CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the State of Texas

•

1 j'aime•559 vues

Wendy Nather, Research Director, Enterprise Security Practice, 451 Research At first, "identities" just meant employees, and then they meant customers and partners. Then the cloud came along, and all hell broke loose. But it's always been a lot more complicated in government due to the intersection of roles, context, legal requirements, public information and privacy rights, and a dynamic environment. This is a real-life case study of the migration from a custom-written, ten year old, single sign-on portal with around 60 applications, to a COTS IAM product. Thirty minutes can't do it justice, but it'll be enough to bring some of the pain.

Technologie Business

The
Good,
The
Bad,
and
the
Government:

Wrangling
A6ributes
in
the
State
of
Texas

Wendy
Nather

@451wendy

Research
Director,
Enterprise
Security
Prac=ce

The
backdrop

Custom-‐wriDen
single
sign-‐on
portal
(10+
years
old)

Provides
SSO
for
~60-‐75
apps

External
user
base
of
~50,000

Internal
user
base
of
~800

The
challenge:
drag
it
kicking
and
screaming
into
some
part
of
the
21st

century

2

Other
complica=ng
factors

Family
Educa=onal
Rights
and
Privacy
Act
(FERPA)
compliance

~1300
school
districts

~8,000
campuses

~20
regional
educa=onal
service
centers
(ESCs)

Other
partners/stakeholders:
other
Texas
state
agencies,
higher

educa=on,
contractors
of
all
kinds,
nonproﬁts,
educators,
cer=ﬁca=on

bodies
…
roughly
2500
diﬀerent
organiza=ons

3

Mul=ple
roles
and
contexts

TEA
employee
of
some
division
or
cost
center,
at
some
posi=on
level

Contractors
pretending
to
be
TEA
employees

Personnel
at
ESCs,
districts,
campuses

Administrators,
educators,
auditors,
researchers

People
using
diﬀerent
applica=ons
in
diﬀerent
capaci=es
on
behalf
of

mul=ple
organiza=ons

Diﬀering
levels
of
delega=on,
both
organiza=onal
and
legal

4

Ge`ng
a
clue

Professor

Plum

in
the

kitchen

with
a
lead

pipe

with
a

candles=ck

in
the

library

with
a
lead

pipe

with
a
rope

Ge`ng
a
clue

Professor

Plum

killing

in
the

kitchen

with
a
lead

pipe

with
a

candles=ck

being
killed

in
the

library

with
a
lead

pipe

with
a
rope

Ge`ng
a
clue

Professor

Plum

killing

in
the

kitchen

with
a
lead

pipe

with
a

candles=ck

in
the

library

with
a
lead

pipe

with
a
rope

being
killed

in
the

kitchen

with
a
lead

pipe

with
a
rope

in
the

library

with
a
lead

pipe

with
a

candles=ck

Context
plus
governance
=
…

Iden=ty
authority
Access
authority

Who
you
are
+

Why
you
should
have

access

What
you
may
access

En=tlements

Workﬂow
example

TEA

ESC

District1

User

District2

App

owner

App

owner

Delegate

12

Constraints

Can’t
be
full
federa=on
due
to
compliance
requirements

Principle
of
least
privilege
means
scoping
down
wherever
possible

Separa=on
of
du=es
requires
discrete
roles
and
en=tlements

13

Moral
of
the
story

Need
to
be
granular
with
iden=ty,
authoriza=on
and
en=tlements
for

risk
and
compliance
management

Be
careful
with
RBAC
–
keep
it
out
of
your
code

IAM
is
not
a
project,
it’s
an
ongoing
journey

17

Ques=ons?
Comments?

wendy.nather@451research.com

Contenu connexe

Similaire à CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the State of Texas

NR 512 Invent Yourself/newtonhelp.com

lechenau110

Got the tech, do they use it?

Abi James

Icicte invited talk

Rose Luckin

Skills for industry 4.0

Dr. N. Asokan

Good Ways To Start A Conclusion Paragraph. How To Start A Co

Gina Rizzo

College Essay Examples - 9+ in PDF | Examples. Law School Admissions Personal Statement. Reflection Essay: Admission essay law school. 018 Essay Example Admission Examples Personal Statement Essays Template .... 004 Writing College Application Essays Essay Example Outline Printables .... Why students seek law essay writing services for the successful compl…. Law School Admission Essay Samples Written by Top Writers - EssayEdge. We will write a law school essay for you. It will be the best essay as .... Essays That Will Get You into Law School (Barron's Essays That Will Get .... 30+ College Essay Examples | MS Word, PDF | Examples. LAW Graduate Essay 2:1docx | Board Of Directors | Articles Of Association. Law School Essay - Here's Your Personal Statement_. Law School Admission Essay Service Insp, Law School Personal Statement. Tips for Law School Admission Essays. Law Admission Essay - Sample in 2021 | Admissions essay, Essay, Law .... School essay: Sample law essays. http://www.statementofpurposeexamples.net/ | Law school personal .... Writing a Perfect Personal Statement for Law School | Law school ....

Law School Admission Essay Samples.pdf

Carolyn Smith

Learning & Research Services Librarian University of Adelaide Candidate appli...

Kane McCard

Assistive technology

rtstein27

Assistive technology

rtstein27

Quality Essay

Online Paper Writing Services Haynes

EIE Workshop

Florida RID

APS Physics Insight Slidshow - April 2020

American Physical Society

Similaire à CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the State of Texas (12)

NR 512 Invent Yourself/newtonhelp.com

Got the tech, do they use it?

Icicte invited talk

Skills for industry 4.0

Good Ways To Start A Conclusion Paragraph. How To Start A Co

Law School Admission Essay Samples.pdf

Learning & Research Services Librarian University of Adelaide Candidate appli...

Assistive technology

Quality Essay

EIE Workshop

APS Physics Insight Slidshow - April 2020

Plus de CloudIDSummit

CIS 2016 Content Highlights

CloudIDSummit

The Cloud Identity Summit was founded by Ping Identity with support from industry leaders in 2010 to bring together the brightest minds across the identity and security industry. Today the event is recognized as the world’s premier identity industry conference and includes tracks from industry thought leaders, CIOs and practitioners. Cloud Identity Summit serves as a multi-year roadmap to deploy solutions that are here today but built for the future. For more info, go to www.cloudidentitysummit.com. Be apart of the convo on Twitter: @CloudIDSummit + #CISNOLA

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CloudIDSummit

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

CloudIDSummit

Mobile security, identity & authentication reasons for optimism 20150607 v2

CloudIDSummit

In an ever interconnected and inter-reliant world, the state of security has been a cause for deep pessimism. In the midst of all the gloom, there is good cause for optimism. With some fits and starts, the building blocks for transforming mobile security are taking shape at every level from the processor, to the chipset to special purpose hardware to operating systems and protocols that address use cases from device integrity to user authentication to payments. How do we think about security, privacy, identity and authentication in this world? This talk will provide a rapid overview of some selected building blocks and some practical examples that are now deployed at scale to illustrate the coming wave and how you as a practitioner or customer can participate and position yourself for maximum benefit.

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CloudIDSummit

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CloudIDSummit

Does anybody remember seeing a big red button with the word “PANICK!” written on it? I know it was around here somewhere. Also, there’s all these cats running pell-mell around the place, can someone give me a hand in herding them? In this real-world case study, come and learn how a Fortune 100 with a diverse and extremely mobile work-force was able to turn up strong authentication protections for our critical cloud resources, and how the IT department lived to tell the tale. You’ll hear about the technical implementation of strong authentication enforcement, and how we made key design decisions in the ongoing balancing act between security and user experience, and how we managed up-and-down the chain from executive stakeholders to the boots-on-the-ground who were being asked to join us on this new security adventure.

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CloudIDSummit

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...

CloudIDSummit

You'll laugh, you'll cry, and you might even pick up a useful nugget or two listening to a real-world enterprise IT architect share the experiences of the past year trying to support his business migrating to cloud services, and sharing the lessons learned from trying to integrate 2 hybrid enterprises into a single, streamlined company. You'll hear where the cloud came through for us, and how we often had to fall back to on-prem services such as FIM, Ping Federate, and ADFS to make the glue which binds it all together.

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CloudIDSummit

CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz

CloudIDSummit

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CloudIDSummit

The IAM program needs to align behind the shift towards ITaaS, building the platform for execution and supporting transformation and migration activities. CIOs should keep informed through a relevant IAM capability roadmap in order to make calculated decisions on where investments should be made. Ongoing investments in the IAM program are crucial in order to fill capability gaps, keep up-to-date with support and license agreements and make opportunistic progress on the strategic roadmap. In this talk, Steve discusses recent experiences and lessons learned in preparing for and pitching VMware’s CIO on enterprise IAM program initiatives.

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CloudIDSummit

Companies and researchers are exploring ways to make software and hardware development easier for the masses. Soon you will be able to build your own autonomous drone, create a sensor that assess the watering needs of your plants, and develop a cat tracking device with minimal coding and hardware skills. What is the place of security and privacy in this exciting development? Are we building the next generation of Internet security vulnerabilities right now? In his talk Hannes Tschofenig will highlight challenges with Internet of Things, what role standardization plays, and what contributions ARM, a provider of microprocessor IP, is making to improve IoT security.

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CloudIDSummit

The IDaaS (identity as a service) market segment continues to grow in popularity, and the scope of its vendor's capabilities continue to grow as well. It's still not a match for everyone, however. Join identity architect Sean Deuby for an overview of the most popular IDaaS deployment scenarios, scenarios where IDaaS has a tougher time meeting customer requirements, and whether your company is likely to find its perfect IDaaS mate.

CIS 2015 The IDaaS Dating Game - Sean Deuby

CloudIDSummit

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CloudIDSummit

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CloudIDSummit

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CloudIDSummit

Centralized session management has long been a goal of Web Access Management systems: the idea that one session can give end users access to dozens of protected applications with a seamless SSO experience, and terminating it (either by the end user themselves, or by an administrator) cuts off access instantly. It’s a nice dream isn’t it? Turns out that while most WAM products claim they can do this, when deployment time comes around (especially in globally distributed organizations) serious security and scalability challenges emerge that make it unfeasible. In this “session”, come and learn our vision for deploying session management at scale and see how Ping Identity has implemented it in our Federated Access Management solution.

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CloudIDSummit

Are you asking yourself how do I take my inhouse application and make it available to internal users, partners or customers using SSO and access management technologies? Oh, and you don't want it to be a 6 month project? No problem. Come and find out how to leverage your existing investments and move to modern standards like OpenID Connect, without having to rip and replace infrastructure. Learn the capabilities and tradeoffs you can make to deploy the right level of identity and access management infrastructure to match your security needs.

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CloudIDSummit

Devices need owners, people need confidence in device authenticity, data needs to persist in systems long after devices change hands, and access needs to be authorized selectively. That's a lot to ask; even if emerging web identity and security technologies are simpler than the models of yesteryear, IoT devices have complicating limitations when it comes to processing power, memory, user interface, and connectivity. But many use cases span web and IoT environments, so we must try! What are the specific requirements? What elements of web technologies can we borrow outright? What elements may need tweaking?

CIS 2015 Identity Relationship Management in the Internet of Things

CloudIDSummit

Plus de CloudIDSummit (20)

CIS 2016 Content Highlights

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

Mobile security, identity & authentication reasons for optimism 20150607 v2

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CIS 2015 The IDaaS Dating Game - Sean Deuby

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CIS 2015 Identity Relationship Management in the Internet of Things

Dernier

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Zilliz

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Architecting Cloud Native Applications

WSO2

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Dernier (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Manulife - Insurer Transformation Award 2024

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Architecting Cloud Native Applications

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Artificial Intelligence Chap.5 : Uncertainty

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Exploring the Future Potential of AI-Enabled Smartphone Processors

presentation ICT roal in 21st century education

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

MS Copilot expands with MS Graph connectors

CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the State of Texas

1. The Good, The Bad, and the Government: Wrangling A6ributes in the State of Texas Wendy Nather @451wendy Research Director, Enterprise Security Prac=ce

2. The backdrop Custom-‐wriDen single sign-‐on portal (10+ years old) Provides SSO for ~60-‐75 apps External user base of ~50,000 Internal user base of ~800 The challenge: drag it kicking and screaming into some part of the 21st century 2

3. Other complica=ng factors Family Educa=onal Rights and Privacy Act (FERPA) compliance ~1300 school districts ~8,000 campuses ~20 regional educa=onal service centers (ESCs) Other partners/stakeholders: other Texas state agencies, higher educa=on, contractors of all kinds, nonprofits, educators, cer=fica=on bodies … roughly 2500 different organiza=ons 3

4. Mul=ple roles and contexts TEA employee of some division or cost center, at some posi=on level Contractors pretending to be TEA employees Personnel at ESCs, districts, campuses Administrators, educators, auditors, researchers People using different applica=ons in different capaci=es on behalf of mul=ple organiza=ons Differing levels of delega=on, both organiza=onal and legal 4

5. Ge`ng a clue Professor Plum in the kitchen with a lead pipe with a candles=ck in the library with a lead pipe with a rope

6. Ge`ng a clue Professor Plum killing in the kitchen with a lead pipe with a candles=ck being killed in the library with a lead pipe with a rope

7. Ge`ng a clue Professor Plum killing in the kitchen with a lead pipe with a candles=ck in the library with a lead pipe with a rope being killed in the kitchen with a lead pipe with a rope in the library with a lead pipe with a candles=ck

8. Ge`ng a clue Professor Plum killing in the kitchen with a lead pipe with a candles=ck in the library with a lead pipe with a rope being killed in the kitchen with a lead pipe with a rope in the library with a lead pipe with a candles=ck

9. Ge`ng a clue Professor Plum killing in the kitchen with a lead pipe with a candles=ck in the library with a lead pipe with a rope being killed in the kitchen with a lead pipe with a rope in the library with a lead pipe with a candles=ck

10. Context plus governance = … Iden=ty authority Access authority Who you are + Why you should have access What you may access En=tlements

11. Example 11

12. Workﬂow example TEA ESC District1 User District2 App owner App owner Delegate 12

13. Constraints Can’t be full federa=on due to compliance requirements Principle of least privilege means scoping down wherever possible Separa=on of du=es requires discrete roles and en=tlements 13

14. Constraints Can’t be full federa=on due to compliance requirements Principle of least privilege means scoping down wherever possible Separa=on of du=es requires discrete roles and en=tlements And remember … Most of the users don’t really want to be there. 14

15. Constraints Can’t be full federa=on due to compliance requirements Principle of least privilege means scoping down wherever possible Separa=on of du=es requires discrete roles and en=tlements And remember … Most of the users don’t really want to be there. They are not at all technical. 15

16. Constraints Can’t be full federa=on due to compliance requirements Principle of least privilege means scoping down wherever possible Separa=on of du=es requires discrete roles and en=tlements And remember … Most of the users don’t really want to be there. They are not at all technical. And you can’t ﬁre them. 16

17. Moral of the story Need to be granular with iden=ty, authoriza=on and en=tlements for risk and compliance management Be careful with RBAC – keep it out of your code IAM is not a project, it’s an ongoing journey 17

18. Ques=ons? Comments? wendy.nather@451research.com

CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the State of Texas

Recommandé

Recommandé

Contenu connexe

Similaire à CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the State of Texas

Similaire à CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the State of Texas (12)

Plus de CloudIDSummit

Plus de CloudIDSummit (20)

Dernier

Dernier (20)

CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the State of Texas