WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation
-
Upload
wso2-inc -
Category
Technology
-
view
2.706 -
download
0
Transcript of WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation
![Page 1: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/1.jpg)
Identity and Access Management in the Era of Digital Transformation
Selvaratnam Uthaiyashankar VP – Engineering
WSO2
![Page 2: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/2.jpg)
Identity and Digital Business
• Identity is at the heart of Digital Business
Image source: http://coranet.com/images/network-security.png
![Page 3: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/3.jpg)
Identity Centric
• Digital Business is all about “User”– How do we know who is accessing
– Things user can access or do
– User’s preferences
– Rules User has to adhere
– Relationship with other entities
![Page 4: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/4.jpg)
Proper identity enforcement is essential for customer experience, security, privacy
![Page 5: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/5.jpg)
Authentication
• Direct Authentication– Basic Authentication
– Digest Authentication
– TLS Mutual Authentication
Service Providers
Authentication
Service Consumption
Image Source : http://www.densodynamics.com/wp-content/uploads/2016/01/gandalf.jpg
![Page 6: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/6.jpg)
Digital business requires seamless integration of various systems…
![Page 7: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/7.jpg)
Identity Challenges When Integrating Multiple Systems
• Different username, password (credential) for different systems– Preferred username is already taken
– Using same username/password might become a security risk
• Too many username, password
• Loosing possible collaborations between applications
![Page 8: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/8.jpg)
Authentication
• Brokered Authentication– SAML
– OAuth : SAML2/JWT grant type
– OpenID
– OpenID Connect
• Single Sign-On
Service ProvidersService Providers
Service Providers
Identity Provider
Service Providers
Authentication
Service Consumption
Trust
Image source: http://savepic.ru/6463149.gif
![Page 9: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/9.jpg)
Users Might Want to Use Their Social Identities
• BYOID
![Page 10: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/10.jpg)
Users Might Want to Use Their Enterprise Identity
• Trust between different Identity Domains
• Identity Federation
Service ProvidersService Providers
Service Providers
Identity Provider B
Service Providers
Authentication
Service Consumption
Trust
Identity Provider A Trust
![Page 11: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/11.jpg)
Multi-option Authentication
![Page 12: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/12.jpg)
Identity Bus
![Page 13: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/13.jpg)
Identity links all the systems. You just increased the risk of attack on your identity…
![Page 14: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/14.jpg)
Often, weak link is poor user credential
https://www.infosecurity-magazine.com/news/compromised-credentials-quarter/
![Page 15: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/15.jpg)
Multi Factor Authentication
• What you know
• What you have
• What you are
Image source: http://it.miami.edu/_assets/images/multifactor1.png
![Page 16: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/16.jpg)
Adaptive Authentication
• Ability to change authentication options based on the context
https://3c1703fe8d.site.internapcdn.net/newman/gfx/news/hires/2013/howdochamele.jpg
![Page 17: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/17.jpg)
Provisioning Users
• Self Service– Complete user management
– User Portal
• Approvals and Workflows
• Just In Time Provisioning
http://blog.genesys.com/wp-content/uploads/2014/07/Road-Sign-Self-Service.jpg
![Page 18: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/18.jpg)
Provisioning Users in Multiple Systems
![Page 19: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/19.jpg)
Access Control
• Principle of least privilege
• Role based access control
• Attribute based access control
• Fine-grained access control with XACML
http://findbiometrics.com/assets/iStock_Access-300x225.jpg
![Page 20: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/20.jpg)
Auditing User Activities
• You might not know who will access your system (BYOID)
• Full Audit on user activities are important– Specially on User Management, Admin
operations– Who, What, From Where, When, How
• Accountability, Reconstruction, Problem Detection, Intrusion Detection
http://cdn.gocertify.com/images/Auditing%20team%20going%20over%20report.jpg
![Page 21: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/21.jpg)
Analytics
• Understanding user behavior
• Predicting future needs
• Fraud detection
http://www.labrechedigital.com/images/analytics.png
![Page 22: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/22.jpg)
API Security
• APIs are powering the Digital Business
• Ability to secure the API (OAuth)
• Identity delegation
https://edinversity.files.wordpress.com/2013/07/handing-over-car-keys.jpg
![Page 23: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/23.jpg)
IoT is an Essential Element in Digital Business
• Identity Include “Things”
• Securing your IoT devices is a must
• Consider scalability of your IAM System
https://media.licdn.com/mpr/mpr/shrinknp_400_400/AAEAAQAAAAAAAAWRAAAAJDkwODMwYzIyLTA5MzktNDAwZi05ZmI4LWJkYTAyM2U4MDBlNQ.jpg
![Page 24: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/24.jpg)
Perimeter of Your Digital Business will Increase
• Data is in cloud, mobile devices
• Borders across systems don’t work anymore
• Your Attack Surface increases– you can’t remove unused features in the cloud services
• Security by obscurity doesn’t work anymore
• Expect hacking, DoS attacks, phishing attack
• Controlling access, monitoring, analyzing and predicting attacks are the way forward
![Page 25: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/25.jpg)
Bridging Cloud and Internal Systems
• Connectors to bridge Cloud Systems and Internal Systems– Might not be able to open ports for
outside world
http://www.stratoscale.com/wp-content/uploads/gap-1080x1080.jpg
![Page 26: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/26.jpg)
Digital Business Requires Agility
• Should be able to connect new systems easily
• Frequent changes to external system
• Future Proof
• Needs some Identity Mediation Concepts
http://s3-us-west-2.amazonaws.com/abacus-blog/wp-content/uploads/2015/10/dog-agility.png
![Page 27: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/27.jpg)
Digital Business Encourages Innovation
• Often, security strategy is viewed as restrictive for Innovation– Specially, when involving with public services, APIs
• Security should be transparent to the user for better user experience
https://www.gatesnotes.com/~/media/Images/Articles/About-Bill-Gates/Accelerating-Innovation/innovation_2016_article_1200px_v1.jpg
![Page 28: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/28.jpg)
Digital Transformation Requires Cultural Changes
• More and more, business units are in control rather than IT and security teams– Yet you need to know who is
accessing, what they are accessing, etc.
• Understanding this cultural shift will reduce frustrations
http://www.leehopkins.net/wp-content/uploads/2010/11/iStock_000010822711XSmall_thumb.jpg
![Page 29: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/29.jpg)
WSO2 Identity Server
![Page 30: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/30.jpg)
![Page 31: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/31.jpg)
http://cdn.ttgtmedia.com/rms/security/Gartner2014_ASA.jpg
![Page 32: WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transformation](https://reader034.fdocuments.us/reader034/viewer/2022050613/58ad8aa51a28ab662a8b570b/html5/thumbnails/32.jpg)
Thank You!