Cloud Identity & Access
The Cornerstones of Information Security in the Cloud
Information Security in the Cloud - that's in fact moving towards a location-independent and provider-independent approach for information security. In the days of on-premise only IT (plus maybe an outsourcer), the focus could be on securing the network and the device. In these days where IT services are a mix of on-premise, private and public cloud services - i.e. in days where things become hybrid - we can't rely on network or system security. We don't really know where our data remains and where services are run. The cloud sprawl, with chains of providers like your SaaS provider relying for example on Amazon Web Services, leads to a situation where we have to re-think the approach in Information Security.
The most important cornerstone is to move from system, network, device security towards information-centric security, which we might name "real Information Security". Another one is understanding Information Security as an initiative which isn't focused on technologies first of all, but on understanding risks, contracts and other aspects. Another important cornerstone is, without any doubt, the identity. We have to deal with more identities and with persons using different identities. Identity and Access Management is a key element in Information Security in, for, and with the Cloud.
There are many other aspects. In this session, we will provide our view on the future of Information Security - an approach that works seamless for the hybrid world of today and tomorrow, from classical on-premise IT to the public Clouds.
Extending your Identity & Access Management into the Cloud
Identity management across multiple SaaS (software-as-a-Service) applications as well as on-premise systems is a challenge to most enterprises. Challenges in Identity Management in the cloud, simply goes beyond how we do authentication, authorization and auditing right. Cross domain authentication, provisioning, interoperability, multi-tenancy, delegation and security are few challenges to name. The best way to preserve interoperability is to adhere to open standards. Lots of proprietary standards came a long way, but at the time they felt a larger audience is needed and interactions with other systems, those became open standards. SAML2 Web SSO, OpenID, OAuth are some popular open standards, widely used across many cloud providers for authenticating users while facilitating identity portability. WS-Trust, WS-Federation used to cater the same aspect while dealing with systems. XACML is another open standard, which is considered to be the de-facto standard for authorization. It facilitates fine-grained authorization in a policy driven manner. Provisioning is also an important aspect in a cloud identity management system. SPML failed to be the de-facto standard for provisioning due to its heavyweight nature and being bias to SOAP. The latest emerging standard for provisioning is SCIM, which is still in progress at the specification level, but looks promising.
Is SCIM a Scam?
A short introduction into the concepts of the Simple Cloud Identity Management (SCIM) Standard and why we may need it.
Simple Cloud Identity Management (SCIM)
SCIM (Simple Cloud Identity Management) is one of the most popular standards in IAM these days. I shall replace SPML (Simple Provisioning Markup Language), building on a REST-based API. However the question remains whether it is more about porting the type of API or really a breakthrough for provisioning to the cloud. And the question remains whether it really will become adopted as a mainstream approach. Besides this, any good standard supports all of IT, not only the cloud. So what does SCIM provide for the on-premise IT?
Why you should not believe in Cloud-only Solutions
Years ago, when the cloud became popular, KuppingerCole published a Cloud Roadmap with a simple target: One IT, not a separation of Cloud IT and On-Premise IT. However, there are still many offerings which are cloud-only, even while it is obvious that the reality for most organizations will remain hybrid. That’s true for many areas of IT, including IAM. There are also offerings for that. But is there really a value in solutions which only support the cloud? When do you need them, if at all? Which integration should cloud-based IAM solutions provide? And how might your future look like, if you focus on the One IT/One IAM approach but still have to rely on cloud-based solutions for example for an easier integration of external users like your customers and for using different types of Saas? That’s what you’ll learn in that session.
Cloud Identity Services - Models and Challenges
As the software-as-a-service (SaaS) market explodes, more and more organizations struggle to gain control over their user’s identities in the cloud. Some are also exploring outsourcing their identity and access management (IAM) functions to the cloud.
There are three architectural models for implementing cloud identity services:
In this session, we will discuss the key architectural, platform, integration, security, scalability and reliability issues which organizations seeking to adopt cloud-based identity need to consider, including the increasingly significant role that Cloud Identity Broker/Cloud Security Broker technology is playing. The discussion will also assess current and evolving technology and industry standards available for managing SaaS account provisioning/de-provisioning, single sign-on, strong authentication, and other identity operations.
When you finish this session, you will have a framework for analyzing the state of today’s technology options and selecting the most appropriate architectural platform to meet your businesses identity requirements in the cloud.