SlideShare una empresa de Scribd logo

CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?

CloudIDSummit
CloudIDSummit

The cloud provides scalability and flexibility but also poses security challenges for enterprises with strict requirements. It discusses security needs like privacy, compliance, authentication, authorization and access controls. Advanced techniques are needed like attribute-based access control policies and metadata tagging to enable fine-grained security. Standards-based solutions can help meet enterprise needs and facilitate secure collaboration while enabling migration of workloads to the cloud.

Tecnología
1 de 20
Descargar para leer sin conexión
Is The Cloud Ready for Enterprise Security Requirements? John Tolbert
The Cloud A Huge Success Story Rent what you need, rather than buy Simplify data center management Scalable Fast provisioning and de-provisioning
Security Requirements Consumer Privacy Regulatory compliance SOX HIPAA Export regulations
More Security Requirements Intellectual Property Licensing and Collaboration Background and Foreground IP Trade Secret Protection High Security / High Assurance NIST 800-63 Level 3 and 4 authentication Fine-grained access controls Need-to-know
Authorization is like fashion Informal Attire For a Day at The Lake
Admission to certain venues requires formal wear http://upload.wikimedia.org/wikipedia/commons/3/39/MITO_Orchestra_Sinfonica_RAI.jpg
Access Control X OK
Organizations need to collaborate with business partners The cloud is a natural place for collaboration Easy to set up workspaces as needed Identity management can be a combination of federated identities for those with robust IAM infrastructures and cloud-managed identities for business partners without the heavy-duty IAM infrastructures Protecting intellectual property in collaborative environments can be a challenge
Enterprise IAM infrastructure in place LDAP SAML XACML PAP Enterprise IAM Infrastructure SSO XACML PEP XACML PDP The Cloud SaaS IaaS PaaS File Repositories Web Apps Cloud IAM Enterprise Applications SCIM
Evolution of access controls Time IAM Solution Complexity Evolves To Meet Scalability and Granularity Requirements Users Groups RBAC ABAC PBAC
Union of Attribute and Policy Policy Attribute Based Access Control
Policy/Attribute-based access control XACML for consistent attribute-based access control in both the cloud and on-premise infrastructure Profiles for privacy, export controls, intellectual property controls, and data loss prevention Interoperability at the transport layer Can facilitate the migration to Mandatory Access Control (MAC) model
Fine-grained Authorization Subject identity is just one variable in the authorization equation Resources have identities too! Resource attributes must also be evaluated in runtime authorization decisions Subject Resource Environment Action
Fine-grained AuthZ Two major categories of data necessitate two different approaches: Unstructured data: standardized metadata tags on data objects Structured data: policy-based access controls applied via SQL and web application proxies Backend Attribute Exchange: one domain trusts another to provide authoritative attributes for authenticated users
Metadata tagging and AuthZ Create Document Content Analysis Metadata Application XACML PEP XACML PDP By United States Air Force.718 Bot at en.wikipedia [Public domain], from Wikimedia Commons http://upload.wikimedia.org/wikipedia/commons/6/62/1948_Top_Secret_USAF_UFO_extraterrestrial_document.png Read Metadata Class: Top Secret Decision Pass Metadata as Resource Attributes LDAP Subject User Subject Attributes
Policy-based SQL and application proxies LDAP XACML PAP SQL/ XACML PEP XACML PDP Thick Client App DB Web App WAF/XACML PEP DB Certain row/column Results match policies Certain application Actions match policies
Backend Attribute Exchange User authenticates in Domain A Domain B SSO gets attributes from Domain A User receives access in Domain B User requests access to resource in Domain B Assumption: Domain B trusts that Domain A is authoritative for specific attributes about users originating from there. SSO LDAP SAML SSO SSO SAML SSO Web App 1 2 4 3 5 6 7 8 9
Mandatory Access Control Gov't Classification Commercial Analogs Unclassified Public Domain Confidential Confidential Secret Competition Sensitive / Restricted Top Secret Limited Distribution No Read Up No Write Down Bell-LaPadula No Read Down No Write Up Biba Integrity
Compliance Monitoring and Risk Management Standardized authentication and authorization mechanisms for consistent enforcement and reporting Integration with Security Incident and Event Management for real-time alerting Integration with GRC software
Conclusion Is the cloud ready for enterprise security? Yes, some providers offer solutions in most areas described above. Cloud service providers will capture more customers with high security service offerings Resource identities (attributes) are just as important in access control decisions as subject identities

Recomendados

0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrity0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrityVishwas Manral
 
The Enterprise File Fabric for Vecima MediaScaleX
The Enterprise File Fabric for Vecima MediaScaleXThe Enterprise File Fabric for Vecima MediaScaleX
The Enterprise File Fabric for Vecima MediaScaleXHybrid Cloud
 
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and ShareThe Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and ShareHybrid Cloud
 
The Enterprise File Fabric for OpenIO
The Enterprise File Fabric for OpenIOThe Enterprise File Fabric for OpenIO
The Enterprise File Fabric for OpenIOHybrid Cloud
 
The Enterprise File Fabric for Scality
The Enterprise File Fabric for ScalityThe Enterprise File Fabric for Scality
The Enterprise File Fabric for ScalityHybrid Cloud
 
The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)
The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)
The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)Hybrid Cloud
 
Guide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaGuide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaAlibaba Cloud
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Dock 365
 

Recomendados

0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrity0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrityVishwas Manral
 
The Enterprise File Fabric for Vecima MediaScaleX
The Enterprise File Fabric for Vecima MediaScaleXThe Enterprise File Fabric for Vecima MediaScaleX
The Enterprise File Fabric for Vecima MediaScaleXHybrid Cloud
 
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and ShareThe Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and ShareHybrid Cloud
 
The Enterprise File Fabric for OpenIO
The Enterprise File Fabric for OpenIOThe Enterprise File Fabric for OpenIO
The Enterprise File Fabric for OpenIOHybrid Cloud
 
The Enterprise File Fabric for Scality
The Enterprise File Fabric for ScalityThe Enterprise File Fabric for Scality
The Enterprise File Fabric for ScalityHybrid Cloud
 
The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)
The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)
The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)Hybrid Cloud
 
Guide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaGuide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaAlibaba Cloud
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Dock 365
 
Victoria SPUG - Building Applications with SharePoint Search
Victoria SPUG - Building Applications with SharePoint SearchVictoria SPUG - Building Applications with SharePoint Search
Victoria SPUG - Building Applications with SharePoint SearchAndy Hopkins
 
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find Them
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find ThemFantastic Beasts (aka Cloud Audit Issues) and Where to Find Them
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find ThemSuvabrata Sinha
 
Data Loss Prevention in Office 365
Data Loss Prevention in Office 365Data Loss Prevention in Office 365
Data Loss Prevention in Office 365CloudFronts Technologies LLP.
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
 
Cloudciti Enterprise File Share Services
Cloudciti Enterprise File Share ServicesCloudciti Enterprise File Share Services
Cloudciti Enterprise File Share ServicesPT Datacomm Diangraha
 
Solving Real Problems Using Linked Data
Solving Real Problems Using Linked DataSolving Real Problems Using Linked Data
Solving Real Problems Using Linked DataKingsley Uyi Idehen
 
Content Collaboration - Prevent data loss in a global digital future
Content Collaboration - Prevent data loss in a global digital futureContent Collaboration - Prevent data loss in a global digital future
Content Collaboration - Prevent data loss in a global digital futureAxway
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Radhakrishnan Govindan
 
Sensitivity for Groups, Teams, and SharePoint
Sensitivity for Groups, Teams, and SharePointSensitivity for Groups, Teams, and SharePoint
Sensitivity for Groups, Teams, and SharePointDrew Madelung
 
What's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management ServicesWhat's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management ServicesUL Transaction Security
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial servicesMoshe Ferber
 
Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Kingsley Uyi Idehen
 
J017547478
J017547478J017547478
J017547478IOSR Journals
 
Enterprise File Fabric for Igneous
Enterprise File Fabric for IgneousEnterprise File Fabric for Igneous
Enterprise File Fabric for IgneousHybrid Cloud
 
Case Study for Ego-centric Citation Network
Case Study for Ego-centric Citation NetworkCase Study for Ego-centric Citation Network
Case Study for Ego-centric Citation NetworkMike Taylor
 
Linked Data Spaces, Data Portability & Access
Linked Data Spaces, Data Portability & AccessLinked Data Spaces, Data Portability & Access
Linked Data Spaces, Data Portability & AccessKingsley Uyi Idehen
 
Vistatec
VistatecVistatec
VistatecTAUS - The Language Data Network
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125Gabor Bokor
 
Visual Online - Cloud Computing - 4 Mars 2011
Visual Online - Cloud Computing - 4 Mars 2011Visual Online - Cloud Computing - 4 Mars 2011
Visual Online - Cloud Computing - 4 Mars 2011Francisco Malpica
 
Single sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceSingle sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceCA API Management
 
OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptwebhostingguy
 

Más contenido relacionado

La actualidad más candente

Victoria SPUG - Building Applications with SharePoint Search
Victoria SPUG - Building Applications with SharePoint SearchVictoria SPUG - Building Applications with SharePoint Search
Victoria SPUG - Building Applications with SharePoint SearchAndy Hopkins
 
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find Them
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find ThemFantastic Beasts (aka Cloud Audit Issues) and Where to Find Them
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find ThemSuvabrata Sinha
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
 
Cloudciti Enterprise File Share Services
Cloudciti Enterprise File Share ServicesCloudciti Enterprise File Share Services
Cloudciti Enterprise File Share ServicesPT Datacomm Diangraha
 
Solving Real Problems Using Linked Data
Solving Real Problems Using Linked DataSolving Real Problems Using Linked Data
Solving Real Problems Using Linked DataKingsley Uyi Idehen
 
Content Collaboration - Prevent data loss in a global digital future
Content Collaboration - Prevent data loss in a global digital futureContent Collaboration - Prevent data loss in a global digital future
Content Collaboration - Prevent data loss in a global digital futureAxway
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Radhakrishnan Govindan
 
Sensitivity for Groups, Teams, and SharePoint
Sensitivity for Groups, Teams, and SharePointSensitivity for Groups, Teams, and SharePoint
Sensitivity for Groups, Teams, and SharePointDrew Madelung
 
What's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management ServicesWhat's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management ServicesUL Transaction Security
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial servicesMoshe Ferber
 
Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Kingsley Uyi Idehen
 
Enterprise File Fabric for Igneous
Enterprise File Fabric for IgneousEnterprise File Fabric for Igneous
Enterprise File Fabric for IgneousHybrid Cloud
 
Case Study for Ego-centric Citation Network
Case Study for Ego-centric Citation NetworkCase Study for Ego-centric Citation Network
Case Study for Ego-centric Citation NetworkMike Taylor
 
Linked Data Spaces, Data Portability & Access
Linked Data Spaces, Data Portability & AccessLinked Data Spaces, Data Portability & Access
Linked Data Spaces, Data Portability & AccessKingsley Uyi Idehen
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125Gabor Bokor
 
Visual Online - Cloud Computing - 4 Mars 2011
Visual Online - Cloud Computing - 4 Mars 2011Visual Online - Cloud Computing - 4 Mars 2011
Visual Online - Cloud Computing - 4 Mars 2011Francisco Malpica
 

La actualidad más candente (20)

Victoria SPUG - Building Applications with SharePoint Search
Victoria SPUG - Building Applications with SharePoint SearchVictoria SPUG - Building Applications with SharePoint Search
Victoria SPUG - Building Applications with SharePoint Search
 
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find Them
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find ThemFantastic Beasts (aka Cloud Audit Issues) and Where to Find Them
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find Them
 
Data Loss Prevention in Office 365
Data Loss Prevention in Office 365Data Loss Prevention in Office 365
Data Loss Prevention in Office 365
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...
 
Cloudciti Enterprise File Share Services
Cloudciti Enterprise File Share ServicesCloudciti Enterprise File Share Services
Cloudciti Enterprise File Share Services
 
Solving Real Problems Using Linked Data
Solving Real Problems Using Linked DataSolving Real Problems Using Linked Data
Solving Real Problems Using Linked Data
 
Content Collaboration - Prevent data loss in a global digital future
Content Collaboration - Prevent data loss in a global digital futureContent Collaboration - Prevent data loss in a global digital future
Content Collaboration - Prevent data loss in a global digital future
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)
 
Sensitivity for Groups, Teams, and SharePoint
Sensitivity for Groups, Teams, and SharePointSensitivity for Groups, Teams, and SharePoint
Sensitivity for Groups, Teams, and SharePoint
 
What's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management ServicesWhat's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management Services
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial services
 
Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls
 
J017547478
J017547478J017547478
J017547478
 
Enterprise File Fabric for Igneous
Enterprise File Fabric for IgneousEnterprise File Fabric for Igneous
Enterprise File Fabric for Igneous
 
Case Study for Ego-centric Citation Network
Case Study for Ego-centric Citation NetworkCase Study for Ego-centric Citation Network
Case Study for Ego-centric Citation Network
 
Linked Data Spaces, Data Portability & Access
Linked Data Spaces, Data Portability & AccessLinked Data Spaces, Data Portability & Access
Linked Data Spaces, Data Portability & Access
 
Vistatec
VistatecVistatec
Vistatec
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
 
Visual Online - Cloud Computing - 4 Mars 2011
Visual Online - Cloud Computing - 4 Mars 2011Visual Online - Cloud Computing - 4 Mars 2011
Visual Online - Cloud Computing - 4 Mars 2011
 

Destacado

Single sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceSingle sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceCA API Management
 
OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptwebhostingguy
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesHitachi ID Systems, Inc.
 
Oracle 4월 20일
Oracle 4월 20일Oracle 4월 20일
Oracle 4월 20일Cana Ko
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseCA API Management
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
 
CIS13: Externalized Authorization from the Developer’s Perspective
CIS13: Externalized Authorization from the Developer’s PerspectiveCIS13: Externalized Authorization from the Developer’s Perspective
CIS13: Externalized Authorization from the Developer’s PerspectiveCloudIDSummit
 
CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CloudIDSummit
 
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile AppsCIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile AppsCloudIDSummit
 
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding EdgeCIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding EdgeCloudIDSummit
 
CIS14: From Card to Mobile—Evolving Identity Credentials
CIS14: From Card to Mobile—Evolving Identity CredentialsCIS14: From Card to Mobile—Evolving Identity Credentials
CIS14: From Card to Mobile—Evolving Identity CredentialsCloudIDSummit
 
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and Identities
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and IdentitiesCIS14: Identity Therapy: Surviving the Explosion of Users, Access and Identities
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and IdentitiesCloudIDSummit
 
CIS14: Double Trouble—Managing Growth
CIS14: Double Trouble—Managing GrowthCIS14: Double Trouble—Managing Growth
CIS14: Double Trouble—Managing GrowthCloudIDSummit
 
CIS14: Global Trends in BYOID
CIS14: Global Trends in BYOIDCIS14: Global Trends in BYOID
CIS14: Global Trends in BYOIDCloudIDSummit
 
CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding Edge
CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding EdgeCIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding Edge
CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding EdgeCloudIDSummit
 
CIS14: Why Federated Access Needs a Federated Identity
CIS14: Why Federated Access Needs a Federated IdentityCIS14: Why Federated Access Needs a Federated Identity
CIS14: Why Federated Access Needs a Federated IdentityCloudIDSummit
 
CIS14: Knowing vs. Asking: Innovation in User Recognition
CIS14: Knowing vs. Asking: Innovation in User RecognitionCIS14: Knowing vs. Asking: Innovation in User Recognition
CIS14: Knowing vs. Asking: Innovation in User RecognitionCloudIDSummit
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
CIS13: Bootcamp: PingOne as a Simple Identity Service
CIS13: Bootcamp: PingOne as a Simple Identity ServiceCIS13: Bootcamp: PingOne as a Simple Identity Service
CIS13: Bootcamp: PingOne as a Simple Identity ServiceCloudIDSummit
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CloudIDSummit
 

Destacado (20)

Single sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceSingle sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConference
 
OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.ppt
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
 
Oracle 4월 20일
Oracle 4월 20일Oracle 4월 20일
Oracle 4월 20일
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
 
CIS13: Externalized Authorization from the Developer’s Perspective
CIS13: Externalized Authorization from the Developer’s PerspectiveCIS13: Externalized Authorization from the Developer’s Perspective
CIS13: Externalized Authorization from the Developer’s Perspective
 
CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)
 
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile AppsCIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
 
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding EdgeCIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
 
CIS14: From Card to Mobile—Evolving Identity Credentials
CIS14: From Card to Mobile—Evolving Identity CredentialsCIS14: From Card to Mobile—Evolving Identity Credentials
CIS14: From Card to Mobile—Evolving Identity Credentials
 
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and Identities
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and IdentitiesCIS14: Identity Therapy: Surviving the Explosion of Users, Access and Identities
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and Identities
 
CIS14: Double Trouble—Managing Growth
CIS14: Double Trouble—Managing GrowthCIS14: Double Trouble—Managing Growth
CIS14: Double Trouble—Managing Growth
 
CIS14: Global Trends in BYOID
CIS14: Global Trends in BYOIDCIS14: Global Trends in BYOID
CIS14: Global Trends in BYOID
 
CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding Edge
CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding EdgeCIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding Edge
CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding Edge
 
CIS14: Why Federated Access Needs a Federated Identity
CIS14: Why Federated Access Needs a Federated IdentityCIS14: Why Federated Access Needs a Federated Identity
CIS14: Why Federated Access Needs a Federated Identity
 
CIS14: Knowing vs. Asking: Innovation in User Recognition
CIS14: Knowing vs. Asking: Innovation in User RecognitionCIS14: Knowing vs. Asking: Innovation in User Recognition
CIS14: Knowing vs. Asking: Innovation in User Recognition
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
 
CIS13: Bootcamp: PingOne as a Simple Identity Service
CIS13: Bootcamp: PingOne as a Simple Identity ServiceCIS13: Bootcamp: PingOne as a Simple Identity Service
CIS13: Bootcamp: PingOne as a Simple Identity Service
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
 

Similar a CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?

Multi-tenancy In the Cloud
Multi-tenancy In the CloudMulti-tenancy In the Cloud
Multi-tenancy In the Cloudsdevillers
 
SwiftKnowledge Multitenancy
SwiftKnowledge MultitenancySwiftKnowledge Multitenancy
SwiftKnowledge MultitenancyPivotLogix
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huangKen Huang
 
Intro To Cloud Computing
Intro To Cloud ComputingIntro To Cloud Computing
Intro To Cloud Computingprakashjjaya
 
The Journey to the Hybrid Multi Cloud
The Journey to the Hybrid Multi CloudThe Journey to the Hybrid Multi Cloud
The Journey to the Hybrid Multi CloudIdan Tohami
 
Citrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseCitrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseDigicomp Academy AG
 
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...Amazon Web Services
 
Spca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackieSpca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackieNCCOMMS
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxTrongMinhHoang1
 
[Cloud Summit 2010] Peter Coffee - Sales Force
[Cloud Summit 2010] Peter Coffee - Sales Force[Cloud Summit 2010] Peter Coffee - Sales Force
[Cloud Summit 2010] Peter Coffee - Sales ForceTecla Internet
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud ServicesDavid J Rosenthal
 
Advancing Cloud Initiatives and Removing Barriers to Adoption
Advancing Cloud Initiatives and Removing Barriers to AdoptionAdvancing Cloud Initiatives and Removing Barriers to Adoption
Advancing Cloud Initiatives and Removing Barriers to AdoptionRightScale
 
10280_ShareFileEnterpriseSecurity_HR
10280_ShareFileEnterpriseSecurity_HR10280_ShareFileEnterpriseSecurity_HR
10280_ShareFileEnterpriseSecurity_HRMark Howell
 
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followO365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followNCCOMMS
 
Charting a path to the cloud final
Charting a path to the cloud finalCharting a path to the cloud final
Charting a path to the cloud finalScott Clinton
 

Similar a CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements? (20)

Multi-tenancy In the Cloud
Multi-tenancy In the CloudMulti-tenancy In the Cloud
Multi-tenancy In the Cloud
 
SwiftKnowledge Multitenancy
SwiftKnowledge MultitenancySwiftKnowledge Multitenancy
SwiftKnowledge Multitenancy
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huang
 
Intro To Cloud Computing
Intro To Cloud ComputingIntro To Cloud Computing
Intro To Cloud Computing
 
The Journey to the Hybrid Multi Cloud
The Journey to the Hybrid Multi CloudThe Journey to the Hybrid Multi Cloud
The Journey to the Hybrid Multi Cloud
 
Citrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseCitrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile Enterprise
 
Hadoop and Big Data Security
Hadoop and Big Data SecurityHadoop and Big Data Security
Hadoop and Big Data Security
 
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
 
Spca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackieSpca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackie
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
 
Hybrid Cloud Strategy for Big Data and Analytics
Hybrid Cloud Strategy for Big Data and Analytics Hybrid Cloud Strategy for Big Data and Analytics
Hybrid Cloud Strategy for Big Data and Analytics
 
[Cloud Summit 2010] Peter Coffee - Sales Force
[Cloud Summit 2010] Peter Coffee - Sales Force[Cloud Summit 2010] Peter Coffee - Sales Force
[Cloud Summit 2010] Peter Coffee - Sales Force
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud Services
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Advancing Cloud Initiatives and Removing Barriers to Adoption
Advancing Cloud Initiatives and Removing Barriers to AdoptionAdvancing Cloud Initiatives and Removing Barriers to Adoption
Advancing Cloud Initiatives and Removing Barriers to Adoption
 
10280_ShareFileEnterpriseSecurity_HR
10280_ShareFileEnterpriseSecurity_HR10280_ShareFileEnterpriseSecurity_HR
10280_ShareFileEnterpriseSecurity_HR
 
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followO365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to follow
 
Charting a path to the cloud final
Charting a path to the cloud finalCharting a path to the cloud final
Charting a path to the cloud final
 

Más de CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

Más de CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Último

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 

Último (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 

CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?

  • 1. Is The Cloud Ready for Enterprise Security Requirements? John Tolbert
  • 2. The Cloud A Huge Success Story Rent what you need, rather than buy Simplify data center management Scalable Fast provisioning and de-provisioning
  • 3. Security Requirements Consumer Privacy Regulatory compliance SOX HIPAA Export regulations
  • 4. More Security Requirements Intellectual Property Licensing and Collaboration Background and Foreground IP Trade Secret Protection High Security / High Assurance NIST 800-63 Level 3 and 4 authentication Fine-grained access controls Need-to-know
  • 5. Authorization is like fashion Informal Attire For a Day at The Lake
  • 6. Admission to certain venues requires formal wear http://upload.wikimedia.org/wikipedia/commons/3/39/MITO_Orchestra_Sinfonica_RAI.jpg
  • 8. Organizations need to collaborate with business partners The cloud is a natural place for collaboration Easy to set up workspaces as needed Identity management can be a combination of federated identities for those with robust IAM infrastructures and cloud-managed identities for business partners without the heavy-duty IAM infrastructures Protecting intellectual property in collaborative environments can be a challenge
  • 9. Enterprise IAM infrastructure in place LDAP SAML XACML PAP Enterprise IAM Infrastructure SSO XACML PEP XACML PDP The Cloud SaaS IaaS PaaS File Repositories Web Apps Cloud IAM Enterprise Applications SCIM
  • 10. Evolution of access controls Time IAM Solution Complexity Evolves To Meet Scalability and Granularity Requirements Users Groups RBAC ABAC PBAC
  • 11. Union of Attribute and Policy Policy Attribute Based Access Control
  • 12. Policy/Attribute-based access control XACML for consistent attribute-based access control in both the cloud and on-premise infrastructure Profiles for privacy, export controls, intellectual property controls, and data loss prevention Interoperability at the transport layer Can facilitate the migration to Mandatory Access Control (MAC) model
  • 13. Fine-grained Authorization Subject identity is just one variable in the authorization equation Resources have identities too! Resource attributes must also be evaluated in runtime authorization decisions Subject Resource Environment Action
  • 14. Fine-grained AuthZ Two major categories of data necessitate two different approaches: Unstructured data: standardized metadata tags on data objects Structured data: policy-based access controls applied via SQL and web application proxies Backend Attribute Exchange: one domain trusts another to provide authoritative attributes for authenticated users
  • 15. Metadata tagging and AuthZ Create Document Content Analysis Metadata Application XACML PEP XACML PDP By United States Air Force.718 Bot at en.wikipedia [Public domain], from Wikimedia Commons http://upload.wikimedia.org/wikipedia/commons/6/62/1948_Top_Secret_USAF_UFO_extraterrestrial_document.png Read Metadata Class: Top Secret Decision Pass Metadata as Resource Attributes LDAP Subject User Subject Attributes
  • 16. Policy-based SQL and application proxies LDAP XACML PAP SQL/ XACML PEP XACML PDP Thick Client App DB Web App WAF/XACML PEP DB Certain row/column Results match policies Certain application Actions match policies
  • 17. Backend Attribute Exchange User authenticates in Domain A Domain B SSO gets attributes from Domain A User receives access in Domain B User requests access to resource in Domain B Assumption: Domain B trusts that Domain A is authoritative for specific attributes about users originating from there. SSO LDAP SAML SSO SSO SAML SSO Web App 1 2 4 3 5 6 7 8 9
  • 18. Mandatory Access Control Gov't Classification Commercial Analogs Unclassified Public Domain Confidential Confidential Secret Competition Sensitive / Restricted Top Secret Limited Distribution No Read Up No Write Down Bell-LaPadula No Read Down No Write Up Biba Integrity
  • 19. Compliance Monitoring and Risk Management Standardized authentication and authorization mechanisms for consistent enforcement and reporting Integration with Security Incident and Event Management for real-time alerting Integration with GRC software
  • 20. Conclusion Is the cloud ready for enterprise security? Yes, some providers offer solutions in most areas described above. Cloud service providers will capture more customers with high security service offerings Resource identities (attributes) are just as important in access control decisions as subject identities