Upload
wso2-inc
View
2.705
Download
0
Embed Size (px)
Citation preview
Identity and Access Management in the Era of Digital Transformation
Selvaratnam Uthaiyashankar VP – Engineering
WSO2
Identity and Digital Business
• Identity is at the heart of Digital Business
Image source: http://coranet.com/images/network-security.png
Identity Centric
• Digital Business is all about “User”– How do we know who is accessing
– Things user can access or do
– User’s preferences
– Rules User has to adhere
– Relationship with other entities
Proper identity enforcement is essential for customer experience, security, privacy
Authentication
• Direct Authentication– Basic Authentication
– Digest Authentication
– TLS Mutual Authentication
Service Providers
Authentication
Service Consumption
Image Source : http://www.densodynamics.com/wp-content/uploads/2016/01/gandalf.jpg
Digital business requires seamless integration of various systems…
Identity Challenges When Integrating Multiple Systems
• Different username, password (credential) for different systems– Preferred username is already taken
– Using same username/password might become a security risk
• Too many username, password
• Loosing possible collaborations between applications
Authentication
• Brokered Authentication– SAML
– OAuth : SAML2/JWT grant type
– OpenID
– OpenID Connect
• Single Sign-On
Service ProvidersService Providers
Service Providers
Identity Provider
Service Providers
Authentication
Service Consumption
Trust
Image source: http://savepic.ru/6463149.gif
Users Might Want to Use Their Social Identities
• BYOID
Users Might Want to Use Their Enterprise Identity
• Trust between different Identity Domains
• Identity Federation
Service ProvidersService Providers
Service Providers
Identity Provider B
Service Providers
Authentication
Service Consumption
Trust
Identity Provider A Trust
Multi-option Authentication
Identity Bus
Identity links all the systems. You just increased the risk of attack on your identity…
Often, weak link is poor user credential
https://www.infosecurity-magazine.com/news/compromised-credentials-quarter/
Multi Factor Authentication
• What you know
• What you have
• What you are
Image source: http://it.miami.edu/_assets/images/multifactor1.png
Adaptive Authentication
• Ability to change authentication options based on the context
https://3c1703fe8d.site.internapcdn.net/newman/gfx/news/hires/2013/howdochamele.jpg
Provisioning Users
• Self Service– Complete user management
– User Portal
• Approvals and Workflows
• Just In Time Provisioning
http://blog.genesys.com/wp-content/uploads/2014/07/Road-Sign-Self-Service.jpg
Provisioning Users in Multiple Systems
Access Control
• Principle of least privilege
• Role based access control
• Attribute based access control
• Fine-grained access control with XACML
http://findbiometrics.com/assets/iStock_Access-300x225.jpg
Auditing User Activities
• You might not know who will access your system (BYOID)
• Full Audit on user activities are important– Specially on User Management, Admin
operations– Who, What, From Where, When, How
• Accountability, Reconstruction, Problem Detection, Intrusion Detection
http://cdn.gocertify.com/images/Auditing%20team%20going%20over%20report.jpg
Analytics
• Understanding user behavior
• Predicting future needs
• Fraud detection
http://www.labrechedigital.com/images/analytics.png
API Security
• APIs are powering the Digital Business
• Ability to secure the API (OAuth)
• Identity delegation
https://edinversity.files.wordpress.com/2013/07/handing-over-car-keys.jpg
IoT is an Essential Element in Digital Business
• Identity Include “Things”
• Securing your IoT devices is a must
• Consider scalability of your IAM System
https://media.licdn.com/mpr/mpr/shrinknp_400_400/AAEAAQAAAAAAAAWRAAAAJDkwODMwYzIyLTA5MzktNDAwZi05ZmI4LWJkYTAyM2U4MDBlNQ.jpg
Perimeter of Your Digital Business will Increase
• Data is in cloud, mobile devices
• Borders across systems don’t work anymore
• Your Attack Surface increases– you can’t remove unused features in the cloud services
• Security by obscurity doesn’t work anymore
• Expect hacking, DoS attacks, phishing attack
• Controlling access, monitoring, analyzing and predicting attacks are the way forward
Bridging Cloud and Internal Systems
• Connectors to bridge Cloud Systems and Internal Systems– Might not be able to open ports for
outside world
http://www.stratoscale.com/wp-content/uploads/gap-1080x1080.jpg
Digital Business Requires Agility
• Should be able to connect new systems easily
• Frequent changes to external system
• Future Proof
• Needs some Identity Mediation Concepts
http://s3-us-west-2.amazonaws.com/abacus-blog/wp-content/uploads/2015/10/dog-agility.png
Digital Business Encourages Innovation
• Often, security strategy is viewed as restrictive for Innovation– Specially, when involving with public services, APIs
• Security should be transparent to the user for better user experience
https://www.gatesnotes.com/~/media/Images/Articles/About-Bill-Gates/Accelerating-Innovation/innovation_2016_article_1200px_v1.jpg
Digital Transformation Requires Cultural Changes
• More and more, business units are in control rather than IT and security teams– Yet you need to know who is
accessing, what they are accessing, etc.
• Understanding this cultural shift will reduce frustrations
http://www.leehopkins.net/wp-content/uploads/2010/11/iStock_000010822711XSmall_thumb.jpg
WSO2 Identity Server
http://cdn.ttgtmedia.com/rms/security/Gartner2014_ASA.jpg
Thank You!