OLIVER STAMPFLI, SECURITY ARCHITECT IDENTITY & ACCESS MANAGEMENT, SWISSCOM
JENS SONNENTRÜCKER, HEAD OF IDENTITY ACCESS MANAGEMENT & GOVERNANCE, SWISSCOM
The goal for Swisscom was to be able to offer one ID Broker for all services, so that subscribers essentially would be able to “Bring Your Own Identity” (BYOI). If not done this way, each application or service offered by Swisscom would have required a connection with each IDP. By implementing a ForgeRock solution, Swisscom was able to reduce costs spent on administration and significantly upgrade ease of use for the customer base, while also increasing sharing options across service offerings.
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Identity Summit UK: THE IDENTITY BROKER AS DRIVER FOR GROWTH
1. THE IDENTITY BROKER AS DRIVER FOR GROWTH
THE IDENTITY SUMMIT 2015
Jens Sonnentrücker
Head of Identity Access Management & Governance, Swisscom
Oliver Stampfli
Security Architect Identity & Access Management, Swisscom
London - 08. October 2015
2. About Swisscom AG
The leading telecommunications company in Switzerland
2
Data merits
optimal
protection
1,2 Mio
TV subscribers
Best
Infrastructure
2,7 Mio
Landlines
21’599
Employees
Employees from
88 nations,
innovative
work models
Swiss made –
for the world
300 Multinational
customers in
2’600 international
offices,
Swisscom offices
in Vienna und Singapore
1,9 Mio
Broadband customers
One of the most
sustainable
companies
of Switzerland
6,5 Mio
Mobile customers
>35’000
Offices connected
>6’000
Served major customers
ISO 27001
ISO 15504
certified
2'893 Mio.
CHF net sales
1'051 Mio.
CHF EBITDA
3. Field-Service in
20 Min.
on-site
Swisscom
more than «just» a telecommunications provider
3
200
Banks
50’000
UCC-Users
35’000
Printers
117’000
Desktop
computers
1’100
Banking specialists
85
Operational
banking platforms
11’500
Servers
13 PB
Managed storage
42’000 km
fibre optics
190’000 km
copper lines
170
SAP service
customers
6
SAP Quality Awards
>1 Mrd./year
Investment in
network
infrastructure
1’800
Hotspots
in Switzerland
4. Private Cloud Public Cloud
Hybrid Cloud
Cloud Provider
Swisscom Storebox
Cloud-memory for
your Company
Secure document storage
in one place
Swisscom Docsafe
Evita
Electronic
health dossier
M2M
Connecting things
for people
Quing Home
Your smart home
by Swisscom
Tapit Access
Physical access with
your mobile
Simple design and
usage
Trustfully participating
In the digital future
Inspire new forms of value
creation
7. The future of Identity Management and Authentication at
Swisscom 7
> The IAM of tomorrow orients
itself towards the consumer
market.
> Digital Identities create a
competitive market place
> Management of digital
identities is key for the Internet
of Things (IoT)
> Self-control over data is the
essential for the future of our
society..
> Privacy: To whom do we trust
what data and why?
> In the Digisphere new forms of
digital life are created, mutated
and destroyed.
Technical strategy of
Swisscom AG
Gartner forecast for the
future of IAM until 2020
Vision of Swisscom
People-centric Identity Management:
„Swisscom enables its customers to
get their right of informational self-
control"
GDI-Study about the future
of the connected society
We are convinced that…
… the customer in the digital
world wants to have the
same privacy as there is for
the physical world.
8. The future of Access Management and Access Control at Swisscom
8
> Future access management will
focus on valuable resources.
> Roles are attributes among
others.
> The internet is growing but is
also growing apart.
> Data security is also about
trust.
> „Smart Contracts“ with
integrated algorithms as
suitable methodology for the
future access control.
Technical strategy of
Swisscom AG
Gartner forecast for the
future of IAM until 2020
Vision of Swisscom
Policies Based Access Control:
„Swisscom enables its customers to
control the risks of the digital world“
GDI-Study about the future
of the connected society
We are convinced that…
… the customer should keep
its privacy in the most simple
way.
9. IAM Vision until 2025
9
2017
IDP
> 20252020
IDP
IDP
IDP
IDP
IDP
IDP
10. Use Case “Identity Broker”
Bring Your Own Identity @ Swisscom Cloud 10
Operation
Layer
Enterprise Cloud
Cloud Foundry (PaaS)
OpenstackVMware
Infrastructure
Swisscom Network
Service Cloud Application Cloud
Entry Zone
ID BrokerAPI Gateway
11. 11
Use Case “Identity Broker”
Architecture of the Access Broker
Identity BrokerCloud Environment
Authz
Provider
Web
Applications
Policy Management
PDP
PAP
ID Provider
Contracts
Client
Contracts
Clients
(WebUI, mobile/
comp. APP)
Identity Stores
IDP 1 IDP 2 IDP …
API-Gateway /
Reverse Proxy
(with PEP)
Authn
Provider
12. Use Case “Identity Broker”
Bring Your Own Identity for Swisscom Services 12
Swisscom Cloud
Services
Swisscom Residential
Services
Swisscom Extranet
Services
Swisscom Corporate
Services
Swisscom
ID Broker
Customer
Active Directory
Swisscom Corporate
Active Directory
Public
Identity Provider
IDP
Private
Identity Provider
Private Cloud Public Cloud Quing Home Storebox Collaboration
Serivces
Ticketing
System
Corporate
Application
Mobile
Application
13. Portal Login via CustomerAD
26.05.2015
13
CloudSecurityArchitecture