Upload
pegright-right-resources-right-time-for-successful-iam-deployments
View
253
Download
5
Embed Size (px)
DESCRIPTION
A packed room of Denver IAMers listened to PEGRight CEO Paul Bailor's presentation at the newly created Denver Identity and Access Management User Group Meetup on October 7th. He outlined a framework for developing an identity and access management roadmap by leveraging existing technologies, introducing new and sidestepping the common pitfalls.
Citation preview
Framework for Developing an IAM Roadmap
Presentation to theDenver IAM Users Group
October 7, 2014
Dr. Paul D. BailorPresident and CEO
October 7, 2014 Copyright, PEGRight Inc., 2014 1
Changing Face of IAM
All Groups
Cloud/SaaS/IDaaS
Desktops and BYOD
Standards-Based
SSO/Federation
Modern IdentityEmployees Only
Enterprise Apps
Enterprise Desktop
Proprietary
Direct Authentication
Legacy IAM
October 7, 2014 Copyright, PEGRight Inc., 2014 2
Elements of Modern Identity
Support for Multiple Device Typesand Access Points
Modern Identity
EnterpriseDesktops
Shared Computers
BYOD EnterpriseIssued Mobile
Support Diverse User Populations
EmployeesContractorsTeammates
Business Partners
CustomersMembers
Support Diverse Application Hosting
SaaS Apps Partner Apps On-Premise Apps
October 7, 2014 Copyright, PEGRight Inc., 2014 3
Why Modernize?
Workforce
Mobile Devices
BrowsersAccess to Cloud Apps
Access to Corporate Apps
On-Premise Hosted Apps and Services
Business desires ease of Workforce Access to Apps and Services
Access to Apps and Services on the
Cloud
Business Partnersand Customers
Internal SSO
External SSO
Federation Cloud Identity
Business desires to provide Apps and Services to Partners and Customers over the internet
October 7, 2014 Copyright, PEGRight Inc., 2014 4
IAM Roadmap Building BlocksFederation
&Single Sign-On
Provisioning
API SecurityIdentity Analytics
Implement via Proven Integration PatternsOctober 7, 2014 Copyright, PEGRight Inc., 2014 5
Federation Patterns
Workforce to SaaS and On-Premise
On-PremiseApplications
IdP
VDS
D1
…
SaaSSaaS
SaaS
D2 DN
SaaS Provider with Backend Partners
IdPPartner1
IdPPartner2
IdPPartnerM
SaaS ProviderCapability
IdPDiscovery
IdP Discovery Patterns:• Vanity URL• Ask User for IdP (Select from List)• Prompt for User Name
October 7, 2014 Copyright, PEGRight Inc., 2014 6
Single Sign-On (SSO) Patterns
• SSO leverages federated IdP’s to provide identity attributes to Service Providers (SP’s)
• Token Protocols and Cross Device/Domain Integration– SAML, OAuth, OpenID, OpenID Connect, JWT– WS-Federation, WS-Trust– Secure API’s (Mobile and Backend Services)
• Forms-Based with/without specialization – Multi-Factor and Step-Up Authentication– Network Context– Digital DNA/Identity Proofing (Requires Analytics)
October 7, 2014 Copyright, PEGRight Inc., 2014 7
Provisioning Patterns
• SaaS Applications– Just-in-Time (SAML Assertion)– Pre-configured API
• System for Cross-domain Identity Management (SCIM)• Proprietary
• Identity Lifecycle Engine• Roles and Privileges– Difficult to Discover Rules
• Self-Service Management
Provision
De-Provision
Authentication
Authorization
Management
IdentityCredentialLifecycle
October 7, 2014 Copyright, PEGRight Inc., 2014 8
API Security
CloudRequests
Secure API GatewayBackend Hosted Infrastructure
Services, Business Applications, and Business Services
Functions:•Web and Mobile Security• Step-Up Authentication• Token Protocols/Signing
•Security Policy Definition andEnforcement (PDP/PEP)•Protocol Translation•Payload/Data Transformation•Governance
SecureTokens
SecureSessions
October 7, 2014 Copyright, PEGRight Inc., 2014 9
Identity Analytics and Intelligence
Provision
De-Provision
Authentication
Authorization
Management
IdentityCredentialLifecycle
SIEM/Log File
SIEM/Log File
...
Service Providers
SecurityIntelligence
Products
Identity Credential LifecycleChronology and Behaviors
Identity CredentialBehaviors+
IAM Products
October 7, 2014 Copyright, PEGRight Inc., 2014 10
Summary
• Changing Face of IAM and Business Partnerships– Growing acceptance of the Cloud– BYOD and Internet of Things
• IAM Roadmap based on Building Blocks and Patterns• Growing importance of measuring and tracking the
identity lifecycle• For More Information Contact:– Eric Uythoven, VP of Security Solutions– 719.648.8548, [email protected]
• Slides available on www.pegright.com via SlideShare
October 7, 2014 Copyright, PEGRight Inc., 2014 11