Identity the New Perimeter Adrian Seccombe Surrey University 25 th March 2010.

Slides:



Advertisements
Similar presentations
Secure, Scalable, Synchronizable, and Social Business oriented Rich Internet Applications to reduce costs and add value to clients Authors: Avenir Cokaj,
Advertisements

A Flexible Cloud-Computing Platform Focus on solving business problems
Prepared for [xxxx] – Commercial in Confidence connect transform protect A Cloudy Cyberspace? Tony Roadknight – Technical Architect.
TechFire Conference Cloud Made Simple - Dispelling the Hype. Brian Larkin Operations Director Digital Planet Brian Larkin Operations Director Digital Planet.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
Tom Yarmas CTO – Cloud Technologies U.S. Public Sector Cloud Computing: How to do it right!
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
Presented by: Rajdeep Biswas Roll No.: 0104IT071082; Branch: IT (VII Sem.) R.K.D.F. Institute of Science & Technology Cloud Computing When Outsourcing.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
Cloud Usability Framework
Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.
M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Cloud computing Tahani aljehani.
Security in Cloud Computing Presented by : Ahmed Alalawi.
EA and IT Infrastructure - 1© Minder Chen, Stages in IT Infrastructure Evolution Mainframe/Mini Computers Personal Computer Client/Sever Computing.
Discussion on LI for Mobile Clouds
Plan Introduction What is Cloud Computing?
CLOUD COMPUTING. FIVE ESSENTIAL CHARACTERISTICS. WHAT IS CLOUD? 2.
CLOUD COMPUTING. IAAS / PAAS / SAAS LAYERS. Olena Matokhina Development and Consulting Team Lead 2 ABOUT PRESENTER.
Cloud Computing in Large Scale Projects George Bourmas Sales Consulting Manager Database & Options.
Effectively and Securely Using the Cloud Computing Paradigm.
1 © 2009 Cisco Systems, Inc. All rights reserved.Cisco PublicC Cloud Computing: What’s on the Horizon Daniel Bogda Channel SE.
Cloud Computing Why is it called the cloud?.
Cloud Computing. 2 A division of Konica Minolta Business Solutions USA Inc. What is Cloud Computing? A model for enabling convenient, on-demand network.
Clouds on IT horizon Faculty of Maritime Studies University of Rijeka Sanja Mohorovičić INFuture 2009, Zagreb, 5 November 2009.
Introduction to Cloud Computing
“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)
+ System Center 2012 SP1 – What’s The Cloud Got To Do With it?
Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.
Delivering an Architecture for the Social Enterprise Alpesh Doshi, Fintricity Information Age Social&Mobile Business Conference Tuesday 31st January 2012.
Computer Science and Engineering 1 Cloud ComputingSecurity.
The Legal Issues Facing Digital Forensic Investigations In A Cloud Environment Presented by Janice Rafraf 15/05/2015Janice Rafraf1.
InfoSecurity Conference 2011 The Challenges of Cloud Computing John R. Robles John R. Robles and Associates
HPCC 2015, August , New York, USA Wei Chang c Joint work with Qin Liu a, Guojun Wang b, and Jie Wu c a. Hunan University, P. R. China b. Central.
M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.
Plan  Introduction  What is Cloud Computing?  Why is it called ‘’Cloud Computing’’?  Characteristics of Cloud Computing  Advantages of Cloud Computing.
2009 Federal IT Summit Cloud Computing Breakout October 28, 2009.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Define Cloud Computing
PaaSport Introduction on Cloud Computing PaaSport training material.
Cloud computing Cloud Computing1. NIST: Five essential characteristics On-demand self-service Computing capabilities, disks are demanded over the network.
CLOUD COMPUTING RICH SANGPROM. What is cloud computing? “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a.
3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.
Optimize the Business with Microsoft Datacenter Services 2.0
1 TCS Confidential. 2 Objective : In this session we will be able to learn:  What is Cloud Computing?  Characteristics  Cloud Flavors  Cloud Deployment.
Becoming the Next Private Cloud Expert Yung Chou Technical Evangelist Microsoft Corporation WSV318.
Software as a Service (SaaS) Fredrick Dande, MBA, PMP.
Discussion Context NIST Cloud definition and extension to address network and infrastructure issues Discussion of the ISPD-RG Infrastructure definition.
Template V.17, July 29, 2011 What’s the Cloud Got to do with HR Transformation? Heath Brownsworth, Director Technology Strategy.
© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.
The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation.
INTRODUCTION TO CLOUD COMPUTING. CLOUD  The expression cloud is commonly used in science to describe a large agglomeration of objects that visually appear.
Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.
Agenda  What is Cloud Computing?  Milestone of Cloud Computing  Common Attributes of Cloud Computing  Cloud Service Layers  Cloud Implementation.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
1 Secure Cloud Computing: A Research Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair Texas Fresh Air Big Data and Data Analytics Conference.
Real Time Decisions Are you who you say you are? Do you belong here?
CLOUD COMPUTING Presented By:- EduTechlearners
CNIT131 Internet Basics & Beginning HTML
Company Overview & Strategy
Developing a Baseline On Cloud Security Jim Reavis, Executive Director
Cloud Computing Cloud computing refers to “a model of computing that provides access to a shared pool of computing resources (computers, storage, applications,
Cloud Computing: Concepts
Basics of Cloud Computing
Presentation transcript:

Identity the New Perimeter Adrian Seccombe Surrey University 25 th March 2010

Key questions this session will answer Which are the key attributes of Cloud Types What are some of the key cloud choice drivers? Identify primary transformational SHIFTS required to enable a secure but collaborative clouds? Why does Identity and Access Management have to SHIFT?

To Cloud or Not to Cloud? Cloud Traditional “or”

Let’s get real! Cloud Traditional We are all “Hybrid” already!

Unfortunately… Our Business Partners are pressing ahead into the clouds, often unaware that they are! We are NOT architecting our way into the Clouds Seems like we’ve been here before… … remember the early PCs? This is where the Jericho Forum Self Assessment Scheme will be able to help you…

Some Definitions NIST and the Jericho Forum have it wrapped! Essential Characteristics: On-demand self-service. Broad network access. Resource pooling. Rapid elasticity. Measured Service. SaaS PaaS IaaS 1st1st 2nd2nd 3rd3rd Last!Last! “NNN as a Service” “Deployment Models” Public Private Community Hybrid “Cloud Cube”

“NNNNN as a Service” Process aaS Software aaS Platform aaS Infrastructure aaS Outcome / Value aaS A b s t r a c t I o n o c c u r s h e r e ! 2nd 3rd Last! Orchestration Security and IdAM Network aaS 1st 4th

Maturity of the Cloud Layers Process Software Platform Infrastructure Outcome / Value A b s t r a c t I o n o c c u r s h e r e ! 2nd 3rd Last! Orchestration Security and IdAM Cloud Maturity Scale Mature Immature 1st 4th

The Cloud Cube revisited Perimeterised Deperimeterised ProprietaryOpen Internal External

The Cloud Cube revisited Private Traditional Perimeters New Perimeters Internal External ProprietaryOpen

Choose the Clouds with care! Private Clouds are Silos (Sometimes you need Silos) Proprietary Clouds Can Lock You In Internal Clouds are a Stop Gap Clouds with the Old Perimeters do not enable external collaboration

The key shifts

Privilege Management in Ten Words Identification: The presentation of an identifier so that the system can recognize and distinguish the presenter from other principals Authentication: The exchange of information in order to verify the claimed identity of a principal Authorization: The granting of rights, including access, to a principal, by the proper authority Principal: An entity (people, devices, applications, etc.) whose identity can be authenticated Reference: Open Group XDSF (X/Open Distributed Security Framework), ISO Who are you? You can access this stuff... Prove it! IdentificationAuthenticationAuthorization

Did you spot the gap? Inside the Old Perimeter Identify: Who are you? Authenticate: You are you Authorise : Have this! Outside the Old Perimeter Principal declares Identity Identity Authenticated Resource Requested Resource Identified Resource declares Rules Rules verified User claims capabilities / attributes Claims verified Access Control Decision Entitlement Identity Shift #1 Resource Centric

“Identity” Lifecycle of a Resource Create Resource Identity Verify Resource Identity Set the Access Rules (eg Must be Over 18) Enable Rule Authentication Entitlement Check (Are you Over 18?) Verify Claim Evaluate Allow Access to Resource Resource: Service, System, Code, Information

ISO Authorization Model Access Control Decision Function Rules Environmental, Resource, & Principal Attributes; Identifiers Access Control Enforcement Function ResourcePrincipal Identity, Access Request Decision Request, Identity, Attributes Access Decision Support Information Decision Cache Additional Attributes Policy Admin Relatively Static Relatively Dynamic Audit Logs Resource Labels Note The Resource attributes are separate from the Resources While the principals have attributes and a place to verify them Asymmetrical Diagram Courtesy Steve Whitlock

Access Control Decision Function Rules Environmental, Resource, & Principal Attributes; Identifiers Access Control Enforcement Function ResourcePrincipal Identity, Attributes Access Request Decision Access Decision Support Information Verified Rules Verified Attributes Decision Cache Attribute Updates Policy Admin Relatively Static Relatively Dynamic Audit Logs Resource Labels Access Rules Note The differences are subtle but key, Symmetrical Identity, Entitlement and Access Management Rules Symetrical Symmetrical Evolving Jericho Authorization Model Request, Identity, Rules, Attributes

Evolving Jericho Authorization Model Access Control Decision Function Rules Environmental, Resource, & Principal Attributes; Identifiers Access Control Enforcement Function ResourcePrincipal Identity, Attributes Access Request Decision Access Decision Support Information Verified Rules Verified Attributes Decision Cache Attribute Updates Policy Admin Relatively Static Relatively Dynamic Audit Logs Resource Labels Access Rules Note The differences are subtle but key, Symmetrical Identity Entitlement and Access Management Rules Symetrical Symmetrical Request, Identity, Rules, Attributes

Enterprise Proessionals Partners Competitors Customers Groups Suppliers Collaborators Traditional (Access Control List) Federated Organisations Identity Shift #2

Strangers Individual Enterprise Professionals Partners Competitors Customers Friends Groups Family Suppliers Collaborators Traditional (Access Control Lists) Federated User Centric Identity Provider Service Identity, Entitlement & Access Management Organisations Governments Identity Shift #2 Principal Resource

“Identity” Lifecycle of a Principal Create Identity Verify Identity Stake Claims (Set Identity Capabilities / Attributes) Verify Claims Use / Present Identity Authenticate Identity Request Resource State required Capability or Attribute (Claims) Authenticate Claims

Identity is the key to the Clouds Old Frame Enterprise Centric Access Control List Directory Server Authentication Svcs New Frame Principal Centric Resource Centric Rules Based Access Authentication Routing An ACTION for you,to enable your SHIFT: Get your architects defining and / or divining the Access Rules that apply to YOUR resources. Hint: Keep them Simple!

And finally It's really all about the new perimeter….. ….the Identity Perimeter What are we Human’s or Ostriches? We have been complacent for too long! We need to bolster our defences at the same time as redesigning them. How best can we do that?

CCloud “I see no Clouds”