From Event to Action: Accelerate Your Decision Making with Real-Time Automation
CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Novel Use Cases
1. Identity and Access Management:
Collaborative Approaches to Novel Use Cases
Nate Lesser, Deputy Director
National Cybersecurity Center of Excellence
Cloud Identity Summit 2014
July 20, 2014
3. 3Cloud Identity Summit 2014
OVERVIEW
Goals
‣ Authenticate individuals and systems
‣ Enforce authorization control policies
‣ Unify IdAM services
‣ Protect generation, transmission and distribution
Business value
‣ Reduce costs
‣ Increase efficiency
9. Cloud Identity Summit 2014 9
STRATEGY
Vision
‣ A secure cyber infrastructure that inspires technological
innovation and fosters economic growth
Mission
‣ Collaborate with innovators to provide real-world,
standards-based cybersecurity capabilities that address
business needs
10. 10Cloud Identity Summit 2014
TENETS
Standards-based
Modular
Usable
Repeatable
Open and transparent
Commercially available
11. Cloud Identity Summit 2014 11
REALIZED SECURITY
Realized security = security controls + security gains from ease of use
12. Cloud Identity Summit 2014 12
APPROACH
We seek problems that are:
‣ Broadly relevant
‣ Technology-based
‣ Addressable with multiple commercially available
technologies
13. Cloud Identity Summit 2014 13
REFERENCE DESIGNS
Use cases
‣ Sector-specific challenges
‣ Identified through industry engagement
Building blocks
‣ Technology-specific challenges
‣ Identified through public engagement
14. Cloud Identity Summit 2014 14
MODEL
Engage
‣ Work with community of interest to define problem
Explore
‣ Map security characteristics to standards, controls and best practices
‣ Circulate drafts and incorporate feedback
Partner
‣ Invite technology vendors to collaborate in our labs
Build
‣ Collaborate on design components
‣ Incorporate feedback from experts in technology community
Show
‣ Demonstrate reference designs
15. Cloud Identity Summit 2014 15
MODEL
Form small community
of interest
Provide input and
feedback to NCCoE
Expand
community
of interest
Submit feedback
on use cases to
NCCoE
Offer insights
on use cases
Community
Of Interest
Support deployment, revision and
maintenance of products as part of the
practice guide
Collaborate to develop reference
designs
Evangelize on behalf
of reference design
and practice guide
Deploy, test and
provide feedback on
the reference design
Provide regular feedback on use case builds
Technology
Partners
Submit letters
of interest
Speak at
sector-
specific events
Work with
COI to identify
cybersecurity
challenges
Host
sector-
specific
workshop
Review &
circulate
pre-release
use cases
Revise &
publish
draft use
cases
Revise use
cases &
invite
participation
from
technology
partners
Receive
technology
partners
letters
of interest
Demonstrate
reference designs
Discuss
improvements &
modifications
Publish
reference
design and
practice
guide
Develop
composed
reference
design
Form
build
teams
Sign
CRADAs
Host
partner day
18. 18Cloud Identity Summit 2014
OVERVIEW
Goals
‣ Enterprise to enterprise identity federation
‣ Enable access control decisions for previously unknown
users
‣ Demonstrate security capabilities that support a wide
range of enterprise risk postures
Business value
‣ Simplified identity management
‣ Shared IT resources across multiple enterprises
‣ Reduced risk through granular access control