-
Identity and Access Management Reference Architecturefor Cloud
ComputingJohn F. Bauer [email protected]
-
BIOPage *John F. Bauer IIIOver 20 years of Information
Technology and Security delivery experience.Currently the
Enterprise Security Architect for Key Bank
Previous leadership positions at:British PetroleumCliffs Natural
ResourcesMTD ProductsNational City/PNC Bank
Spoken previously on the topic of Information Security at:CA
WorldOracle Open WorldDigital ID WorldNACHA Security
conferences.
Computer Science degree and MBA from Case Western Reserve
Universitys Weatherhead School of ManagementAdjunct Professor on
Network Security at Cuyahoga Community CollegeAuthor: Blog
http://MidwestITSurvival.com
-
Quote
"Computing may someday be organized as a public utility just as
the telephone system is a public utility," Professor John McCarthy
said at MIT's centennial celebration in 1961. "Each subscriber
needs to pay only for the capacity he actually uses, but he has
access to all programming languages characteristic of a very large
system ... Certain subscribers might offer service to other
subscribers ... The computer utility could become the basis of a
new and important industry."
Page *Cleveland, Ohio, USACarl B. StokesPublic Utilities
BuildingCompleted: 1971
-
Agenda The Hype has Legs, Real Usage of the Cloud Growing (SaaS)
Need for a Comprehensive IAM Architecture as Part of Secure SaaS
Success Business and Technology ArchitectureUser Access and
DirectoriesProvisioningProcurement, HR and LegalSSO and
FederationAuthorization IAM Reference Architecture Architecture
Framework Investment Roadmap
NOTE: All the content of this presentation is the opinion of the
author and not the author's past or current employers.Page *
-
Moving to the CloudPage *
-
Moving to the Cloud
Forrester The Software Market in
2011http://www.gartner.com/it/page.jsp?id=1438813http://itredux.com/2009/10/11/defining-cloud-computing-for-business-users/Source:
Ismael Chang Ghalimi
http://itredux.com/2009/10/11/defining-cloud-computing-for-business-users/Page
*
-
Cloud Econ 101The lower total operating costs afforded by cloud
SaaS offerings resonates with IT and business leaders.Booz Allen
Senior Associate Gwen Morton and Associate Ted Alford compared the
life cycle cost to run 1,000 servers in a managed environment
in-house, through a cloud offering from a commercial provider, from
a centralized in-house cloud, and a hybrid of a public and private
cloud.Source: Booz Allen,
http://www.boozallen.com/insights/insight-detail/42656904Page *
-
Cloud IAM There still is TimePage *
-
IAM Cloud Strategy NeededBusiness Architecture Procurement Legal
Human Resources
Technology ArchitectureAccess
DirectoryProvisioningFederationAuthorization
Page *
-
Business Architecture - ProcurementWith just a credit card, any
business user can start using SalesForce.com for $15 a month per
user without IT involvement. Source:
http://www.salesforce.com/crm/editions-pricing.jspWhat?!?! The
sales department signed up for a SaaS CRM service last month?Page
*
-
Business Architecture - Procurement Get plugged into your
procurement life-cycle
Source: http://indirectpurchasing.com/lifecycle.html Get buy-in
to participate in the SaaS selection process Provide RFI/RFP
questions around IAM for SaaS
Page *
-
Business Architecture - Legal Educate legal on the need for IAM
language in SaaS contracts
Get buy-in that IAM language reduces risk and drives down
costs
Assist with default MSA and other template language
Page *
-
Business Architecture - HR Educate HR on how employees using
SaaS affects them Get HR buy-in that SaaS provisioning needs IT
participation
Do SaaS roles match HR job codes?Do employees get de-provisioned
in SaaS when terminated in the HR platform?Page *
-
IAM Cloud Strategy NeededBusiness Architecture Procurement Legal
Human Resources
Technology ArchitectureAccess
DirectoryProvisioningFederationAuthorization
Page *
-
Technology Architecture - Directory Identify a central directory
for linking user groups to SaaS LDAP capable technology will
integrate most easily with access platforms
Page *
-
Technology Architecture - Access Shift to externalized access
thinking Invest in access control products
Consider vendor products that offer both web access management
as well as federation capabilities
Integrate externalized access technology with your centralized
directory
Page *
-
Technology Architecture - Provisioning Shift to centralized
provisioning thinking Identify systems of record by user
relationship Invest in enterprise provisioning products
Page *Page *
-
Technology Architecture - FederationInvest in a Federation
solution:Federated Identity Management amounts to having a common
set of policies, practices and protocols in place to manage the
identity and trust into IT users and devices across
organizationsSource = Wikipedia,
http://en.wikipedia.org/wiki/Federated_Identity_ManagementPage
*
-
Technology Architecture - FederationFederation approach is
driven by your partner relationshipsPage *
-
Technology Architecture - FederationPage *
-
Technology Architecture - ProvisioningFederation needs users
provisioned in SaaS platforms: but consider extending your identity
federation exchangeEstablished Standard{heavy weight,
complex}Emerging Standard{light weight, unproven}Page *
-
with Just in Time provisioning
John F. Bauer III
Manager2 During the federation exchange, populate attributes
with provisioning detailsTechnology Architecture - ProvisioningPage
*
-
Technology Architecture - AuthorizationShift to externalized
authorization thinking
VendorsEstablished Standard
Page *
-
Reference ArchitecturePage *
-
RoadmapPage *
-
Questions?John F. Bauer
[email protected]://midwestitsurvival.comhttp://twitter.com/jfbauer
Page *
