Compliance & Identity access management
-
Upload
esc-rennes-school-of-business -
Category
Education
-
view
426 -
download
0
description
Transcript of Compliance & Identity access management
![Page 1: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/1.jpg)
Digital law and governance Identity & access management
Jacques Folon www.folon.com
Partner Edge Consulting
Maître de conférences Université de Liège Chargé de cours ICHEC Brussels Management School Professeur invité Université de Lorraine (Metz) ESC Rennes
http://www.nyls.edu/institute_for_information_law_and_policy/conferences/visualizing_law_in_the_digital_age/
![Page 2: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/2.jpg)
IAM
1. IAM? 2. Preset context? 3. IAM & cloud computing 4. Why is it useful and
mandatory? 5. To do list 6. IAM & privacy 7. IAM & control 8. e-‐discovery 9. Conclusion
![Page 3: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/3.jpg)
1. IAM ????
Provisioning
Single Sign On
PKIStrong
Authentication
Federation
Directories
Authorization
Secure Remote Access
Password Management
Web Services Security
Auditing &
Reporting
Role based Management
DRM
Source: Identity and Access Management: OverviewRafal Lukawiecki -‐ Strategic Consultant, Project Botticelli Ltd [email protected]
![Page 4: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/4.jpg)
![Page 5: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/5.jpg)
5 Questions to ask your CISO
![Page 6: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/6.jpg)
Q: What’s posted on this monitor?
a – password to financial application b – phone messages c – to-do’s
![Page 7: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/7.jpg)
Q: What determines your employee’s access?
a – give Alice whatever Wally has b – roles, attributes, and requests c – whatever her manager says
![Page 8: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/8.jpg)
Q: Who is the most privileged user in your enterprise?
a – security administrator b – CFO c – the summer intern who is now working
for your competitor
![Page 9: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/9.jpg)
Q: How secure is youridentity data?
a – It is in 18 different secured stores b – We protect the admin passwords c – Privacy? We don’t hold credit card
numbers
![Page 10: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/10.jpg)
Q: How much are manual compliance controls costing your organization?
a – nothing, no new headcount b – don’t ask c – don’t know
![Page 11: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/11.jpg)
Today’s IT Challenges
More Agile Business • More accessibility for employees, customers and partners • Higher level of B2B integrations • Faster reaction to changing requirements
More Secured Business • Organized crime • Identity theft • Intellectual property theft • Constant global threats
More Compliant Business • Increasing regulatory demands • Increasing privacy concerns • Business viability concerns
![Page 12: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/12.jpg)
State Of Security In Enterprise
• Incomplete • Multiple point solutions from many vendors • Disparate technologies that don’t work together
• Complex • Repeated point-to-point integrations • Mostly manual operations
• ‘Non-compliant’ • Difficult to enforce consistent set of policies • Difficult to measure compliance with those policies
![Page 13: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/13.jpg)
Identity Management Values
• Trusted and reliable security
• Efficient regulatory compliance
• Lower administrative and development costs
• Enable online business networks
• Better end-user experience
![Page 14: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/14.jpg)
15
IAM MEANS MANAGING THE EMPLOYEES LIFECYCLE (HIRING, RECRUITING, PROMOTION, CHANGE, LEAVING) AND THE
IMPACTS ON THE INFORMATION MANAGEMENT SYSTEM
source clusif
IAM is a legal obligation !
![Page 15: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/15.jpg)
• IAM IS DEFINED BY THE BUSINESS (RH, SCM, ETC.)
• AND • FOLLOWING THE LEGAL
FRAMEWORK • AND • TECHNICALLY IMPLEMENTED
16
IAM IS BUSINESS & ICT + LEGAL
source clusif
![Page 16: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/16.jpg)
17
IAM INCLUDES
• DATABASE OF ALL AND EVERY USER •DATABASE OF ALL TYPE OF PROFILES & ROLES •DEFINITION BEFOREHAND •DEFINE WICH ROLE FOR WICH EMPLOYEE •DEFINITION OF LOGIN & PASSWORDS •AUDIT •REPORTING •ACCESS CONTROL
source clusif
![Page 17: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/17.jpg)
• What is Identity Management ? “Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of digital identities.” The Burton Group (a research firm specializing in IT infrastructure for the enterprise)
• Identity Management in this sense is sometimes called “Identity and Access Management” (IAM)
Définition
![Page 18: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/18.jpg)
19
Identity and Access Management is the process for managing the lifecycle of digital identities and access for people, systems and services. This includes:
User Management – management of large, changing user populations along with delegated- and self-service administration.
Access Management – allows applications to authenticate users and allow access to resources based upon policy.
Provisioning and De-Provisioning – automates account propagation across applications and systems.
Audit and Reporting – review access privileges, validate changes, and manage accountability.
CA
IAM : J. Tony Goulding CISSP, ITIL CA t [email protected]
![Page 19: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/19.jpg)
IAM IN ESC…
• “MY NAME IS JULIE AND I AM A STUDENT.” (Identity)
• “this is my password.” (Authentification) • “I want an access to my account” (Authorization ok) • “I want to adapt my grade.” (Autorization rejected)
![Page 20: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/20.jpg)
What are the questions ?
• is this person the one she said she is?
• Is she a member of our group ? • Did she receive the necessary authorization ?
• Is data privacy OK?
![Page 21: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/21.jpg)
Type of questions for a newcomer
– Which kind of password? – Which activities are accepted? – Which are forbidden? – To which category this person belongs? – When do we have to give the authorization?? – What control do we need ? – Could we demonstrate in court our procedure?
![Page 22: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/22.jpg)
24
IAM triple A
AuthenticationWHO ARE YOU? Authorization / Access ControlWHAT CAN YOU DO? AuditWHAT HAVE YOU DONE?
24
![Page 23: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/23.jpg)
Components of IAM
• Administration – User Management – Password Management – Workflow – Delegation
• Access Management – Authentication – Authorization
• Identity Management – Account Provisioning – Account Deprovisioning – Synchronisation
Reliable Identity Data
Adm
inistr
ation
Aut
horiza
tion
Aut
hent
icat
ion
Source: Identity and Access Management: OverviewRafal Lukawiecki -‐ Strategic Consultant, Project Botticelli Ltd [email protected]
![Page 24: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/24.jpg)
2. Context in 2014
![Page 25: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/25.jpg)
28
various identity co-‐exists
![Page 26: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/26.jpg)
29
IRL & virtual identity
![Page 27: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/27.jpg)
• Internet is based on IP identification • everybody has different profiles • Each platform has a different authentification system
• Users are the weakest link • Cybercrime increases • Controls means identification • Data privacy imposes controls & security • e-‐discovery imposes ECM
Welcome to a digital world
![Page 28: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/28.jpg)
News…
![Page 29: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/29.jpg)
![Page 30: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/30.jpg)
Explosion of IDs
Pre 1980’s 1980’s 1990’s 2000’s
# of Digital IDs
Time
Applications
Mainframe
Client Server
Internet
Business Automation
Company (B2E)
Partners (B2B)
Customers (B2C)
Mobility
Source: Identity and Access Management: OverviewRafal Lukawiecki -‐ Strategic Consultant, Project Botticelli Ltd [email protected]
![Page 31: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/31.jpg)
The Disconnected Reality
• “Identity Chaos” – Many users – Many ID – Many log in & passwords – Multiple repositories of identity information – Multiple user IDs, multiple passwords
Enterprise Directory
HR
Infra Application
Office
In-House Application
External app
Finance
employee Application
•Authentication•Authorization•Identity Data
•Authentication•Authorization•Identity Data
•Authentication•Authorization•Identity Data
•Authentication•Authorization•Identity Data
•Authorization•Identity Data
•Authentication
•Authentication•Authorization•Identity Data
•Authentication•Authorization•Identity Data
Source: Identity and Access Management: OverviewRafal Lukawiecki -‐ Strategic Consultant, Project Botticelli Ltd [email protected]
![Page 32: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/32.jpg)
Your COMPANY and your EMPLOYEES
Your SUPPLIERS
Your PARTNERSYour REMOTE and VIRTUAL EMPLOYEES
Your CUSTOMERS
Customer satisfaction & customer intimacy Cost competitiveness Reach, personalization
Collaboration Outsourcing Faster business cycles; process automation Value chain
M&A Mobile/global workforce Flexible/temp workforce
Multiple Contexts
Source: Identity and Access Management: OverviewRafal Lukawiecki -‐ Strategic Consultant, Project Botticelli Ltd [email protected]
![Page 33: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/33.jpg)
Trends Impacting Identity
Increasing Threat Landscape Identity theft costs banks and credit card issuers $1.2 billion in 1 yr
•$250 billion lost from exposure of confidential info
Maintenance Costs Dominate IT Budget On average employees need access to 16 apps and systems
•Companies spend $20-30 per user per year for PW resets
Deeper Line of Business Automation and Integration One half of all enterprises have SOA under development
•Web services spending growing 45%
Rising Tide of Regulation and Compliance SOX, HIPAA, GLB, Basel II, 21 CFR Part 11, …
•$15.5 billion spend on compliance (analyst estimate)
Data Sources: Gartner, AMR Research, IDC, eMarketer, U.S. Department. of Justice
![Page 34: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/34.jpg)
37
![Page 35: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/35.jpg)
Business Owner
End UserIT Admin Developer Security/ Compliance
Too expensive to reach new partners, channels Need for control
Too many passwords Long waits for access to apps, resources
Too many user stores and account admin requests Unsafe sync scripts
Pain Points
Redundant code in each app Rework code too often
Too many orphaned accounts Limited auditing ability
Source: Identity and Access Management: OverviewRafal Lukawiecki -‐ Strategic Consultant, Project Botticelli Ltd [email protected]
![Page 36: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/36.jpg)
3. IAM & Cloud computing
![Page 37: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/37.jpg)
First, What the heck is Cloud Computing
First, what the heck is Cloud Computing?…in simple, plain English please!
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 38: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/38.jpg)
Let’s use a simple analogy Say you just moved to a city, and you’re looking for a nice
place to live
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 39: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/39.jpg)
You can either
Build a house or Rent an apartment
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 40: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/40.jpg)
If you build a house, there are a fewimportant decisions you have to make…
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 41: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/41.jpg)
How big is the house? are you planning to grow a large
family? Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 42: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/42.jpg)
Remodel, addition typically cost a lot more once the house is built
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 43: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/43.jpg)
But, you get a chance to
customize itRoof
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 44: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/44.jpg)
Once the house is built, you’re responsible for maintenance
Hire Landscaper
ElectricianPlumberPay property tax
ElectricityWater
Gutter CleaningHeating and Cooling House Keeping
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 45: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/45.jpg)
How about renting?
![Page 46: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/46.jpg)
Consider a builder in your city builds a Huge
number of apartment units Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 47: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/47.jpg)
A unit can easily be converted into a 2,3,4 or more units
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 48: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/48.jpg)
You make a fewer,
simpler decisions
You can start with one unit and grow later, or
downsize
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 49: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/49.jpg)
But…You do not
havea lot of
options to customize your unit Andy Harjanto I’m cloud confuse
d http://www.andyharjanto.com
![Page 50: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/50.jpg)
However, builders provide you with very high quality infrastructure
high speed Internet
high capacity electricity
triple pane windows
green materials
![Page 51: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/51.jpg)
No need to worry about maintenance
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 52: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/52.jpg)
Just pay your
rentand utilities
Pay as You Go
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 53: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/53.jpg)
Let’s translate to Cloud Computing?
![Page 54: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/54.jpg)
As an end-consumer, believe it or not
you’ve been using Cloud for long times
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 55: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/55.jpg)
most of them are
Free
![Page 56: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/56.jpg)
In return, you’re willing to give away
your information for ads and other purposes
![Page 57: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/57.jpg)
But you’ve been enjoying High Reliability Service
Limited Storage
Connecting, Sharing
![Page 58: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/58.jpg)
OK, Now tell that to the business owner
Give up your data, then
you can use this infrastructure for free
![Page 59: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/59.jpg)
Are You crazy?will answer the CEO
![Page 60: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/60.jpg)
My Business Needs…
SecurityPrivacy
ReliabilityHigh Availability
![Page 61: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/61.jpg)
Building EnterpriseSoftware
Stone WallFire-proofMoatArmy Death Hole
is like…. Building Medieval
Castle
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 62: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/62.jpg)
Let’s Hire an Army of IT Engineers
Software Upgrade Support
Backup/Restore
Service Pack
Development
Network issues
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 63: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/63.jpg)
Let’s BuildHuge Data
Center
Capacity Planning
Disaster Plan
Cooling Management
Server Crashes
Andy Harjanto I’m cloud confused http://www.andyharjanto.com
![Page 64: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/64.jpg)
Your data is replicated3 or 4 times in their data
center
High Availability
![Page 65: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/65.jpg)
Adding “servers” is a click away. Running in just minutes, not days
Hig
h Tr
affi
c?
![Page 66: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/66.jpg)
It can even load balance your server traffic
![Page 67: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/67.jpg)
Expect your Cloud
Networkis always up
![Page 68: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/68.jpg)
Yes, you can even pick where your data
and “servers” reside
Don’t forget data privacy issues
![Page 69: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/69.jpg)
So we know what Cloud is and the choice we have
![Page 70: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/70.jpg)
Cloud Computing: Definition
• No Unique Definition or General Consensus about what Cloud Computing is …
• Different Perspectives & Focuses (Platform, SW, Service Levels…)
• Flavours: – Computing and IT Resources Accessible Online – Dynamically Scalable Computing Power – Virtualization of Resources – Access to (potentially) Composable & Interchangeable Services – Abstraction of IT Infrastructure ! No need to understand its implementation: use Services & their APIs – Some current players, at the Infrastructure & Service Level: SalesfoRce.com, Google Apps, Amazon, Yahoo, Microsoft, IBM, HP, etc.
The Future of Identity in the Cloud: Requirements, Risks & OpportunitiesMarco Casassa Mont [email protected] HP Labs Systems Security Lab Bristol, UK - EEMA e-‐Identity Conference, 2009
![Page 71: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/71.jpg)
Cloud Computing: Implications
• Enterprise: Paradigm Shift from “Close & Controlled” IT Infrastructures and Services to
Externally Provided Services and IT Infrastructures
• Private User: Paradigm Shift from Accessing Static Set of Services to Dynamic & Composable
Services
• General Issues: – Potential Loss of Control (on Data, Infrastructure, Processes, etc.) – Data & Confidential Information Stored in The Clouds – Management of Identities and Access (IAM) in the Cloud – Compliance to Security Practice and Legislation – Privacy Management (Control, Consent, Revocation, etc.) – New Threat Environments – Reliability and Longevity of Cloud & Service Providers
The Future of Identity in the Cloud: Requirements, Risks & OpportunitiesMarco Casassa Mont [email protected] HP Labs Systems Security Lab Bristol, UK - EEMA e-‐Identity Conference, 2009
![Page 72: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/72.jpg)
Identity in the Cloud: Enterprise Case
Enterprise
Data Storage Service
Office Apps
On Demand CPUsPrinting
Service
Cloud Provider #1
Cloud Provider #2
Internal Cloud
CRM Service
…
Service 3
Backup Service ILM
ServiceService
Service
Service
Business Apps/Service
Employee
……
… The Internet
Identity & Credentials
Identity & Credentials
Identity & Credentials
Identity & Credentials
Identity & Credentials
Identity & Credentials
Identity & Credentials
Authentication Authorization Audit
Authentication Authorization Audit
Authentication Authorization Audit
Authentication Authorization Audit
User Account Provisioning/ De-‐provisioning
User Account Provisioning/ De-‐provisioning
User Account Provisioning/ De-‐provisioning
User Account Provisioning/ De-‐provisioning
Data & Confidential Information
Data & Confidential Information
Data & Confidential Information
Data & Confidential Information
IAM Capabilities and Services Can be Outsourced in The Cloud …
The Future of Identity in the Cloud: Requirements, Risks & OpportunitiesMarco Casassa Mont [email protected] HP Labs Systems Security Lab Bristol, UK - EEMA e-‐Identity Conference, 2009
![Page 73: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/73.jpg)
Identity in the Cloud: Enterprise Case
Issues and Risks [1/2]
• Potential Proliferation of Required Identities & Credentials to Access Services ! Misbehaviours when handling credentials (writing down, reusing, sharing, etc.)
• Complexity in correctly “enabling” Information Flows across boundaries ! Security Threats (Enterprise ! Cloud & Service Providers, Service Provider ! Service Provider, …_
• Propagation of Identity and Personal Information across Multiple Clouds/Services ! Privacy issues (e.g. compliance to multiple Legislations, Importance of Location, etc.) ! Exposure of business sensitive information (employees’ identities, roles, organisational structures, enterprise apps/services, etc.) ! How to effectively Control this Data?
• Delegation of IAM and Data Management Processes to Cloud and Service Providers ! How to get Assurance that these Processes and Security Practice are Consistent with Enterprise Policies? -‐ Recurrent problem for all Stakeholders: Enterprise, Cloud and Service Providers … ! Consistency and Integrity of User Accounts & Information across various Clouds/Services ! How to deal with overall Compliance and Governance issues?
The Future of Identity in the Cloud: Requirements, Risks & OpportunitiesMarco Casassa Mont [email protected] HP Labs Systems Security Lab Bristol, UK - EEMA e-‐Identity Conference, 2009
![Page 74: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/74.jpg)
Identity in the Cloud: Enterprise Case
Issues and Risks [2/2]
• Migration of Services between Cloud and Service Providers
! Management of Data Lifecycle
• Threats and Attacks in the Clouds and Cloud Services ! Cloud and Service Providers can be the “weakest links” in Security & Privacy ! Reliance on good security practice of Third Parties
The Future of Identity in the Cloud: Requirements, Risks & OpportunitiesMarco Casassa Mont [email protected] HP Labs Systems Security Lab Bristol, UK - EEMA e-‐Identity Conference, 2009
![Page 75: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/75.jpg)
4.Why do we need IAM?
•Security
•Compliance
•Cost control •Audit support •Access control
![Page 76: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/76.jpg)
Source: ftp://ftp.boulder.ibm.com/software/uk/productnews/tv/vh_-‐_access_and_identity_management.pdf
![Page 77: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/77.jpg)
cost reduction• Directory Synchronization
“Improved updating of user data: $185 per user/year” “Improved list management: $800 per list” -‐ Giga Information Group
• Password Management “Password reset costs range from $51 (best case) to $147 (worst case) for labor alone.” – Gartner
• User Provisioning “Improved IT efficiency: $70,000 per year per 1,000 managed users” “Reduced help desk costs: $75 per user per year” -‐ Giga Information Group
![Page 78: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/78.jpg)
Can We Just Ignore It All?
• Today, average corporate user spends 16 minutes a day logging on
• A typical home user maintains 12-‐18 identities
• Number of phishing sites grew over 1600% over the past year
• Corporate IT Ops manage an average of 73 applications and 46 suppliers, often with individual directories
• Regulators are becoming stricter about compliance and auditing
• Orphaned accounts and identities lead to security problems
Source: Microsoft’s internal research and Anti-‐phishing Working Group
![Page 79: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/79.jpg)
IAM Benefits
Benefits to take you forward (Strategic)
Benefits today (Tactical)
Save money and improve operational efficiency
Improved time to deliver applications and service
Enhance Security
Regulatory Compliance and Audit
New ways of working
Improved time to market
Closer Supplier, Customer, Partner and Employee relationships
Source: Identity and Access Management: OverviewRafal Lukawiecki -‐ Strategic Consultant, Project Botticelli Ltd [email protected]
![Page 80: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/80.jpg)
5. IAM to do list
• Automatic account management
• Archiving • Data privacy • Compliance • Securiry VS Risks • user identification • E-‐business • M2M
![Page 81: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/81.jpg)
52
the triangle
![Page 82: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/82.jpg)
6. Data protection
![Page 83: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/83.jpg)
Source : https://www.britestream.com/difference.html.
![Page 84: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/84.jpg)
need to check
![Page 85: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/85.jpg)
legal limits
![Page 86: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/86.jpg)
data controller responsibility
![Page 87: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/87.jpg)
teleworking
![Page 88: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/88.jpg)
data theft
![Page 89: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/89.jpg)
89
![Page 90: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/90.jpg)
![Page 91: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/91.jpg)
7. IAM & control
![Page 92: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/92.jpg)
![Page 93: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/93.jpg)
data transfer
![Page 94: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/94.jpg)
• limitation of control
• Private email
• penalties
• who controls
![Page 95: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/95.jpg)
• security is mandatory !
![Page 96: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/96.jpg)
• technical security – Risk analysis – Back-‐up – desaster recovery – identity management – Strong login & passwords
![Page 97: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/97.jpg)
• legal security – information in the employment contracts
– Contracts with subcontractors
– Code of conduct
– Compliance
– Control of the employees
![Page 98: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/98.jpg)
Control ?
![Page 99: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/99.jpg)
8. E-‐discovery
![Page 100: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/100.jpg)
Definition of e-‐discovery
• Electronic discovery (or e-‐discovery) refers to discovery in civil litigation which deals with information in electronic format also referred to as Electronically Stored Information (ESI).
• It means the collection, preparation, review and production of electronic documents in litigation discovery.
• Any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case
• This includes e-‐mail, attachments, and other data stored on a computer, network, backup or other storage media. e-‐Discovery includes metadata.
![Page 101: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/101.jpg)
Recommandations
Organizations should update and/or create information management policies and procedures that include: – e-‐mail retention policies, On an individual level, employees tend to
keep information on their hard drives “just in case” they might need it.
– Work with users to rationalize their storage requirements and decrease their storage budget.
– off-‐line and off-‐site data storage retention policies, – controls defining which users have access to which systems andunder
what circumstances, – instructions for how and where users can store data, and • backup
and recovery procedures. – Assessments or surveys should be done to identify business functions,
data repositories, and the systems that support them. – Legal must be consulted. Organizations and their legal teams should
work together to create and/or update their data retention policies and procedures for managing litigation holds.
![Page 102: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/102.jpg)
9. Conclusion
• IAM is a legal question, not only business & IT
• compliance is important
• More security due to
– Cloud computing
– Virtualisation
– Data privacy
– archiving
• Transparency
• E-‐discovery
![Page 103: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/103.jpg)
IAM could be an opportunity
• Rethink security
• risks reduction
• costs reduction
• precise roles & responsibilities
![Page 104: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/104.jpg)
104http://www.novell.com/docrep/2013/09/The_Forrester_Wave_IAM_9_4_13.pdf
![Page 105: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/105.jpg)
105
http://ts.fujitsu.com/rl/Fujitsu_Forum_2013/documentation/BOSB110a_20131030_v3_final_Security.pdf
![Page 106: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/106.jpg)
Any question?
![Page 107: Compliance & Identity access management](https://reader033.fdocuments.in/reader033/viewer/2022052413/55980f4a1a28ab431f8b4577/html5/thumbnails/107.jpg)
Jacques Folon [email protected]