8/12/2019 An Enterprise Case Study Cisco

1/20

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Cisco Confidential 2010 Cisco and/or its affiliates. All rights reserved. 1

Applying Cloud Identity to

Real Life: an EnterpriseCase StudyDavid JonesInformation Security Architect

November 3rd2011

8/12/2019 An Enterprise Case Study Cisco

2/20

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Remember when

Larry said the Clouddidnt exist?

8/12/2019 An Enterprise Case Study Cisco

3/20

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Normal people havebeen Cloudy foryears.

8/12/2019 An Enterprise Case Study Cisco

4/20

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

Cisco ConfidentialCisco Confidential 2010 Cisco and/or its affiliates. All rights reserved. 4

If everybody specializes in what

theyre good at, we

re better off. If weignore logical divisions of labor and alltry to be our own butcher, baker, and

brewer, its a short, slick slope to

hoarding duck feathers and living insuburban petting zoos.

Grayson Schaffer on Adam Smiths The Wealth of Nations

Outside Magazine, March 2009

8/12/2019 An Enterprise Case Study Cisco

5/20

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

In the beginningProprietary Agents

1000 different user profile provisioningprocesses

Dedicated Hardware

Passwords out there

8/12/2019 An Enterprise Case Study Cisco

6/20

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

90+ IT Federated Connections350+ Total Cloud Providers in Use

8/12/2019 An Enterprise Case Study Cisco

7/20 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

Win: SAML, OAuth, SCIM, REST Lose: OpenId, SPML, SOAP

8/12/2019 An Enterprise Case Study Cisco

8/20 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

user@mail.example.org

https://sp.example.com/SAML2

8/12/2019 An Enterprise Case Study Cisco

9/20 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

POST /token HTTP/1.1

Host: server.example.com

Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW

Content-Type: application/x-www-form-urlencoded;charset=UTF-8

grant_type=authorization_code&code=i1WsRn1uB1

&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb

Note: previous versions of Oauth required a client_id like &client_id=s6BhdRkqt3 in the grant type

8/12/2019 An Enterprise Case Study Cisco

10/20 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

HTTP/1.1 200 OK

Content-Type: application/json;charset=UTF-8

Cache-Control: no-store

Pragma: no-cache

{

"access_token":"2YotnFZFEjr1zCsicMWpAA",

"token_type":"example",

"expires_in":3600,

"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",

"example_parameter":"example_value

}

8/12/2019 An Enterprise Case Study Cisco

11/20 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

8/12/2019 An Enterprise Case Study Cisco

12/20 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12Cisco Confidential 12 2010 Cisco and/or its affiliates. All rights reserved.

Increasingly Commoditized Options = NoLonger a Captive Customer of IT!

!But where is our Data going?

Measure

Manage

Secure

Scale

8/12/2019 An Enterprise Case Study Cisco

13/20 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

The amount of critical intellectual property thatwould be copied onto Cloud Provider systemswithout thought of loss

The number of cloud providers that are notconcerned with the co-mingling of their customersdata

8/12/2019 An Enterprise Case Study Cisco

14/20

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

HIPAA requires we limit who has access tomedical records, how can we keep track of it if our

PaaS provider is using a 3rdparty for storage that

we dont know about?

Or if they want to outsource their backups to yetanother?

8/12/2019 An Enterprise Case Study Cisco

15/20

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

8/12/2019 An Enterprise Case Study Cisco

16/20 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSec Arch 042310 16

Evolution of Blueprint Capabilities

NetworkPerimeter

IdentityManagement

ServiceManagement

DataGovernance

Policy &Orchestration

Classification& Compliance

ExternalIdentity Model

1

2

3

8/12/2019 An Enterprise Case Study Cisco

17/20

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

8/12/2019 An Enterprise Case Study Cisco

18/20 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialCAB Sec Arch 0610 18

!And why Point-to-Point Federation wont scale

EVERNOTE

YourCompany

8/12/2019 An Enterprise Case Study Cisco

19/20

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

8/12/2019 An Enterprise Case Study Cisco

20/20

2010 Cisco and/or its affiliates All rights reserved CiscoConfidential 20

Thank you.