SlideShare ist ein Scribd-Unternehmen logo

IAM

Prof. Jacques Folon (Ph.D)
Prof. Jacques Folon (Ph.D)

Cours donné dans le cadre d'infosafe (www.infosafe.be) en janvier 2011

Bildung
1 von 56
Downloaden Sie, um offline zu lesen
Iden%ty  &  access  management   Aspects  ges%on  -­‐  INFOSAFE  21/1/2011   Jacques  Folon   Chargé  de  cours  ICHEC   Professeur  invité  Université  de  Metz   Partner  Edge-­‐Consul%ng  
IAM   1.  C’est  quoi  ?   2.  Quel  est  le  contexte   actuel?   3.  IAM  &  cloud  compu%ng   4.  Pourquoi  en  avons  nous   besoin?   5.  To  do  list   6.  IAM  et  vie  privée   7.  IAM  et  contrôle   8.  e-­‐discovery   9.  Conclusion  
1.  IAM  c’est  quoi  ?     Source:  Iden%ty  and  Access  Management:  OverviewRafal  Lukawiecki  -­‐    Strategic  Consultant,  Project  Boccelli  Ltd  rafal@projectboccelli.co.uk
Défini%on   •  What  is  Iden%ty  Management  ?    “Iden%ty  management  is  the  set   of  business  processes,  and  a   suppor%ng  infrastructure,  for  the   crea%on,  maintenance,  and  use   of  digital  iden%%es.”  The  Burton   Group  (a  research  firm   specializing  in  IT  infrastructure   for  the  enterprise)   •  Iden%ty  Management  in  this   sense  is  some%mes  called   “Iden%ty  and  Access   Management”  (IAM)  
IAM  c’est  par   exemple…   •  “Bonjour  je  suis  Julie,  une   étudiante   d’INFOSAFE.”      (Iden/té)   •  “Ceci  est  mon  mot  de  passe.”      (Authen/fica/on)   •  “Je  veux  accéder  à  la  plateforme”      (Authorisa/on  accordée)   •  “Je  veux  améliorer  la  note  de   mon  examen.”      (Autorisa/on  refusée)          5  
Mais  c’est  aussi…   •  Un  nouveau  professeur   •  Donc  une  adresse  email,  à   donner  dès  que  possible   •  Un  mot  de  passe  sur  ICHEC   Campus   •  Un  mot  de  passe  Intranet   •  Un  mot  de  passe  IE  Campus   •  Définir  les  autres  services   auxquel  il  a  accès          6  
Quelles  sont  les  ques%ons  à  se  poser??   •  Les  personnes  sont-­‐elles  ce   qu’elles  disent  être??   •  Sont-­‐elles  des  membres   réels  de  notre   communuté  ?   •  Ont-­‐elles  reçu  les   autorisa%ons  nécessaires  ?   •  Le  respect  de  leurs   données  personnelles  est-­‐ il  mis  en  place?          7  
Exemples  de  ques%ons   –  Quel  mot  type  de  mot  de  passe   donner?   –  Quelles  sont  les  ac%vités   autorisées?   –  Quelles  sont  les  ac%vités   interdites?   –  A  quelle  catégorie  de  personne   ceqe  nouvelle  iden%té  doit-­‐elle   être  aqachée?   –  A  quel  moment  du  processus   d’entrée  les  autorisa%ons  doivent-­‐ elles  être  données?   –  Quelles  modalités  de  contrôle  sont   mises  en  place?  Peut-­‐on  prouver   tout  cela  à  un  auditeur  ?   –  Quid  de  l’e-­‐discovery?            8  
Components  of  IAM   •  Administra%on   –  User  Management   –  Password  Management   –  Workflow   –  Delega%on   •  Access  Management   –  Authen%ca%on     Authentication Administration Authorization –  Authoriza%on   •  Iden%ty  Management   –  Account  Provisioning   –  Account  Deprovisioning   –  Synchronisa%on   Reliable Identity Data Source:  Iden%ty  and  Access  Management:  OverviewRafal  Lukawiecki  -­‐    Strategic  Consultant,  Project  Boccelli  Ltd  rafal@projectboccelli.co.uk  
2.  Contexte  actuel    Quel  est  le  contexte  actuel   qui  est  à  la  base  du   développement  de  l’IAM?  
•  Internet  est  basé  sur  des   communica%ons  anonymes   Welcome  to  a  digital  world     •  Les  entreprises  par%cipent  à  de   nombreux  réseaux  générant  de   mul%ples  iden%tés   •  Les  systèmes  internes  ont  parfois  des   systèmes  d’iden%fiants  différents   •  Les  u%lisateurs  sont  les  maillons   faibles  de  la  sécurité   •  La  criminalité  informa%que  augmente   •  La  mise  en  place  de  contrôles  impose   l’iden%fica%on   •  La  ges%on  des  traces  est   indispensables   •  La  protec%on  de  la  vie  privée  impose   des  contrôles  
Sujet  d’actualité…  
Explosion  of  IDs   #  of   Digital  IDs   Time     Source:  Iden%ty  and  Access  Management:  OverviewRafal  Lukawiecki  -­‐    Strategic  Consultant,  Project  Boccelli  Ltd  rafal@projectboccelli.co.uk
The  Disconnected  Reality   • Authentication • Authorization • Identity Data • Authentication • Authorization • Identity Data • Authentication • Authorization • Identity Data • Authentication Enterprise Directory • Authorization • Identity Data • Authentication • Authorization • Identity Data • Authentication • Authorization •  “Iden%ty  Chaos”     • Identity Data –  Nombreux  u%lisateurs  et  applica%ons     • Authentication • Authorization –  Nombreuses  ID   • Identity Data –  Plusieurs  iden%té  par  u%lisateur   –  Plusieurs  log  in  et  mots  de  passeMul%ple  repositories  of  iden%ty  informa%on;   Mul%ple  user  IDs,  mul%ple  passwords   –  Management  décentralisé   –  Conflits  business  <-­‐>  IT     Source:  Iden%ty  and  Access  Management:  OverviewRafal  Lukawiecki  -­‐    Strategic  Consultant,  Project  Boccelli  Ltd  rafal@projectboccelli.co.uk
Mul%ple  Contexts   Customer  sa%sfac%on  &  customer  in%macy   Cost  compe%%veness   Reach,  personaliza%on   Your  CUSTOMERS   Your  SUPPLIERS   Collabora%on   Outsourcing   Faster  business  cycles;  process   automa%on   Value  chain   Your  COMPANY  and   your  EMPLOYEES   M&A   Mobile/global  workforce   Flexible/temp  workforce   Your  REMOTE  and   Your  PARTNERS   VIRTUAL  EMPLOYEES     Source:  Iden%ty  and  Access  Management:  OverviewRafal  Lukawiecki  -­‐    Strategic  Consultant,  Project  Boccelli  Ltd  rafal@projectboccelli.co.uk
Source:  zp://zp.boulder.ibm.com/sozware/uk/productnews/tv/vh_-­‐_access_and_iden%ty_management.pdf    
Trends  Impac%ng  Iden%ty   Rising Tide of Regulation and Compliance "  SOX, HIPAA, GLB, Basel II, 21 CFR Part 11, … "  $15.5 billion spend in 2005 on compliance (analyst estimate) Deeper Line of Business Automation and Integration "  One half of all enterprises have SOA under development "  Web services spending growing 45% CAGR Increasing Threat Landscape "  Iden<ty  the@  costs  banks  and  credit  card  issuers  $1.2  billion  in  1  yr   "  $250 billion lost in 2004 from exposure of confidential info Maintenance Costs Dominate IT Budget "  On average employees need access to 16 apps and systems "  Companies spend $20-30 per user per year for PW resets Data  Sources:  Gartner,  AMR  Research,  IDC,  eMarketer,  U.S.  Department.  of  Jus<ce  
Pain  Points     Source:  Iden%ty  and  Access  Management:  OverviewRafal  Lukawiecki  -­‐    Strategic  Consultant,  Project  Boccelli  Ltd  rafal@projectboccelli.co.uk
3.  IAM  &  Cloud  compu%ng  
Cloud  Compu%ng:  Defini%on   •  No  Unique  Defini%on  or  General  Consensus  about  what  Cloud   Compu%ng  is  …   •  Different  Perspec%ves  &  Focuses  (Pla}orm,  SW,  Service  Levels…)   •  Flavours:   –  Compu%ng  and  IT    Resources  Accessible  Online   –  Dynamically  Scalable  Compu%ng  Power     –  Virtualiza%on  of  Resources   –  Access  to  (poten%ally)  Composable  &  Interchangeable  Services     –  Abstrac%on  of  IT  Infrastructure              No  need  to  understand  its  implementa%on:  use  Services  &  their  APIs   –  Some  current  players,  at  the  Infrastructure  &  Service  Level:          Salesfoce.com,  Google  Apps,  Amazon,  Yahoo,  Microsoz,  IBM,  HP,  etc.   The  Future  of  Iden%ty  in  the  Cloud:  Requirements,  Risks  &  Opportuni%esMarco Casassa Mont marco.casassa-mont@hp.com HP Labs Systems Security Lab Bristol, UK - EEMA  e-­‐Iden%ty  Conference,  2009  
Cloud  Compu%ng:  Models   Cloud     Provider  #1   On  Demand   Prin%ng   CPUs   Service   CRM   Office   Service   Data   Apps   Storage   User   Service   …   Cloud     Provider  #2   Enterprise   Backup   Service     ILM   Service   Service   Employee   Service   Service  3   Service   Business   …   Apps/Service   …   Internal  Cloud   …   The     Internet     The  Future  of  Iden%ty  in  the  Cloud:  Requirements,  Risks  &  Opportuni%esMarco Casassa Mont marco.casassa-mont@hp.com HP Labs Systems Security Lab Bristol, UK - EEMA  e-­‐Iden%ty  Conference,  2009
Cloud  Compu%ng:  Implica%ons   •  Enterprise:          Paradigm  Shiz  from  “Close  &  Controlled”  IT  Infrastructures  and  Services  to   Externally  Provided  Services  and  IT  Infrastructures     •  Private  User:          Paradigm  Shiz  from  Accessing  Sta%c  Set  of  Services  to  Dynamic  &  Composable   Services     •  General  Issues:   –   Poten%al  Loss  of  Control  (on  Data,  Infrastructure,  Processes,  etc.)   –   Data  &  Confiden%al  Informa%on  Stored  in  The  Clouds   –   Management  of  Iden%%es  and  Access  (IAM)  in  the  Cloud   –   Compliance  to  Security  Prac%ce  and  Legisla%on     –   Privacy  Management  (Control,  Consent,  Revoca%on,  etc.)   –   New  Threat  Environments   –   Reliability  and  Longevity  of  Cloud  &  Service  Providers   The  Future  of  Iden%ty  in  the  Cloud:  Requirements,  Risks  &  Opportuni%esMarco Casassa Mont marco.casassa-mont@hp.com HP Labs Systems Security Lab Bristol, UK - EEMA  e-­‐Iden%ty  Conference,  2009  
Iden%ty  in  the  Cloud:  Enterprise  Case   Cloud     Data   User  Account   &  Confiden%al   Provider  #1   Provisioning/   User  Account   IAM  Capabili%es     De-­‐provisioning   Informa%on   On  Demand   Provisioning/   Prin%ng   CPUs   De-­‐provisioning   and  Services   Authen%ca%on   Service   CRM   Iden<ty  &   Authen%ca%on   Can  be     Authoriza%on   Service   Creden<als   Data   Authoriza%on   Audit   Office   Outsourced  in   Apps   Iden<ty  &   Storage   Audit   Creden<als   The  Cloud  …   Service   Data   &  Confiden%al   …   Informa%on     Iden<ty  &   Creden<als   Cloud   Iden<ty  &   Creden<als   Provider  #2   Enterprise   User  Account   Provisioning/   De-­‐provisioning   Data   Authen%ca%on   &  Confiden%al   Backup   Authen%ca%on   Iden<ty  &   Authoriza%on   Authoriza%on   Informa%on   ILM   Service     Creden<als   Audit   Audit   Service   Service   Employee   Iden<ty  &   Data   Service   Creden<als   Service  3   &  Confiden%al   User  Account   Provisioning/   Informa%on   Iden<ty  &   Service  De-­‐provisioning   Business   Creden<als   …   Apps/Service   …   Internal  Cloud   …   The     Internet   The  Future  of  Iden%ty  in  the  Cloud:  Requirements,  Risks  &  Opportuni%esMarco Casassa Mont marco.casassa-mont@hp.com HP Labs Systems Security Lab Bristol, UK - EEMA  e-­‐Iden%ty  Conference,  2009  
Iden%ty  in  the  Cloud:  Enterprise  Case   Issues  and  Risks  [1/2]   •   Poten%al  Prolifera%on  of  Required  Iden%%es  &  Creden%als  to  Access  Services          Misbehaviours  when  handling  creden%als  (wri%ng  down,  reusing,  sharing,  etc.)   •   Complexity  in  correctly  “enabling”  Informa%on  Flows  across  boundaries            Security  Threats                  (Enterprise    Cloud  &  Service  Providers,  Service  Provider    Service  Provider,  …_   •   Propaga%on  of  Iden%ty  and  Personal  Informa%on  across  Mul%ple  Clouds/Services          Privacy  issues  (e.g.  compliance  to  mul%ple    Legisla%ons,  Importance  of  Loca%on,  etc.)        Exposure  of  business  sensi%ve  informa%on                (employees’  iden%%es,  roles,  organisa%onal  structures,  enterprise  apps/services,  etc.)        How  to  effec%vely  Control  this  Data?   •   Delega%on  of  IAM  and  Data  Management  Processes  to  Cloud  and  Service  Providers          How  to  get  Assurance  that  these  Processes  and  Security  Prac%ce    are  Consistent  with                        Enterprise  Policies?              -­‐  Recurrent  problem  for  all  Stakeholders:  Enterprise,  Cloud  and  Service  Providers  …          Consistency  and  Integrity  of  User  Accounts  &  Informa%on  across  various  Clouds/Services        How  to  deal  with  overall  Compliance  and  Governance  issues?   The  Future  of  Iden%ty  in  the  Cloud:  Requirements,  Risks  &  Opportuni%esMarco Casassa Mont marco.casassa-mont@hp.com HP Labs Systems Security Lab Bristol, UK - EEMA  e-­‐Iden%ty  Conference,  2009  
Iden%ty  in  the  Cloud:  Enterprise  Case   Issues  and  Risks  [2/2]   •   Migra%on  of  Services  between  Cloud  and  Service  Providers          Management  of  Data  Lifecycle   •   Threats  and  Aqacks  in  the  Clouds  and  Cloud  Services          Cloud  and  Service  Providers  can  be  the  “weakest  links”  in  Security  &  Privacy            Reliance  on  good  security  prac%ce  of  Third  Par%es           The  Future  of  Iden%ty  in  the  Cloud:  Requirements,  Risks  &  Opportuni%esMarco Casassa Mont marco.casassa-mont@hp.com HP Labs Systems Security Lab Bristol, UK - EEMA  e-­‐Iden%ty  Conference,  2009  
4.Pourquoi  en  avons  nous  besoin?   • Sécurité   • Compliance   • Réduc<on  des  coûts   • Support  pour  l’audit   • Contrôle  d’accès  
Source:  zp://zp.boulder.ibm.com/sozware/uk/productnews/tv/vh_-­‐_access_and_iden%ty_management.pdf    
Economies  possibles   •  Directory  Synchroniza%on   “Improved  upda/ng  of  user  data:  $185  per  user/year”   “Improved  list  management:  $800  per  list”   -­‐  Giga  Informa%on  Group   •  Password  Management   “Password  reset  costs  range  from  $51  (best  case)  to  $147  (worst  case)  for   labor  alone.”  –  Gartner   •  User  Provisioning   “Improved  IT  efficiency:  $70,000  per  year  per  1,000  managed  users”   “Reduced  help  desk  costs:  $75  per  user  per  year”   -­‐  Giga  Informa%on  Group      
Can  We  Just  Ignore  It  All?   •  Today,  average  corporate  user   spends  16  minutes  a  day  logging  on   •  A  typical  home  user  maintains   12-­‐18  iden%%es   •  Number  of  phishing    sites  grew  over   1600%  over  the  past  year   •  Corporate  IT  Ops  manage  an   average  of  73  applica%ons  and  46   suppliers,  ozen  with  individual   directories   •  Regulators  are  becoming  stricter   about  compliance  and  audi%ng   •  Orphaned  accounts  and  iden%%es   lead  to  security  problems   Source:  Microsoz’s  internal  research  and  An%-­‐phishing  Working  Group    
IAM  Benefits     Source:  Iden%ty  and  Access  Management:  OverviewRafal  Lukawiecki  -­‐    Strategic  Consultant,  Project  Boccelli  Ltd  rafal@projectboccelli.co.uk
5.  IAM  to  do  list   •  Créa%on  et  suppression   automa%que  de  comptes   •  Ges%on  des  traces   •  Archivage  (durée??)   •  Vie  privée   •  Compliance     •  Sécurité  <>  risques   •  De  plus  en  plus   d’u%lisateurs   •  E-­‐business  
6. La protection des données personnelles
Source  :  h[ps://www.britestream.com/difference.html.    
Les  informa<ons  circulent     Qui  vérifie?  
Qui  doit  avoir  accès  à  quoi?   Limita%ons  légales  !    
Responsabilités  de  l’organisa%on  
TELETRAVAIL    
7.  IAM  et  Contrôle  
Qui  contrôle  quoi  ?  
8.  E-­‐discovery  
Defini%on  of  e-­‐discovery   •  Electronic  discovery  (or  e-­‐discovery)  refers  to  discovery  in   civil  li%ga%on  which  deals  with  informa%on  in  electronic   format  also  referred  to  as  Electronically  Stored   Informa%on  (ESI).     •  It  means  the  collec%on,  prepara%on,  review  and   produc%on  of  electronic  documents  in  li%ga%on  discovery.     •  Any  process  in  which  electronic  data  is  sought,  located,   secured,  and  searched  with  the  intent  of  using  it  as   evidence  in  a  civil  or  criminal  legal  case   •  This  includes  e-­‐mail,  aqachments,  and  other  data  stored   on  a  computer,  network,  backup  or  other  storage  media.   e-­‐Discovery  includes  metadata.  
Recommanda%ons   Organiza%ons  should  update  and/or  create  informa%on   management  policies  and  procedures  that  include:   –  e-­‐mail  reten<on  policies,  On  an  individual  level,  employees  tend   to  keep  informa<on  on  their  hard  drives  “just  in  case”  they   might  need  it.   –  Work  with  users  to  ra.onalize  their  storage  requirements  and   decrease  their  storage  budget.   –  off-­‐line  and  off-­‐site  data  storage  reten<on  policies,     –  controls  defining  which  users  have  access  to  which  systems   andunder  what  circumstances,     –  instruc<ons  for  how  and  where  users  can  store  data,  and  •   backup  and  recovery  procedures.   –  Assessments  or  surveys  should  be  done  to  iden<fy  business   func<ons,  data  repositories,  and  the  systems  that  support  them.   –  Legal  must  be  consulted.  Organiza<ons  and  their  legal  teams   should  work  together  to  create  and/or  update  their  data   reten<on  policies  and  procedures  for  managing  li<ga<on  holds.  
9.  Conclusion   •  IAM  n’est  pas  uniquement  une  ques%on   informa%que  les  aspects  juridiques  et  de   ges%on  sont  essen%els   •  Aqen%on  aux  aspects  compliance   •  Plus  de  sécurité  nécessaire   –  Cloud  compu%ng   –  Virtualisa%on   –  Data  privacy   –  archivage   •  Transparence     •  E-­‐discovery  
L’IAM  est  aussi  une  opportunité   •  Repenser  la  sécurité   •  Limiter  les  risques   •  Réduire  les  coûts   •  Repréciser  les  rôles  et   responsabilités   •  Appréhender  les  risques  futurs  
Je suis prêt à répondre à vos questions

Empfohlen

Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)Prof. Jacques Folon (Ph.D)
 
Identity access management
Identity access management Identity access management
Identity access management Prof. Jacques Folon (Ph.D)
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTProf. Jacques Folon (Ph.D)
 
Digital documents & e-discovery
Digital documents & e-discovery Digital documents & e-discovery
Digital documents & e-discovery Prof. Jacques Folon (Ph.D)
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionCA API Management
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trinings
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Paradigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementParadigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementJulie Beuselinck
 

Empfohlen

Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)Prof. Jacques Folon (Ph.D)
 
Identity access management
Identity access management Identity access management
Identity access management Prof. Jacques Folon (Ph.D)
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTProf. Jacques Folon (Ph.D)
 
Digital documents & e-discovery
Digital documents & e-discovery Digital documents & e-discovery
Digital documents & e-discovery Prof. Jacques Folon (Ph.D)
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionCA API Management
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trinings
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Paradigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementParadigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementJulie Beuselinck
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management Prof. Jacques Folon (Ph.D)
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Oracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracleIDM
 
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4OracleIDM
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersAndrew Ames
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1OracleIDM
 
Sun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationSun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationOracleIDM
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementGovernment Technology Exhibition and Conference
 
Platform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalPlatform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalOracleIDM
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyNetwork Intelligence India
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
ITIL - IAM (Access Management)
ITIL - IAM (Access Management)ITIL - IAM (Access Management)
ITIL - IAM (Access Management)Josep Bardallo
 
Pragmatic Identity and Access Management: Secure Your Business without Breaki...
Pragmatic Identity and Access Management: Secure Your Business without Breaki...Pragmatic Identity and Access Management: Secure Your Business without Breaki...
Pragmatic Identity and Access Management: Secure Your Business without Breaki...Enterprise Management Associates
 
Biz case-keynote-final copy
Biz case-keynote-final copyBiz case-keynote-final copy
Biz case-keynote-final copyOracleIDM
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trainings
 
IDBI Intech Limited
IDBI Intech LimitedIDBI Intech Limited
IDBI Intech LimitedIDBI Intech
 
Identity access management
Identity access managementIdentity access management
Identity access managementProf. Jacques Folon (Ph.D)
 
Présentation de l'offre IAM de LINAGORA LinID
Présentation de l'offre IAM de LINAGORA LinIDPrésentation de l'offre IAM de LINAGORA LinID
Présentation de l'offre IAM de LINAGORA LinIDMichel-Marie Maudet
 
Les processus IAM
Les processus IAMLes processus IAM
Les processus IAMMarc Rousselet
 
Anypoint access management - Roles
Anypoint access management - RolesAnypoint access management - Roles
Anypoint access management - RolesShanky Gupta
 

Weitere ähnliche Inhalte

Was ist angesagt?

Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Oracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracleIDM
 
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4OracleIDM
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersAndrew Ames
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1OracleIDM
 
Sun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationSun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationOracleIDM
 
Platform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalPlatform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalOracleIDM
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
ITIL - IAM (Access Management)
ITIL - IAM (Access Management)ITIL - IAM (Access Management)
ITIL - IAM (Access Management)Josep Bardallo
 
Pragmatic Identity and Access Management: Secure Your Business without Breaki...
Pragmatic Identity and Access Management: Secure Your Business without Breaki...Pragmatic Identity and Access Management: Secure Your Business without Breaki...
Pragmatic Identity and Access Management: Secure Your Business without Breaki...Enterprise Management Associates
 
Biz case-keynote-final copy
Biz case-keynote-final copyBiz case-keynote-final copy
Biz case-keynote-final copyOracleIDM
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trainings
 
IDBI Intech Limited
IDBI Intech LimitedIDBI Intech Limited
IDBI Intech LimitedIDBI Intech
 

Was ist angesagt? (18)

Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
 
Oracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcast
 
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare Providers
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1
 
Sun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationSun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformation
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
 
Platform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalPlatform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-final
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
ITIL - IAM (Access Management)
ITIL - IAM (Access Management)ITIL - IAM (Access Management)
ITIL - IAM (Access Management)
 
Pragmatic Identity and Access Management: Secure Your Business without Breaki...
Pragmatic Identity and Access Management: Secure Your Business without Breaki...Pragmatic Identity and Access Management: Secure Your Business without Breaki...
Pragmatic Identity and Access Management: Secure Your Business without Breaki...
 
Biz case-keynote-final copy
Biz case-keynote-final copyBiz case-keynote-final copy
Biz case-keynote-final copy
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
 
IDBI Intech Limited
IDBI Intech LimitedIDBI Intech Limited
IDBI Intech Limited
 

Andere mochten auch

Présentation de l'offre IAM de LINAGORA LinID
Présentation de l'offre IAM de LINAGORA LinIDPrésentation de l'offre IAM de LINAGORA LinID
Présentation de l'offre IAM de LINAGORA LinIDMichel-Marie Maudet
 
Anypoint access management - Roles
Anypoint access management - RolesAnypoint access management - Roles
Anypoint access management - RolesShanky Gupta
 
Mule access management - Managing Environments and Permissions
Mule access management - Managing Environments and PermissionsMule access management - Managing Environments and Permissions
Mule access management - Managing Environments and PermissionsShanky Gupta
 
What Permissions Does Your Database User REALLY Need?
What Permissions Does Your Database User REALLY Need?What Permissions Does Your Database User REALLY Need?
What Permissions Does Your Database User REALLY Need?Denim Group
 
Comment sécuriser une démarche BYOD
Comment sécuriser une démarche BYODComment sécuriser une démarche BYOD
Comment sécuriser une démarche BYODMarc Rousselet
 
Presentation on Federated identity and Access Management
Presentation on Federated identity and Access ManagementPresentation on Federated identity and Access Management
Presentation on Federated identity and Access Managementokoliec
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)ForgeRock
 
La gouvernance IAM au service des stratégies métiers
La gouvernance IAM au service des stratégies métiersLa gouvernance IAM au service des stratégies métiers
La gouvernance IAM au service des stratégies métiersMarc Rousselet
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
 
Technical Overview of FIDO Solution
Technical Overview of FIDO SolutionTechnical Overview of FIDO Solution
Technical Overview of FIDO SolutionForgeRock
 
Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Kingsley Uyi Idehen
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture ReviewForgeRock
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock
 
Identity as a Service - Etude IDaaS
Identity as a Service - Etude IDaaSIdentity as a Service - Etude IDaaS
Identity as a Service - Etude IDaaSMarc Rousselet
 
ForgeRock Gartner 2016 Security & Risk Management Summit
ForgeRock Gartner 2016 Security & Risk Management Summit ForgeRock Gartner 2016 Security & Risk Management Summit
ForgeRock Gartner 2016 Security & Risk Management Summit ForgeRock
 
The Future is Now: The ForgeRock Identity Platform, Early 2017 Release
The Future is Now: The ForgeRock Identity Platform, Early 2017 ReleaseThe Future is Now: The ForgeRock Identity Platform, Early 2017 Release
The Future is Now: The ForgeRock Identity Platform, Early 2017 ReleaseForgeRock
 
10 02 authentification PAM
10 02 authentification PAM10 02 authentification PAM
10 02 authentification PAMNoël
 

Andere mochten auch (20)

Identity access management
Identity access managementIdentity access management
Identity access management
 
Présentation de l'offre IAM de LINAGORA LinID
Présentation de l'offre IAM de LINAGORA LinIDPrésentation de l'offre IAM de LINAGORA LinID
Présentation de l'offre IAM de LINAGORA LinID
 
Les processus IAM
Les processus IAMLes processus IAM
Les processus IAM
 
Anypoint access management - Roles
Anypoint access management - RolesAnypoint access management - Roles
Anypoint access management - Roles
 
Mule access management - Managing Environments and Permissions
Mule access management - Managing Environments and PermissionsMule access management - Managing Environments and Permissions
Mule access management - Managing Environments and Permissions
 
What Permissions Does Your Database User REALLY Need?
What Permissions Does Your Database User REALLY Need?What Permissions Does Your Database User REALLY Need?
What Permissions Does Your Database User REALLY Need?
 
Comment sécuriser une démarche BYOD
Comment sécuriser une démarche BYODComment sécuriser une démarche BYOD
Comment sécuriser une démarche BYOD
 
Presentation on Federated identity and Access Management
Presentation on Federated identity and Access ManagementPresentation on Federated identity and Access Management
Presentation on Federated identity and Access Management
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 
La gouvernance IAM au service des stratégies métiers
La gouvernance IAM au service des stratégies métiersLa gouvernance IAM au service des stratégies métiers
La gouvernance IAM au service des stratégies métiers
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
 
Technical Overview of FIDO Solution
Technical Overview of FIDO SolutionTechnical Overview of FIDO Solution
Technical Overview of FIDO Solution
 
Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture Review
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
 
Identity as a Service - Etude IDaaS
Identity as a Service - Etude IDaaSIdentity as a Service - Etude IDaaS
Identity as a Service - Etude IDaaS
 
ForgeRock Gartner 2016 Security & Risk Management Summit
ForgeRock Gartner 2016 Security & Risk Management Summit ForgeRock Gartner 2016 Security & Risk Management Summit
ForgeRock Gartner 2016 Security & Risk Management Summit
 
The Future is Now: The ForgeRock Identity Platform, Early 2017 Release
The Future is Now: The ForgeRock Identity Platform, Early 2017 ReleaseThe Future is Now: The ForgeRock Identity Platform, Early 2017 Release
The Future is Now: The ForgeRock Identity Platform, Early 2017 Release
 
10 02 authentification PAM
10 02 authentification PAM10 02 authentification PAM
10 02 authentification PAM
 
Database security
Database securityDatabase security
Database security
 

Ähnlich wie IAM

Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle BH
 
Tivi - Tunnistautuminen - 2020
Tivi - Tunnistautuminen - 2020Tivi - Tunnistautuminen - 2020
Tivi - Tunnistautuminen - 2020Pete Nieminen
 
SharePoint Saturday - Austin (Jan 2012)
SharePoint Saturday - Austin (Jan 2012) SharePoint Saturday - Austin (Jan 2012)
SharePoint Saturday - Austin (Jan 2012) Jeff Shuey
 
Introduction to Mydex CIC Personal Data Stores - 7th March 2013
Introduction to Mydex CIC Personal Data Stores - 7th March 2013Introduction to Mydex CIC Personal Data Stores - 7th March 2013
Introduction to Mydex CIC Personal Data Stores - 7th March 2013Mydex CIC
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Andrew Hughes
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formulaOracleIDM
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Hitachi ID Identity Manager: Detailed presentation
Hitachi ID Identity Manager: Detailed presentationHitachi ID Identity Manager: Detailed presentation
Hitachi ID Identity Manager: Detailed presentationHitachi ID Systems, Inc.
 
Identity 3.0 and Oracle
Identity 3.0 and OracleIdentity 3.0 and Oracle
Identity 3.0 and OracleBram van Pelt
 
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...Codemotion
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationLiam Cleary [MVP]
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoLiam Cleary [MVP]
 
SharePoint Saturday - Sacramento --- SharePoint and Paper belong Together
SharePoint Saturday - Sacramento --- SharePoint and Paper belong TogetherSharePoint Saturday - Sacramento --- SharePoint and Paper belong Together
SharePoint Saturday - Sacramento --- SharePoint and Paper belong TogetherJeff Shuey
 
SharePoint Saturday - Sacramento --- SharePoint and Paper belong Together
SharePoint Saturday - Sacramento --- SharePoint and Paper belong TogetherSharePoint Saturday - Sacramento --- SharePoint and Paper belong Together
SharePoint Saturday - Sacramento --- SharePoint and Paper belong TogetherJeff Shuey
 

Ähnlich wie IAM (20)

IAM
IAMIAM
IAM
 
Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010
 
Tivi - Tunnistautuminen - 2020
Tivi - Tunnistautuminen - 2020Tivi - Tunnistautuminen - 2020
Tivi - Tunnistautuminen - 2020
 
SharePoint Saturday - Austin (Jan 2012)
SharePoint Saturday - Austin (Jan 2012) SharePoint Saturday - Austin (Jan 2012)
SharePoint Saturday - Austin (Jan 2012)
 
Intro to Identity Management
Intro to Identity ManagementIntro to Identity Management
Intro to Identity Management
 
Introduction to Mydex CIC Personal Data Stores - 7th March 2013
Introduction to Mydex CIC Personal Data Stores - 7th March 2013Introduction to Mydex CIC Personal Data Stores - 7th March 2013
Introduction to Mydex CIC Personal Data Stores - 7th March 2013
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formula
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
Hitachi ID Identity Manager: Detailed presentation
Hitachi ID Identity Manager: Detailed presentationHitachi ID Identity Manager: Detailed presentation
Hitachi ID Identity Manager: Detailed presentation
 
Identity 3.0 and Oracle
Identity 3.0 and OracleIdentity 3.0 and Oracle
Identity 3.0 and Oracle
 
Identity 3.0 and Oracle at AMIS25
Identity 3.0 and Oracle at AMIS25Identity 3.0 and Oracle at AMIS25
Identity 3.0 and Oracle at AMIS25
 
Mit1
Mit1Mit1
Mit1
 
Acuma Introduction
Acuma IntroductionAcuma Introduction
Acuma Introduction
 
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
 
Securityinsideout
SecurityinsideoutSecurityinsideout
Securityinsideout
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San Francisco
 
SharePoint Saturday - Sacramento --- SharePoint and Paper belong Together
SharePoint Saturday - Sacramento --- SharePoint and Paper belong TogetherSharePoint Saturday - Sacramento --- SharePoint and Paper belong Together
SharePoint Saturday - Sacramento --- SharePoint and Paper belong Together
 
SharePoint Saturday - Sacramento --- SharePoint and Paper belong Together
SharePoint Saturday - Sacramento --- SharePoint and Paper belong TogetherSharePoint Saturday - Sacramento --- SharePoint and Paper belong Together
SharePoint Saturday - Sacramento --- SharePoint and Paper belong Together
 

Mehr von Prof. Jacques Folon (Ph.D)

Rh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENTRh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENTProf. Jacques Folon (Ph.D)
 

Mehr von Prof. Jacques Folon (Ph.D) (20)

Introduction to digital strategy
Introduction to digital strategy Introduction to digital strategy
Introduction to digital strategy
 
Ifc jour 1 dpo
Ifc jour 1 dpoIfc jour 1 dpo
Ifc jour 1 dpo
 
Cpas divers sujets
Cpas divers sujets Cpas divers sujets
Cpas divers sujets
 
Ferrer premier cours octobre 2021
Ferrer premier cours octobre 2021Ferrer premier cours octobre 2021
Ferrer premier cours octobre 2021
 
premier cours saint louis sept 2021
premier cours saint louis sept 2021premier cours saint louis sept 2021
premier cours saint louis sept 2021
 
Cmd premier cours sept 2021
Cmd premier cours sept 2021Cmd premier cours sept 2021
Cmd premier cours sept 2021
 
CPAS ET RGPD : direction et DPO
CPAS ET RGPD : direction et DPO CPAS ET RGPD : direction et DPO
CPAS ET RGPD : direction et DPO
 
le RGPD fossoyeur du marketing digital ?
le RGPD fossoyeur du marketing digital ?le RGPD fossoyeur du marketing digital ?
le RGPD fossoyeur du marketing digital ?
 
Ifc gdpr strat digit mai 2021
Ifc gdpr strat digit mai 2021Ifc gdpr strat digit mai 2021
Ifc gdpr strat digit mai 2021
 
Pandemie et vie privee
Pandemie et vie priveePandemie et vie privee
Pandemie et vie privee
 
GDPR & digital strategy
GDPR & digital strategyGDPR & digital strategy
GDPR & digital strategy
 
Cmd de la stratégie au marketing digital
Cmd de la stratégie au marketing digitalCmd de la stratégie au marketing digital
Cmd de la stratégie au marketing digital
 
Ichec ipr feb 2021
Ichec ipr feb 2021Ichec ipr feb 2021
Ichec ipr feb 2021
 
Strategy for digital business class #1
Strategy for digital business class #1Strategy for digital business class #1
Strategy for digital business class #1
 
E comm et rgpd
E comm et rgpdE comm et rgpd
E comm et rgpd
 
Cmd premier cours
Cmd premier coursCmd premier cours
Cmd premier cours
 
Cmd cours 1
Cmd cours 1Cmd cours 1
Cmd cours 1
 
Le dossier RGPD
Le dossier RGPDLe dossier RGPD
Le dossier RGPD
 
Rh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENTRh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENT
 
RGPD et stratégie digitale
RGPD et stratégie digitaleRGPD et stratégie digitale
RGPD et stratégie digitale
 

Kürzlich hochgeladen

BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxSayali Powar
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...Nguyen Thanh Tu Collection
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Celine George
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDhatriParmar
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseCeline George
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQuiz Club NITW
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSMae Pangan
 
4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptxmary850239
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxCLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxAnupam32727
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17Celine George
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQuiz Club NITW
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17Celine George
 
Indexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfIndexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfChristalin Nelson
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxMichelleTuguinay1
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxDhatriParmar
 

Kürzlich hochgeladen (20)

BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 Database
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
 
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of EngineeringFaculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHS
 
4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxCLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Project
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17
 
Indexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfIndexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdf
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
 
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
 

IAM

  • 1. Iden%ty  &  access  management   Aspects  ges%on  -­‐  INFOSAFE  21/1/2011   Jacques  Folon   Chargé  de  cours  ICHEC   Professeur  invité  Université  de  Metz   Partner  Edge-­‐Consul%ng  
  • 2. IAM   1.  C’est  quoi  ?   2.  Quel  est  le  contexte   actuel?   3.  IAM  &  cloud  compu%ng   4.  Pourquoi  en  avons  nous   besoin?   5.  To  do  list   6.  IAM  et  vie  privée   7.  IAM  et  contrôle   8.  e-­‐discovery   9.  Conclusion  
  • 3. 1.  IAM  c’est  quoi  ?     Source:  Iden%ty  and  Access  Management:  OverviewRafal  Lukawiecki  -­‐    Strategic  Consultant,  Project  Boccelli  Ltd  rafal@projectboccelli.co.uk
  • 4. Défini%on   •  What  is  Iden%ty  Management  ?    “Iden%ty  management  is  the  set   of  business  processes,  and  a   suppor%ng  infrastructure,  for  the   crea%on,  maintenance,  and  use   of  digital  iden%%es.”  The  Burton   Group  (a  research  firm   specializing  in  IT  infrastructure   for  the  enterprise)   •  Iden%ty  Management  in  this   sense  is  some%mes  called   “Iden%ty  and  Access   Management”  (IAM)  
  • 5. IAM  c’est  par   exemple…   •  “Bonjour  je  suis  Julie,  une   étudiante   d’INFOSAFE.”      (Iden/té)   •  “Ceci  est  mon  mot  de  passe.”      (Authen/fica/on)   •  “Je  veux  accéder  à  la  plateforme”      (Authorisa/on  accordée)   •  “Je  veux  améliorer  la  note  de   mon  examen.”      (Autorisa/on  refusée)          5  
  • 6. Mais  c’est  aussi…   •  Un  nouveau  professeur   •  Donc  une  adresse  email,  à   donner  dès  que  possible   •  Un  mot  de  passe  sur  ICHEC   Campus   •  Un  mot  de  passe  Intranet   •  Un  mot  de  passe  IE  Campus   •  Définir  les  autres  services   auxquel  il  a  accès          6  
  • 7. Quelles  sont  les  ques%ons  à  se  poser??   •  Les  personnes  sont-­‐elles  ce   qu’elles  disent  être??   •  Sont-­‐elles  des  membres   réels  de  notre   communuté  ?   •  Ont-­‐elles  reçu  les   autorisa%ons  nécessaires  ?   •  Le  respect  de  leurs   données  personnelles  est-­‐ il  mis  en  place?          7  
  • 8. Exemples  de  ques%ons   –  Quel  mot  type  de  mot  de  passe   donner?   –  Quelles  sont  les  ac%vités   autorisées?   –  Quelles  sont  les  ac%vités   interdites?   –  A  quelle  catégorie  de  personne   ceqe  nouvelle  iden%té  doit-­‐elle   être  aqachée?   –  A  quel  moment  du  processus   d’entrée  les  autorisa%ons  doivent-­‐ elles  être  données?   –  Quelles  modalités  de  contrôle  sont   mises  en  place?  Peut-­‐on  prouver   tout  cela  à  un  auditeur  ?   –  Quid  de  l’e-­‐discovery?            8  
  • 9. Components  of  IAM   •  Administra%on   –  User  Management   –  Password  Management   –  Workflow   –  Delega%on   •  Access  Management   –  Authen%ca%on     Authentication Administration Authorization –  Authoriza%on   •  Iden%ty  Management   –  Account  Provisioning   –  Account  Deprovisioning   –  Synchronisa%on   Reliable Identity Data Source:  Iden%ty  and  Access  Management:  OverviewRafal  Lukawiecki  -­‐    Strategic  Consultant,  Project  Boccelli  Ltd  rafal@projectboccelli.co.uk  
  • 10. 2.  Contexte  actuel    Quel  est  le  contexte  actuel   qui  est  à  la  base  du   développement  de  l’IAM?  
  • 11. •  Internet  est  basé  sur  des   communica%ons  anonymes   Welcome  to  a  digital  world     •  Les  entreprises  par%cipent  à  de   nombreux  réseaux  générant  de   mul%ples  iden%tés   •  Les  systèmes  internes  ont  parfois  des   systèmes  d’iden%fiants  différents   •  Les  u%lisateurs  sont  les  maillons   faibles  de  la  sécurité   •  La  criminalité  informa%que  augmente   •  La  mise  en  place  de  contrôles  impose   l’iden%fica%on   •  La  ges%on  des  traces  est   indispensables   •  La  protec%on  de  la  vie  privée  impose   des  contrôles  
  • 13.
  • 14. Explosion  of  IDs   #  of   Digital  IDs   Time     Source:  Iden%ty  and  Access  Management:  OverviewRafal  Lukawiecki  -­‐    Strategic  Consultant,  Project  Boccelli  Ltd  rafal@projectboccelli.co.uk
  • 15. The  Disconnected  Reality   • Authentication • Authorization • Identity Data • Authentication • Authorization • Identity Data • Authentication • Authorization • Identity Data • Authentication Enterprise Directory • Authorization • Identity Data • Authentication • Authorization • Identity Data • Authentication • Authorization •  “Iden%ty  Chaos”     • Identity Data –  Nombreux  u%lisateurs  et  applica%ons     • Authentication • Authorization –  Nombreuses  ID   • Identity Data –  Plusieurs  iden%té  par  u%lisateur   –  Plusieurs  log  in  et  mots  de  passeMul%ple  repositories  of  iden%ty  informa%on;   Mul%ple  user  IDs,  mul%ple  passwords   –  Management  décentralisé   –  Conflits  business  <-­‐>  IT     Source:  Iden%ty  and  Access  Management:  OverviewRafal  Lukawiecki  -­‐    Strategic  Consultant,  Project  Boccelli  Ltd  rafal@projectboccelli.co.uk
  • 16. Mul%ple  Contexts   Customer  sa%sfac%on  &  customer  in%macy   Cost  compe%%veness   Reach,  personaliza%on   Your  CUSTOMERS   Your  SUPPLIERS   Collabora%on   Outsourcing   Faster  business  cycles;  process   automa%on   Value  chain   Your  COMPANY  and   your  EMPLOYEES   M&A   Mobile/global  workforce   Flexible/temp  workforce   Your  REMOTE  and   Your  PARTNERS   VIRTUAL  EMPLOYEES     Source:  Iden%ty  and  Access  Management:  OverviewRafal  Lukawiecki  -­‐    Strategic  Consultant,  Project  Boccelli  Ltd  rafal@projectboccelli.co.uk
  • 18. Trends  Impac%ng  Iden%ty   Rising Tide of Regulation and Compliance "  SOX, HIPAA, GLB, Basel II, 21 CFR Part 11, … "  $15.5 billion spend in 2005 on compliance (analyst estimate) Deeper Line of Business Automation and Integration "  One half of all enterprises have SOA under development "  Web services spending growing 45% CAGR Increasing Threat Landscape "  Iden<ty  the@  costs  banks  and  credit  card  issuers  $1.2  billion  in  1  yr   "  $250 billion lost in 2004 from exposure of confidential info Maintenance Costs Dominate IT Budget "  On average employees need access to 16 apps and systems "  Companies spend $20-30 per user per year for PW resets Data  Sources:  Gartner,  AMR  Research,  IDC,  eMarketer,  U.S.  Department.  of  Jus<ce  
  • 19. Pain  Points     Source:  Iden%ty  and  Access  Management:  OverviewRafal  Lukawiecki  -­‐    Strategic  Consultant,  Project  Boccelli  Ltd  rafal@projectboccelli.co.uk
  • 20. 3.  IAM  &  Cloud  compu%ng  
  • 21. Cloud  Compu%ng:  Defini%on   •  No  Unique  Defini%on  or  General  Consensus  about  what  Cloud   Compu%ng  is  …   •  Different  Perspec%ves  &  Focuses  (Pla}orm,  SW,  Service  Levels…)   •  Flavours:   –  Compu%ng  and  IT    Resources  Accessible  Online   –  Dynamically  Scalable  Compu%ng  Power     –  Virtualiza%on  of  Resources   –  Access  to  (poten%ally)  Composable  &  Interchangeable  Services     –  Abstrac%on  of  IT  Infrastructure              No  need  to  understand  its  implementa%on:  use  Services  &  their  APIs   –  Some  current  players,  at  the  Infrastructure  &  Service  Level:          Salesfoce.com,  Google  Apps,  Amazon,  Yahoo,  Microsoz,  IBM,  HP,  etc.   The  Future  of  Iden%ty  in  the  Cloud:  Requirements,  Risks  &  Opportuni%esMarco Casassa Mont marco.casassa-mont@hp.com HP Labs Systems Security Lab Bristol, UK - EEMA  e-­‐Iden%ty  Conference,  2009  
  • 22. Cloud  Compu%ng:  Models   Cloud     Provider  #1   On  Demand   Prin%ng   CPUs   Service   CRM   Office   Service   Data   Apps   Storage   User   Service   …   Cloud     Provider  #2   Enterprise   Backup   Service     ILM   Service   Service   Employee   Service   Service  3   Service   Business   …   Apps/Service   …   Internal  Cloud   …   The     Internet     The  Future  of  Iden%ty  in  the  Cloud:  Requirements,  Risks  &  Opportuni%esMarco Casassa Mont marco.casassa-mont@hp.com HP Labs Systems Security Lab Bristol, UK - EEMA  e-­‐Iden%ty  Conference,  2009
  • 23. Cloud  Compu%ng:  Implica%ons   •  Enterprise:          Paradigm  Shiz  from  “Close  &  Controlled”  IT  Infrastructures  and  Services  to   Externally  Provided  Services  and  IT  Infrastructures     •  Private  User:          Paradigm  Shiz  from  Accessing  Sta%c  Set  of  Services  to  Dynamic  &  Composable   Services     •  General  Issues:   –   Poten%al  Loss  of  Control  (on  Data,  Infrastructure,  Processes,  etc.)   –   Data  &  Confiden%al  Informa%on  Stored  in  The  Clouds   –   Management  of  Iden%%es  and  Access  (IAM)  in  the  Cloud   –   Compliance  to  Security  Prac%ce  and  Legisla%on     –   Privacy  Management  (Control,  Consent,  Revoca%on,  etc.)   –   New  Threat  Environments   –   Reliability  and  Longevity  of  Cloud  &  Service  Providers   The  Future  of  Iden%ty  in  the  Cloud:  Requirements,  Risks  &  Opportuni%esMarco Casassa Mont marco.casassa-mont@hp.com HP Labs Systems Security Lab Bristol, UK - EEMA  e-­‐Iden%ty  Conference,  2009  
  • 24. Iden%ty  in  the  Cloud:  Enterprise  Case   Cloud     Data   User  Account   &  Confiden%al   Provider  #1   Provisioning/   User  Account   IAM  Capabili%es     De-­‐provisioning   Informa%on   On  Demand   Provisioning/   Prin%ng   CPUs   De-­‐provisioning   and  Services   Authen%ca%on   Service   CRM   Iden<ty  &   Authen%ca%on   Can  be     Authoriza%on   Service   Creden<als   Data   Authoriza%on   Audit   Office   Outsourced  in   Apps   Iden<ty  &   Storage   Audit   Creden<als   The  Cloud  …   Service   Data   &  Confiden%al   …   Informa%on     Iden<ty  &   Creden<als   Cloud   Iden<ty  &   Creden<als   Provider  #2   Enterprise   User  Account   Provisioning/   De-­‐provisioning   Data   Authen%ca%on   &  Confiden%al   Backup   Authen%ca%on   Iden<ty  &   Authoriza%on   Authoriza%on   Informa%on   ILM   Service     Creden<als   Audit   Audit   Service   Service   Employee   Iden<ty  &   Data   Service   Creden<als   Service  3   &  Confiden%al   User  Account   Provisioning/   Informa%on   Iden<ty  &   Service  De-­‐provisioning   Business   Creden<als   …   Apps/Service   …   Internal  Cloud   …   The     Internet   The  Future  of  Iden%ty  in  the  Cloud:  Requirements,  Risks  &  Opportuni%esMarco Casassa Mont marco.casassa-mont@hp.com HP Labs Systems Security Lab Bristol, UK - EEMA  e-­‐Iden%ty  Conference,  2009  
  • 25. Iden%ty  in  the  Cloud:  Enterprise  Case   Issues  and  Risks  [1/2]   •   Poten%al  Prolifera%on  of  Required  Iden%%es  &  Creden%als  to  Access  Services          Misbehaviours  when  handling  creden%als  (wri%ng  down,  reusing,  sharing,  etc.)   •   Complexity  in  correctly  “enabling”  Informa%on  Flows  across  boundaries            Security  Threats                  (Enterprise    Cloud  &  Service  Providers,  Service  Provider    Service  Provider,  …_   •   Propaga%on  of  Iden%ty  and  Personal  Informa%on  across  Mul%ple  Clouds/Services          Privacy  issues  (e.g.  compliance  to  mul%ple    Legisla%ons,  Importance  of  Loca%on,  etc.)        Exposure  of  business  sensi%ve  informa%on                (employees’  iden%%es,  roles,  organisa%onal  structures,  enterprise  apps/services,  etc.)        How  to  effec%vely  Control  this  Data?   •   Delega%on  of  IAM  and  Data  Management  Processes  to  Cloud  and  Service  Providers          How  to  get  Assurance  that  these  Processes  and  Security  Prac%ce    are  Consistent  with                        Enterprise  Policies?              -­‐  Recurrent  problem  for  all  Stakeholders:  Enterprise,  Cloud  and  Service  Providers  …          Consistency  and  Integrity  of  User  Accounts  &  Informa%on  across  various  Clouds/Services        How  to  deal  with  overall  Compliance  and  Governance  issues?   The  Future  of  Iden%ty  in  the  Cloud:  Requirements,  Risks  &  Opportuni%esMarco Casassa Mont marco.casassa-mont@hp.com HP Labs Systems Security Lab Bristol, UK - EEMA  e-­‐Iden%ty  Conference,  2009  
  • 26. Iden%ty  in  the  Cloud:  Enterprise  Case   Issues  and  Risks  [2/2]   •   Migra%on  of  Services  between  Cloud  and  Service  Providers          Management  of  Data  Lifecycle   •   Threats  and  Aqacks  in  the  Clouds  and  Cloud  Services          Cloud  and  Service  Providers  can  be  the  “weakest  links”  in  Security  &  Privacy            Reliance  on  good  security  prac%ce  of  Third  Par%es           The  Future  of  Iden%ty  in  the  Cloud:  Requirements,  Risks  &  Opportuni%esMarco Casassa Mont marco.casassa-mont@hp.com HP Labs Systems Security Lab Bristol, UK - EEMA  e-­‐Iden%ty  Conference,  2009  
  • 27. 4.Pourquoi  en  avons  nous  besoin?   • Sécurité   • Compliance   • Réduc<on  des  coûts   • Support  pour  l’audit   • Contrôle  d’accès  
  • 29. Economies  possibles   •  Directory  Synchroniza%on   “Improved  upda/ng  of  user  data:  $185  per  user/year”   “Improved  list  management:  $800  per  list”   -­‐  Giga  Informa%on  Group   •  Password  Management   “Password  reset  costs  range  from  $51  (best  case)  to  $147  (worst  case)  for   labor  alone.”  –  Gartner   •  User  Provisioning   “Improved  IT  efficiency:  $70,000  per  year  per  1,000  managed  users”   “Reduced  help  desk  costs:  $75  per  user  per  year”   -­‐  Giga  Informa%on  Group      
  • 30. Can  We  Just  Ignore  It  All?   •  Today,  average  corporate  user   spends  16  minutes  a  day  logging  on   •  A  typical  home  user  maintains   12-­‐18  iden%%es   •  Number  of  phishing    sites  grew  over   1600%  over  the  past  year   •  Corporate  IT  Ops  manage  an   average  of  73  applica%ons  and  46   suppliers,  ozen  with  individual   directories   •  Regulators  are  becoming  stricter   about  compliance  and  audi%ng   •  Orphaned  accounts  and  iden%%es   lead  to  security  problems   Source:  Microsoz’s  internal  research  and  An%-­‐phishing  Working  Group    
  • 31. IAM  Benefits     Source:  Iden%ty  and  Access  Management:  OverviewRafal  Lukawiecki  -­‐    Strategic  Consultant,  Project  Boccelli  Ltd  rafal@projectboccelli.co.uk
  • 32. 5.  IAM  to  do  list   •  Créa%on  et  suppression   automa%que  de  comptes   •  Ges%on  des  traces   •  Archivage  (durée??)   •  Vie  privée   •  Compliance     •  Sécurité  <>  risques   •  De  plus  en  plus   d’u%lisateurs   •  E-­‐business  
  • 33. 6. La protection des données personnelles
  • 35. Les  informa<ons  circulent     Qui  vérifie?  
  • 36. Qui  doit  avoir  accès  à  quoi?   Limita%ons  légales  !    
  • 39.
  • 40.
  • 41. 7.  IAM  et  Contrôle  
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 51. Defini%on  of  e-­‐discovery   •  Electronic  discovery  (or  e-­‐discovery)  refers  to  discovery  in   civil  li%ga%on  which  deals  with  informa%on  in  electronic   format  also  referred  to  as  Electronically  Stored   Informa%on  (ESI).     •  It  means  the  collec%on,  prepara%on,  review  and   produc%on  of  electronic  documents  in  li%ga%on  discovery.     •  Any  process  in  which  electronic  data  is  sought,  located,   secured,  and  searched  with  the  intent  of  using  it  as   evidence  in  a  civil  or  criminal  legal  case   •  This  includes  e-­‐mail,  aqachments,  and  other  data  stored   on  a  computer,  network,  backup  or  other  storage  media.   e-­‐Discovery  includes  metadata.  
  • 52. Recommanda%ons   Organiza%ons  should  update  and/or  create  informa%on   management  policies  and  procedures  that  include:   –  e-­‐mail  reten<on  policies,  On  an  individual  level,  employees  tend   to  keep  informa<on  on  their  hard  drives  “just  in  case”  they   might  need  it.   –  Work  with  users  to  ra.onalize  their  storage  requirements  and   decrease  their  storage  budget.   –  off-­‐line  and  off-­‐site  data  storage  reten<on  policies,     –  controls  defining  which  users  have  access  to  which  systems   andunder  what  circumstances,     –  instruc<ons  for  how  and  where  users  can  store  data,  and  •   backup  and  recovery  procedures.   –  Assessments  or  surveys  should  be  done  to  iden<fy  business   func<ons,  data  repositories,  and  the  systems  that  support  them.   –  Legal  must  be  consulted.  Organiza<ons  and  their  legal  teams   should  work  together  to  create  and/or  update  their  data   reten<on  policies  and  procedures  for  managing  li<ga<on  holds.  
  • 53. 9.  Conclusion   •  IAM  n’est  pas  uniquement  une  ques%on   informa%que  les  aspects  juridiques  et  de   ges%on  sont  essen%els   •  Aqen%on  aux  aspects  compliance   •  Plus  de  sécurité  nécessaire   –  Cloud  compu%ng   –  Virtualisa%on   –  Data  privacy   –  archivage   •  Transparence     •  E-­‐discovery  
  • 54. L’IAM  est  aussi  une  opportunité   •  Repenser  la  sécurité   •  Limiter  les  risques   •  Réduire  les  coûts   •  Repréciser  les  rôles  et   responsabilités   •  Appréhender  les  risques  futurs  
  • 55.
  • 56. Je suis prêt à répondre à vos questions