Upload
abderrahmane-abdmeziane
View
222
Download
4
Embed Size (px)
Citation preview
8/12/2019 An Enterprise Case Study Cisco
1/20
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Cisco Confidential 2010 Cisco and/or its affiliates. All rights reserved. 1
Applying Cloud Identity to
Real Life: an EnterpriseCase StudyDavid JonesInformation Security Architect
November 3rd2011
8/12/2019 An Enterprise Case Study Cisco
2/20
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Remember when
Larry said the Clouddidnt exist?
8/12/2019 An Enterprise Case Study Cisco
3/20
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Normal people havebeen Cloudy foryears.
8/12/2019 An Enterprise Case Study Cisco
4/20
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Cisco ConfidentialCisco Confidential 2010 Cisco and/or its affiliates. All rights reserved. 4
If everybody specializes in what
theyre good at, we
re better off. If weignore logical divisions of labor and alltry to be our own butcher, baker, and
brewer, its a short, slick slope to
hoarding duck feathers and living insuburban petting zoos.
Grayson Schaffer on Adam Smiths The Wealth of Nations
Outside Magazine, March 2009
8/12/2019 An Enterprise Case Study Cisco
5/20
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
In the beginningProprietary Agents
1000 different user profile provisioningprocesses
Dedicated Hardware
Passwords out there
8/12/2019 An Enterprise Case Study Cisco
6/20
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
90+ IT Federated Connections350+ Total Cloud Providers in Use
8/12/2019 An Enterprise Case Study Cisco
7/20 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Win: SAML, OAuth, SCIM, REST Lose: OpenId, SPML, SOAP
8/12/2019 An Enterprise Case Study Cisco
8/20 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
https://sp.example.com/SAML2
8/12/2019 An Enterprise Case Study Cisco
9/20 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
grant_type=authorization_code&code=i1WsRn1uB1
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
Note: previous versions of Oauth required a client_id like &client_id=s6BhdRkqt3 in the grant type
8/12/2019 An Enterprise Case Study Cisco
10/20 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"example",
"expires_in":3600,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter":"example_value
}
8/12/2019 An Enterprise Case Study Cisco
11/20 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
8/12/2019 An Enterprise Case Study Cisco
12/20 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12Cisco Confidential 12 2010 Cisco and/or its affiliates. All rights reserved.
Increasingly Commoditized Options = NoLonger a Captive Customer of IT!
!But where is our Data going?
Measure
Manage
Secure
Scale
8/12/2019 An Enterprise Case Study Cisco
13/20 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
The amount of critical intellectual property thatwould be copied onto Cloud Provider systemswithout thought of loss
The number of cloud providers that are notconcerned with the co-mingling of their customersdata
8/12/2019 An Enterprise Case Study Cisco
14/20
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
HIPAA requires we limit who has access tomedical records, how can we keep track of it if our
PaaS provider is using a 3rdparty for storage that
we dont know about?
Or if they want to outsource their backups to yetanother?
8/12/2019 An Enterprise Case Study Cisco
15/20
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
8/12/2019 An Enterprise Case Study Cisco
16/20 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSec Arch 042310 16
Evolution of Blueprint Capabilities
NetworkPerimeter
IdentityManagement
ServiceManagement
DataGovernance
Policy &Orchestration
Classification& Compliance
ExternalIdentity Model
1
2
3
8/12/2019 An Enterprise Case Study Cisco
17/20
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
8/12/2019 An Enterprise Case Study Cisco
18/20 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialCAB Sec Arch 0610 18
!And why Point-to-Point Federation wont scale
EVERNOTE
YourCompany
8/12/2019 An Enterprise Case Study Cisco
19/20
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
8/12/2019 An Enterprise Case Study Cisco
20/20
2010 Cisco and/or its affiliates All rights reserved CiscoConfidential 20
Thank you.