SlideShare a Scribd company logo

BYOD - it's an identity thing

Download as PPTX, PDF
Paul Madsen
Paul Madsen

An identity-based model for dealing with BYOD

Technology
1 of 41
BYOD- it's an Identity Thing BYOD Paul Madsen (@pmadsen) Senior Technical Architect It's anPing Identity thing 'identity'
A little bit about me
BYOD WHAT'S THE BIG DEAL?
B Y O D R B Y W D R I O N E O N U U V GG R I H C T E S
Context COIT BYOD Social will.i.am keynoting Cloudforce App stores Personal Cloud
[reputable analyst firm] says [X%] of Fortune 500 will confront BYOD by [201Y]
So why allow it?
SHadow IT HAPPENS
Employee productivity as a function of time mobile productivity Traditional 9-5 Sun Mon Tue Wed Thur Fri Sat
Fundamental challenge A single device must support two 'masters'
Err no….
Choices • Mobile Device Management (MDM) applies enterprise policy to the device as a whole – PIN, wipe, VPN etc • Mobile Application Management (MAM) focuses on the business apps ON the device – App store, security added onto binaries either through SDK or 'wrapping'
Granularity
BYOD Balancing Act Standards Security Enablement Privacy
Balancing Act Productivity
Productivity vs time ideal reality 'Now what was my password again??' productivity 'Whoa, I can still login!' 'Well I guess I can play Angry Birds until IT sets me up' hired fired time
GTD Requirements 1. Initial GTD - Quickly get new employees up and running with the applications their role demands 2. Ongoing GTD - Provide employees single sign on experience in day to day work 3. Stop GTD - Reduce/remove permissions when necessary
Balancing Act Privacy
Privacy the right to be let alone— the most comprehen sive of rights and the right Louis Dembitz Brandeis most
Privacy Granularity of IT control
Partioning for privacy 1. Divide the phone in 'half' – one side for business applications & data, another for personal 2. IT's mandate is to manage & secure the apps & data on the business side 3. IT has no mandate (nor, hopefully, desire)
Balancing Act Security
IT'S NOT ABOUT THE DEVICE
It's the data
Protecting the data 1. Ensure that user/app can access only appropriate data – Authorization based on role 2. Protect data in transit – SSL IDM 3. Protect data on device – PIN, Encryption 4. Remove access to data when appropriate MAM – Wipe stored data (or keys) – Revoke access to fresh data MDM
MIM?
MDM – No screen capture MAM – No screen capture when in email app MIM – No screen capture for this document
Balancing Act Standards
Why standards? • Framework implies interplay between – Enterprise IdM – MAM architecture • MAM servers • MAM agent – Applications • On-prem • SaaS
Enterprise Components SaaS SaaS 1 2 MAM Device MAM Browser SaaS1 SaaS2
Standards • SCIM (System for Cross-Domain Identity Management) to provision identities as necessary to MAM and SaaS providers • SAML (Security Assertion Markup Language) to bridge enterprise identity to MAM and SaaS providers • OAuth to authorize MAM agents, and SaaS native apps
Enterprise Components SCIM SaaS SaaS SCIM 1 SAMLMAM O SCIM O A SAML A U SAML O U T A T H U H Device MAMT Browser H SaaS1 SaaS
Bob 'pursuing other ventures' EnterpriseSCIM (delete) SaaS SaaS SCIM (delete) 1 MAM SCIM (delete) W I p e Device MAM Browser SaaS1 SaaS wipe wipe
Bob 'loses phone in cab' EnterpriseSCIM (status=0) SaaS SaaS SCIM (status=0) 1 MAM SCIM (status=0) L O C K = Device Y MAM Browser SaaS1 SaaS
Application Provider Enterprise Application Provider Application Provider Device Native app Native app Native Authz Native app app Native agent Native app app Native app
Wrapping up
R R E DE S a S Business T t T Personal a MAM App App T Policy o k Apps T o e k n e s Identity Identity Corp Identity n Identity s Tokens
Thank you @paulmadsen
Summary 1. Divide device & leave employee personal data alone 2. Provision apps via MAM based on employee identity & roles into employee 'side' 3. Provision tokens to those apps via IdM based on employee identity & roles 4. Apps use tokens on API calls to corresponding Cloud

Recommended

Mobilemonday b2b mobco
Mobilemonday b2b mobcoMobilemonday b2b mobco
Mobilemonday b2b mobco
Mobile Monday Brussels
 
2011 VMI DEMO Conference Highlights
2011 VMI DEMO Conference Highlights2011 VMI DEMO Conference Highlights
2011 VMI DEMO Conference Highlights
Julie_Vasquez
 
Penrillian.com - Mobile Money
Penrillian.com - Mobile MoneyPenrillian.com - Mobile Money
Penrillian.com - Mobile Money
MobileMoney
 
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Novell
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
itforum-roundtable
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15final
Mahmoud Moustafa
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
IntelAPAC
 
February 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile TestingFebruary 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
Leigh Williamson
 

Recommended

Mobilemonday b2b mobco
Mobilemonday b2b mobcoMobilemonday b2b mobco
Mobilemonday b2b mobco
Mobile Monday Brussels
 
2011 VMI DEMO Conference Highlights
2011 VMI DEMO Conference Highlights2011 VMI DEMO Conference Highlights
2011 VMI DEMO Conference Highlights
Julie_Vasquez
 
Penrillian.com - Mobile Money
Penrillian.com - Mobile MoneyPenrillian.com - Mobile Money
Penrillian.com - Mobile Money
MobileMoney
 
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Novell
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
itforum-roundtable
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15final
Mahmoud Moustafa
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
IntelAPAC
 
February 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile TestingFebruary 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
Leigh Williamson
 
When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloud
reshmaroberts
 
Snap n send
Snap n send Snap n send
Snap n send
Mohit Jain
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud Security
CSAIsrael
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
Novell
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
Internap
 
Mobile Security
Mobile Security Mobile Security
Mobile Security
Fresh Digital Group
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CloudIDSummit
 
What an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderWhat an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud Provider
Novell
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
IBMGovernmentCA
 
Enterprise Apps Future State
Enterprise Apps Future StateEnterprise Apps Future State
Enterprise Apps Future State
Bruce MacVarish
 
ITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy Webinar
ITSM Academy, Inc.
 
Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5
Michel van den Berg
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational Solutions
Alex Amies
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
sallysogeti
 
Antivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosAntivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizados
Nextel S.A.
 
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Lincoln Murphy
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
Amazon Web Services
 
Webinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi TenancyWebinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi Tenancy
ScioSales
 
iScan Online - PCI DSS Mobile Task Force
iScan Online - PCI DSS Mobile Task ForceiScan Online - PCI DSS Mobile Task Force
iScan Online - PCI DSS Mobile Task Force
MAX Risk Intelligence by LOGICnow
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
reshmaroberts
 
In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...
John Mancini
 
Securing Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldSecuring Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD World
Apperian
 

More Related Content

What's hot

When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloud
reshmaroberts
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud Security
CSAIsrael
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CloudIDSummit
 
Enterprise Apps Future State
Enterprise Apps Future StateEnterprise Apps Future State
Enterprise Apps Future State
Bruce MacVarish
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational Solutions
Alex Amies
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
sallysogeti
 
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Lincoln Murphy
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
Amazon Web Services
 

What's hot (19)

When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloud
 
Snap n send
Snap n send Snap n send
Snap n send
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud Security
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Mobile Security
Mobile Security Mobile Security
Mobile Security
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
 
What an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderWhat an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud Provider
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
Enterprise Apps Future State
Enterprise Apps Future StateEnterprise Apps Future State
Enterprise Apps Future State
 
ITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy Webinar
 
Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational Solutions
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
 
Antivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosAntivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizados
 
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
Webinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi TenancyWebinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi Tenancy
 
iScan Online - PCI DSS Mobile Task Force
iScan Online - PCI DSS Mobile Task ForceiScan Online - PCI DSS Mobile Task Force
iScan Online - PCI DSS Mobile Task Force
 

Similar to BYOD - it's an identity thing

When where why cloud
When where why cloudWhen where why cloud
When where why cloud
reshmaroberts
 
Securing Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldSecuring Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD World
Apperian
 
Avner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP SeminarAvner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP Seminar
Avner Algom
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Avner algom feb 7 2012
Avner algom feb 7 2012Avner algom feb 7 2012
Avner algom feb 7 2012
Avner Algom
 
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2
 
La era de los smart devices mexico
La era de los smart devices mexicoLa era de los smart devices mexico
La era de los smart devices mexico
GeneXus
 

Similar to BYOD - it's an identity thing (20)

When where why cloud
When where why cloudWhen where why cloud
When where why cloud
 
In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...
 
Securing Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldSecuring Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD World
 
2016 IBM Watson IoT Forum
2016 IBM Watson IoT Forum2016 IBM Watson IoT Forum
2016 IBM Watson IoT Forum
 
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台
 
Avner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP SeminarAvner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP Seminar
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
Avner algom feb 7 2012
Avner algom feb 7 2012Avner algom feb 7 2012
Avner algom feb 7 2012
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identity
 
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
 
20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
Why the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systemsWhy the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systems
 
Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12
 
Citrix synergy 2012 debrief
Citrix synergy 2012 debriefCitrix synergy 2012 debrief
Citrix synergy 2012 debrief
 
La era de los smart devices mexico
La era de los smart devices mexicoLa era de los smart devices mexico
La era de los smart devices mexico
 

More from Paul Madsen

Native application Single SignOn
Native application Single SignOnNative application Single SignOn
Native application Single SignOn
Paul Madsen
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01
Paul Madsen
 
Gluecon oauth-03
Gluecon oauth-03Gluecon oauth-03
Gluecon oauth-03
Paul Madsen
 
Proxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAMLProxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAML
Paul Madsen
 

More from Paul Madsen (12)

Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
 
Native application Single SignOn
Native application Single SignOnNative application Single SignOn
Native application Single SignOn
 
Madsen byod-csa-02
Madsen byod-csa-02Madsen byod-csa-02
Madsen byod-csa-02
 
A recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMA recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdM
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision Framework
 
Gluecon oauth-03
Gluecon oauth-03Gluecon oauth-03
Gluecon oauth-03
 
Proxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAMLProxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAML
 
DIWD Concordia
DIWD ConcordiaDIWD Concordia
DIWD Concordia
 
Oauth 01
Oauth 01Oauth 01
Oauth 01
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Recently uploaded (20)

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 

BYOD - it's an identity thing

  • 1. BYOD- it's an Identity Thing BYOD Paul Madsen (@pmadsen) Senior Technical Architect It's anPing Identity thing 'identity'
  • 2. A little bit about me
  • 4.
  • 5. B Y O D R B Y W D R I O N E O N U U V GG R I H C T E S
  • 6. Context COIT BYOD Social will.i.am keynoting Cloudforce App stores Personal Cloud
  • 7. [reputable analyst firm] says [X%] of Fortune 500 will confront BYOD by [201Y]
  • 10. Employee productivity as a function of time mobile productivity Traditional 9-5 Sun Mon Tue Wed Thur Fri Sat
  • 11. Fundamental challenge A single device must support two 'masters'
  • 13. Choices • Mobile Device Management (MDM) applies enterprise policy to the device as a whole – PIN, wipe, VPN etc • Mobile Application Management (MAM) focuses on the business apps ON the device – App store, security added onto binaries either through SDK or 'wrapping'
  • 15. BYOD Balancing Act Standards Security Enablement Privacy
  • 17.
  • 18. Productivity vs time ideal reality 'Now what was my password again??' productivity 'Whoa, I can still login!' 'Well I guess I can play Angry Birds until IT sets me up' hired fired time
  • 19. GTD Requirements 1. Initial GTD - Quickly get new employees up and running with the applications their role demands 2. Ongoing GTD - Provide employees single sign on experience in day to day work 3. Stop GTD - Reduce/remove permissions when necessary
  • 21. Privacy the right to be let alone— the most comprehen sive of rights and the right Louis Dembitz Brandeis most
  • 22. Privacy Granularity of IT control
  • 23. Partioning for privacy 1. Divide the phone in 'half' – one side for business applications & data, another for personal 2. IT's mandate is to manage & secure the apps & data on the business side 3. IT has no mandate (nor, hopefully, desire)
  • 25. IT'S NOT ABOUT THE DEVICE
  • 27. Protecting the data 1. Ensure that user/app can access only appropriate data – Authorization based on role 2. Protect data in transit – SSL IDM 3. Protect data on device – PIN, Encryption 4. Remove access to data when appropriate MAM – Wipe stored data (or keys) – Revoke access to fresh data MDM
  • 28. MIM?
  • 29. MDM – No screen capture MAM – No screen capture when in email app MIM – No screen capture for this document
  • 31. Why standards? • Framework implies interplay between – Enterprise IdM – MAM architecture • MAM servers • MAM agent – Applications • On-prem • SaaS
  • 32. Enterprise Components SaaS SaaS 1 2 MAM Device MAM Browser SaaS1 SaaS2
  • 33. Standards • SCIM (System for Cross-Domain Identity Management) to provision identities as necessary to MAM and SaaS providers • SAML (Security Assertion Markup Language) to bridge enterprise identity to MAM and SaaS providers • OAuth to authorize MAM agents, and SaaS native apps
  • 34. Enterprise Components SCIM SaaS SaaS SCIM 1 SAMLMAM O SCIM O A SAML A U SAML O U T A T H U H Device MAMT Browser H SaaS1 SaaS
  • 35. Bob 'pursuing other ventures' EnterpriseSCIM (delete) SaaS SaaS SCIM (delete) 1 MAM SCIM (delete) W I p e Device MAM Browser SaaS1 SaaS wipe wipe
  • 36. Bob 'loses phone in cab' EnterpriseSCIM (status=0) SaaS SaaS SCIM (status=0) 1 MAM SCIM (status=0) L O C K = Device Y MAM Browser SaaS1 SaaS
  • 37. Application Provider Enterprise Application Provider Application Provider Device Native app Native app Native Authz Native app app Native agent Native app app Native app
  • 39. R R E DE S a S Business T t T Personal a MAM App App T Policy o k Apps T o e k n e s Identity Identity Corp Identity n Identity s Tokens
  • 41. Summary 1. Divide device & leave employee personal data alone 2. Provision apps via MAM based on employee identity & roles into employee 'side' 3. Provision tokens to those apps via IdM based on employee identity & roles 4. Apps use tokens on API calls to corresponding Cloud

Editor's Notes

  1. Managing the device is misguided – CISO do not loose sleep over the loss of devices, but rather ……
  2. Managing the device is misguided – CISO do not loose sleep over the loss of devices, but rather ……