g., sales
and support staff members accessing Salesforce.com with
corporate identities and credentials)
IT administrators accessing the CSP management console
to provision resources and access for users using a corporate
identity (e.g., IT administrators of Newco.com provisioning
virtual machines or VMs in Amazon’s EC2 service, configured
with identities, entitlements, and credentials for operating
the VMs [i.e., start, stop, suspend, and delete VMs])
6. Developers creating accounts for partner users in a PaaS
platform (e.g., developers from Newco.com provisioning
accounts in Force.com for Partnerco.com employees contracted
to perform business process tasks for Newco.com)
End users accessing storage service in the cloud (e.g., Amazon
S3) and sharing files and objects with users, within and outside a
domain using access policy management features
An application residing in a cloud service provider (e.g.,
Amazon EC2) accessing storage from another cloud service (e.g.,
Mosso)
8. 1. One critical challenge of IAM concerns
managing access for diverse user populations
(employees, contractors, partners, etc.)
accessing internal and externally hosted
services. IT is constantly challenged to rapidly
provision appropriate access to the users
whose roles and responsibilities often change
for business reasons. Another issue is the
turnover of users within the organization.
IAM Challenges
10. Authorization is the process of determining the
privileges the user or system is entitled to once
the identity is established. In the context of
digital services, authorization usually follows the
authentication step and is used to determine
whether the user or service has the necessary
privileges to perform certain operations—in
other words, authorization is the process of
enforcing policies.
IAM Definitions
12. IAM is not a monolithic solution that can be easily deployed to
gain capabilities immediately. It is as much an aspect of
architecture as it is a collection of technology components,
processes, and standard practices. Standard enterprise IAM
architecture encompasses several layers of technology, services,
and processes.
At the core of the deployment architecture is a directory
service (such as LDAP or Active Directory) that acts as a
repository for the identity, credential, and user attributes of the
organization’s user pool.
20. Identity and Access Management
(IAM) is the security discipline that
enables the right individuals to access
the right resources at the right times
for the right reasons. IAM addresses
the mission-critical need to ensure
appropriate access to resources across
increasingly heterogeneous technology
environments.