SlideShare a Scribd company logo

Building a Strong Foundation with Identity Management

Nishant Kaushik
Nishant Kaushik

My Oracle OpenWorld 2010 presentation on building a secure cloud using identity management

Technology
1 of 46
<Insert Picture Here> Building a Strong Foundation for Your Cloud with Identity Management Nishant Kaushik Lead Strategist, Oracle Identity & Access Management
Before We Start Oracle OpenWorld Join The Conversation Latin America 2010 On Twitter December 7–9, 2010 #OOW10 #IDM @NishantK Oracle OpenWorld @OracleIDM Beijing 2010 December 13–16, 2010 2
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle‟s products remains at the sole discretion of Oracle. 3
Enterprises are Moving Towards the Cloud “ The future is looking very cloudy. Yes, very cloud indeed! 4
But there are Concerns 74% 74% rate cloud security issues as “very significant” Source: IDC Security Compliance Control 5
Cloud and the Loss of Control Built by Cloud Built by Customer Cloud Built by Customer Cloud Customer - Provided Control by Cloud Provided + by Cloud Provided by Cloud Infrastructure Platform Application (IaaS) e.g. Amazon EC2 (PaaS) e.g. Google App Engine (SaaS) e.g. Oracle On Demand 6
But that’s Predicated on Classic Security Approach 7
An Approach that has become Outdated Borderless networks subject to user mobility and asset distribution. Business processes are fluid Closed Perimeter with Controlled Entry Vision Restricted User Base Disruption Low Frequency of Change Adoption of cloud computing Stable Business Processes changes the equation for the business Convention 8
A New Approach to Security Secured by Policy, not Topology Loosely coupled, services-based Standards-based Rationalized, Integrated 9
Cloud Risk Assessment For an SME using a Cloud Service 0-2: Low Risk 3-5: Medium Risk 6-9: High Risk ENISA report on Cloud Computing – Benefits, risks and recommendations for information security 10
Cloud Risk Assessment For an SME using a Cloud Service Medium Impact – High Probability • Vendor/Service Lock-In • Isolation Failure • Cloud Provider Malicious Insider (Abuse of High Privilege Roles) • Management Interface Compromise (Manipulation, Availability of Infrastructure) • Legal Risks 0-2: Low Risk 3-5: Medium Risk 6-9: High Risk ENISA report on Cloud Computing – Benefits, risks and recommendations for information security 11
Cloud Risk Assessment For an SME using a Cloud Service High Impact – High Probability • Loss of Governance • Compliance Challenges • Changes of Jurisdiction • Data Protection Risks 0-2: Low Risk 3-5: Medium Risk 6-9: High Risk ENISA report on Cloud Computing – Benefits, risks and recommendations for information security 12
How do we Tame the Monster? “ You won’t like me when I’m angry! 13 Image: Incredible Hulk, TM and Copyright 2010 Marvel Comics
Cloud Security Starts with Identity “ The basis of security in a borderless environment, only something that can transcend domain boundaries, like identity, can be! 14 Image: Yoda, TM and Copyright 2010 Lucasfilm
IdM For The Cloud: Foundational Elements 15
Extend Enterprise IAM to the Cloud Cloud Apps Enterprise Apps Enterprise IAM Core Authentication Account Lifecycle Management Core Extended Claims-based Identity Authorization Policy Rationalization 16
Managing Authentication for the Cloud • For business critical • Provide internet applications, extend identity (e.g. User-Centric in-house SSO to Federation OpenID, OAuth) Identity cloud apps through AuthN schemes for SAML-based Cloud corporate users to federation AuthN use at non-critical cloud services (like open-source projects, Privileged Account community forums) Management • Don‟t give users direct access to the privileged account for a contracted cloud service • Use PAM to track, monitor and control access 17
Account Lifecycle Management Implement Implement Integrate Automate Self-Registration Access Provisioning Provisioning & Role-based Certification with PAM Provisioning processes Develop automated provisioning & de-provisioning for cloud services Leverage SPML when available; native APIs if forced to Roll out self-registration for users to request access through corporate portal. Support role-based provisioning when possible Attestation processes should identify high-risk cloud services based on management capabilities (No federation = high risk) Build assignment of PAM privileges into provisioning processes 18
Claims-based Identity AuthN token w/ Claims Cloud Apps Enterprise IAM Claims-based Provisioning Federation (SAML) token contains added identity data used by service to create an account (on first use) Claims-based Authorization Federation (SAML) token contains added identity assertions (attributes, roles) used by service to make AuthZ decisions 19
Authorization Policy Rationalization Cloud Apps AuthZ Engine XACML Document Entitlement Management Export AuthZ policies defined in Enterprise Entitlement Management system to import into Cloud service AuthZ engine Based on XACML standard Must be part of overall entitlement policy rationalization effort (one policy honored by multiple systems) 20
IdM For The Cloud: Platform for the Future 21
Become an Identity Services Provider Standards-based Simple APIs Identity Services Platform Partner SaaS Apps Cloud Apps In-house IdM Service Provider Cloud IdM Service Provider Allows Partner SaaS Apps and Cloud Apps to plug into and leverage IAM services exposed by the enterprise customer Secure “IAM Cloud” Services SDK via RESTful Interfaces Identity & Context Propagation, Claims-based access control Allows enterprise to leverage 3rd Party and Cloud-based Providers of Identity Services in addition to rolling out their own 22
Built on Vision of Service-Oriented Security Applications Cloud Service Providers Declarative Security Services Authorization Federation Authentication Audit Provisioning Role Mgmt Identity Hub A new architectural approach to building security into applications that leverages two key trends – SOA and Application Frameworks The goal: To provide security functionality in a consistent, reusable service-oriented model to all applications/services Promotes loose coupling to ensure long term viability and heterogeneity of business solutions 23
Security Glue For The Cloud Identity Services Platform Identity Services Platform Identity Identity Identity Identity Hub Administration Assurance Audit Service Service Service Service IAM Service Provider Business Service Provider Identity Services Platform Identity Identity Authorization Assurance Service Service Consumer All participants have interoperable identity services Every participant can be both the service provider and service consumer 24
Why Oracle? 25
<Insert Picture Here> @sheeri “Oracle is not a database company...Oracle is now an adjective, not a noun, as in „Oracle apps‟ or „Oracle middleware‟ ” 26
Oracle Fusion Middleware 27
Oracle Identity Management Oracle + Sun Combination Provisioning & Identity Access Directory Administration Management Services Roles-based User Authentication, SSO & LDAP Storage Provisioning Fraud Prevention Virtualized Identity Access Password Management Authorization & Self Service Request & Entitlements Approval Web Services Security Information Rights Management Identity Governance Platform Security Services Analytics Fraud Prevention Privacy Controls Identity Services for Developers 28
Oracle Identity Management Comprehensive and Best-of-Breed Identity Administration Access Management * Directory Services Access Manager Identity Manager Adaptive Access Manager Directory Server EE Enterprise Single Sign-On Internet Directory Entitlements Server Virtual Directory Identity Federation Information Rights Management Web Services Manager Identity & Access Governance Identity Analytics Security Governor Oracle Platform Security Services Operational Manageability Management Pack For Identity Management *Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet 29
Oracle OpenSSO Fedlet SAML Enablement of SaaS Applications Identity Provider SaaS App OIF .NET Fedlet OpenSSO SaaS App 3rd Party Java Fedlet Oracle OpenSSO Fedlet is a lightweight SP-only implementation of SAML 2.0 SSO protocols Flexible integration framework Can be used by a SaaS App Provider to Federation-enable their application Standard-based cross-domain authentication and SSO Standard-based attribute exchange with advanced identity attribute mapping and filtering Multi-Tenant 30
Oracle Enterprise Single Sign-On Suite Plus On the Go Install of Enterprise Single Sign-On Anytime, Anywhere Remote ESSO Anywhere Client Download Enterprise Credential Applications Store Authenticate Validate Access Enterprise Applications Access Applications from Anywhere Faster Deployment and Version Control on the Deployment Packages Automate Updates and Rollbacks Reduce Overall Deployment Costs 31
Security with Oracle Cloud Platform Third Party ISV Oracle Applications Applications Applications Platform as a Service Cloud Management Shared Services Oracle Enterprise Manager Integration: Process Mgmt: Security: User Interaction: SOA Suite BPM Suite Identity Mgmt WebCenter Configuration Mgmt Application Grid: WebLogic Server, Coherence, Tuxedo, JRockit Lifecycle Management Database Grid: Oracle Database, RAC, ASM, Partitioning, Application Performance IMDB Cache, Active Data Guard, Database Security Management Infrastructure as a Service Application Quality Management Oracle Solaris Operating Systems: Oracle Enterprise LinuxLinux Oracle Enterprise Oracle VM for SPARC (LDom) Solaris Containers Oracle VM for x86 Ops Center Servers Physical and Virtual Systems Management Storage 32
Oracle Platform Security Services (OPSS) Oracle Platform Security Services Authentication Authorization Roles & Auditing Directory User Policy Store Session Data Entitlements Services Provisioning Management Standards-based Interfaces Oracle Identity Management Identity Store, Credential Store, and Policy Store Providers Access Management Identity Administration Directory Services Declarative Security Framework optimizes application lifecycle support Standards-based and Hot-Pluggable with Identity Management Systems Security Platform for Oracle Fusion Middleware and Fusion Apps 33
Cloud IdM Success Stories Identity Assurance BT Identity Services includes Managed Fraud and URU Identity Verification Services that relies on OAAM Identity Administration NetApp is provisioning Oracle CRM OnDemand from an on-premise OIM deployment Identity Administration Embry Riddle is provisioning Microsoft Live from an on- premise OIM deployment 34
Oracle IAM: Aiming for the Unbreakable Cloud 35
Addressing the 3 Dimensions of Cloud Identity Are you leveraging Do you need IAM, but don’t SaaS applications and want to maintain it? Cloud platforms? IAM for Cloud IAM as SaaS IAM in PaaS Are you building SaaS applications? 36
IAM for SaaS and Cloud Platforms Providing out-of-the-box support for common Cloud Platforms and SaaS applications OIM Provisioning Connectors for Salesforce, Google Apps, Amazon AWS, Microsoft Live, Oracle OnDemand OIF Federated SSO for Google Apps, Salesforce, Oracle OnDemand Securing Web & Cloud Services with OWSM Managing API Keys required for AuthN Managing connections SPML Enablement of SaaS Applications 37
SPML Enablement of SaaS Applications OIM Provlet Provisioning SaaS App System Provlet OIM SaaS App 3rd Party Provlet OIM Provlet is a lightweight SP-only implementation of SPML 2.0 provisioning protocol Web Application co-located with target Can be used by a SaaS App Provider to expose standards- based provisioning interfaces Built on same ICF-based connectors deployed in OIM Server REST or SOAP based Web Services Multi-Tenant 38
Provlet Deployment Architecture Oracle Identity Manager Provlet Web App SPML Web Services App 1 App 1 Metadata Connector Connector Bundle (LDAP Connector Framework LDAP AD Config) Connector Config 39
IAM as SaaS Client Enterprise 1 Cloud Apps Cloud IAM Client Enterprise 2 Customers are looking to outsource IAM Don‟t want to maintain in-house IAM IT Staff expertise is a challenge MSPs looking to offer IAM as a Service Cost benefits of shared service model over hosted instances Maintenance simplicity Requires many technical features: M/T, Federation, Metering/Billing 40
Deploying IAM as SaaS OIM Provisioning Gateway Provisioning App 1 Oracle Identity Manager Gateway DB Connector Bundle App App Connector App Connector Connector Metadata Metadata Framework Bundle Config Metadata Connector Bundle App 2 Deploy provisioning gateway at a customer site with a single connection back to the IAM service at the SP Limit number of firewall holes SP has to open to one per customer Limit number of firewall holes customer has to open to their IAM SP 41
IAM in PaaS Identity Services Cloud Apps SaaS Apps Partner SaaS Apps IAM Providers Private, Public or Hybrid Cloud Customers looking to build Cloud Services Telco Clouds and SDPs Trust and Federation Clouds Consumer Services MSPs that need to manage customer identities across environments Leverages new IAM infrastructure or existing IAM system 42
IDaaS APIs for OPSS Service-Oriented Security Optimized for the Cloud Cloud SP System Tenant Cloud Service Services Administrator Administrator Developer IDaaS Framework IDaaS Interfaces IDaaS Admin Interfaces (REST) (REST, SOAP) Oracle Platform Security Services Shared Services for Shared Services for Access Identity Oracle Identity Management LDAP Tenant Config Metadata 43
Cloud + Identity-based Security = IT Nirvana “ Well, when we do it, cloud-based defenses can be more robust, scalable and cost- effective. And we’ll throw in business differentiator to boot! 44 Image: Iron Man, TM and Copyright 2010 MVLFFLLC and 2010 Marvel
Questions Learn More Connect, Discuss oracle.com/identity @NishantK bit.ly/oracleidm11g blog.talkingidentity.com 45 45
46

Recommended

Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementOracleIDM
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityBob Rhubart
 
Oracle cloud strategy
Oracle cloud strategyOracle cloud strategy
Oracle cloud strategyAgora Group
 
VMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseVMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseMike K
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs EliteJon G. Hall
 
Oracle Cloud Computing Strategy (EMO)
Oracle Cloud Computing Strategy (EMO)Oracle Cloud Computing Strategy (EMO)
Oracle Cloud Computing Strategy (EMO)rachgregs
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud finalOracleIDM
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formulaOracleIDM
 

Recommended

Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementOracleIDM
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityBob Rhubart
 
Oracle cloud strategy
Oracle cloud strategyOracle cloud strategy
Oracle cloud strategyAgora Group
 
VMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseVMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseMike K
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs EliteJon G. Hall
 
Oracle Cloud Computing Strategy (EMO)
Oracle Cloud Computing Strategy (EMO)Oracle Cloud Computing Strategy (EMO)
Oracle Cloud Computing Strategy (EMO)rachgregs
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud finalOracleIDM
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formulaOracleIDM
 
Infrastructure Consolidation and Virtualization
Infrastructure Consolidation and VirtualizationInfrastructure Consolidation and Virtualization
Infrastructure Consolidation and VirtualizationBob Rhubart
 
Round table guide
Round table guideRound table guide
Round table guideOracleIDM
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureBob Rhubart
 
Manpower group idm-platform
Manpower group idm-platformManpower group idm-platform
Manpower group idm-platformOracleIDM
 
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...Eucalyptus Systems, Inc.
 
Healthcare it consolidated
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidatedOracleIDM
 
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecCloudPassage
 
Alta 3-2013
Alta 3-2013Alta 3-2013
Alta 3-2013HartVidaRaffo
 
Making Sense of the Cloud
Making Sense of the CloudMaking Sense of the Cloud
Making Sense of the CloudSpiceworks
 
Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy ArchitectureBob Rhubart
 
Oracle tech fmw-03-cloud-computing-neum-15.04.2010
Oracle tech fmw-03-cloud-computing-neum-15.04.2010Oracle tech fmw-03-cloud-computing-neum-15.04.2010
Oracle tech fmw-03-cloud-computing-neum-15.04.2010Oracle BH
 
Ioug webcast entitlements in check
Ioug webcast entitlements in checkIoug webcast entitlements in check
Ioug webcast entitlements in checkOracleIDM
 
Scaling identity to internet proportions
Scaling identity to internet proportionsScaling identity to internet proportions
Scaling identity to internet proportionsOracleIDM
 
Gartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-finalGartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-finalOracleIDM
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Oracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracleIDM
 
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityNovell
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?doan_slideshares
 
Cloud Adoption - A Practical Approach
Cloud Adoption - A Practical ApproachCloud Adoption - A Practical Approach
Cloud Adoption - A Practical ApproachLicensingLive! - SafeNet
 
CIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCipherCloud
 
Acxiom presentation to Forrester Marketing Forum Nov 2009
Acxiom presentation to Forrester Marketing Forum Nov 2009Acxiom presentation to Forrester Marketing Forum Nov 2009
Acxiom presentation to Forrester Marketing Forum Nov 2009Tim Suther
 
Experian dv2020 - the new rules of customer engagement - emea research report
Experian dv2020 - the new rules of customer engagement - emea research reportExperian dv2020 - the new rules of customer engagement - emea research report
Experian dv2020 - the new rules of customer engagement - emea research reportAltan Atabarut, MSc.
 

More Related Content

What's hot

Infrastructure Consolidation and Virtualization
Infrastructure Consolidation and VirtualizationInfrastructure Consolidation and Virtualization
Infrastructure Consolidation and VirtualizationBob Rhubart
 
Round table guide
Round table guideRound table guide
Round table guideOracleIDM
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureBob Rhubart
 
Manpower group idm-platform
Manpower group idm-platformManpower group idm-platform
Manpower group idm-platformOracleIDM
 
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...Eucalyptus Systems, Inc.
 
Healthcare it consolidated
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidatedOracleIDM
 
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecCloudPassage
 
Making Sense of the Cloud
Making Sense of the CloudMaking Sense of the Cloud
Making Sense of the CloudSpiceworks
 
Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy ArchitectureBob Rhubart
 
Oracle tech fmw-03-cloud-computing-neum-15.04.2010
Oracle tech fmw-03-cloud-computing-neum-15.04.2010Oracle tech fmw-03-cloud-computing-neum-15.04.2010
Oracle tech fmw-03-cloud-computing-neum-15.04.2010Oracle BH
 
Ioug webcast entitlements in check
Ioug webcast entitlements in checkIoug webcast entitlements in check
Ioug webcast entitlements in checkOracleIDM
 
Scaling identity to internet proportions
Scaling identity to internet proportionsScaling identity to internet proportions
Scaling identity to internet proportionsOracleIDM
 
Gartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-finalGartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-finalOracleIDM
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Oracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracleIDM
 
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityNovell
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?doan_slideshares
 

What's hot (19)

Infrastructure Consolidation and Virtualization
Infrastructure Consolidation and VirtualizationInfrastructure Consolidation and Virtualization
Infrastructure Consolidation and Virtualization
 
Round table guide
Round table guideRound table guide
Round table guide
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference Architecture
 
Manpower group idm-platform
Manpower group idm-platformManpower group idm-platform
Manpower group idm-platform
 
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
How to Transform Enterprise Applications to On-premise Clouds with Wipro and ...
 
Healthcare it consolidated
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidated
 
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSec
 
Alta 3-2013
Alta 3-2013Alta 3-2013
Alta 3-2013
 
Making Sense of the Cloud
Making Sense of the CloudMaking Sense of the Cloud
Making Sense of the Cloud
 
Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy Architecture
 
Oracle tech fmw-03-cloud-computing-neum-15.04.2010
Oracle tech fmw-03-cloud-computing-neum-15.04.2010Oracle tech fmw-03-cloud-computing-neum-15.04.2010
Oracle tech fmw-03-cloud-computing-neum-15.04.2010
 
Ioug webcast entitlements in check
Ioug webcast entitlements in checkIoug webcast entitlements in check
Ioug webcast entitlements in check
 
Scaling identity to internet proportions
Scaling identity to internet proportionsScaling identity to internet proportions
Scaling identity to internet proportions
 
Gartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-finalGartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-final
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
 
Oracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcast
 
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?
 
Cloud Adoption - A Practical Approach
Cloud Adoption - A Practical ApproachCloud Adoption - A Practical Approach
Cloud Adoption - A Practical Approach
 

Viewers also liked

CIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCipherCloud
 
Acxiom presentation to Forrester Marketing Forum Nov 2009
Acxiom presentation to Forrester Marketing Forum Nov 2009Acxiom presentation to Forrester Marketing Forum Nov 2009
Acxiom presentation to Forrester Marketing Forum Nov 2009Tim Suther
 
Experian dv2020 - the new rules of customer engagement - emea research report
Experian dv2020 - the new rules of customer engagement - emea research reportExperian dv2020 - the new rules of customer engagement - emea research report
Experian dv2020 - the new rules of customer engagement - emea research reportAltan Atabarut, MSc.
 
Tues11 0815 live_ramp
Tues11 0815 live_rampTues11 0815 live_ramp
Tues11 0815 live_rampMediaPost
 
Big data, big deal, Acxiom
Big data, big deal, Acxiom Big data, big deal, Acxiom
Big data, big deal, Acxiom Internet World
 
Marketing Suite brochure - June 2015
Marketing Suite brochure - June 2015Marketing Suite brochure - June 2015
Marketing Suite brochure - June 2015Joshua Soros
 
Oracle Directory Services - Customer Presentation
Oracle Directory Services - Customer PresentationOracle Directory Services - Customer Presentation
Oracle Directory Services - Customer PresentationDelivery Centric
 
OOW13: Next Generation Optimized Directory (CON9024)
OOW13: Next Generation Optimized Directory (CON9024)OOW13: Next Generation Optimized Directory (CON9024)
OOW13: Next Generation Optimized Directory (CON9024)GregOracle
 
Nielsen's Marketing Effectiveness Philosophy; utilising innovative marketing ...
Nielsen's Marketing Effectiveness Philosophy; utilising innovative marketing ...Nielsen's Marketing Effectiveness Philosophy; utilising innovative marketing ...
Nielsen's Marketing Effectiveness Philosophy; utilising innovative marketing ...MRS
 
Edge 2016 measuring what matters
Edge 2016 measuring what mattersEdge 2016 measuring what matters
Edge 2016 measuring what mattersakamaidevrel
 
Adometry - LiveRamp Webinar Deck: The Missing Link
Adometry - LiveRamp Webinar Deck: The Missing LinkAdometry - LiveRamp Webinar Deck: The Missing Link
Adometry - LiveRamp Webinar Deck: The Missing LinkAdometry by Google
 
Loyalty Platform Bro. Final 9_24_2015
Loyalty Platform Bro. Final 9_24_2015Loyalty Platform Bro. Final 9_24_2015
Loyalty Platform Bro. Final 9_24_2015Mary Anne Faneuf
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Servicesxband
 
THE NIELSEN TOTAL AUDIENCE REPORT: Q2 2016
THE NIELSEN TOTAL AUDIENCE REPORT: Q2 2016THE NIELSEN TOTAL AUDIENCE REPORT: Q2 2016
THE NIELSEN TOTAL AUDIENCE REPORT: Q2 2016Filipp Paster
 
Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introductionwardell henley
 

Viewers also liked (20)

CIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud Adoption
 
Acxiom presentation to Forrester Marketing Forum Nov 2009
Acxiom presentation to Forrester Marketing Forum Nov 2009Acxiom presentation to Forrester Marketing Forum Nov 2009
Acxiom presentation to Forrester Marketing Forum Nov 2009
 
Experian dv2020 - the new rules of customer engagement - emea research report
Experian dv2020 - the new rules of customer engagement - emea research reportExperian dv2020 - the new rules of customer engagement - emea research report
Experian dv2020 - the new rules of customer engagement - emea research report
 
Tues11 0815 live_ramp
Tues11 0815 live_rampTues11 0815 live_ramp
Tues11 0815 live_ramp
 
Big data, big deal, Acxiom
Big data, big deal, Acxiom Big data, big deal, Acxiom
Big data, big deal, Acxiom
 
Sanal siniflar
Sanal siniflarSanal siniflar
Sanal siniflar
 
Marketing Suite brochure - June 2015
Marketing Suite brochure - June 2015Marketing Suite brochure - June 2015
Marketing Suite brochure - June 2015
 
Oracle Directory Services - Customer Presentation
Oracle Directory Services - Customer PresentationOracle Directory Services - Customer Presentation
Oracle Directory Services - Customer Presentation
 
OOW13: Next Generation Optimized Directory (CON9024)
OOW13: Next Generation Optimized Directory (CON9024)OOW13: Next Generation Optimized Directory (CON9024)
OOW13: Next Generation Optimized Directory (CON9024)
 
Nielsen's Marketing Effectiveness Philosophy; utilising innovative marketing ...
Nielsen's Marketing Effectiveness Philosophy; utilising innovative marketing ...Nielsen's Marketing Effectiveness Philosophy; utilising innovative marketing ...
Nielsen's Marketing Effectiveness Philosophy; utilising innovative marketing ...
 
Edge 2016 measuring what matters
Edge 2016 measuring what mattersEdge 2016 measuring what matters
Edge 2016 measuring what matters
 
Overview Oracle Identity Management tijdens AMIS Simplified Security seminar
Overview Oracle Identity Management tijdens AMIS Simplified Security seminarOverview Oracle Identity Management tijdens AMIS Simplified Security seminar
Overview Oracle Identity Management tijdens AMIS Simplified Security seminar
 
Adometry - LiveRamp Webinar Deck: The Missing Link
Adometry - LiveRamp Webinar Deck: The Missing LinkAdometry - LiveRamp Webinar Deck: The Missing Link
Adometry - LiveRamp Webinar Deck: The Missing Link
 
Loyalty Platform Bro. Final 9_24_2015
Loyalty Platform Bro. Final 9_24_2015Loyalty Platform Bro. Final 9_24_2015
Loyalty Platform Bro. Final 9_24_2015
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Services
 
THE NIELSEN TOTAL AUDIENCE REPORT: Q2 2016
THE NIELSEN TOTAL AUDIENCE REPORT: Q2 2016THE NIELSEN TOTAL AUDIENCE REPORT: Q2 2016
THE NIELSEN TOTAL AUDIENCE REPORT: Q2 2016
 
About Experian
About ExperianAbout Experian
About Experian
 
Big Data and Analytics
Big Data and AnalyticsBig Data and Analytics
Big Data and Analytics
 
Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introduction
 
Adobe Brochure
Adobe BrochureAdobe Brochure
Adobe Brochure
 

Similar to Building a Strong Foundation with Identity Management

Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the CloudNeil Readshaw
 
Cloud Seminar Feb 4 2010
Cloud Seminar Feb 4 2010Cloud Seminar Feb 4 2010
Cloud Seminar Feb 4 2010Vince Santo
 
Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmgNeha Dhawan
 
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Enterprise
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAmazon Web Services
 
Becloud hybrid cloud
Becloud hybrid cloudBecloud hybrid cloud
Becloud hybrid cloudBecloud
 
Neupart Isaca April 2012
Neupart Isaca April 2012Neupart Isaca April 2012
Neupart Isaca April 2012Lars Neupart
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in CloudLenin Aboagye
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 
Appistry Cloud Computing for Government Featuring FedEx
Appistry Cloud Computing for Government Featuring FedExAppistry Cloud Computing for Government Featuring FedEx
Appistry Cloud Computing for Government Featuring FedExAppistry
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14L S Subramanian
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Intel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntelAPAC
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 

Similar to Building a Strong Foundation with Identity Management (20)

Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the Cloud
 
Cloud Seminar Feb 4 2010
Cloud Seminar Feb 4 2010Cloud Seminar Feb 4 2010
Cloud Seminar Feb 4 2010
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmg
 
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
 
Becloud hybrid cloud
Becloud hybrid cloudBecloud hybrid cloud
Becloud hybrid cloud
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
Neupart Isaca April 2012
Neupart Isaca April 2012Neupart Isaca April 2012
Neupart Isaca April 2012
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
 
Ccsw
CcswCcsw
Ccsw
 
Appistry Cloud Computing for Government Featuring FedEx
Appistry Cloud Computing for Government Featuring FedExAppistry Cloud Computing for Government Featuring FedEx
Appistry Cloud Computing for Government Featuring FedEx
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Intel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentation
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 

Recently uploaded

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 

Building a Strong Foundation with Identity Management

  • 1. <Insert Picture Here> Building a Strong Foundation for Your Cloud with Identity Management Nishant Kaushik Lead Strategist, Oracle Identity & Access Management
  • 2. Before We Start Oracle OpenWorld Join The Conversation Latin America 2010 On Twitter December 7–9, 2010 #OOW10 #IDM @NishantK Oracle OpenWorld @OracleIDM Beijing 2010 December 13–16, 2010 2
  • 3. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle‟s products remains at the sole discretion of Oracle. 3
  • 4. Enterprises are Moving Towards the Cloud “ The future is looking very cloudy. Yes, very cloud indeed! 4
  • 5. But there are Concerns 74% 74% rate cloud security issues as “very significant” Source: IDC Security Compliance Control 5
  • 6. Cloud and the Loss of Control Built by Cloud Built by Customer Cloud Built by Customer Cloud Customer - Provided Control by Cloud Provided + by Cloud Provided by Cloud Infrastructure Platform Application (IaaS) e.g. Amazon EC2 (PaaS) e.g. Google App Engine (SaaS) e.g. Oracle On Demand 6
  • 7. But that’s Predicated on Classic Security Approach 7
  • 8. An Approach that has become Outdated Borderless networks subject to user mobility and asset distribution. Business processes are fluid Closed Perimeter with Controlled Entry Vision Restricted User Base Disruption Low Frequency of Change Adoption of cloud computing Stable Business Processes changes the equation for the business Convention 8
  • 9. A New Approach to Security Secured by Policy, not Topology Loosely coupled, services-based Standards-based Rationalized, Integrated 9
  • 10. Cloud Risk Assessment For an SME using a Cloud Service 0-2: Low Risk 3-5: Medium Risk 6-9: High Risk ENISA report on Cloud Computing – Benefits, risks and recommendations for information security 10
  • 11. Cloud Risk Assessment For an SME using a Cloud Service Medium Impact – High Probability • Vendor/Service Lock-In • Isolation Failure • Cloud Provider Malicious Insider (Abuse of High Privilege Roles) • Management Interface Compromise (Manipulation, Availability of Infrastructure) • Legal Risks 0-2: Low Risk 3-5: Medium Risk 6-9: High Risk ENISA report on Cloud Computing – Benefits, risks and recommendations for information security 11
  • 12. Cloud Risk Assessment For an SME using a Cloud Service High Impact – High Probability • Loss of Governance • Compliance Challenges • Changes of Jurisdiction • Data Protection Risks 0-2: Low Risk 3-5: Medium Risk 6-9: High Risk ENISA report on Cloud Computing – Benefits, risks and recommendations for information security 12
  • 13. How do we Tame the Monster? “ You won’t like me when I’m angry! 13 Image: Incredible Hulk, TM and Copyright 2010 Marvel Comics
  • 14. Cloud Security Starts with Identity “ The basis of security in a borderless environment, only something that can transcend domain boundaries, like identity, can be! 14 Image: Yoda, TM and Copyright 2010 Lucasfilm
  • 15. IdM For The Cloud: Foundational Elements 15
  • 16. Extend Enterprise IAM to the Cloud Cloud Apps Enterprise Apps Enterprise IAM Core Authentication Account Lifecycle Management Core Extended Claims-based Identity Authorization Policy Rationalization 16
  • 17. Managing Authentication for the Cloud • For business critical • Provide internet applications, extend identity (e.g. User-Centric in-house SSO to Federation OpenID, OAuth) Identity cloud apps through AuthN schemes for SAML-based Cloud corporate users to federation AuthN use at non-critical cloud services (like open-source projects, Privileged Account community forums) Management • Don‟t give users direct access to the privileged account for a contracted cloud service • Use PAM to track, monitor and control access 17
  • 18. Account Lifecycle Management Implement Implement Integrate Automate Self-Registration Access Provisioning Provisioning & Role-based Certification with PAM Provisioning processes Develop automated provisioning & de-provisioning for cloud services Leverage SPML when available; native APIs if forced to Roll out self-registration for users to request access through corporate portal. Support role-based provisioning when possible Attestation processes should identify high-risk cloud services based on management capabilities (No federation = high risk) Build assignment of PAM privileges into provisioning processes 18
  • 19. Claims-based Identity AuthN token w/ Claims Cloud Apps Enterprise IAM Claims-based Provisioning Federation (SAML) token contains added identity data used by service to create an account (on first use) Claims-based Authorization Federation (SAML) token contains added identity assertions (attributes, roles) used by service to make AuthZ decisions 19
  • 20. Authorization Policy Rationalization Cloud Apps AuthZ Engine XACML Document Entitlement Management Export AuthZ policies defined in Enterprise Entitlement Management system to import into Cloud service AuthZ engine Based on XACML standard Must be part of overall entitlement policy rationalization effort (one policy honored by multiple systems) 20
  • 21. IdM For The Cloud: Platform for the Future 21
  • 22. Become an Identity Services Provider Standards-based Simple APIs Identity Services Platform Partner SaaS Apps Cloud Apps In-house IdM Service Provider Cloud IdM Service Provider Allows Partner SaaS Apps and Cloud Apps to plug into and leverage IAM services exposed by the enterprise customer Secure “IAM Cloud” Services SDK via RESTful Interfaces Identity & Context Propagation, Claims-based access control Allows enterprise to leverage 3rd Party and Cloud-based Providers of Identity Services in addition to rolling out their own 22
  • 23. Built on Vision of Service-Oriented Security Applications Cloud Service Providers Declarative Security Services Authorization Federation Authentication Audit Provisioning Role Mgmt Identity Hub A new architectural approach to building security into applications that leverages two key trends – SOA and Application Frameworks The goal: To provide security functionality in a consistent, reusable service-oriented model to all applications/services Promotes loose coupling to ensure long term viability and heterogeneity of business solutions 23
  • 24. Security Glue For The Cloud Identity Services Platform Identity Services Platform Identity Identity Identity Identity Hub Administration Assurance Audit Service Service Service Service IAM Service Provider Business Service Provider Identity Services Platform Identity Identity Authorization Assurance Service Service Consumer All participants have interoperable identity services Every participant can be both the service provider and service consumer 24
  • 26. <Insert Picture Here> @sheeri “Oracle is not a database company...Oracle is now an adjective, not a noun, as in „Oracle apps‟ or „Oracle middleware‟ ” 26
  • 28. Oracle Identity Management Oracle + Sun Combination Provisioning & Identity Access Directory Administration Management Services Roles-based User Authentication, SSO & LDAP Storage Provisioning Fraud Prevention Virtualized Identity Access Password Management Authorization & Self Service Request & Entitlements Approval Web Services Security Information Rights Management Identity Governance Platform Security Services Analytics Fraud Prevention Privacy Controls Identity Services for Developers 28
  • 29. Oracle Identity Management Comprehensive and Best-of-Breed Identity Administration Access Management * Directory Services Access Manager Identity Manager Adaptive Access Manager Directory Server EE Enterprise Single Sign-On Internet Directory Entitlements Server Virtual Directory Identity Federation Information Rights Management Web Services Manager Identity & Access Governance Identity Analytics Security Governor Oracle Platform Security Services Operational Manageability Management Pack For Identity Management *Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet 29
  • 30. Oracle OpenSSO Fedlet SAML Enablement of SaaS Applications Identity Provider SaaS App OIF .NET Fedlet OpenSSO SaaS App 3rd Party Java Fedlet Oracle OpenSSO Fedlet is a lightweight SP-only implementation of SAML 2.0 SSO protocols Flexible integration framework Can be used by a SaaS App Provider to Federation-enable their application Standard-based cross-domain authentication and SSO Standard-based attribute exchange with advanced identity attribute mapping and filtering Multi-Tenant 30
  • 31. Oracle Enterprise Single Sign-On Suite Plus On the Go Install of Enterprise Single Sign-On Anytime, Anywhere Remote ESSO Anywhere Client Download Enterprise Credential Applications Store Authenticate Validate Access Enterprise Applications Access Applications from Anywhere Faster Deployment and Version Control on the Deployment Packages Automate Updates and Rollbacks Reduce Overall Deployment Costs 31
  • 32. Security with Oracle Cloud Platform Third Party ISV Oracle Applications Applications Applications Platform as a Service Cloud Management Shared Services Oracle Enterprise Manager Integration: Process Mgmt: Security: User Interaction: SOA Suite BPM Suite Identity Mgmt WebCenter Configuration Mgmt Application Grid: WebLogic Server, Coherence, Tuxedo, JRockit Lifecycle Management Database Grid: Oracle Database, RAC, ASM, Partitioning, Application Performance IMDB Cache, Active Data Guard, Database Security Management Infrastructure as a Service Application Quality Management Oracle Solaris Operating Systems: Oracle Enterprise LinuxLinux Oracle Enterprise Oracle VM for SPARC (LDom) Solaris Containers Oracle VM for x86 Ops Center Servers Physical and Virtual Systems Management Storage 32
  • 33. Oracle Platform Security Services (OPSS) Oracle Platform Security Services Authentication Authorization Roles & Auditing Directory User Policy Store Session Data Entitlements Services Provisioning Management Standards-based Interfaces Oracle Identity Management Identity Store, Credential Store, and Policy Store Providers Access Management Identity Administration Directory Services Declarative Security Framework optimizes application lifecycle support Standards-based and Hot-Pluggable with Identity Management Systems Security Platform for Oracle Fusion Middleware and Fusion Apps 33
  • 34. Cloud IdM Success Stories Identity Assurance BT Identity Services includes Managed Fraud and URU Identity Verification Services that relies on OAAM Identity Administration NetApp is provisioning Oracle CRM OnDemand from an on-premise OIM deployment Identity Administration Embry Riddle is provisioning Microsoft Live from an on- premise OIM deployment 34
  • 35. Oracle IAM: Aiming for the Unbreakable Cloud 35
  • 36. Addressing the 3 Dimensions of Cloud Identity Are you leveraging Do you need IAM, but don’t SaaS applications and want to maintain it? Cloud platforms? IAM for Cloud IAM as SaaS IAM in PaaS Are you building SaaS applications? 36
  • 37. IAM for SaaS and Cloud Platforms Providing out-of-the-box support for common Cloud Platforms and SaaS applications OIM Provisioning Connectors for Salesforce, Google Apps, Amazon AWS, Microsoft Live, Oracle OnDemand OIF Federated SSO for Google Apps, Salesforce, Oracle OnDemand Securing Web & Cloud Services with OWSM Managing API Keys required for AuthN Managing connections SPML Enablement of SaaS Applications 37
  • 38. SPML Enablement of SaaS Applications OIM Provlet Provisioning SaaS App System Provlet OIM SaaS App 3rd Party Provlet OIM Provlet is a lightweight SP-only implementation of SPML 2.0 provisioning protocol Web Application co-located with target Can be used by a SaaS App Provider to expose standards- based provisioning interfaces Built on same ICF-based connectors deployed in OIM Server REST or SOAP based Web Services Multi-Tenant 38
  • 39. Provlet Deployment Architecture Oracle Identity Manager Provlet Web App SPML Web Services App 1 App 1 Metadata Connector Connector Bundle (LDAP Connector Framework LDAP AD Config) Connector Config 39
  • 40. IAM as SaaS Client Enterprise 1 Cloud Apps Cloud IAM Client Enterprise 2 Customers are looking to outsource IAM Don‟t want to maintain in-house IAM IT Staff expertise is a challenge MSPs looking to offer IAM as a Service Cost benefits of shared service model over hosted instances Maintenance simplicity Requires many technical features: M/T, Federation, Metering/Billing 40
  • 41. Deploying IAM as SaaS OIM Provisioning Gateway Provisioning App 1 Oracle Identity Manager Gateway DB Connector Bundle App App Connector App Connector Connector Metadata Metadata Framework Bundle Config Metadata Connector Bundle App 2 Deploy provisioning gateway at a customer site with a single connection back to the IAM service at the SP Limit number of firewall holes SP has to open to one per customer Limit number of firewall holes customer has to open to their IAM SP 41
  • 42. IAM in PaaS Identity Services Cloud Apps SaaS Apps Partner SaaS Apps IAM Providers Private, Public or Hybrid Cloud Customers looking to build Cloud Services Telco Clouds and SDPs Trust and Federation Clouds Consumer Services MSPs that need to manage customer identities across environments Leverages new IAM infrastructure or existing IAM system 42
  • 43. IDaaS APIs for OPSS Service-Oriented Security Optimized for the Cloud Cloud SP System Tenant Cloud Service Services Administrator Administrator Developer IDaaS Framework IDaaS Interfaces IDaaS Admin Interfaces (REST) (REST, SOAP) Oracle Platform Security Services Shared Services for Shared Services for Access Identity Oracle Identity Management LDAP Tenant Config Metadata 43
  • 44. Cloud + Identity-based Security = IT Nirvana “ Well, when we do it, cloud-based defenses can be more robust, scalable and cost- effective. And we’ll throw in business differentiator to boot! 44 Image: Iron Man, TM and Copyright 2010 MVLFFLLC and 2010 Marvel
  • 45. Questions Learn More Connect, Discuss oracle.com/identity @NishantK bit.ly/oracleidm11g blog.talkingidentity.com 45 45
  • 46. 46