CIS 2015-API's & Identity: Enabling the Business to Become the Cloud- Carlos Garcia
-
Upload
cloudidsummit -
Category
Technology
-
view
116 -
download
1
Transcript of CIS 2015-API's & Identity: Enabling the Business to Become the Cloud- Carlos Garcia
Synopsis
This is a short story on how Optum is transforming itself to become the HealthCare Services Cloud and how APIs
and Identity are the enablers to make this possible.
Copyright © 2015 Cloud Identity Summit. All rights reserved. 3
Or as I like to call it….
How the security dog finally caught the car
Copyright © 2015 Cloud Identity Summit. All rights reserved. 4
But first…. Who are we?
UnitedHealth Group is an interconnected company composed of business segments. A few examples:
Copyright © 2015 Cloud Identity Summit. All rights reserved. 6
Health Benefits • Employer and individual • Medicare & Retirement • Military and Veterans • Amil (Brazil) • NHS (UK) • Lusíadas Saúde (Portugal)
Health Services • Provider Solutions • Payer Solutions • Optum Bank • OptumRX • OptumCloud • OptumIT
The Big Challenges
Selling the value of WAM and SAML; Gaining adoption but not improving end-user experience. • 12+ million identities but silo’d. • End user experience • SAML masks identity problem. • Common security framework for registration. • Standard WAM/SSO integration patterns and SDK
Copyright © 2015 Cloud Identity Summit. All rights reserved. 8
Optum Opportunities
• ACA provides huge opportunities • Claims data mining. 100’s of millions of claims
• Fraud Monitoring (US) 80 Billion dollars in 2014 • Expose and monetize the data and services • Enable the developers • IaaS/PaaS/SaaS and Hosting • Healthcare exchanges (Private and Government)
Copyright © 2015 Cloud Identity Summit. All rights reserved. 9
Wait… I think we need Identity
All of a sudden, the security dog didn’t catch the car, but rather the car hit the breaks….
….and security dog was along for the ride! Copyright © 2015 Cloud Identity Summit. All rights reserved. 10
Businessman’s best friend
Copyright © 2015 Cloud Identity Summit. All rights reserved. 11
IAM team now has a business partner and needs to solve for: • Optum Cloud Marketplace • Commercialization • Health Exchanges (private & public)
We need it yesterday!
Now instead of selling the value of identity to the business, we run to keep up with demand • Health APIs • SaaS, PaaS, IaaS • Developer Enablement • Cloud Identity Provider
Copyright © 2015 Cloud Identity Summit. All rights reserved. 12
It better be bulletproof
• Downtime was no longer something you coordinated and forced upon the business. Now you have commercial customers who expect 24x7
• Enterprise support versus commercial support forced a change of culture.
• From enterprise IAM shop to essentially a commercial cloud IDP.
Copyright © 2015 Cloud Identity Summit. All rights reserved. 13
What did we build??
We had green field to work with and great technology vendor partners. • Best of Breed and home grown • SOAP/REST • Legacy to mobile • LOA3 – FICAM/MARS-E • Multi-tenancy
Copyright © 2015 Cloud Identity Summit. All rights reserved. 14
Copyright © 2015 Cloud Identity Summit. All rights reserved. 15
Front-‐Ends
Policy Enforcements Points / Abstraction SDK
Policy Decision Point / Core IDM Services
Policy Information Point
OptumID UI (healthid)
Identity Management Web Services
Radiant Logic VDS
Identity verification web
services
DB
SiteMinder
DB
Ping FederateIDP/SP
Security SDK
Delegated Login Service
1. Registration2 Forgot Password/UserName3. Login4. Change Password and update profile.5. Administrator UI for setting up relying party6. Identity verification workflow
Extended attributes
Web Services
DB
Layer 7 (API Gateway)
External Applications/Developer Portal/orgs
(consumers of our APIs)
SOAP / RESTful Interface
UnboundIDOptumID LDAP Cloud DB
Step-‐UpAuthentication/OTP Services
Axiomatics
Agents
IDP forConsumers, Providers
Copyright © 2015 Cloud Identity Summit. All rights reserved. 16
ESSO WebSphere
ESSO Service
ProfileAudit
Oracle DB
Authentication LDAP Advanced Auth Service
SiteMinderPolicy Server
OptumID Component Level Diagram
OptumID LDAPStrong AuthRisk EngineAdapters
healthid.optum.com
OptumID UIWebSphere
Strong AuthOracle DB
ESSO RESTWebSphere
REST Interface – User ProfileSiteMinder Policy
LDAP
OptumID VDS
Layer7 API Gateway
What’s underneath the hood?
• Java based App on WebSphere • Multi-DC Active-Active • Abstraction SDK • 4 million users; 40+ reply party
apps – rapid growth • Target migration of 25+ million
identities
Copyright © 2015 Cloud Identity Summit. All rights reserved. 17
BFF Vendors
• CA SiteMinder • CA Layer7 • CA Strong Auth • Ping Federate • RadiantLogic • Axiomatics
Copyright © 2015 Cloud Identity Summit. All rights reserved. 21
No time to slow down!
• We have started working on our next generation of IDM services based on micro architecture. • More branding flexibility. • Automation – Service Catalog • REST as default for everything. • Get ride of agents, identity tokens for everything. • Dynamic elasticity, resiliency, containers and open
shift enterprise Copyright © 2015 Cloud Identity Summit. All rights reserved. 22