Shell Oil Company: Providing Real-Time, Secure Information Access for Partners,

Clients & Customers

David Miller Chief Security Officer

Responsible for internal and external system architecture security issues for the e-business exchange. In addition, Miller directs the identity management offering at Covisint, which currently secures access for automotive, healthcare and government customers.

• Security thought leader • Named to the 2009 editorial advisory board for Health

Management Technology. • Recently named by FORTUNE magazine as an “identity

visionary.”• A published author

• 18 Million IDS

• 1 Million daily transactions

• 9 languages

• 40 countries

• 1,000+ applications

• 200 core platform customers

Enterprise-grade, Global and Proven

One Platform

500+ Global Customers

22M+ Users

1B+ Yearly Transactions

100% Availability

The “Early Days”

Today

Collaboration is KeyIn today’s business, it is no longer a single large organization that owns the complete lifecycle of a producing asset.

Oil and gas companies and their partners need to collaborate.• As multiple companies partner on projects, both historical and current data

needs to be readily available to all partners.o Geologists and engineers spend between 30%

to 50% of their time mining through disparate repositories and files trying to locate data.

o 77% of energy-sector employees are third-party employees.

Oil and gas companies and their suppliers need to collaborate.• Data needs to be shared to and from service companies all along the supply

chain.

When different organizations use and update common systems, stronger security is imperative.

“It is estimated that engineers alone spend almost 10 million people-hours a year searching for information, which equals an average net loss of $485 million for the industry.”Source: Next Generation of Oil & Gas

IT Is a DifferentiatorInformation Technology is a competitive

differentiator

Right understanding and use of IT separates leaders from laggards

Leaders use collaborative IT architectures as the key enabler:

• Increases process efficiency

• Lowers operational cost

• Solves issues such as:

o Supply security (upstream)

o Shrinking margins (downstream)

Cost ChangeUser

Experience

Issues in the Energy Industry

Shell

Joint Venture 1

Joint Venture 2

Chevron

Contractor C

Contractor B

Supplier A Supplier B

Distributor A

BP

ConocoPhillips

Transportation

Contractor A

Supplier C

Mobility Factor

TechnologyComplianceVisibility Trust

SaaS - Always Upto Date

Energy Industry SolutionsCost Change User

ExperienceTechnologyComplianceVisibility Trust

Identity LifecycleManagement

FederationManagement

Audit andAttestation

Brokering and Protocol Trans

SSO, Portals andDashboards

SaaS -Lower TCO

Adrian Estala Information Risk Architect Lead

Responsible for risk and security architecture within the Shell IT Services and Operations Function. Working with internal and external security leaders, we are focused on driving IT innovation for business growth, in a secure and positive experience for the end user.

Specialties:

• IT Security Strategy & Architecture

• IT Audit & Regulatory Compliance

• Security Services Product Development

• Shell is active in more than 80 countries

• Worldwide, 90,000 full-time employees

• Each day Shell produces 3.2 million barrels of oil

equivalent

• Fuel retail network has around 43,000 service

stations

• In 2011, generated earnings* of $28.6 billion

• Spent $23.5 billion on net capital investment

• Spent $1.1 billion on R&D

Defining a Sustainable External Access Strategy

• SAML as the Standard Protocol• Moving to a Cloud Based IdP• Create a central API Service Bus for Externally Facing Apps• Extend Internal SharePoint Instance to External Parties

Maintain a Positive End User Experience• User Procurement must be fast and simple• The internal vs. external application experience should feel the

same• Allow users to search through data, but ensuring that

confidential data is not viewable or searchable

Access Must be Secure• Enforce 2FA for all access to SharePoint• Ensure access is restricted to only the data/sites that are

required• Provide protection against key attack vectors

Our External Access Challenge

Internal Shell

Network

The Authentication Workflow

Pitfalls to Consider• How will SharePoint

recognize a single user who can come in via AD when are they are internal or through the IdP when they are external? Will the user have two ID’s?

• Be very careful about what you allow the external parties to search. Even if they can’t open a document, just viewing the title may risky.

SharePoint

ADFS

External Networks

Reverse Proxy

External User w/ Password

1 2

3

4

5

The Authentication Workflow

Pitfalls to Consider• How will SharePoint

recognize a single user who can come in via AD when are they are internal or through the IdP when they are external? Will the user have two ID’s?

• Be very careful about what you allow the external parties to search. Even if they can’t open a document, just viewing the title may risky.

External Networks

Reverse Proxy

External User w/ Password

Internal Shell

Network

SharePoint

ADFS

2

3

4

5

User enters URL into the browser. The user is directed to the reverse proxy.1

The Authentication Workflow

Pitfalls to Consider• How will SharePoint

recognize a single user who can come in via AD when are they are internal or through the IdP when they are external? Will the user have two ID’s?

• Be very careful about what you allow the external parties to search. Even if they can’t open a document, just viewing the title may risky.

External Networks

Reverse Proxy

External User w/ Password

1

Internal Shell

Network

SharePoint

ADFS

3

4

5

User redirected to Covisint to authenticate.

2

The Authentication Workflow

Pitfalls to Consider• How will SharePoint

recognize a single user who can come in via AD when are they are internal or through the IdP when they are external? Will the user have two ID’s?

• Be very careful about what you allow the external parties to search. Even if they can’t open a document, just viewing the title may risky.

External User w/ Password

External Networks

Reverse Proxy

1

Internal Shell

Network

SharePoint

ADFS

4

5

2

User sees Covisint page and enters UserID and password. User is sent OTP to mobile to enter.

3

The Authentication Workflow

Pitfalls to Consider• How will SharePoint

recognize a single user who can come in via AD when are they are internal or through the IdP when they are external? Will the user have two ID’s?

• Be very careful about what you allow the external parties to search. Even if they can’t open a document, just viewing the title may risky.

External Networks

ADFS A token is created for authentication to the internal SP site.

External User w/ Password

Reverse Proxy

1

Internal Shell

Network

SharePoint

5

2

3

4

The Authentication Workflow

Pitfalls to Consider• How will SharePoint

recognize a single user who can come in via AD when are they are internal or through the IdP when they are external? Will the user have two ID’s?

• Be very careful about what you allow the external parties to search. Even if they can’t open a document, just viewing the title may risky.

External Networks

ADFS

Internal Shell

Network

SharePoint

External User w/ Password

Reverse Proxy

1 2

3

4

Access is provided to the authorized SP application.

5

The Architecture Design

Key Design Points to Consider• The Reverse Proxy provides critical

capabilities for secure traffic inspection and for facilitating the authentication. Pick one that can meet your needs, we selected Microsoft’s UAG Proxy.

• The ADFS Server allowed us to present the SAML assertion to SharePoint with all of the required information.

• We used the cloud based user database and we had a second user database internally. We held more information about the user internally and it also allowed us to ensure we had a controlled list that only Shell could change.

• External users were provided with the ability to use a Cipher card or to use an SMS texting option for receiving their 2nd factor credentials.

• Test SharePoint use cases, considering everything that internal users require.

Internal Shell

Network

SharePoint

ADFS

External Networks

Reverse Proxy

External User w/ Password

1 2

3

4

5

Core Business BenefitsGreatly Improve External User Collaboration

• Leverage the same sites they already use internally for external collaboration – manage a single site

• Allow external and internal users to collaborate with full SharePoint functionality

Rapid Procurement of New Access Accounts• Business requests for external user access are fast and consistent, the end user does not have

to wait for hard token if they opt for a soft token model• Internal applications that are already on SharePoint can be efficiently moved into an external

access mode after a security review and associated training

Lower Cost for Development and Operations• Access models are standard across the board, there is no need to rebuild the access

architecture• Cloud based operations provide lower costs opportunities for account management and support

Lessons LearnedConsider the Placement of your SharePoint Service

• Building in an external Office 360 Environment could make access for external parties much easier while still allowing internal users to come in

• Building the solution internally allows for better internal system integration and a better perceived “protection” for confidential or high integrity data

The Road to SAML is Still Being Defined• SAML offers great potential, but many of your internal applications may not be ready for it.

Your proxy vendors are still catching up. • Be realistic about how quickly you can move and don’t make any assumptions about what

should work. Test that SAML readiness before you make the bigger executive commitments.

Don’t forget to Update your Identity and Access Governance• You need to assess your existing procurement and assurance models. You have an opportunity

here to improve your policies which are likely based on an access model you had in place 10 years ago.

Thank you.