identity and access management in the era of digital transformation
TRANSCRIPT
![Page 1: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/1.jpg)
Identity and Access Management in the Era of Digital Transformation
Selvaratnam Uthaiyashankar VP – Engineering WSO2
![Page 2: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/2.jpg)
Identity and Digital Business
• Identity is at the heart of Digital Business
Image source: http://coranet.com/images/network-security.png
![Page 3: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/3.jpg)
Identity Centric
• Digital Business is all about “User”– How do we know who is accessing– Things user can access or do– User’s preferences– Rules User has to adhere– Relationship with other entities
![Page 4: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/4.jpg)
Proper identity enforcement is essential for customer experience, security, privacy
![Page 5: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/5.jpg)
Authentication
• Direct Authentication– Basic Authentication– Digest Authentication– TLS Mutual Authentication
Service Providers
Authentication
Service ConsumptionImage Source : http://www.densodynamics.com/wp-content/uploads/2016/01/gandalf.jpg
![Page 6: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/6.jpg)
Digital business requires seamless integration of various systems…
![Page 7: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/7.jpg)
Identity Challenges When Integrating Multiple Systems
• Different username, password (credential) for different systems– Preferred username is already taken– Using same username/password might become a security risk
• Too many username, password• Loosing possible collaborations between applications
![Page 8: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/8.jpg)
Authentication• Brokered Authentication
– SAML– OAuth : SAML2/JWT grant type – OpenID– OpenID Connect
• Single Sign-On
Service ProvidersService ProvidersService Providers
Identity Provider
Service Providers
Authentication
Service Consumption
Trust
Image source: http://savepic.ru/6463149.gif
![Page 9: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/9.jpg)
Users Might Want to Use Their Social Identities
• BYOID
![Page 10: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/10.jpg)
Users Might Want to Use Their Enterprise Identity
• Trust between different Identity Domains• Identity Federation
Service ProvidersService ProvidersService Providers
Identity Provider B
Service Providers
Authentication
Service Consumption
Trust
Identity Provider A Trust
![Page 11: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/11.jpg)
Multi-option Authentication
![Page 12: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/12.jpg)
Identity Bus
![Page 13: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/13.jpg)
Identity links all the systems. You just increased the risk of attack on your identity…
![Page 14: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/14.jpg)
Often, weak link is poor user credential
https://www.infosecurity-magazine.com/news/compromised-credentials-quarter/
![Page 15: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/15.jpg)
Multi Factor Authentication
• What you know• What you have• What you are
Image source: http://it.miami.edu/_assets/images/multifactor1.png
![Page 16: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/16.jpg)
Adaptive Authentication
• Ability to change authentication options based on the context
https://3c1703fe8d.site.internapcdn.net/newman/gfx/news/hires/2013/howdochamele.jpg
![Page 17: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/17.jpg)
Provisioning Users
• Self Service– Complete user management– User Portal
• Approvals and Workflows• Just In Time Provisioning
http://blog.genesys.com/wp-content/uploads/2014/07/Road-Sign-Self-Service.jpg
![Page 18: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/18.jpg)
Provisioning Users in Multiple Systems
![Page 19: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/19.jpg)
Access Control
• Principle of least privilege• Role based access control• Attribute based access control• Fine-grained access control
with XACML
http://findbiometrics.com/assets/iStock_Access-300x225.jpg
![Page 20: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/20.jpg)
Auditing User Activities
• You might not know who will access your system (BYOID)
• Full Audit on user activities are important– Specially on User Management, Admin
operations– Who, What, From Where, When, How
• Accountability, Reconstruction, Problem Detection, Intrusion Detection
http://cdn.gocertify.com/images/Auditing%20team%20going%20over%20report.jpg
![Page 21: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/21.jpg)
Analytics
• Understanding user behavior• Predicting future needs• Fraud detection
http://www.labrechedigital.com/images/analytics.png
![Page 22: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/22.jpg)
API Security
• APIs are powering the Digital Business• Ability to secure the API (OAuth)• Identity delegation
https://edinversity.files.wordpress.com/2013/07/handing-over-car-keys.jpg
![Page 23: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/23.jpg)
IoT is an Essential Element in Digital Business
• Identity Include “Things”• Securing your IoT devices is a must• Consider scalability of your IAM System
https://media.licdn.com/mpr/mpr/shrinknp_400_400/AAEAAQAAAAAAAAWRAAAAJDkwODMwYzIyLTA5MzktNDAwZi05ZmI4LWJkYTAyM2U4MDBlNQ.jpg
![Page 24: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/24.jpg)
Perimeter of Your Digital Business will Increase
• Data is in cloud, mobile devices• Borders across systems don’t work anymore• Your Attack Surface increases
– you can’t remove unused features in the cloud services• Security by obscurity doesn’t work anymore• Expect hacking, DoS attacks, phishing attack• Controlling access, monitoring, analyzing and predicting attacks
are the way forward
![Page 25: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/25.jpg)
Bridging Cloud and Internal Systems
• Connectors to bridge Cloud Systems and Internal Systems– Might not be able to open ports for
outside world
http://www.stratoscale.com/wp-content/uploads/gap-1080x1080.jpg
![Page 26: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/26.jpg)
Digital Business Requires Agility
• Should be able to connect new systems easily
• Frequent changes to external system• Future Proof• Needs some Identity Mediation
Concepts
http://s3-us-west-2.amazonaws.com/abacus-blog/wp-content/uploads/2015/10/dog-agility.png
![Page 27: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/27.jpg)
Digital Business Encourages Innovation
• Often, security strategy is viewed as restrictive for Innovation– Specially, when involving with public services, APIs
• Security should be transparent to the user for better user experience
https://www.gatesnotes.com/~/media/Images/Articles/About-Bill-Gates/Accelerating-Innovation/innovation_2016_article_1200px_v1.jpg
![Page 28: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/28.jpg)
Digital Transformation Requires Cultural Changes
• More and more, business units are in control rather than IT and security teams– Yet you need to know who is
accessing, what they are accessing, etc.
• Understanding this cultural shift will reduce frustrations
http://www.leehopkins.net/wp-content/uploads/2010/11/iStock_000010822711XSmall_thumb.jpg
![Page 29: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/29.jpg)
WSO2 Identity Server
![Page 30: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/30.jpg)
![Page 31: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/31.jpg)
http://cdn.ttgtmedia.com/rms/security/Gartner2014_ASA.jpg
![Page 32: Identity and Access Management in the Era of Digital Transformation](https://reader038.vdocuments.mx/reader038/viewer/2022110108/58ed443a1a28ab4c058b45a5/html5/thumbnails/32.jpg)
Thank You!