cis14: are the enterprises ready for identity of everything?

Are the Enterprises Ready for Identity of Everything?

Ranjan Jain

Enterprise IT Architect

Cisco Systems Inc.

July 2014


Agenda

Iden%ty and Not-‐so-‐Fun facts

Trends & Impact on Iden%ty

IT Architecture Requirements

Iden%ty of Everything & Framework

Q & A


Iden%ty and Not-‐so-‐Fun facts


Identity De!ned

•  Digital Identity is defined as a set of data that uniquely describes a person or thing.

•  Identity Types:   Human   Devices   Applications (APIs) and many more

•  Identity is core to trust model and security principles of confidentiality, integrity, and availability.


Identity – Not So Fun Facts

 Identities frequently targeted for attack:   Executives   Administrators   Outsourced vendors

 Unable to quantify loss due to lack of visibility

 Trend in targeted attacks are many occurrences over an extended period of time

Cyber-attackers need to be right once. Enterprise security need to be right every time.


Security Incident Examples

Impacted 148 million users



Impacted 110 million users



Refrigerator got hacked & more to come Courtesy: www.readwrite.com


Trends & Impact on Iden%ty


Trends Elevating the Importance of Identity

Enabling New Business Models

Security

User Experience

Ease of Doing Business

Operational Expense

Reduction

50

Business

Source: http://share.cisco.com/internet-of-things.html


Trends Elevating the Importance of Identity

Enabling New Business Models

Security

User Experience

Ease of Doing Business

Operational Expense

Reduction

50

Business Technology

Internet of Everything

Mobile / Cloud

Externalizing Data via API’s

Collaboration / Social / Data

Analytics

Advanced Threats

XaaS / Automation Source: http://share.cisco.com/internet-of-things.html


Iden%ty of Everything & Framework


IDentity of Everything (IDoE) Vision

Location

IT Managed

Un-managed

Device

IT Managed

Personal

Any Device

“Enable secure access from any client, on any device, to any service, located anywhere.”

From Anywhere Any Resource

(Anyone, Anything, Anywhere – For Right Business Outcome)

Identities depicted are only representative, and not the comprehensive list

Identity

Human

Device

Application

API

Resource

Web Apps

Mobile Apps

API

Devices

SaaS

Service Providers


Everything Will Have an Identity

Identity Each user, device, and resource has a unique identity. These identities must be non-overlapping

Any

On Any

Accessing Any

User

Device

Resource

Network On Any

To Enable “Internet of Everything”

Human / Non-human identity


Getting GRIP on Identity

Each user, device, and resource has a unique identity.

Any

On Any

Accessing Any

User

Device

Resource

Network On Any

To Enable “Right Authorization”

Identity

GRoups A set of users, devices, or resources are grouped together to create a composite identity (Group) based on one or more sets of attributes.



Getting GRIP on Identity

Each user, device, and resource has a unique identity.

Any

On Any

Accessing Any

User

Device

Resource

Network On Any

To Enable “Right Authorization”

A set of identities are grouped together to create a composite identity (Group) based on one or more sets of attributes.

Identity

GRoups

Policy One or more policies are created and applied. It binds the entitlement of an identity to the required resources.

Auditing Identity Policy Enforcement Groups Right Authorization ++ =



Data Model to Encompass All Types of Identities

Badged Non-Badged

FTE Outsourced

Regular New Acq’stn

Guest

User Device Resource Location

Partner

Customer

End User Server

IT Asset BYOD

Host

Network

PC

Mac

Linux

iOS

Android

IT Mn’gd Un-Mn’gd

DMZ Internal

Protected

Partner Sites

Public Internet

Default

SimDMZ

IT Hosted Ext Hosted

Service Asset

Data Application

- Each User, Device, and Resource has a unique Identity.

•  Campus / FSO •  Data Center •  Bandwidth •  …

Additional Attributes •  Data Classification •  Regulatory Comp. •  Access Protocol •  …

Additional Attributes •  OS •  Version •  Display Size •  …

Additional Attributes

- Each Identity has several attributes that describe its type and their attributes. - One or more of these attributes can then be combined to create a composite identity.

Additional Attributes

•  First Name •  Last Name •  Email •  …


Identity Framework Auditing of Policies & Data Analytics

Authentication

Coarse Grain Authorization

Fine Grain Authorization

SSO Access Service

Registration

Provisioning De-provisioning

Identity Service

Data Stores

Federation

And Various Lifecycles

Identity

Human

Device

Application

API Identity Policy Attributes

APIs & Web Services

User Apps

Devices

Authc Authz

Entitlement Attestation

Resource

Web Apps

Mobile Apps

API

Devices

SaaS

Service Providers


IT Architecture Requirements


IDoE Vision Realization Factors The 4 Must-Haves

Federa&on and API Will be Ubiquitous

Iden&ty for Everything -‐Human -‐Device -‐App, API etc.

Mul&-‐factor Authen&ca&on -‐ It will be a Must -‐ Context will be new dimension

Standards Driven P2P, M2M, P2M


IT Architecture for IDoE The 4 Must-Haves

Security Scalable for Billions

Elas&c BYoT


In Closing

•  IoT will Connect the Un-connected •  Identity will be the core for IoT to happen

•  Securing IAM will be more important than ever

•  Open Standards (OAuth, SCIM, OpenID Connect and more to come) will provide the federation grid for NextGen IAM to work

•  We need to work more closely and openly to ride the IoT wave


Q&A

Thank you.

cis14: are the enterprises ready for identity of everything?

Technology

identity identity

cisco andor

cisco confidential

unique identity

identity types

importance of identity

architect cisco systems

human nonhuman identity