SlideShare une entreprise Scribd logo

Benefits and Risks of a Single Identity - IBM Connect 2017

Gabriella Davis
Gabriella Davis

What is valuable about a single identity, why is that something people want and how achievable is it? As people work across multiple systems they encounter an equal number of barriers where they must authenticate or otherwise prove their identity in order to gain access. Ideally we always want to be showing the same information about ourselves regardless of where someone searches or how we are found. In this session we’ll discuss the issues behind both creating a single identity and simplifying authentication. We’ll also review the risks you need to be aware of, the technologies available to you and the importance of good and current personal information. This is an updated presentation that includes some speaker notes for clarity

Technologie
1  sur  41
Télécharger pour lire hors ligne
February 2017 Benefits and Risks of a Single Identity Gabriella Davis Technical Director - IBM Lifetime Champion The Turtle Partnership DEV-1078 IBM Connect 2017 Conference
Who Am I? Admin of all things and especially quite complicated things where the fun is Working with security , healthchecks, single sign on, design and deployment of IBM technologies and things that they talk to Stubborn and relentless problem solver Lives in London about half of the Ame gabriella@turtlepartnership.com twiDer: gabturtle Awarded the first IBM LifeAme Achievement Award for CollaboraAon SoluAons
Roadmap ForThis Session ✤ What is single identity and why would I care? ✤ What technologies are available to me? ✤ What needs to be in place for single identity to work well ✤ The risks of single identity in an IOT and online world
What DoWe Mean By Single Identity? • Identity Management • I am an individual but one that is part of this group • I take my individuality into different systems • I take information about me across different systems • This is the difference between federation and single sign on
Things have gotten a bit more complicated than that.. Multiple systems and standards including SAML, OpenID, OAuth, Facebook Login Users require logins across personal, consumer, and enterprise systems
Individual Identities Across Systems Attributes Within Systems An individual will have separate identities across different systems, where some attributes are shared such as email or name and others might be system specific. As the user moves between systems their individual identity remains the same.
Why Is Having A Single Identity Valuable? Preferences Behaviour & History Patterns BeingPresent how i use the system, how i prefer to work with it, what parts of it i prefer to see / engage with what I do, what i have interacted with in the past, what I reuse or repeat spotting ways in which I reuse or repeat in order to present information to me that I might not be aware of or highlight information that the pattern says I should be interested in just because i’m using system A doesn’t mean someone in system B can’t find and interact with me. I have one identity if signed onto multiple systems.
Key Components of Single Identity
Authentication Authentication is critical to ensure Gab Davis in SystemA is the same as Gab Davis in SystemB and the information that goes with that ‘Gab Davis” is correct
✤ Hello - have you met my friend? ✤ Is trust transferable? Trust Once you create a way in you are establishing a security level as that of the lowest entry point
✤ Access rights ✤ Identity data such as name or email ✤ System specific attributes such as your favourite drink Attributes Sparkling Wine
 Flute White Wine Glass Standard Wine Glass Light Red Wine Glass Blod Red Wine Glass
Common Authentication Technologies FEDERATION OAUTH OPENID IWA
Password Synchronisation This ISN’T Single Identity Synchronising passwords across different systems Sametime LDAP Connections LDAP Traveler Authentication Password Synchronisation Tool You’re not the same person, you’re just using the sam password You’re not the same person, you’re just using the same password
Single LDAP Source This Kind-Of Is - At Its Most Basic Authenticating against a single password in a single place Sametime Network Login Connections Mail LDAP Password Technically you are the same person as you authenticate using the same identity but that’s it, there is no other information being held or exchanged.
This Is Closer - but not quite IWA/Kerberos/SPNEGO ✤ The single authentication to Windows has granted access to other systems using the same identity 1 2 3 4 5 ACTIVE DIRECTORY GENERATES TOKEN USER TRIES TO ACCESS A WEBSITE BROWSER SENDS IWA TOKEN TO THE WEB SERVER ALONG WITH USER NAME THE WEB SERVER CONTACTS ACTIVE DIRECTORY TO VALIDATE TOKEN AND RETRIEVE THE USER’S NAME STEPS USER LOGS INTO WINDOWS
Federated Login Is Single Identity Security Assertion Markup Language 16 1 2 3 4 5 USER ATTEMPTS TO LOG IN TO A WEBSITE USER IS REDIRECTED TO IDENTITY PROVIDER IDENTITY PROVIDER REQUESTS AUTHENTICATION OR (IF USER IS LOGGED IN) RETURNS CREDENTIALS USER IS REDIRECTED BACK TO ORIGINAL SITE WITH SAML ASSERTION ATTACHED ORIGINAL SITE USES ITS SAML SERVICE PROVIDER TO CONFIRM SAML ASSERTION AND GRANT ACCESS STEPS ✤ Simple SAML Steps
SAML - Federated Single Identity 17 ✤ IdP - Identity Provider (SSO) ✤ ADFS (Active Directory Federation Services) ✤ can be combined with IWA ✤ TFIM (Tivoli Federated Identity Manager) ✤ SP - Service Provider ✤ IBM Domino (web federated login) ✤ IBM SmartCloud ✤ IBM Notes (requires ID Vault) (notes federated login)
SAML Behaviour ✤ IdP (Identity Providers) use HTTP or SOAP to communicate to SP (Service Providers) via XML based assertions ✤ Assertions have three roles ✤ Authentication ✤ Authorisation ✤ Retrieving Attributes ✤ Many kinds of authentication methods are supported depending on your chosen IdP ✤ Once initially federated no subsequent password or credentials are passed
Federation For Social Systems OAuth / OpenID / Facebook Login! OpenID is identify federation OAuth is authorisation OpenID is built on OAuth
Simplified OAuth Process 1 2 3 4 5 USER ASKS FACEBOOK (THE CONSUMER) TO POST ON THEIR ACTIVITY STREAM FACEBOOK GOES TO CONNECTIONS (THE SERVICE PROVIDER) AND ASKS FOR PERMISSION TO POST THE SERVICE PROVIDER GIVES THE CONSUMER A SECRET KEY TO GIVE TO THE USER AND A URL FOR THE USER TO CLICK ON THE USER CLICKS ON THE URL AND AUTHENTICATES WITH THE SERVICE PROVIDER THE SERVICE PROVIDER , SATISFIED THE SECRET KEY IS GOOD, WILL NOW ALLOW THE CONSUMER ACCESS TO ITS SERVICES STEPS
IBM Products As SAML Service Providers ✤ Verse on premises and cloud ✤ Domino ✤ Notes - both on premises and Smartcloud ✤ Connections ✤ WebSphere
Preparation For Federation
Directories and Data IDENTITY LOCATION HISTORY SYSTEMS
Identity ✤ Directories that are well constructed and maintained ✤ names ✤ data ✤ accounts ✤ Tie directories together with a common key
Systems ✤ Authorisation ✤ Access Levels ✤ Data Security ✤ Identifying shared attributes ✤ Configuring custom attributes in LDAP and the IdP
Location ✤ Different behaviour in different locations ✤ Locations define data ✤ Why are you here? What is your role?
History ✤ What have you done before ✤ Patterns of behaviour ✤ Suggestions based on history, location and identity
Risks
Personas ✤ Do you want to tie everything together? ✤ Do you have the same persona everywhere? ✤ Is the language you use, your opinions, your political views common everywhere ✤ and something you want to share?
Federation ✤ Once all systems are integrated all systems are vulnerable ✤ You are only as protected as your least secure password / authentication model ✤ Understand what services or service providers you have authorised, what information they hold , what their privacy policies are and what their security policies are ✤ Make sure users understand they have to logout
OAuth/OpenID ✤ Theft of credentials ✤ Excessive access and data rights ✤ Theft of data ✤ Brute force guessing of credentials ✤ URL redirects or interceptions through incomplete URL requests ✤ Token interceptions ✤ Puts the user in control - this is not a bad thing
IOT & Identity
Internet OfThings ✤ A physical device with embedded internet connectivity and “always on” status ✤ The beauty of IOT devices is that they are integrated into your life ✤ there’s no individual authentication ✤ They know everything they need to know simply because of their placement or setup ✤ Their true value is in learning about those things we discussed earlier, preferences, behaviour, patterns
RisksWith IOT ✤ Physical devices may now come with built in connectivity as an added feature ✤ Companies who didn’t deploy them for that feature may also not have security policies in place to disable or limit it ✤ Risk assessment happens too late
RisksWith IoT ✤ Privacy ✤ Safety ✤ Data Bleed ✤ Additional operational expenses
Summary
Prepare ✤ Have a good directory and define security policies such as token expiration ✤ Protect At Every Point Of Entry ✤ You don’t put a value on the information but someone else will ✤ Your identity has value ✤ Train users to log out, clean caches and understand what multi system access means ✤ Include risk assessment for IoT in any hardware purchasing and deployment
Lots of Good ✤ More passwords and stronger passwords don’t lead to better security ✤ Avoiding passwords entirely but authenticating based on existing information can be more secure ✤ Users are more likely to engage with systems that have fewer barriers to entry ✤ The more systems know about us, how we work and what we need the better they can serve us ✤ There are enormous volumes of data being produced across systems that can be used to save time, cost and effort
Questions?
Notices and disclaimers Copyright © 2017 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.” Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law
Notices and disclaimers continued Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.

Recommandé

Chapter 4 PowerPoint
Chapter 4 PowerPointChapter 4 PowerPoint
Chapter 4 PowerPointpourettejones
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
Itam Presentation by Cydney Davis
Itam Presentation by Cydney DavisItam Presentation by Cydney Davis
Itam Presentation by Cydney DavisCydney Davis
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computingMoshe Ferber
 
IT Asset Management
IT Asset ManagementIT Asset Management
IT Asset ManagementMDS TS
 
Business Case For IT Asset Management
Business Case For IT Asset ManagementBusiness Case For IT Asset Management
Business Case For IT Asset ManagementSamanage
 
Unit 1 importance ofsoftengg_b.tech iii year
Unit 1 importance ofsoftengg_b.tech iii yearUnit 1 importance ofsoftengg_b.tech iii year
Unit 1 importance ofsoftengg_b.tech iii yearPreeti Mishra
 
Cyber Domain Security
Cyber Domain SecurityCyber Domain Security
Cyber Domain SecurityICSA, LLC
 

Recommandé

Chapter 4 PowerPoint
Chapter 4 PowerPointChapter 4 PowerPoint
Chapter 4 PowerPointpourettejones
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
Itam Presentation by Cydney Davis
Itam Presentation by Cydney DavisItam Presentation by Cydney Davis
Itam Presentation by Cydney DavisCydney Davis
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computingMoshe Ferber
 
IT Asset Management
IT Asset ManagementIT Asset Management
IT Asset ManagementMDS TS
 
Business Case For IT Asset Management
Business Case For IT Asset ManagementBusiness Case For IT Asset Management
Business Case For IT Asset ManagementSamanage
 
Unit 1 importance ofsoftengg_b.tech iii year
Unit 1 importance ofsoftengg_b.tech iii yearUnit 1 importance ofsoftengg_b.tech iii year
Unit 1 importance ofsoftengg_b.tech iii yearPreeti Mishra
 
Cyber Domain Security
Cyber Domain SecurityCyber Domain Security
Cyber Domain SecurityICSA, LLC
 
IT ASSET MANAGEMENT
IT ASSET MANAGEMENTIT ASSET MANAGEMENT
IT ASSET MANAGEMENTHabeeb Abdul Kader
 
Ch.3 PowerPoint
Ch.3 PowerPointCh.3 PowerPoint
Ch.3 PowerPointpourettejones
 
Software Engineering II
Software Engineering IISoftware Engineering II
Software Engineering IIIslamia Univeristy Bahawalpur Bahawalnagar
 
Cultural Diversity in the Workplace by The Cultural Diversity Committee
Cultural Diversity in the Workplace by The Cultural Diversity CommitteeCultural Diversity in the Workplace by The Cultural Diversity Committee
Cultural Diversity in the Workplace by The Cultural Diversity CommitteeAtlantic Training, LLC.
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review ChecklistEberly Wilson
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Oracle BH
 
Chap6: Communicating Across Cultures
Chap6: Communicating Across CulturesChap6: Communicating Across Cultures
Chap6: Communicating Across CulturesMiranda Emery
 
Top Use Cases for Mainframe and IBM i Discovery in ServiceNow®
Top Use Cases for Mainframe and IBM i Discovery in ServiceNow®Top Use Cases for Mainframe and IBM i Discovery in ServiceNow®
Top Use Cases for Mainframe and IBM i Discovery in ServiceNow®Precisely
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Priyanka Aash
 
Information systems, organizations, management, and strategy
Information systems, organizations, management, and strategyInformation systems, organizations, management, and strategy
Information systems, organizations, management, and strategyProf. Othman Alsalloum
 
Caso - Deutsche Telekom
Caso - Deutsche TelekomCaso - Deutsche Telekom
Caso - Deutsche TelekomInformatica Latinoamerica
 
Data center presentation toi -28022013
Data center presentation toi -28022013Data center presentation toi -28022013
Data center presentation toi -28022013Sanjay Belulkar
 
Cultural Competence Orientation
Cultural Competence OrientationCultural Competence Orientation
Cultural Competence OrientationCarlos F Martinez
 
what is sccm ? sccm online Training
what is sccm ? sccm online Training what is sccm ? sccm online Training
what is sccm ? sccm online Training KashifSCCMTrainer
 
CH 6 ORGANIZATIONAL CULTURES AND DIVERSITY
CH 6 ORGANIZATIONAL CULTURES AND DIVERSITY CH 6 ORGANIZATIONAL CULTURES AND DIVERSITY
CH 6 ORGANIZATIONAL CULTURES AND DIVERSITY Shadina Shah
 
IT Asset Management by Miradore
IT Asset Management by MiradoreIT Asset Management by Miradore
IT Asset Management by MiradoreMiradore
 
Gtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment OverviewGtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment Overviewgtbsalesindia
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT Center
 
Multiple,shared identity
Multiple,shared identityMultiple,shared identity
Multiple,shared identityvshackley
 
AdminCamp 2011 Performance
AdminCamp 2011 PerformanceAdminCamp 2011 Performance
AdminCamp 2011 PerformanceUlrich Krause
 

Contenu connexe

Tendances

Cultural Diversity in the Workplace by The Cultural Diversity Committee
Cultural Diversity in the Workplace by The Cultural Diversity CommitteeCultural Diversity in the Workplace by The Cultural Diversity Committee
Cultural Diversity in the Workplace by The Cultural Diversity CommitteeAtlantic Training, LLC.
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review ChecklistEberly Wilson
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Oracle BH
 
Chap6: Communicating Across Cultures
Chap6: Communicating Across CulturesChap6: Communicating Across Cultures
Chap6: Communicating Across CulturesMiranda Emery
 
Top Use Cases for Mainframe and IBM i Discovery in ServiceNow®
Top Use Cases for Mainframe and IBM i Discovery in ServiceNow®Top Use Cases for Mainframe and IBM i Discovery in ServiceNow®
Top Use Cases for Mainframe and IBM i Discovery in ServiceNow®Precisely
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Priyanka Aash
 
Information systems, organizations, management, and strategy
Information systems, organizations, management, and strategyInformation systems, organizations, management, and strategy
Information systems, organizations, management, and strategyProf. Othman Alsalloum
 
Data center presentation toi -28022013
Data center presentation toi -28022013Data center presentation toi -28022013
Data center presentation toi -28022013Sanjay Belulkar
 
Cultural Competence Orientation
Cultural Competence OrientationCultural Competence Orientation
Cultural Competence OrientationCarlos F Martinez
 
what is sccm ? sccm online Training
what is sccm ? sccm online Training what is sccm ? sccm online Training
what is sccm ? sccm online Training KashifSCCMTrainer
 
CH 6 ORGANIZATIONAL CULTURES AND DIVERSITY
CH 6 ORGANIZATIONAL CULTURES AND DIVERSITY CH 6 ORGANIZATIONAL CULTURES AND DIVERSITY
CH 6 ORGANIZATIONAL CULTURES AND DIVERSITY Shadina Shah
 
IT Asset Management by Miradore
IT Asset Management by MiradoreIT Asset Management by Miradore
IT Asset Management by MiradoreMiradore
 
Gtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment OverviewGtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment Overviewgtbsalesindia
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT Center
 

Tendances (20)

IT ASSET MANAGEMENT
IT ASSET MANAGEMENTIT ASSET MANAGEMENT
IT ASSET MANAGEMENT
 
Ch.3 PowerPoint
Ch.3 PowerPointCh.3 PowerPoint
Ch.3 PowerPoint
 
Software Engineering II
Software Engineering IISoftware Engineering II
Software Engineering II
 
Cultural Diversity in the Workplace by The Cultural Diversity Committee
Cultural Diversity in the Workplace by The Cultural Diversity CommitteeCultural Diversity in the Workplace by The Cultural Diversity Committee
Cultural Diversity in the Workplace by The Cultural Diversity Committee
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review Checklist
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
 
Chap6: Communicating Across Cultures
Chap6: Communicating Across CulturesChap6: Communicating Across Cultures
Chap6: Communicating Across Cultures
 
Top Use Cases for Mainframe and IBM i Discovery in ServiceNow®
Top Use Cases for Mainframe and IBM i Discovery in ServiceNow®Top Use Cases for Mainframe and IBM i Discovery in ServiceNow®
Top Use Cases for Mainframe and IBM i Discovery in ServiceNow®
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
 
Information systems, organizations, management, and strategy
Information systems, organizations, management, and strategyInformation systems, organizations, management, and strategy
Information systems, organizations, management, and strategy
 
Caso - Deutsche Telekom
Caso - Deutsche TelekomCaso - Deutsche Telekom
Caso - Deutsche Telekom
 
Data center presentation toi -28022013
Data center presentation toi -28022013Data center presentation toi -28022013
Data center presentation toi -28022013
 
Cultural Competence Orientation
Cultural Competence OrientationCultural Competence Orientation
Cultural Competence Orientation
 
what is sccm ? sccm online Training
what is sccm ? sccm online Training what is sccm ? sccm online Training
what is sccm ? sccm online Training
 
CH 6 ORGANIZATIONAL CULTURES AND DIVERSITY
CH 6 ORGANIZATIONAL CULTURES AND DIVERSITY CH 6 ORGANIZATIONAL CULTURES AND DIVERSITY
CH 6 ORGANIZATIONAL CULTURES AND DIVERSITY
 
IT Asset Management by Miradore
IT Asset Management by MiradoreIT Asset Management by Miradore
IT Asset Management by Miradore
 
Gtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment OverviewGtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment Overview
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
 

En vedette

Multiple,shared identity
Multiple,shared identityMultiple,shared identity
Multiple,shared identityvshackley
 
AdminCamp 2011 Performance
AdminCamp 2011 PerformanceAdminCamp 2011 Performance
AdminCamp 2011 PerformanceUlrich Krause
 
MAS202 - Customizing IBM Connections
MAS202 - Customizing IBM ConnectionsMAS202 - Customizing IBM Connections
MAS202 - Customizing IBM Connectionspaulbastide
 
Upgrading to Sametime 9.0.1
Upgrading to Sametime 9.0.1Upgrading to Sametime 9.0.1
Upgrading to Sametime 9.0.1Gabriella Davis
 
Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...LetsConnect
 
IBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode IIIIBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode IIILetsConnect
 

En vedette (6)

Multiple,shared identity
Multiple,shared identityMultiple,shared identity
Multiple,shared identity
 
AdminCamp 2011 Performance
AdminCamp 2011 PerformanceAdminCamp 2011 Performance
AdminCamp 2011 Performance
 
MAS202 - Customizing IBM Connections
MAS202 - Customizing IBM ConnectionsMAS202 - Customizing IBM Connections
MAS202 - Customizing IBM Connections
 
Upgrading to Sametime 9.0.1
Upgrading to Sametime 9.0.1Upgrading to Sametime 9.0.1
Upgrading to Sametime 9.0.1
 
Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...
 
IBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode IIIIBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode III
 

Similaire à Benefits and Risks of a Single Identity - IBM Connect 2017

A Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsA Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsGabriella Davis
 
Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldForte Advisory, Inc.
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02amiinaaa
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4skimil
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Security Innovation
 
Opening Up User-Centric Identity
Opening Up User-Centric IdentityOpening Up User-Centric Identity
Opening Up User-Centric IdentityEduserv Foundation
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 
5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service ProviderTyrone Systems
 
Cyber security for small businesses
Cyber security for small businessesCyber security for small businesses
Cyber security for small businessesB2BPlanner Ltd.
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityGlobalSign
 
CyberSecurity Series Malware slides
CyberSecurity Series Malware slidesCyberSecurity Series Malware slides
CyberSecurity Series Malware slidesJim Kaplan CIA CFE
 
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...Amazon Web Services
 
How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureIIMBNSRCEL
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
 
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...Amazon Web Services
 

Similaire à Benefits and Risks of a Single Identity - IBM Connect 2017 (20)

A Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsA Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration Solutions
 
Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure World
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
 
A A A
A A AA A A
A A A
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
 
Opening Up User-Centric Identity
Opening Up User-Centric IdentityOpening Up User-Centric Identity
Opening Up User-Centric Identity
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider
 
Data security and compliancy in Office 365
Data security and compliancy in Office 365Data security and compliancy in Office 365
Data security and compliancy in Office 365
 
Cyber security for small businesses
Cyber security for small businessesCyber security for small businesses
Cyber security for small businesses
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
 
CyberSecurity Series Malware slides
CyberSecurity Series Malware slidesCyberSecurity Series Malware slides
CyberSecurity Series Malware slides
 
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
 
How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secure
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
 

Plus de Gabriella Davis

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsGabriella Davis
 
. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience ProjectGabriella Davis
 
Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and ManagingGabriella Davis
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesGabriella Davis
 
Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10Gabriella Davis
 
An Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for DockerAn Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for DockerGabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
 
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...Gabriella Davis
 
An introduction to configuring Domino for Docker
An introduction to configuring Domino for DockerAn introduction to configuring Domino for Docker
An introduction to configuring Domino for DockerGabriella Davis
 
How To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & DiscoveryHow To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & DiscoveryGabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesGabriella Davis
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To DockerGabriella Davis
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To DockerGabriella Davis
 
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudSetting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudGabriella Davis
 

Plus de Gabriella Davis (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin Tips
 
. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project
 
Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On Premises
 
60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin Tips
 
Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10
 
An Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for DockerAn Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for Docker
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
 
An introduction to configuring Domino for Docker
An introduction to configuring Domino for DockerAn introduction to configuring Domino for Docker
An introduction to configuring Domino for Docker
 
How To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & DiscoveryHow To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & Discovery
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
Brand Yourself
Brand YourselfBrand Yourself
Brand Yourself
 
Home Working
Home WorkingHome Working
Home Working
 
The Imposter Syndrome
The Imposter SyndromeThe Imposter Syndrome
The Imposter Syndrome
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-Premises
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
 
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudSetting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
 

Dernier

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Dernier (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Benefits and Risks of a Single Identity - IBM Connect 2017

  • 1. February 2017 Benefits and Risks of a Single Identity Gabriella Davis Technical Director - IBM Lifetime Champion The Turtle Partnership DEV-1078 IBM Connect 2017 Conference
  • 3. Roadmap ForThis Session ✤ What is single identity and why would I care? ✤ What technologies are available to me? ✤ What needs to be in place for single identity to work well ✤ The risks of single identity in an IOT and online world
  • 4. What DoWe Mean By Single Identity? • Identity Management • I am an individual but one that is part of this group • I take my individuality into different systems • I take information about me across different systems • This is the difference between federation and single sign on
  • 5. Things have gotten a bit more complicated than that.. Multiple systems and standards including SAML, OpenID, OAuth, Facebook Login Users require logins across personal, consumer, and enterprise systems
  • 6. Individual Identities Across Systems Attributes Within Systems An individual will have separate identities across different systems, where some attributes are shared such as email or name and others might be system specific. As the user moves between systems their individual identity remains the same.
  • 7. Why Is Having A Single Identity Valuable? Preferences Behaviour & History Patterns BeingPresent how i use the system, how i prefer to work with it, what parts of it i prefer to see / engage with what I do, what i have interacted with in the past, what I reuse or repeat spotting ways in which I reuse or repeat in order to present information to me that I might not be aware of or highlight information that the pattern says I should be interested in just because i’m using system A doesn’t mean someone in system B can’t find and interact with me. I have one identity if signed onto multiple systems.
  • 8. Key Components of Single Identity
  • 9. Authentication Authentication is critical to ensure Gab Davis in SystemA is the same as Gab Davis in SystemB and the information that goes with that ‘Gab Davis” is correct
  • 10. ✤ Hello - have you met my friend? ✤ Is trust transferable? Trust Once you create a way in you are establishing a security level as that of the lowest entry point
  • 11. ✤ Access rights ✤ Identity data such as name or email ✤ System specific attributes such as your favourite drink Attributes Sparkling Wine
 Flute White Wine Glass Standard Wine Glass Light Red Wine Glass Blod Red Wine Glass
  • 13. Password Synchronisation This ISN’T Single Identity Synchronising passwords across different systems Sametime LDAP Connections LDAP Traveler Authentication Password Synchronisation Tool You’re not the same person, you’re just using the sam password You’re not the same person, you’re just using the same password
  • 14. Single LDAP Source This Kind-Of Is - At Its Most Basic Authenticating against a single password in a single place Sametime Network Login Connections Mail LDAP Password Technically you are the same person as you authenticate using the same identity but that’s it, there is no other information being held or exchanged.
  • 15. This Is Closer - but not quite IWA/Kerberos/SPNEGO ✤ The single authentication to Windows has granted access to other systems using the same identity 1 2 3 4 5 ACTIVE DIRECTORY GENERATES TOKEN USER TRIES TO ACCESS A WEBSITE BROWSER SENDS IWA TOKEN TO THE WEB SERVER ALONG WITH USER NAME THE WEB SERVER CONTACTS ACTIVE DIRECTORY TO VALIDATE TOKEN AND RETRIEVE THE USER’S NAME STEPS USER LOGS INTO WINDOWS
  • 16. Federated Login Is Single Identity Security Assertion Markup Language 16 1 2 3 4 5 USER ATTEMPTS TO LOG IN TO A WEBSITE USER IS REDIRECTED TO IDENTITY PROVIDER IDENTITY PROVIDER REQUESTS AUTHENTICATION OR (IF USER IS LOGGED IN) RETURNS CREDENTIALS USER IS REDIRECTED BACK TO ORIGINAL SITE WITH SAML ASSERTION ATTACHED ORIGINAL SITE USES ITS SAML SERVICE PROVIDER TO CONFIRM SAML ASSERTION AND GRANT ACCESS STEPS ✤ Simple SAML Steps
  • 17. SAML - Federated Single Identity 17 ✤ IdP - Identity Provider (SSO) ✤ ADFS (Active Directory Federation Services) ✤ can be combined with IWA ✤ TFIM (Tivoli Federated Identity Manager) ✤ SP - Service Provider ✤ IBM Domino (web federated login) ✤ IBM SmartCloud ✤ IBM Notes (requires ID Vault) (notes federated login)
  • 18. SAML Behaviour ✤ IdP (Identity Providers) use HTTP or SOAP to communicate to SP (Service Providers) via XML based assertions ✤ Assertions have three roles ✤ Authentication ✤ Authorisation ✤ Retrieving Attributes ✤ Many kinds of authentication methods are supported depending on your chosen IdP ✤ Once initially federated no subsequent password or credentials are passed
  • 19. Federation For Social Systems OAuth / OpenID / Facebook Login! OpenID is identify federation OAuth is authorisation OpenID is built on OAuth
  • 20. Simplified OAuth Process 1 2 3 4 5 USER ASKS FACEBOOK (THE CONSUMER) TO POST ON THEIR ACTIVITY STREAM FACEBOOK GOES TO CONNECTIONS (THE SERVICE PROVIDER) AND ASKS FOR PERMISSION TO POST THE SERVICE PROVIDER GIVES THE CONSUMER A SECRET KEY TO GIVE TO THE USER AND A URL FOR THE USER TO CLICK ON THE USER CLICKS ON THE URL AND AUTHENTICATES WITH THE SERVICE PROVIDER THE SERVICE PROVIDER , SATISFIED THE SECRET KEY IS GOOD, WILL NOW ALLOW THE CONSUMER ACCESS TO ITS SERVICES STEPS
  • 21. IBM Products As SAML Service Providers ✤ Verse on premises and cloud ✤ Domino ✤ Notes - both on premises and Smartcloud ✤ Connections ✤ WebSphere
  • 24. Identity ✤ Directories that are well constructed and maintained ✤ names ✤ data ✤ accounts ✤ Tie directories together with a common key
  • 25. Systems ✤ Authorisation ✤ Access Levels ✤ Data Security ✤ Identifying shared attributes ✤ Configuring custom attributes in LDAP and the IdP
  • 26. Location ✤ Different behaviour in different locations ✤ Locations define data ✤ Why are you here? What is your role?
  • 27. History ✤ What have you done before ✤ Patterns of behaviour ✤ Suggestions based on history, location and identity
  • 28. Risks
  • 29. Personas ✤ Do you want to tie everything together? ✤ Do you have the same persona everywhere? ✤ Is the language you use, your opinions, your political views common everywhere ✤ and something you want to share?
  • 30. Federation ✤ Once all systems are integrated all systems are vulnerable ✤ You are only as protected as your least secure password / authentication model ✤ Understand what services or service providers you have authorised, what information they hold , what their privacy policies are and what their security policies are ✤ Make sure users understand they have to logout
  • 31. OAuth/OpenID ✤ Theft of credentials ✤ Excessive access and data rights ✤ Theft of data ✤ Brute force guessing of credentials ✤ URL redirects or interceptions through incomplete URL requests ✤ Token interceptions ✤ Puts the user in control - this is not a bad thing
  • 33. Internet OfThings ✤ A physical device with embedded internet connectivity and “always on” status ✤ The beauty of IOT devices is that they are integrated into your life ✤ there’s no individual authentication ✤ They know everything they need to know simply because of their placement or setup ✤ Their true value is in learning about those things we discussed earlier, preferences, behaviour, patterns
  • 34. RisksWith IOT ✤ Physical devices may now come with built in connectivity as an added feature ✤ Companies who didn’t deploy them for that feature may also not have security policies in place to disable or limit it ✤ Risk assessment happens too late
  • 35. RisksWith IoT ✤ Privacy ✤ Safety ✤ Data Bleed ✤ Additional operational expenses
  • 37. Prepare ✤ Have a good directory and define security policies such as token expiration ✤ Protect At Every Point Of Entry ✤ You don’t put a value on the information but someone else will ✤ Your identity has value ✤ Train users to log out, clean caches and understand what multi system access means ✤ Include risk assessment for IoT in any hardware purchasing and deployment
  • 38. Lots of Good ✤ More passwords and stronger passwords don’t lead to better security ✤ Avoiding passwords entirely but authenticating based on existing information can be more secure ✤ Users are more likely to engage with systems that have fewer barriers to entry ✤ The more systems know about us, how we work and what we need the better they can serve us ✤ There are enormous volumes of data being produced across systems that can be used to save time, cost and effort
  • 40. Notices and disclaimers Copyright © 2017 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.” Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law
  • 41. Notices and disclaimers continued Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.