SlideShare une entreprise Scribd logo

CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?

CloudIDSummit
CloudIDSummit

The cloud provides scalability and flexibility but also poses security challenges for enterprises with strict requirements. It discusses security needs like privacy, compliance, authentication, authorization and access controls. Advanced techniques are needed like attribute-based access control policies and metadata tagging to enable fine-grained security. Standards-based solutions can help meet enterprise needs and facilitate secure collaboration while enabling migration of workloads to the cloud.

Technologie
1  sur  20
Télécharger pour lire hors ligne
Is The Cloud Ready for Enterprise Security Requirements? John Tolbert
The Cloud A Huge Success Story Rent what you need, rather than buy Simplify data center management Scalable Fast provisioning and de-provisioning
Security Requirements Consumer Privacy Regulatory compliance SOX HIPAA Export regulations
More Security Requirements Intellectual Property Licensing and Collaboration Background and Foreground IP Trade Secret Protection High Security / High Assurance NIST 800-63 Level 3 and 4 authentication Fine-grained access controls Need-to-know
Authorization is like fashion Informal Attire For a Day at The Lake
Admission to certain venues requires formal wear http://upload.wikimedia.org/wikipedia/commons/3/39/MITO_Orchestra_Sinfonica_RAI.jpg
Access Control X OK
Organizations need to collaborate with business partners The cloud is a natural place for collaboration Easy to set up workspaces as needed Identity management can be a combination of federated identities for those with robust IAM infrastructures and cloud-managed identities for business partners without the heavy-duty IAM infrastructures Protecting intellectual property in collaborative environments can be a challenge
Enterprise IAM infrastructure in place LDAP SAML XACML PAP Enterprise IAM Infrastructure SSO XACML PEP XACML PDP The Cloud SaaS IaaS PaaS File Repositories Web Apps Cloud IAM Enterprise Applications SCIM
Evolution of access controls Time IAM Solution Complexity Evolves To Meet Scalability and Granularity Requirements Users Groups RBAC ABAC PBAC
Union of Attribute and Policy Policy Attribute Based Access Control
Policy/Attribute-based access control XACML for consistent attribute-based access control in both the cloud and on-premise infrastructure Profiles for privacy, export controls, intellectual property controls, and data loss prevention Interoperability at the transport layer Can facilitate the migration to Mandatory Access Control (MAC) model
Fine-grained Authorization Subject identity is just one variable in the authorization equation Resources have identities too! Resource attributes must also be evaluated in runtime authorization decisions Subject Resource Environment Action
Fine-grained AuthZ Two major categories of data necessitate two different approaches: Unstructured data: standardized metadata tags on data objects Structured data: policy-based access controls applied via SQL and web application proxies Backend Attribute Exchange: one domain trusts another to provide authoritative attributes for authenticated users
Metadata tagging and AuthZ Create Document Content Analysis Metadata Application XACML PEP XACML PDP By United States Air Force.718 Bot at en.wikipedia [Public domain], from Wikimedia Commons http://upload.wikimedia.org/wikipedia/commons/6/62/1948_Top_Secret_USAF_UFO_extraterrestrial_document.png Read Metadata Class: Top Secret Decision Pass Metadata as Resource Attributes LDAP Subject User Subject Attributes
Policy-based SQL and application proxies LDAP XACML PAP SQL/ XACML PEP XACML PDP Thick Client App DB Web App WAF/XACML PEP DB Certain row/column Results match policies Certain application Actions match policies
Backend Attribute Exchange User authenticates in Domain A Domain B SSO gets attributes from Domain A User receives access in Domain B User requests access to resource in Domain B Assumption: Domain B trusts that Domain A is authoritative for specific attributes about users originating from there. SSO LDAP SAML SSO SSO SAML SSO Web App 1 2 4 3 5 6 7 8 9
Mandatory Access Control Gov't Classification Commercial Analogs Unclassified Public Domain Confidential Confidential Secret Competition Sensitive / Restricted Top Secret Limited Distribution No Read Up No Write Down Bell-LaPadula No Read Down No Write Up Biba Integrity
Compliance Monitoring and Risk Management Standardized authentication and authorization mechanisms for consistent enforcement and reporting Integration with Security Incident and Event Management for real-time alerting Integration with GRC software
Conclusion Is the cloud ready for enterprise security? Yes, some providers offer solutions in most areas described above. Cloud service providers will capture more customers with high security service offerings Resource identities (attributes) are just as important in access control decisions as subject identities

Recommandé

0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrity0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrity
Vishwas Manral
 
The Enterprise File Fabric for Vecima MediaScaleX
The Enterprise File Fabric for Vecima MediaScaleXThe Enterprise File Fabric for Vecima MediaScaleX
The Enterprise File Fabric for Vecima MediaScaleX
Hybrid Cloud
 
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and ShareThe Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
Hybrid Cloud
 
The Enterprise File Fabric for OpenIO
The Enterprise File Fabric for OpenIOThe Enterprise File Fabric for OpenIO
The Enterprise File Fabric for OpenIO
Hybrid Cloud
 
The Enterprise File Fabric for Scality
The Enterprise File Fabric for ScalityThe Enterprise File Fabric for Scality
The Enterprise File Fabric for Scality
Hybrid Cloud
 
The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)
The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)
The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)
Hybrid Cloud
 
Guide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaGuide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in China
Alibaba Cloud
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 

Recommandé

0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrity0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrity
Vishwas Manral
 
The Enterprise File Fabric for Vecima MediaScaleX
The Enterprise File Fabric for Vecima MediaScaleXThe Enterprise File Fabric for Vecima MediaScaleX
The Enterprise File Fabric for Vecima MediaScaleX
Hybrid Cloud
 
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and ShareThe Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
Hybrid Cloud
 
The Enterprise File Fabric for OpenIO
The Enterprise File Fabric for OpenIOThe Enterprise File Fabric for OpenIO
The Enterprise File Fabric for OpenIO
Hybrid Cloud
 
The Enterprise File Fabric for Scality
The Enterprise File Fabric for ScalityThe Enterprise File Fabric for Scality
The Enterprise File Fabric for Scality
Hybrid Cloud
 
The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)
The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)
The Enterprise File Fabric for Leonovus User Collaboration Interface (LUCI)
Hybrid Cloud
 
Guide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaGuide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in China
Alibaba Cloud
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
Victoria SPUG - Building Applications with SharePoint Search
Victoria SPUG - Building Applications with SharePoint SearchVictoria SPUG - Building Applications with SharePoint Search
Victoria SPUG - Building Applications with SharePoint Search
Andy Hopkins
 
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find Them
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find ThemFantastic Beasts (aka Cloud Audit Issues) and Where to Find Them
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find Them
Suvabrata Sinha
 
Data Loss Prevention in Office 365
Data Loss Prevention in Office 365Data Loss Prevention in Office 365
Data Loss Prevention in Office 365
CloudFronts Technologies LLP.
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...
IJARIIT
 
Cloudciti Enterprise File Share Services
Cloudciti Enterprise File Share ServicesCloudciti Enterprise File Share Services
Cloudciti Enterprise File Share Services
PT Datacomm Diangraha
 
Solving Real Problems Using Linked Data
Solving Real Problems Using Linked DataSolving Real Problems Using Linked Data
Solving Real Problems Using Linked Data
Kingsley Uyi Idehen
 
Content Collaboration - Prevent data loss in a global digital future
Content Collaboration - Prevent data loss in a global digital futureContent Collaboration - Prevent data loss in a global digital future
Content Collaboration - Prevent data loss in a global digital future
Axway
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Radhakrishnan Govindan
 
Sensitivity for Groups, Teams, and SharePoint
Sensitivity for Groups, Teams, and SharePointSensitivity for Groups, Teams, and SharePoint
Sensitivity for Groups, Teams, and SharePoint
Drew Madelung
 
What's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management ServicesWhat's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management Services
UL Transaction Security
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial services
Moshe Ferber
 
Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls
Kingsley Uyi Idehen
 
J017547478
J017547478J017547478
J017547478
IOSR Journals
 
Enterprise File Fabric for Igneous
Enterprise File Fabric for IgneousEnterprise File Fabric for Igneous
Enterprise File Fabric for Igneous
Hybrid Cloud
 
Case Study for Ego-centric Citation Network
Case Study for Ego-centric Citation NetworkCase Study for Ego-centric Citation Network
Case Study for Ego-centric Citation Network
Mike Taylor
 
Linked Data Spaces, Data Portability & Access
Linked Data Spaces, Data Portability & AccessLinked Data Spaces, Data Portability & Access
Linked Data Spaces, Data Portability & Access
Kingsley Uyi Idehen
 
Vistatec
VistatecVistatec
Vistatec
TAUS - The Language Data Network
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
Gabor Bokor
 
Visual Online - Cloud Computing - 4 Mars 2011
Visual Online - Cloud Computing - 4 Mars 2011Visual Online - Cloud Computing - 4 Mars 2011
Visual Online - Cloud Computing - 4 Mars 2011
Francisco Malpica
 
Single sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceSingle sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConference
CA API Management
 
OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.ppt
webhostingguy
 

Contenu connexe

Tendances

A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...
IJARIIT
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
Gabor Bokor
 

Tendances (20)

Victoria SPUG - Building Applications with SharePoint Search
Victoria SPUG - Building Applications with SharePoint SearchVictoria SPUG - Building Applications with SharePoint Search
Victoria SPUG - Building Applications with SharePoint Search
 
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find Them
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find ThemFantastic Beasts (aka Cloud Audit Issues) and Where to Find Them
Fantastic Beasts (aka Cloud Audit Issues) and Where to Find Them
 
Data Loss Prevention in Office 365
Data Loss Prevention in Office 365Data Loss Prevention in Office 365
Data Loss Prevention in Office 365
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...
 
Cloudciti Enterprise File Share Services
Cloudciti Enterprise File Share ServicesCloudciti Enterprise File Share Services
Cloudciti Enterprise File Share Services
 
Solving Real Problems Using Linked Data
Solving Real Problems Using Linked DataSolving Real Problems Using Linked Data
Solving Real Problems Using Linked Data
 
Content Collaboration - Prevent data loss in a global digital future
Content Collaboration - Prevent data loss in a global digital futureContent Collaboration - Prevent data loss in a global digital future
Content Collaboration - Prevent data loss in a global digital future
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)
 
Sensitivity for Groups, Teams, and SharePoint
Sensitivity for Groups, Teams, and SharePointSensitivity for Groups, Teams, and SharePoint
Sensitivity for Groups, Teams, and SharePoint
 
What's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management ServicesWhat's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management Services
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial services
 
Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls
 
J017547478
J017547478J017547478
J017547478
 
Enterprise File Fabric for Igneous
Enterprise File Fabric for IgneousEnterprise File Fabric for Igneous
Enterprise File Fabric for Igneous
 
Case Study for Ego-centric Citation Network
Case Study for Ego-centric Citation NetworkCase Study for Ego-centric Citation Network
Case Study for Ego-centric Citation Network
 
Linked Data Spaces, Data Portability & Access
Linked Data Spaces, Data Portability & AccessLinked Data Spaces, Data Portability & Access
Linked Data Spaces, Data Portability & Access
 
Vistatec
VistatecVistatec
Vistatec
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
 
Visual Online - Cloud Computing - 4 Mars 2011
Visual Online - Cloud Computing - 4 Mars 2011Visual Online - Cloud Computing - 4 Mars 2011
Visual Online - Cloud Computing - 4 Mars 2011
 

En vedette

OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.ppt
webhostingguy
 
Oracle 4월 20일
Oracle 4월 20일Oracle 4월 20일
Oracle 4월 20일
Cana Ko
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
CA API Management
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
CA API Management
 
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding EdgeCIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CloudIDSummit
 
CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding Edge
CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding EdgeCIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding Edge
CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding Edge
CloudIDSummit
 

En vedette (20)

Single sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceSingle sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConference
 
OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.ppt
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
 
Oracle 4월 20일
Oracle 4월 20일Oracle 4월 20일
Oracle 4월 20일
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
 
CIS13: Externalized Authorization from the Developer’s Perspective
CIS13: Externalized Authorization from the Developer’s PerspectiveCIS13: Externalized Authorization from the Developer’s Perspective
CIS13: Externalized Authorization from the Developer’s Perspective
 
CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)
 
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile AppsCIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
 
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding EdgeCIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
 
CIS14: From Card to Mobile—Evolving Identity Credentials
CIS14: From Card to Mobile—Evolving Identity CredentialsCIS14: From Card to Mobile—Evolving Identity Credentials
CIS14: From Card to Mobile—Evolving Identity Credentials
 
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and Identities
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and IdentitiesCIS14: Identity Therapy: Surviving the Explosion of Users, Access and Identities
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and Identities
 
CIS14: Double Trouble—Managing Growth
CIS14: Double Trouble—Managing GrowthCIS14: Double Trouble—Managing Growth
CIS14: Double Trouble—Managing Growth
 
CIS14: Global Trends in BYOID
CIS14: Global Trends in BYOIDCIS14: Global Trends in BYOID
CIS14: Global Trends in BYOID
 
CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding Edge
CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding EdgeCIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding Edge
CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding Edge
 
CIS14: Why Federated Access Needs a Federated Identity
CIS14: Why Federated Access Needs a Federated IdentityCIS14: Why Federated Access Needs a Federated Identity
CIS14: Why Federated Access Needs a Federated Identity
 
CIS14: Knowing vs. Asking: Innovation in User Recognition
CIS14: Knowing vs. Asking: Innovation in User RecognitionCIS14: Knowing vs. Asking: Innovation in User Recognition
CIS14: Knowing vs. Asking: Innovation in User Recognition
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
 
CIS13: Bootcamp: PingOne as a Simple Identity Service
CIS13: Bootcamp: PingOne as a Simple Identity ServiceCIS13: Bootcamp: PingOne as a Simple Identity Service
CIS13: Bootcamp: PingOne as a Simple Identity Service
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
 

Similaire à CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?

(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
Amazon Web Services
 
Spca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackieSpca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackie
NCCOMMS
 
Hybrid Cloud Strategy for Big Data and Analytics
Hybrid Cloud Strategy for Big Data and Analytics Hybrid Cloud Strategy for Big Data and Analytics
Hybrid Cloud Strategy for Big Data and Analytics
DataWorks Summit/Hadoop Summit
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
uberbaum
 
10280_ShareFileEnterpriseSecurity_HR
10280_ShareFileEnterpriseSecurity_HR10280_ShareFileEnterpriseSecurity_HR
10280_ShareFileEnterpriseSecurity_HR
Mark Howell
 
Charting a path to the cloud final
Charting a path to the cloud finalCharting a path to the cloud final
Charting a path to the cloud final
Scott Clinton
 

Similaire à CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements? (20)

Multi-tenancy In the Cloud
Multi-tenancy In the CloudMulti-tenancy In the Cloud
Multi-tenancy In the Cloud
 
SwiftKnowledge Multitenancy
SwiftKnowledge MultitenancySwiftKnowledge Multitenancy
SwiftKnowledge Multitenancy
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huang
 
Intro To Cloud Computing
Intro To Cloud ComputingIntro To Cloud Computing
Intro To Cloud Computing
 
The Journey to the Hybrid Multi Cloud
The Journey to the Hybrid Multi CloudThe Journey to the Hybrid Multi Cloud
The Journey to the Hybrid Multi Cloud
 
Citrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseCitrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile Enterprise
 
Hadoop and Big Data Security
Hadoop and Big Data SecurityHadoop and Big Data Security
Hadoop and Big Data Security
 
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
 
Spca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackieSpca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackie
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
 
Hybrid Cloud Strategy for Big Data and Analytics
Hybrid Cloud Strategy for Big Data and Analytics Hybrid Cloud Strategy for Big Data and Analytics
Hybrid Cloud Strategy for Big Data and Analytics
 
[Cloud Summit 2010] Peter Coffee - Sales Force
[Cloud Summit 2010] Peter Coffee - Sales Force[Cloud Summit 2010] Peter Coffee - Sales Force
[Cloud Summit 2010] Peter Coffee - Sales Force
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud Services
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Advancing Cloud Initiatives and Removing Barriers to Adoption
Advancing Cloud Initiatives and Removing Barriers to AdoptionAdvancing Cloud Initiatives and Removing Barriers to Adoption
Advancing Cloud Initiatives and Removing Barriers to Adoption
 
10280_ShareFileEnterpriseSecurity_HR
10280_ShareFileEnterpriseSecurity_HR10280_ShareFileEnterpriseSecurity_HR
10280_ShareFileEnterpriseSecurity_HR
 
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followO365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to follow
 
Charting a path to the cloud final
Charting a path to the cloud finalCharting a path to the cloud final
Charting a path to the cloud final
 

Plus de CloudIDSummit

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 

Plus de CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Dernier

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Dernier (20)

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?

  • 1. Is The Cloud Ready for Enterprise Security Requirements? John Tolbert
  • 2. The Cloud A Huge Success Story Rent what you need, rather than buy Simplify data center management Scalable Fast provisioning and de-provisioning
  • 3. Security Requirements Consumer Privacy Regulatory compliance SOX HIPAA Export regulations
  • 4. More Security Requirements Intellectual Property Licensing and Collaboration Background and Foreground IP Trade Secret Protection High Security / High Assurance NIST 800-63 Level 3 and 4 authentication Fine-grained access controls Need-to-know
  • 5. Authorization is like fashion Informal Attire For a Day at The Lake
  • 6. Admission to certain venues requires formal wear http://upload.wikimedia.org/wikipedia/commons/3/39/MITO_Orchestra_Sinfonica_RAI.jpg
  • 8. Organizations need to collaborate with business partners The cloud is a natural place for collaboration Easy to set up workspaces as needed Identity management can be a combination of federated identities for those with robust IAM infrastructures and cloud-managed identities for business partners without the heavy-duty IAM infrastructures Protecting intellectual property in collaborative environments can be a challenge
  • 9. Enterprise IAM infrastructure in place LDAP SAML XACML PAP Enterprise IAM Infrastructure SSO XACML PEP XACML PDP The Cloud SaaS IaaS PaaS File Repositories Web Apps Cloud IAM Enterprise Applications SCIM
  • 10. Evolution of access controls Time IAM Solution Complexity Evolves To Meet Scalability and Granularity Requirements Users Groups RBAC ABAC PBAC
  • 11. Union of Attribute and Policy Policy Attribute Based Access Control
  • 12. Policy/Attribute-based access control XACML for consistent attribute-based access control in both the cloud and on-premise infrastructure Profiles for privacy, export controls, intellectual property controls, and data loss prevention Interoperability at the transport layer Can facilitate the migration to Mandatory Access Control (MAC) model
  • 13. Fine-grained Authorization Subject identity is just one variable in the authorization equation Resources have identities too! Resource attributes must also be evaluated in runtime authorization decisions Subject Resource Environment Action
  • 14. Fine-grained AuthZ Two major categories of data necessitate two different approaches: Unstructured data: standardized metadata tags on data objects Structured data: policy-based access controls applied via SQL and web application proxies Backend Attribute Exchange: one domain trusts another to provide authoritative attributes for authenticated users
  • 15. Metadata tagging and AuthZ Create Document Content Analysis Metadata Application XACML PEP XACML PDP By United States Air Force.718 Bot at en.wikipedia [Public domain], from Wikimedia Commons http://upload.wikimedia.org/wikipedia/commons/6/62/1948_Top_Secret_USAF_UFO_extraterrestrial_document.png Read Metadata Class: Top Secret Decision Pass Metadata as Resource Attributes LDAP Subject User Subject Attributes
  • 16. Policy-based SQL and application proxies LDAP XACML PAP SQL/ XACML PEP XACML PDP Thick Client App DB Web App WAF/XACML PEP DB Certain row/column Results match policies Certain application Actions match policies
  • 17. Backend Attribute Exchange User authenticates in Domain A Domain B SSO gets attributes from Domain A User receives access in Domain B User requests access to resource in Domain B Assumption: Domain B trusts that Domain A is authoritative for specific attributes about users originating from there. SSO LDAP SAML SSO SSO SAML SSO Web App 1 2 4 3 5 6 7 8 9
  • 18. Mandatory Access Control Gov't Classification Commercial Analogs Unclassified Public Domain Confidential Confidential Secret Competition Sensitive / Restricted Top Secret Limited Distribution No Read Up No Write Down Bell-LaPadula No Read Down No Write Up Biba Integrity
  • 19. Compliance Monitoring and Risk Management Standardized authentication and authorization mechanisms for consistent enforcement and reporting Integration with Security Incident and Event Management for real-time alerting Integration with GRC software
  • 20. Conclusion Is the cloud ready for enterprise security? Yes, some providers offer solutions in most areas described above. Cloud service providers will capture more customers with high security service offerings Resource identities (attributes) are just as important in access control decisions as subject identities