© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice

The Future of Identity in the Cloud:Requirements, Risks & OpportunitiesMarco Casassa Mont

marco.casassa-mont@hp.com

HP Labs

Systems Security Lab

Bristol, UK

EEMA e-Identity Conference, 2009EEMA e-Identity Conference, 2009

Presentation Outline

• Setting the Context: Cloud Computing• Identity in the Cloud, Risks and Requirements• Current Approaches and Initiatives• Towards the Future of Identity in the Cloud• Conclusions

Cloud Computing: Definition

• No Unique Definition or General Consensus about what Cloud Computing is …

• Different Perspectives & Focuses (Platform, SW, Service Levels…)

• Flavours:−Computing and IT Resources Accessible Online−Dynamically Scalable Computing Power −Virtualization of Resources−Access to (potentially) Composable & Interchangeable Services −Abstraction of IT Infrastructure No need to understand its implementation: use Services & their

APIs−Related “Buzzwords”: Iaas, PaaS, SaaS, EaaS, … −Some current players, at the Infrastructure & Service Level: Salesfoce.com, Google Apps, Amazon, Yahoo, Microsoft, IBM, HP, etc.

Cloud Service Layers

Cloud Infrastructure Services (IaaS)

Cloud Platform Services (PaaS)

Cloud End-User Services (SaaS)

Physical Infrastructure

Service Users

Source: HP Labs, Automated Infrastructure Lab (AIL), Bristol, UK - Peter ToftSource: HP Labs, Automated Infrastructure Lab (AIL), Bristol, UK - Peter Toft

Clo

ud P

rovi

ders

Clo

ud P

rovi

ders

Ser

vice

Pro

vide

rsS

ervi

ceP

rovi

ders

Cloud Computing: Models

EnterpriseEnterprise

DataStorageService

DataStorageService

OfficeAppsOfficeApps

On DemandCPUs

On DemandCPUsPrinting

ServicePrintingService

Cloud Provider #1Cloud Provider #1

Cloud Provider #2Cloud Provider #2

Internal CloudInternal Cloud

CRMServiceCRM

Service

……

Service 3Service 3

BackupService BackupService

ILMService

ILMServiceServiceService

ServiceService

ServiceService

BusinessApps/Service

BusinessApps/Service

EmployeeEmployee

UserUser

…………

…… The InternetThe Internet

Cloud Computing: Key Aspects

• Internal, External and Hybrid Clouds−Cloud Providers and/or The Internet

• Infrastructure Providers• Service Providers

• Composition of Services−Within a Cloud Provider−Across Cloud Providers

• Entities consuming Services in the Clouds−Organisations:

• Business Applications, Services, etc.• Employees

−Private Users

Cloud Computing: Implications

• Enterprise: Paradigm Shift from “Close & Controlled” IT Infrastructures and

Services to Externally Provided Services and IT Infrastructures

• Private User: Paradigm Shift from Accessing Static Set of Services to Dynamic

& Composable Services

• General Issues:− Potential Loss of Control (on Data, Infrastructure, Processes,

etc.)− Data & Confidential Information Stored in The Clouds− Management of Identities and Access (IAM) in the Cloud− Compliance to Security Practice and Legislation − Privacy Management (Control, Consent, Revocation, etc.)− New Threat Environments− Reliability and Longevity of Cloud & Service Providers

Cloud Computing: Initiatives

Recent General Initiatives aiming at Shaping Cloud Computing:

• Open Cloud Manifesto (http://www.opencloudmanifesto.org/)

− Making the case for an Open Cloud

• Cloud Security Alliance (http://www.cloudsecurityalliance.org/)

− Promoting Best Security Practices for the Cloud

• Jericho Forum (http://www.opengroup.org/jericho/)

− Cloud Cube Model: Recommendations & (Security) Evaluation Framework

• …

Presentation Outline

• Setting the Context: Cloud Computing• Identity in the Cloud, Risks and Requirements• Current Approaches and Initiatives• Towards the Future of Identity in the Cloud• Conclusions

Identity and Access Management (IAM)

- Enterprise IAM- Enterprise IAM

• Network Access Control (NAC) • Directory Services• Authentication, Authorization, Audit• Provisioning• Single-Sign-On, Federation• …

• Network Access Control (NAC) • Directory Services• Authentication, Authorization, Audit• Provisioning• Single-Sign-On, Federation• …

- IAM is part of IT Security Strategy - IAM is part of IT Security Strategy • Risk Management• Policy Definitions • Compliance & Governance Practices• Legislation

• Risk Management• Policy Definitions • Compliance & Governance Practices• Legislation

Based on Enterprise Contexts Need to Think about IAM in the Cloud Paradigm Based on Enterprise Contexts Need to Think about IAM in the Cloud Paradigm

Identity in the Cloud: Enterprise Case

EnterpriseEnterprise

DataStorageService

DataStorageService

OfficeAppsOfficeApps

On DemandCPUs

On DemandCPUsPrinting

ServicePrintingService

Cloud Provider #1Cloud Provider #1

Cloud Provider #2Cloud Provider #2

Internal CloudInternal Cloud

CRMServiceCRM

Service

……

Service 3Service 3

BackupService BackupService ILM

ServiceILM

ServiceServiceService

ServiceService

ServiceService

BusinessApps/Service

BusinessApps/Service

EmployeeEmployee

…………

…… The InternetThe Internet

Identity &CredentialsIdentity &Credentials

Identity &CredentialsIdentity &Credentials

Identity &CredentialsIdentity &Credentials

Identity &CredentialsIdentity &Credentials

Identity &CredentialsIdentity &Credentials

Identity &CredentialsIdentity &Credentials

Identity &CredentialsIdentity &Credentials

AuthenticationAuthorization

Audit

AuthenticationAuthorization

Audit

AuthenticationAuthorization

Audit

AuthenticationAuthorization

Audit

AuthenticationAuthorization

Audit

AuthenticationAuthorization

Audit

AuthenticationAuthorization

Audit

AuthenticationAuthorization

Audit

User AccountProvisioning/

De-provisioning

User AccountProvisioning/

De-provisioning

User AccountProvisioning/

De-provisioning

User AccountProvisioning/

De-provisioningUser AccountProvisioning/

De-provisioning

User AccountProvisioning/

De-provisioning

User AccountProvisioning/

De-provisioning

User AccountProvisioning/

De-provisioning

PII Data& Confidential

Information

PII Data& Confidential

Information

PII Data& Confidential

Information

PII Data& Confidential

Information

PII Data& Confidential

Information

PII Data& Confidential

Information

PII Data& Confidential

Information

PII Data& Confidential

Information

IAM Capabilities and Services

Can be Outsourced in

The Cloud …

IAM Capabilities and Services

Can be Outsourced in

The Cloud …

Identity in the Cloud: Enterprise Case

Issues and Risks [1/2]

• Potential Proliferation of Required Identities & Credentials to Access Services Misbehaviours when handling credentials (writing down, reusing, sharing, etc.)

• Complexity in correctly “enabling” Information Flows across boundaries Security Threats (Enterprise Cloud & Service Providers, Service Provider Service Provider, …_

• Propagation of Identity and PII Information across Multiple Clouds/Services Privacy issues (e.g. compliance to multiple Legislations, Importance of Location, etc.) Exposure of business sensitive information (employees’ identities, roles, organisational structures, enterprise apps/services, etc.) How to effectively Control this Data?

• Delegation of IAM and Data Management Processes to Cloud and Service Providers How to get Assurance that these Processes and Security Practice are Consistent with Enterprise Policies? - Recurrent problem for all Stakeholders: Enterprise, Cloud and Service Providers … Consistency and Integrity of User Accounts & Information across various Clouds/Services How to deal with overall Compliance and Governance issues?

Issues and Risks [1/2]

• Potential Proliferation of Required Identities & Credentials to Access Services Misbehaviours when handling credentials (writing down, reusing, sharing, etc.)

• Complexity in correctly “enabling” Information Flows across boundaries Security Threats (Enterprise Cloud & Service Providers, Service Provider Service Provider, …_

• Propagation of Identity and PII Information across Multiple Clouds/Services Privacy issues (e.g. compliance to multiple Legislations, Importance of Location, etc.) Exposure of business sensitive information (employees’ identities, roles, organisational structures, enterprise apps/services, etc.) How to effectively Control this Data?

• Delegation of IAM and Data Management Processes to Cloud and Service Providers How to get Assurance that these Processes and Security Practice are Consistent with Enterprise Policies? - Recurrent problem for all Stakeholders: Enterprise, Cloud and Service Providers … Consistency and Integrity of User Accounts & Information across various Clouds/Services How to deal with overall Compliance and Governance issues?

Identity in the Cloud: Enterprise Case

Issues and Risks [2/2]

• Migration of Services between Cloud and Service Providers Management of Data Lifecycle

• Threats and Attacks in the Clouds and Cloud Services Cloud and Service Providers can be the “weakest links” wrt Security & Privacy

Reliance on good security practice of Third Parties

Issues and Risks [2/2]

• Migration of Services between Cloud and Service Providers Management of Data Lifecycle

• Threats and Attacks in the Clouds and Cloud Services Cloud and Service Providers can be the “weakest links” wrt Security & Privacy

Reliance on good security practice of Third Parties

Identity in the Cloud: Consumer Case

DataStorageService

DataStorageService

OfficeAppsOfficeApps

On DemandCPUs

On DemandCPUsPrinting

ServicePrintingService

Cloud Provider #1Cloud Provider #1

Cloud Provider #2Cloud Provider #2

CRMServiceCRM

Service

DeliveryServiceDeliveryService

Service 3Service 3

BackupService BackupService

ILMService

ILMService

UserUser

…………

…… The InternetThe Internet

Identity &CredentialsIdentity &Credentials

Identity &CredentialsIdentity &Credentials

Identity &CredentialsIdentity &Credentials

AuthenticationAuthorization

Audit

AuthenticationAuthorization

Audit

AuthenticationAuthorization

Audit

AuthenticationAuthorization

Audit

AuthenticationAuthorization

Audit

AuthenticationAuthorization

Audit

User AccountProvisioning/

De-provisioning

User AccountProvisioning/

De-provisioning

User AccountProvisioning/

De-provisioning

User AccountProvisioning/

De-provisioning

User AccountProvisioning/

De-provisioning

User AccountProvisioning/

De-provisioning

PII Data& Confidential

Information

PII Data& Confidential

Information

PII Data& Confidential

Information

PII Data& Confidential

Information

PII Data& Confidential

Information

PII Data& Confidential

Information

Identity in the Cloud: User Case

Issues and Risks

• Potential Proliferations of Identities & Credentials to Access Services Misbehaviours when handling credentials (writing down, reusing, sharing ,etc.)

• Potential Complexity in Configuring & Handling Interactions between various Services Introducing vulnerabilities

• Propagation of Identity and PII Information across Multiple Clouds/Sites Privacy issues (e.g. compliance to multiple Legislations, Importance of Location, etc.) How to handle Consent and Revocation? How to effectively Control this data?

• Trust Issue How to get Assurance that Personal Data and Confidential Information is going to be Handled as Expected, based on Users’ (privacy) Preferences and Expectations? Migration and Deletion of Data

• New Threats Bogus Cloud and Service Providers Identity Thefts Configuration & Management Mistakes

Issues and Risks

• Potential Proliferations of Identities & Credentials to Access Services Misbehaviours when handling credentials (writing down, reusing, sharing ,etc.)

• Potential Complexity in Configuring & Handling Interactions between various Services Introducing vulnerabilities

• Propagation of Identity and PII Information across Multiple Clouds/Sites Privacy issues (e.g. compliance to multiple Legislations, Importance of Location, etc.) How to handle Consent and Revocation? How to effectively Control this data?

• Trust Issue How to get Assurance that Personal Data and Confidential Information is going to be Handled as Expected, based on Users’ (privacy) Preferences and Expectations? Migration and Deletion of Data

• New Threats Bogus Cloud and Service Providers Identity Thefts Configuration & Management Mistakes

Identity in the CloudRequirements

• Simplified Management of Identities and Credentials• Need for Assurance and Transparency about:

− IAM (Outsourced) Processes

− Security & Privacy Practices

− Data Lifecycle Management

• Compliance to Regulation, Policies and Best Practice− Need to redefine what Compliance means in The Cloud

• Accountability• Privacy Management: Control on Data Usage & Flows• Reputation Management

Presentation Outline

• Setting the Context: Cloud Computing• Identity in the Cloud, Risks and Requirements• Current Approaches and Initiatives• Towards the Future of Identity in the Cloud• Conclusions

Identity in the Cloud:Identity Proxy Approach

EnterpriseEnterprise

DataStorageService

DataStorageService

OfficeAppsOfficeApps

On DemandCPUs

On DemandCPUsPrinting

ServicePrintingService

Cloud Provider #1Cloud Provider #1

Cloud Provider #2Cloud Provider #2

Internal CloudInternal Cloud

CRMServiceCRM

Service

……

Service 3Service 3

BackupService BackupService

ILMService

ILMServiceServiceService

ServiceService

ServiceService

BusinessApps/Service

BusinessApps/Service

EmployeeEmployee

…………

…… The InternetThe Internet

IdentityProxy/Mediator

IdentityProxy/Mediator

Identity Proxy/Mediator Approach

• Enterprise-focused• Centralised Management of Credentials and User Accounts• Interception by Identity Proxy and mapping to “External Identities/Accounts”

Pros• Enterprise Control on Identities and mappings• Centralisation & Local Compliance

Cons • Scalability Issues. What about the management of Identities exposed between Composed Services (Service1Service2)?• Lack of Control beyond first point of contact• Accountability and Global Compliance Issues

• Enterprise-focused• Centralised Management of Credentials and User Accounts• Interception by Identity Proxy and mapping to “External Identities/Accounts”

Pros• Enterprise Control on Identities and mappings• Centralisation & Local Compliance

Cons • Scalability Issues. What about the management of Identities exposed between Composed Services (Service1Service2)?• Lack of Control beyond first point of contact• Accountability and Global Compliance Issues

Identity in the Cloud: Federated Approach

EnterpriseEnterprise

DataStorageService

DataStorageService

OfficeAppsOfficeApps

On DemandCPUs

On DemandCPUsPrinting

ServicePrintingService

Cloud Provider #1Cloud Provider #1

Cloud Provider #2Cloud Provider #2

Internal CloudInternal Cloud

CRMServiceCRM

Service

……

Service 3Service 3

BackupService BackupService

ILMService

ILMServiceServiceService

ServiceService

ServiceService

BusinessApps/Service

BusinessApps/Service

EmployeeEmployee

…………

…… The InternetThe Internet

UserUser

IdentityProvider (IdP)

IdentityProvider (IdP)

IdentityProvider (IdP)

IdentityProvider (IdP)

IdentityProvider (IdP)

IdentityProvider (IdP)

IdentityProvider (IdP)

IdentityProvider (IdP)

RegistrationRegistration

RegistrationRegistration

• Federated Identity Management: Identity & Service Providers• Cloud Provider could be the “Identity Provider” for the Services/Service Providers in its Cloud• Approach suitable for Enterprises and private Users

Pros• “Cloud Provider-wide” Control and Management of Identities• Potential setting of Security and Privacy constraints at the Identity Provider site• Circle of Trusts Auditing, Compliance Checking, etc. • Handled with Contracts and SLAs

Cons • IdPs become a bottleneck/central point of control privacy issues• Scalability across multiple Cloud Providers. Federated IdPs?• Reliance on IdPs for Assurance and Compliance (Matter of Trust …)

• Federated Identity Management: Identity & Service Providers• Cloud Provider could be the “Identity Provider” for the Services/Service Providers in its Cloud• Approach suitable for Enterprises and private Users

Pros• “Cloud Provider-wide” Control and Management of Identities• Potential setting of Security and Privacy constraints at the Identity Provider site• Circle of Trusts Auditing, Compliance Checking, etc. • Handled with Contracts and SLAs

Cons • IdPs become a bottleneck/central point of control privacy issues• Scalability across multiple Cloud Providers. Federated IdPs?• Reliance on IdPs for Assurance and Compliance (Matter of Trust …)

Identity in the Cloud: Federated Approach

Presentation Outline

• Setting the Context: Cloud Computing• Identity in the Cloud, Risks and Requirements• Current Approaches and Initiatives• Towards the Future of Identity in the Cloud• Conclusions

Future of Identity in the Cloud: Drivers

• It is Not just a Matter of Technologies and Operational Solutions

• Need for effective Compliance to Laws and Legislation (SOX, HIPAA, EU data Directives, etc.), Business Agreements and Policies

• Need for more Assurance:

− Enterprises: Assurance that IAM, Security, Privacy and Data Management processes are run as expected by Cloud Providers and Service Providers

− Service Providers: Assurance from other Service Providers and Cloud Providers

− End-Users: Assurance about Privacy, Control on Data, etc.

• Need for Transparency and Trust about IAM processes and Data Management in the Clouds

• Privacy Management

Future of Identity in the Cloud: Opportunities

• New Ways to provide Services, Compose them and get the best deals, both for Users and Organisations

Identity and Identity Management is going to Play a key Role

• Unique Chance to re-think what Identity and Identity Management means in the Cloud and how to Handle it

vs. simply trying to adapt and use the old IAM model

• New Technological, Personal and Social Challenges

Opportunity for Research and Development of new Solutions

1. Trusted Infrastructure and Cloud Computing

2. Identity Assurance

3. Identity Analytics

4. EnCoRe Project – Ensuring Consent and Revocation

Future of Identity in the Cloud

Overview of some HP Labs Research Areas Overview of some HP Labs Research Areas

HP Labs, Systems Security Lab (SSL), Bristol, UKhttp://www.hpl.hp.com/research/systems_security/ HP Labs, Systems Security Lab (SSL), Bristol, UKhttp://www.hpl.hp.com/research/systems_security/

1. Trusted Infrastructure

EnterpriseEnterprise

DataStorageService

DataStorageService

OfficeAppsOfficeApps

On DemandCPUs

On DemandCPUsPrinting

ServicePrintingService

Cloud Provider #1Cloud Provider #1

Cloud Provider #2Cloud Provider #2

Internal CloudInternal Cloud

CRMServiceCRM

Service

……

Service 3Service 3

BackupService BackupService

ILMService

ILMServiceServiceService

ServiceService

ServiceService

BusinessApps/Service

BusinessApps/Service

EmployeeEmployee

UserUser

…………

…… The InternetThe Internet

TrustedClient

Devices

TrustedClient

Devices

TrustedClient

Infrastructure

TrustedClient

Infrastructure

TrustedClient

Infrastructure

TrustedClient

InfrastructureTrustedClient

Infrastructure

TrustedClient

Infrastructure

• Ensuring that the Infrastructural IT building blocks of the Cloud are secure, trustworthy and compliant with security best practice

• Role of Trusted Computing Group (TCG)/

• Impact and Role of Virtualization

• Ensuring that the Infrastructural IT building blocks of the Cloud are secure, trustworthy and compliant with security best practice

• Role of Trusted Computing Group (TCG)/

• Impact and Role of Virtualization

TCG: http://www.trustedcomputinggroup.org TCG: http://www.trustedcomputinggroup.org

Trusted Infrastructure: Trusted Virtualized Platform

Personal EnvironmentWin/Lx/OSX

Personal EnvironmentWin/Lx/OSX

Corporate Productivity

OS

Corporate Productivity

OSRemoteIT Mgmt

RemoteIT Mgmt

HomeBanking

HomeBanking

Corporate Production

EnvironmentOS

Corporate Production

EnvironmentOS

E-GovtIntf.

E-GovtIntf. Corp.

SoftPhone

Corp.Soft

Phone

Trusted HypervisorTrusted Hypervisor

Secure Corporate (Government) Client Persona

PersonalClient Persona

Trusted CorporateClient Appliance

Trusted Personal Client Appliances

online (banking, egovt) or local (ipod)

Services managed from

cloud

HP Labs: Applying Trusted Computing to VirtualizationHP Labs: Applying Trusted Computing to Virtualization

Source: HP Labs, Systems Security Lab, Richard Brown Source: HP Labs, Systems Security Lab, Richard Brown

Paradigm Shift: Identities/Personae as “Virtualised Environment” in the Cloud

Trusted HypervisorTrusted Hypervisor

End-User DeviceEnd-User Device

My

Per

sona

1 +

Virt

ualis

ed

Env

iron

men

t 1

My

Per

sona

1 +

Virt

ualis

ed

Env

iron

men

t 1

My

Per

sona

2 +

Virt

ualis

ed

Env

iron

men

t 2

My

Per

sona

2 +

Virt

ualis

ed

Env

iron

men

t 2

BankBank

GamingCommunity

Services

GamingCommunity

Services

……

Using Virtualization to push Control from the Cloud/Service back to the Client Platform •User’s Persona is defined by the Service Interaction Context •User’s Persona & Identity are “tight” to the Virtualised Environment•Persona defined by User or by Service Provider•Potential Mutual attestation of Platforms and Integrity

Using Virtualization to push Control from the Cloud/Service back to the Client Platform •User’s Persona is defined by the Service Interaction Context •User’s Persona & Identity are “tight” to the Virtualised Environment•Persona defined by User or by Service Provider•Potential Mutual attestation of Platforms and Integrity

Specifiable, Manageable and Attestable Virtualization Layer

Leverage Trusted Computing technology for Increased Assurance

Enabling remote attestation of Invariant Security Properties implemented in the Trusted Virtualization Layer

Trusted Virtual Platform

BankingApplication

vTPM

Trusted Virtual Platform

GamingApplication

vTPM

Management

Domain

Trusted Infrastructure Interface (TII)

TPM

Firmware

PhysicalPlatformIdentity

SoftwareIntegrity

VirtualisedTPM (vTPM)VirtualisedTPM (vTPM)

Source: HP Labs, Systems Security Lab, Richard Brown Source: HP Labs, Systems Security Lab, Richard Brown

2. Identity Assurance

• Identity Assurance is concerned with “Providing Visibility into how Risks Associated with Identity Information are being Managed”

• How Does a Third Party, in the Cloud (Cloud Provider, Service Provider, etc.) deal with Security and IAM Aspects, Compliance to Laws and Legislation?

• How to provide Identity Assurance in the Cloud?

• HP Labs (Systems Security Lab) are exploring Mechanisms and Approaches in this space

Reference: http://www.hpl.hp.com/techreports/2008/HPL-2008-25.html Reference: http://www.hpl.hp.com/techreports/2008/HPL-2008-25.html

Identity Assurance

RegistrationIdentity information

Maintenance Destruction

CreateIdentity

Verify

Accept Accept

AddData

ReadId Data

ReviewCorrect

Audit/UsageTransparency

Delete Archive

ShareLoad fromother Sites/IdPs/IDM systems

Underlying IT System

IDM

Controls

CO

BIT

ISO

27000

Physical

Information Management Process, Operations and Controls Information Management Process, Operations and Controls

Identity Assurance in the Cloud

EnterpriseEnterprise

ServiceProviderServiceProviderService

ProviderServiceProvider

ServiceProviderServiceProvider

Cloud Provider #1Cloud Provider #1

IdentityProvider (IdP)

IdentityProvider (IdP)

Cloud Provider #2Cloud Provider #2

ServiceProviderServiceProvider

ServiceProviderServiceProvider

ServiceProviderServiceProvider

IdentityProvider (IdP)

IdentityProvider (IdP)

Circle ofTrustCircle ofTrust

MinimalAcceptableAssuranceInformation

ComplianceCheckingComplianceChecking

IdPAssuranceInformation Match

Assurance ReportAssurance Report

Public Private Public Private

Service ProvidersAssurance Information

LegendLegend

IdentityAssuranceStandards

AssuranceInformation Enhance Trust

HP Labs Model-based Assurance Approach

Audit Data Store

Instrumentation

ReportGenerator Results

Data

Analysis Engine

Assurance Reports

Web based reports

Assurance Model Design

Graphical Modelling

Tool

XML representationof the model

Tests of IT Controls

Key Risk Indicators

ModelRepository

The model design process proceeds in four steps:

1. Categorize IT Controls/ Processes/Mechanisms needed for Assurance

2. Identify Measurable Aspects of these Controls - Performance Indicators - Correctness Tests

3. Build the Control Analysis Model

4. Use the model to monitor for changing conditions and to provide assurance reports

The model design process proceeds in four steps:

1. Categorize IT Controls/ Processes/Mechanisms needed for Assurance

2. Identify Measurable Aspects of these Controls - Performance Indicators - Correctness Tests

3. Build the Control Analysis Model

4. Use the model to monitor for changing conditions and to provide assurance reports

Explicit and Automated Monitoring of IAM Processes and Controls based on Audits & Logs

Explicit and Automated Monitoring of IAM Processes and Controls based on Audits & Logs

Identity Assurance Model

ID Management

ITSupportDisposal

IdentityInfo ManagementCreation

Link to COBIT models

Registration

DocumentCheck

Verification

AuthenticationInfo Gathering

Access Id

UsageTransparency

Review/Correct

Add/UpdateId Info

Load/ShareFrom other IDM

RetentionPolicy

Staff

Top level traffic light

Dashboard and Trends AccountManagement

RightsManagement

Approvals

Separation of Duties

Detailed Information

Expand into details

Identity AssuranceConceptual Model

Identity AssuranceConceptual Model

Representation of Model in Our Tool

Representation of Model in Our Tool

Evaluation of Model Against Audit Data and Logs Assurance Reports

Evaluation of Model Against Audit Data and Logs Assurance Reports

3. Security and Identity Analytics Providing Strategic Decision Support• Focus on Organisation IT (Security) Decision Makers (CIOs/CISOs)

• The growing complexity of IT and the increasing Threat Environment will make related Security Investment Decisions Harder

• The Decision to use The Cloud and its Services is Strategic

• Where to Make Investments (e.g. either IdM or Network Security, how to make business & security aligned …)? Which Choices need to be made? Which Strategy?

• The HP Labs “Security Analytics” Project is exploring how to apply Scientific Modelling and Simulation methodology for Strategic Decision Support

• Identity Analytics Project is focusing on the IAM vertical

38 04/12/23

Organisations’ IT Security Challenges

validation

regulation

Understandthe Economics

Construct Models

Develop Policy

(Trusted)IT infrastructureRisk, Assurance, Compliance

Threats, Investments

Decide &Deploy

Technology

HP Confidential

Identity Analytics - Overview

• Predictive Analysis applied to Identity and Access Management (IAM)

• Problem: How to derive and justify the IAM strategy?

• Which Investment Choices to Make (e.g. Provisioning vs. AAA vs. Education vs. …)?

• We Model IT Systems, Processes, People Behaviours, …

• We Use Models & Simulation to Explore Impact of Choices, Trade-offs and Predict Outcomes

• Predictive Analysis applied to Identity and Access Management (IAM)

• Problem: How to derive and justify the IAM strategy?

• Which Investment Choices to Make (e.g. Provisioning vs. AAA vs. Education vs. …)?

• We Model IT Systems, Processes, People Behaviours, …

• We Use Models & Simulation to Explore Impact of Choices, Trade-offs and Predict Outcomes

Models

Simulations

Data Analysis

Security AnalyticsDecision Support Tools

Security AnalyticsDecision Support Tools

Threat Environment Threat Environment

• Investments• Choices• Hypothesis• …

• Investments• Choices• Hypothesis• …

• Explanation & Predictions• Trade-offs• Economic Analysis

• Explanation & Predictions• Trade-offs• Economic Analysis

HPL Project Material: http://www.hpl.hp.com/personal/Marco_Casassa_Mont/Projects/IdentityAnalytics/IdentityAnalytics.htm HPL Project Material: http://www.hpl.hp.com/personal/Marco_Casassa_Mont/Projects/IdentityAnalytics/IdentityAnalytics.htm

Identity Analytics Applied to The Cloud

EnterpriseEnterprise

DataStorageService

DataStorageService

OfficeAppsOfficeApps

On DemandCPUs

On DemandCPUsPrinting

ServicePrintingService

Cloud Provider #1Cloud Provider #1

Cloud Provider #2Cloud Provider #2

Internal CloudInternal Cloud

CRMServiceCRM

Service

……

Service 3Service 3

BackupService BackupService ILM

ServiceILM

ServiceServiceService

ServiceService

ServiceService

BusinessApps/Service

BusinessApps/Service

EmployeeEmployee

…… ……

…… The InternetThe Internet

Models

Simulations

Data Analysis

Decision Support ToolsDecision Support Tools

• Threat Environment• IAM Processes• Security Processes• Users’ Behaviours

• Threat Environment• IAM Processes• Security Processes• Users’ Behaviours

• Threat Environment• Assumptions & Facts on IAM Processes - Cloud and Service Provides• Assumptions & Facts on Security Processes - Cloud and Service Providers

• Threat Environment• Assumptions & Facts on IAM Processes - Cloud and Service Provides• Assumptions & Facts on Security Processes - Cloud and Service Providers

• Investments• Choices• Hypothesis• …

• Investments• Choices• Hypothesis• …

• Explanation & Predictions• Trade-offs• Economics Analysis

• Explanation & Predictions• Trade-offs• Economics Analysis

Identity Analytics Applied to The Cloud

# Hanging Accounts # Denied Good Accounts# Misconfigured Accounts

Overall Approval Time Overall Deployment Time Bypassed Approval Step

Case #1Current State

0.83 0.89 0.94 0.990.84 0.90 0.95 1

EffortLevel

3480 1032 1134 3378 45122281 2230

AccessAccuracy

ApprovalAccuracy

ProductivityCost

IDM ProvisioningCosts

#Internally Managed Provisioning Activities(Internal Apps)

# Externally Managed Provisioning Activities (Services in the Cloud)

Case #2

Case #3

Case #4

Acc

ura

cy M

easu

res

1

Co

st M

easu

res

0.5

1000

020

000

3000

040

000

3385

5

2575

3

1794

9

1040

3

1120

0

1430

0

1740

0

2050

0

High-Level MetricsTailored to Target CIOs/CISOs &Strategic decision makers

High-Level MetricsTailored to Target CIOs/CISOs &Strategic decision makers

Low-Level MeasuresTailored to Target Domain ExpertsLow-Level MeasuresTailored to Target Domain Experts

Example: Predictions of Outsourcing of IAM Services to the CloudExample: Predictions of Outsourcing of IAM Services to the Cloud

Security & Identity Analytics Methodology

Information System

EmpiricalData/

Knowledge

ConceptualModelling

FormalModelling

Information SystemPP&T

validation

Design explorationeconomic analysis

04/12/2342 HP Confidential

Scientific Approach based on Modelling & SimulationScientific Approach based on Modelling & Simulation

4. TSB EnCoRe Project Consent and Revocation Management

• EnCoRe: Ensuring Consent and Revocation UK TSB Project –

http://www.encore-project.info/

“EnCoRe is a multi-disciplinary research project, spanning across a number of IT and social science specialisms, that is researching how to improve the rigour and ease with which individuals can grant and, more importantly, revoke their consent to the use, storage and sharing of their personal data by others”

• Recognise the Importance of Cloud Computing and its Impact on Identities and Privacy

Problem: Management of Personal Data (PII) and Confidential Information along driven by Consent & Revocation

Identity Data + Consent/Revocation

DataStorageService

DataStorageService

OfficeAppsOfficeApps

On DemandCPUs

On DemandCPUsPrinting

ServicePrintingService

Cloud Provider #1Cloud Provider #1

Cloud Provider #2Cloud Provider #2

CRMServiceCRM

Service

DeliveryServiceDeliveryService

Service 3Service 3

BackupService BackupService

ILMService

ILMService

UserUser

…………

…… The InternetThe Internet

Identity Data & Credentials + Consent/Revocation

Identity Data & Credentials + Consent/Revocation Identity Data & Credentials

+ Consent/Revocation

Identity Data & Credentials + Consent/Revocation

Identity Data & Credentials + Consent/Revocation

Identity Data & Credentials + Consent/Revocation

DataStorageService

DataStorageService

OfficeAppsOfficeApps

On DemandCPUs

On DemandCPUsPrinting

ServicePrintingService

Cloud Provider #1Cloud Provider #1

Cloud Provider #2Cloud Provider #2

CRMServiceCRM

Service

……

Service 3Service 3

BackupService BackupService

ILMService

ILMService

UserUser

…………

…… The InternetThe Internet

EnCoReToolboxEnCoReToolbox

EnCoReToolBoxEnCoReToolBox

EnCoReToolBoxEnCoReToolBox EnCoRe

ToolBoxEnCoReToolBox

EnCoReToolBoxEnCoReToolBox

EnCoRe: Explicit Management of Consent and Revocation

EnCoRe: Explicit Management of Consent and Revocation

PersonalConsent &RevocationAssistant

Por

tals

&A

cces

s P

oint

s

(Virtual)Data

Registry

EnterpriseDataRepositories

ApplicationsServicesBusiness Processes

Disclosure &NotificationManager

Data + Consent

Data location& consent/revocationregistration

Policy & PreferencesConfiguration

Service A

Service B

Revocation

Audit- Data and Consent (& Constraints)

- Revocation

RiskAssessment

-Data and Consent (& Constraints)- Revocation

Notifications

Privacy–aware Policy Enforcement

Policies

Update

Update

Access toServices

Data +Consent &Revocation Requests Registration

& Update

Em

ploy

ees

ServiceRequests Agents

User AccountProvisioning &Data Storage

Consent & RevocationProvisioning

DataStorage

User

Cloud Provider

Presentation Outline

• Setting the Context: Cloud Computing• Identity in the Cloud, Risks and Requirements• Current Approaches and Initiatives• Towards the Future of Identity in the Cloud• Conclusions

Conclusions

• The Cloud and Cloud Computing are Real, Happening Now!• Identity & Identity Management have a key role in the

Cloud• Need to be aware of Involved Issues and Risks:

- Lack of Control on Data - Trust on Infrastructure - Privacy Issues - Assurance and Accountability - New Threat Environments - Complexity in handling Identities - Complexity of making informed decisions

• Need to re-think to the Identity Paradigm in the Cloud rather than just Adapting Current Solutions

• New Opportunities for Research and Development of Innovative Solutions for various Stakeholders

Thanks and Q&A

Contact: Marco Casassa Mont, HP Labs, marco.casassa-mont@hp.com Contact: Marco Casassa Mont, HP Labs, marco.casassa-mont@hp.com

04/12/2351 HP Confidential