the future of identity in the cloud: requirements, risks and opportunities - marco casassa mont
DESCRIPTION
This presentation aims at: setting the context about Identity in the Cloud; discussing related identity management issues along with core requirements (coming from users and organisations); illustrating, from an HP Labs’ perspective, future possible models, approaches and IT infrastructures to handle Identity in the Cloud. The introduction of the presentation sets some background: it gives an overview of Cloud Computing and its implications, in terms of service provisioning, security, privacy and identity management. In particular it discusses the paradigm shift from a close & controlled approach (within enterprises) to potentially, on-the-fly composable and customisable services, in the Cloud. Use cases are introduced to illustrate “common” usage and management tasks involving Identity in the Cloud - from both user and organisational perspectives, including the implications of having to deal with Identity in composable and dynamic services. New emerging, related threats and risks are briefly discussed, such as the potential growth of bogus service providers, targeted attacks to the weakest points in the service provisioning chain and identity thefts. This will lead to a discussion of key requirements, determined by new interaction models and service-provisioning paradigms in the Cloud, including: control of identity flows and management of distributed user accounts; trust and reputation about service providers in the Cloud; identity assurance; transparency about security practices; privacy (including consent and revocation). I will then discuss current (categories of) identity management solutions and approaches that deal with aspects of Identity in the Cloud (such as identity federation, identity brokering, Identity 2.0, etc.), along with their pros and cons and failures to address some of the core requirements (such as assurance, trust and privacy control). The final part of this presentation challenges current assumptions and approaches and illustrates future directions, by presenting HP Labs’ medium and long–term vision about how the underlying Cloud infrastructure is going to evolve along with its implication in terms of Identity and Identity Management. This includes the paradigm shifts introduced by the usage of trusted virtualisation, remote attestation of platform capabilities (Trusted Computing Platforms) and identity-driven computational environment (coming from the cloud) that could run on local systems (e.g. at the user side); new emerging identity management models driven by identity-aware platforms and policy-driven delegation of credentials; the role that Security and Identity Analytics can play, by using modelling and simulation, to help organisations to evaluating and predicting the consequences of using services in the Cloud, based on assumptions made on the underlying identity management model and existing threats.TRANSCRIPT
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
The Future of Identity in the Cloud:Requirements, Risks & OpportunitiesMarco Casassa Mont
HP Labs
Systems Security Lab
Bristol, UK
EEMA e-Identity Conference, 2009EEMA e-Identity Conference, 2009
Presentation Outline
• Setting the Context: Cloud Computing• Identity in the Cloud, Risks and Requirements• Current Approaches and Initiatives• Towards the Future of Identity in the Cloud• Conclusions
Cloud Computing: Definition
• No Unique Definition or General Consensus about what Cloud Computing is …
• Different Perspectives & Focuses (Platform, SW, Service Levels…)
• Flavours:−Computing and IT Resources Accessible Online−Dynamically Scalable Computing Power −Virtualization of Resources−Access to (potentially) Composable & Interchangeable Services −Abstraction of IT Infrastructure No need to understand its implementation: use Services & their
APIs−Related “Buzzwords”: Iaas, PaaS, SaaS, EaaS, … −Some current players, at the Infrastructure & Service Level: Salesfoce.com, Google Apps, Amazon, Yahoo, Microsoft, IBM, HP, etc.
Cloud Service Layers
Cloud Infrastructure Services (IaaS)
Cloud Platform Services (PaaS)
Cloud End-User Services (SaaS)
Physical Infrastructure
Service Users
Source: HP Labs, Automated Infrastructure Lab (AIL), Bristol, UK - Peter ToftSource: HP Labs, Automated Infrastructure Lab (AIL), Bristol, UK - Peter Toft
Clo
ud P
rovi
ders
Clo
ud P
rovi
ders
Ser
vice
Pro
vide
rsS
ervi
ceP
rovi
ders
Cloud Computing: Models
EnterpriseEnterprise
DataStorageService
DataStorageService
OfficeAppsOfficeApps
On DemandCPUs
On DemandCPUsPrinting
ServicePrintingService
Cloud Provider #1Cloud Provider #1
Cloud Provider #2Cloud Provider #2
Internal CloudInternal Cloud
CRMServiceCRM
Service
……
Service 3Service 3
BackupService BackupService
ILMService
ILMServiceServiceService
ServiceService
ServiceService
BusinessApps/Service
BusinessApps/Service
EmployeeEmployee
UserUser
…………
…… The InternetThe Internet
Cloud Computing: Key Aspects
• Internal, External and Hybrid Clouds−Cloud Providers and/or The Internet
• Infrastructure Providers• Service Providers
• Composition of Services−Within a Cloud Provider−Across Cloud Providers
• Entities consuming Services in the Clouds−Organisations:
• Business Applications, Services, etc.• Employees
−Private Users
Cloud Computing: Implications
• Enterprise: Paradigm Shift from “Close & Controlled” IT Infrastructures and
Services to Externally Provided Services and IT Infrastructures
• Private User: Paradigm Shift from Accessing Static Set of Services to Dynamic
& Composable Services
• General Issues:− Potential Loss of Control (on Data, Infrastructure, Processes,
etc.)− Data & Confidential Information Stored in The Clouds− Management of Identities and Access (IAM) in the Cloud− Compliance to Security Practice and Legislation − Privacy Management (Control, Consent, Revocation, etc.)− New Threat Environments− Reliability and Longevity of Cloud & Service Providers
Cloud Computing: Initiatives
Recent General Initiatives aiming at Shaping Cloud Computing:
• Open Cloud Manifesto (http://www.opencloudmanifesto.org/)
− Making the case for an Open Cloud
• Cloud Security Alliance (http://www.cloudsecurityalliance.org/)
− Promoting Best Security Practices for the Cloud
• Jericho Forum (http://www.opengroup.org/jericho/)
− Cloud Cube Model: Recommendations & (Security) Evaluation Framework
• …
Presentation Outline
• Setting the Context: Cloud Computing• Identity in the Cloud, Risks and Requirements• Current Approaches and Initiatives• Towards the Future of Identity in the Cloud• Conclusions
Identity and Access Management (IAM)
- Enterprise IAM- Enterprise IAM
• Network Access Control (NAC) • Directory Services• Authentication, Authorization, Audit• Provisioning• Single-Sign-On, Federation• …
• Network Access Control (NAC) • Directory Services• Authentication, Authorization, Audit• Provisioning• Single-Sign-On, Federation• …
- IAM is part of IT Security Strategy - IAM is part of IT Security Strategy • Risk Management• Policy Definitions • Compliance & Governance Practices• Legislation
• Risk Management• Policy Definitions • Compliance & Governance Practices• Legislation
Based on Enterprise Contexts Need to Think about IAM in the Cloud Paradigm Based on Enterprise Contexts Need to Think about IAM in the Cloud Paradigm
Identity in the Cloud: Enterprise Case
EnterpriseEnterprise
DataStorageService
DataStorageService
OfficeAppsOfficeApps
On DemandCPUs
On DemandCPUsPrinting
ServicePrintingService
Cloud Provider #1Cloud Provider #1
Cloud Provider #2Cloud Provider #2
Internal CloudInternal Cloud
CRMServiceCRM
Service
……
Service 3Service 3
BackupService BackupService ILM
ServiceILM
ServiceServiceService
ServiceService
ServiceService
BusinessApps/Service
BusinessApps/Service
EmployeeEmployee
…………
…… The InternetThe Internet
Identity &CredentialsIdentity &Credentials
Identity &CredentialsIdentity &Credentials
Identity &CredentialsIdentity &Credentials
Identity &CredentialsIdentity &Credentials
Identity &CredentialsIdentity &Credentials
Identity &CredentialsIdentity &Credentials
Identity &CredentialsIdentity &Credentials
AuthenticationAuthorization
Audit
AuthenticationAuthorization
Audit
AuthenticationAuthorization
Audit
AuthenticationAuthorization
Audit
AuthenticationAuthorization
Audit
AuthenticationAuthorization
Audit
AuthenticationAuthorization
Audit
AuthenticationAuthorization
Audit
User AccountProvisioning/
De-provisioning
User AccountProvisioning/
De-provisioning
User AccountProvisioning/
De-provisioning
User AccountProvisioning/
De-provisioningUser AccountProvisioning/
De-provisioning
User AccountProvisioning/
De-provisioning
User AccountProvisioning/
De-provisioning
User AccountProvisioning/
De-provisioning
PII Data& Confidential
Information
PII Data& Confidential
Information
PII Data& Confidential
Information
PII Data& Confidential
Information
PII Data& Confidential
Information
PII Data& Confidential
Information
PII Data& Confidential
Information
PII Data& Confidential
Information
IAM Capabilities and Services
Can be Outsourced in
The Cloud …
IAM Capabilities and Services
Can be Outsourced in
The Cloud …
Identity in the Cloud: Enterprise Case
Issues and Risks [1/2]
• Potential Proliferation of Required Identities & Credentials to Access Services Misbehaviours when handling credentials (writing down, reusing, sharing, etc.)
• Complexity in correctly “enabling” Information Flows across boundaries Security Threats (Enterprise Cloud & Service Providers, Service Provider Service Provider, …_
• Propagation of Identity and PII Information across Multiple Clouds/Services Privacy issues (e.g. compliance to multiple Legislations, Importance of Location, etc.) Exposure of business sensitive information (employees’ identities, roles, organisational structures, enterprise apps/services, etc.) How to effectively Control this Data?
• Delegation of IAM and Data Management Processes to Cloud and Service Providers How to get Assurance that these Processes and Security Practice are Consistent with Enterprise Policies? - Recurrent problem for all Stakeholders: Enterprise, Cloud and Service Providers … Consistency and Integrity of User Accounts & Information across various Clouds/Services How to deal with overall Compliance and Governance issues?
Issues and Risks [1/2]
• Potential Proliferation of Required Identities & Credentials to Access Services Misbehaviours when handling credentials (writing down, reusing, sharing, etc.)
• Complexity in correctly “enabling” Information Flows across boundaries Security Threats (Enterprise Cloud & Service Providers, Service Provider Service Provider, …_
• Propagation of Identity and PII Information across Multiple Clouds/Services Privacy issues (e.g. compliance to multiple Legislations, Importance of Location, etc.) Exposure of business sensitive information (employees’ identities, roles, organisational structures, enterprise apps/services, etc.) How to effectively Control this Data?
• Delegation of IAM and Data Management Processes to Cloud and Service Providers How to get Assurance that these Processes and Security Practice are Consistent with Enterprise Policies? - Recurrent problem for all Stakeholders: Enterprise, Cloud and Service Providers … Consistency and Integrity of User Accounts & Information across various Clouds/Services How to deal with overall Compliance and Governance issues?
Identity in the Cloud: Enterprise Case
Issues and Risks [2/2]
• Migration of Services between Cloud and Service Providers Management of Data Lifecycle
• Threats and Attacks in the Clouds and Cloud Services Cloud and Service Providers can be the “weakest links” wrt Security & Privacy
Reliance on good security practice of Third Parties
Issues and Risks [2/2]
• Migration of Services between Cloud and Service Providers Management of Data Lifecycle
• Threats and Attacks in the Clouds and Cloud Services Cloud and Service Providers can be the “weakest links” wrt Security & Privacy
Reliance on good security practice of Third Parties
Identity in the Cloud: Consumer Case
DataStorageService
DataStorageService
OfficeAppsOfficeApps
On DemandCPUs
On DemandCPUsPrinting
ServicePrintingService
Cloud Provider #1Cloud Provider #1
Cloud Provider #2Cloud Provider #2
CRMServiceCRM
Service
DeliveryServiceDeliveryService
Service 3Service 3
BackupService BackupService
ILMService
ILMService
UserUser
…………
…… The InternetThe Internet
Identity &CredentialsIdentity &Credentials
Identity &CredentialsIdentity &Credentials
Identity &CredentialsIdentity &Credentials
AuthenticationAuthorization
Audit
AuthenticationAuthorization
Audit
AuthenticationAuthorization
Audit
AuthenticationAuthorization
Audit
AuthenticationAuthorization
Audit
AuthenticationAuthorization
Audit
User AccountProvisioning/
De-provisioning
User AccountProvisioning/
De-provisioning
User AccountProvisioning/
De-provisioning
User AccountProvisioning/
De-provisioning
User AccountProvisioning/
De-provisioning
User AccountProvisioning/
De-provisioning
PII Data& Confidential
Information
PII Data& Confidential
Information
PII Data& Confidential
Information
PII Data& Confidential
Information
PII Data& Confidential
Information
PII Data& Confidential
Information
Identity in the Cloud: User Case
Issues and Risks
• Potential Proliferations of Identities & Credentials to Access Services Misbehaviours when handling credentials (writing down, reusing, sharing ,etc.)
• Potential Complexity in Configuring & Handling Interactions between various Services Introducing vulnerabilities
• Propagation of Identity and PII Information across Multiple Clouds/Sites Privacy issues (e.g. compliance to multiple Legislations, Importance of Location, etc.) How to handle Consent and Revocation? How to effectively Control this data?
• Trust Issue How to get Assurance that Personal Data and Confidential Information is going to be Handled as Expected, based on Users’ (privacy) Preferences and Expectations? Migration and Deletion of Data
• New Threats Bogus Cloud and Service Providers Identity Thefts Configuration & Management Mistakes
Issues and Risks
• Potential Proliferations of Identities & Credentials to Access Services Misbehaviours when handling credentials (writing down, reusing, sharing ,etc.)
• Potential Complexity in Configuring & Handling Interactions between various Services Introducing vulnerabilities
• Propagation of Identity and PII Information across Multiple Clouds/Sites Privacy issues (e.g. compliance to multiple Legislations, Importance of Location, etc.) How to handle Consent and Revocation? How to effectively Control this data?
• Trust Issue How to get Assurance that Personal Data and Confidential Information is going to be Handled as Expected, based on Users’ (privacy) Preferences and Expectations? Migration and Deletion of Data
• New Threats Bogus Cloud and Service Providers Identity Thefts Configuration & Management Mistakes
Identity in the CloudRequirements
• Simplified Management of Identities and Credentials• Need for Assurance and Transparency about:
− IAM (Outsourced) Processes
− Security & Privacy Practices
− Data Lifecycle Management
• Compliance to Regulation, Policies and Best Practice− Need to redefine what Compliance means in The Cloud
• Accountability• Privacy Management: Control on Data Usage & Flows• Reputation Management
Presentation Outline
• Setting the Context: Cloud Computing• Identity in the Cloud, Risks and Requirements• Current Approaches and Initiatives• Towards the Future of Identity in the Cloud• Conclusions
Identity in the Cloud:Identity Proxy Approach
EnterpriseEnterprise
DataStorageService
DataStorageService
OfficeAppsOfficeApps
On DemandCPUs
On DemandCPUsPrinting
ServicePrintingService
Cloud Provider #1Cloud Provider #1
Cloud Provider #2Cloud Provider #2
Internal CloudInternal Cloud
CRMServiceCRM
Service
……
Service 3Service 3
BackupService BackupService
ILMService
ILMServiceServiceService
ServiceService
ServiceService
BusinessApps/Service
BusinessApps/Service
EmployeeEmployee
…………
…… The InternetThe Internet
IdentityProxy/Mediator
IdentityProxy/Mediator
Identity Proxy/Mediator Approach
• Enterprise-focused• Centralised Management of Credentials and User Accounts• Interception by Identity Proxy and mapping to “External Identities/Accounts”
Pros• Enterprise Control on Identities and mappings• Centralisation & Local Compliance
Cons • Scalability Issues. What about the management of Identities exposed between Composed Services (Service1Service2)?• Lack of Control beyond first point of contact• Accountability and Global Compliance Issues
• Enterprise-focused• Centralised Management of Credentials and User Accounts• Interception by Identity Proxy and mapping to “External Identities/Accounts”
Pros• Enterprise Control on Identities and mappings• Centralisation & Local Compliance
Cons • Scalability Issues. What about the management of Identities exposed between Composed Services (Service1Service2)?• Lack of Control beyond first point of contact• Accountability and Global Compliance Issues
Identity in the Cloud: Federated Approach
EnterpriseEnterprise
DataStorageService
DataStorageService
OfficeAppsOfficeApps
On DemandCPUs
On DemandCPUsPrinting
ServicePrintingService
Cloud Provider #1Cloud Provider #1
Cloud Provider #2Cloud Provider #2
Internal CloudInternal Cloud
CRMServiceCRM
Service
……
Service 3Service 3
BackupService BackupService
ILMService
ILMServiceServiceService
ServiceService
ServiceService
BusinessApps/Service
BusinessApps/Service
EmployeeEmployee
…………
…… The InternetThe Internet
UserUser
IdentityProvider (IdP)
IdentityProvider (IdP)
IdentityProvider (IdP)
IdentityProvider (IdP)
IdentityProvider (IdP)
IdentityProvider (IdP)
IdentityProvider (IdP)
IdentityProvider (IdP)
RegistrationRegistration
RegistrationRegistration
• Federated Identity Management: Identity & Service Providers• Cloud Provider could be the “Identity Provider” for the Services/Service Providers in its Cloud• Approach suitable for Enterprises and private Users
Pros• “Cloud Provider-wide” Control and Management of Identities• Potential setting of Security and Privacy constraints at the Identity Provider site• Circle of Trusts Auditing, Compliance Checking, etc. • Handled with Contracts and SLAs
Cons • IdPs become a bottleneck/central point of control privacy issues• Scalability across multiple Cloud Providers. Federated IdPs?• Reliance on IdPs for Assurance and Compliance (Matter of Trust …)
• Federated Identity Management: Identity & Service Providers• Cloud Provider could be the “Identity Provider” for the Services/Service Providers in its Cloud• Approach suitable for Enterprises and private Users
Pros• “Cloud Provider-wide” Control and Management of Identities• Potential setting of Security and Privacy constraints at the Identity Provider site• Circle of Trusts Auditing, Compliance Checking, etc. • Handled with Contracts and SLAs
Cons • IdPs become a bottleneck/central point of control privacy issues• Scalability across multiple Cloud Providers. Federated IdPs?• Reliance on IdPs for Assurance and Compliance (Matter of Trust …)
Identity in the Cloud: Federated Approach
Presentation Outline
• Setting the Context: Cloud Computing• Identity in the Cloud, Risks and Requirements• Current Approaches and Initiatives• Towards the Future of Identity in the Cloud• Conclusions
Future of Identity in the Cloud: Drivers
• It is Not just a Matter of Technologies and Operational Solutions
• Need for effective Compliance to Laws and Legislation (SOX, HIPAA, EU data Directives, etc.), Business Agreements and Policies
• Need for more Assurance:
− Enterprises: Assurance that IAM, Security, Privacy and Data Management processes are run as expected by Cloud Providers and Service Providers
− Service Providers: Assurance from other Service Providers and Cloud Providers
− End-Users: Assurance about Privacy, Control on Data, etc.
• Need for Transparency and Trust about IAM processes and Data Management in the Clouds
• Privacy Management
Future of Identity in the Cloud: Opportunities
• New Ways to provide Services, Compose them and get the best deals, both for Users and Organisations
Identity and Identity Management is going to Play a key Role
• Unique Chance to re-think what Identity and Identity Management means in the Cloud and how to Handle it
vs. simply trying to adapt and use the old IAM model
• New Technological, Personal and Social Challenges
Opportunity for Research and Development of new Solutions
1. Trusted Infrastructure and Cloud Computing
2. Identity Assurance
3. Identity Analytics
4. EnCoRe Project – Ensuring Consent and Revocation
Future of Identity in the Cloud
Overview of some HP Labs Research Areas Overview of some HP Labs Research Areas
HP Labs, Systems Security Lab (SSL), Bristol, UKhttp://www.hpl.hp.com/research/systems_security/ HP Labs, Systems Security Lab (SSL), Bristol, UKhttp://www.hpl.hp.com/research/systems_security/
1. Trusted Infrastructure
EnterpriseEnterprise
DataStorageService
DataStorageService
OfficeAppsOfficeApps
On DemandCPUs
On DemandCPUsPrinting
ServicePrintingService
Cloud Provider #1Cloud Provider #1
Cloud Provider #2Cloud Provider #2
Internal CloudInternal Cloud
CRMServiceCRM
Service
……
Service 3Service 3
BackupService BackupService
ILMService
ILMServiceServiceService
ServiceService
ServiceService
BusinessApps/Service
BusinessApps/Service
EmployeeEmployee
UserUser
…………
…… The InternetThe Internet
TrustedClient
Devices
TrustedClient
Devices
TrustedClient
Infrastructure
TrustedClient
Infrastructure
TrustedClient
Infrastructure
TrustedClient
InfrastructureTrustedClient
Infrastructure
TrustedClient
Infrastructure
• Ensuring that the Infrastructural IT building blocks of the Cloud are secure, trustworthy and compliant with security best practice
• Role of Trusted Computing Group (TCG)/
• Impact and Role of Virtualization
• Ensuring that the Infrastructural IT building blocks of the Cloud are secure, trustworthy and compliant with security best practice
• Role of Trusted Computing Group (TCG)/
• Impact and Role of Virtualization
TCG: http://www.trustedcomputinggroup.org TCG: http://www.trustedcomputinggroup.org
Trusted Infrastructure: Trusted Virtualized Platform
Personal EnvironmentWin/Lx/OSX
Personal EnvironmentWin/Lx/OSX
Corporate Productivity
OS
Corporate Productivity
OSRemoteIT Mgmt
RemoteIT Mgmt
HomeBanking
HomeBanking
Corporate Production
EnvironmentOS
Corporate Production
EnvironmentOS
E-GovtIntf.
E-GovtIntf. Corp.
SoftPhone
Corp.Soft
Phone
Trusted HypervisorTrusted Hypervisor
Secure Corporate (Government) Client Persona
PersonalClient Persona
Trusted CorporateClient Appliance
Trusted Personal Client Appliances
online (banking, egovt) or local (ipod)
Services managed from
cloud
HP Labs: Applying Trusted Computing to VirtualizationHP Labs: Applying Trusted Computing to Virtualization
Source: HP Labs, Systems Security Lab, Richard Brown Source: HP Labs, Systems Security Lab, Richard Brown
Paradigm Shift: Identities/Personae as “Virtualised Environment” in the Cloud
Trusted HypervisorTrusted Hypervisor
End-User DeviceEnd-User Device
My
Per
sona
1 +
Virt
ualis
ed
Env
iron
men
t 1
My
Per
sona
1 +
Virt
ualis
ed
Env
iron
men
t 1
My
Per
sona
2 +
Virt
ualis
ed
Env
iron
men
t 2
My
Per
sona
2 +
Virt
ualis
ed
Env
iron
men
t 2
BankBank
GamingCommunity
Services
GamingCommunity
Services
……
Using Virtualization to push Control from the Cloud/Service back to the Client Platform •User’s Persona is defined by the Service Interaction Context •User’s Persona & Identity are “tight” to the Virtualised Environment•Persona defined by User or by Service Provider•Potential Mutual attestation of Platforms and Integrity
Using Virtualization to push Control from the Cloud/Service back to the Client Platform •User’s Persona is defined by the Service Interaction Context •User’s Persona & Identity are “tight” to the Virtualised Environment•Persona defined by User or by Service Provider•Potential Mutual attestation of Platforms and Integrity
Specifiable, Manageable and Attestable Virtualization Layer
Leverage Trusted Computing technology for Increased Assurance
Enabling remote attestation of Invariant Security Properties implemented in the Trusted Virtualization Layer
Trusted Virtual Platform
BankingApplication
vTPM
Trusted Virtual Platform
GamingApplication
vTPM
Management
Domain
Trusted Infrastructure Interface (TII)
TPM
Firmware
PhysicalPlatformIdentity
SoftwareIntegrity
VirtualisedTPM (vTPM)VirtualisedTPM (vTPM)
Source: HP Labs, Systems Security Lab, Richard Brown Source: HP Labs, Systems Security Lab, Richard Brown
2. Identity Assurance
• Identity Assurance is concerned with “Providing Visibility into how Risks Associated with Identity Information are being Managed”
• How Does a Third Party, in the Cloud (Cloud Provider, Service Provider, etc.) deal with Security and IAM Aspects, Compliance to Laws and Legislation?
• How to provide Identity Assurance in the Cloud?
• HP Labs (Systems Security Lab) are exploring Mechanisms and Approaches in this space
Reference: http://www.hpl.hp.com/techreports/2008/HPL-2008-25.html Reference: http://www.hpl.hp.com/techreports/2008/HPL-2008-25.html
Identity Assurance
RegistrationIdentity information
Maintenance Destruction
CreateIdentity
Verify
Accept Accept
AddData
ReadId Data
ReviewCorrect
Audit/UsageTransparency
Delete Archive
ShareLoad fromother Sites/IdPs/IDM systems
Underlying IT System
IDM
Controls
CO
BIT
ISO
27000
Physical
Information Management Process, Operations and Controls Information Management Process, Operations and Controls
Identity Assurance in the Cloud
EnterpriseEnterprise
ServiceProviderServiceProviderService
ProviderServiceProvider
ServiceProviderServiceProvider
Cloud Provider #1Cloud Provider #1
IdentityProvider (IdP)
IdentityProvider (IdP)
Cloud Provider #2Cloud Provider #2
ServiceProviderServiceProvider
ServiceProviderServiceProvider
ServiceProviderServiceProvider
IdentityProvider (IdP)
IdentityProvider (IdP)
Circle ofTrustCircle ofTrust
MinimalAcceptableAssuranceInformation
ComplianceCheckingComplianceChecking
IdPAssuranceInformation Match
Assurance ReportAssurance Report
Public Private Public Private
Service ProvidersAssurance Information
LegendLegend
IdentityAssuranceStandards
AssuranceInformation Enhance Trust
HP Labs Model-based Assurance Approach
Audit Data Store
Instrumentation
ReportGenerator Results
Data
Analysis Engine
Assurance Reports
Web based reports
Assurance Model Design
Graphical Modelling
Tool
XML representationof the model
Tests of IT Controls
Key Risk Indicators
ModelRepository
The model design process proceeds in four steps:
1. Categorize IT Controls/ Processes/Mechanisms needed for Assurance
2. Identify Measurable Aspects of these Controls - Performance Indicators - Correctness Tests
3. Build the Control Analysis Model
4. Use the model to monitor for changing conditions and to provide assurance reports
The model design process proceeds in four steps:
1. Categorize IT Controls/ Processes/Mechanisms needed for Assurance
2. Identify Measurable Aspects of these Controls - Performance Indicators - Correctness Tests
3. Build the Control Analysis Model
4. Use the model to monitor for changing conditions and to provide assurance reports
Explicit and Automated Monitoring of IAM Processes and Controls based on Audits & Logs
Explicit and Automated Monitoring of IAM Processes and Controls based on Audits & Logs
Identity Assurance Model
ID Management
ITSupportDisposal
IdentityInfo ManagementCreation
Link to COBIT models
Registration
DocumentCheck
Verification
AuthenticationInfo Gathering
Access Id
UsageTransparency
Review/Correct
Add/UpdateId Info
Load/ShareFrom other IDM
RetentionPolicy
Staff
Top level traffic light
Dashboard and Trends AccountManagement
RightsManagement
Approvals
Separation of Duties
Detailed Information
Expand into details
Identity AssuranceConceptual Model
Identity AssuranceConceptual Model
Representation of Model in Our Tool
Representation of Model in Our Tool
Evaluation of Model Against Audit Data and Logs Assurance Reports
Evaluation of Model Against Audit Data and Logs Assurance Reports
3. Security and Identity Analytics Providing Strategic Decision Support• Focus on Organisation IT (Security) Decision Makers (CIOs/CISOs)
• The growing complexity of IT and the increasing Threat Environment will make related Security Investment Decisions Harder
• The Decision to use The Cloud and its Services is Strategic
• Where to Make Investments (e.g. either IdM or Network Security, how to make business & security aligned …)? Which Choices need to be made? Which Strategy?
• The HP Labs “Security Analytics” Project is exploring how to apply Scientific Modelling and Simulation methodology for Strategic Decision Support
• Identity Analytics Project is focusing on the IAM vertical
38 04/12/23
Organisations’ IT Security Challenges
validation
regulation
Understandthe Economics
Construct Models
Develop Policy
(Trusted)IT infrastructureRisk, Assurance, Compliance
Threats, Investments
Decide &Deploy
Technology
HP Confidential
Identity Analytics - Overview
• Predictive Analysis applied to Identity and Access Management (IAM)
• Problem: How to derive and justify the IAM strategy?
• Which Investment Choices to Make (e.g. Provisioning vs. AAA vs. Education vs. …)?
• We Model IT Systems, Processes, People Behaviours, …
• We Use Models & Simulation to Explore Impact of Choices, Trade-offs and Predict Outcomes
• Predictive Analysis applied to Identity and Access Management (IAM)
• Problem: How to derive and justify the IAM strategy?
• Which Investment Choices to Make (e.g. Provisioning vs. AAA vs. Education vs. …)?
• We Model IT Systems, Processes, People Behaviours, …
• We Use Models & Simulation to Explore Impact of Choices, Trade-offs and Predict Outcomes
Models
Simulations
Data Analysis
Security AnalyticsDecision Support Tools
Security AnalyticsDecision Support Tools
Threat Environment Threat Environment
• Investments• Choices• Hypothesis• …
• Investments• Choices• Hypothesis• …
• Explanation & Predictions• Trade-offs• Economic Analysis
• Explanation & Predictions• Trade-offs• Economic Analysis
HPL Project Material: http://www.hpl.hp.com/personal/Marco_Casassa_Mont/Projects/IdentityAnalytics/IdentityAnalytics.htm HPL Project Material: http://www.hpl.hp.com/personal/Marco_Casassa_Mont/Projects/IdentityAnalytics/IdentityAnalytics.htm
Identity Analytics Applied to The Cloud
EnterpriseEnterprise
DataStorageService
DataStorageService
OfficeAppsOfficeApps
On DemandCPUs
On DemandCPUsPrinting
ServicePrintingService
Cloud Provider #1Cloud Provider #1
Cloud Provider #2Cloud Provider #2
Internal CloudInternal Cloud
CRMServiceCRM
Service
……
Service 3Service 3
BackupService BackupService ILM
ServiceILM
ServiceServiceService
ServiceService
ServiceService
BusinessApps/Service
BusinessApps/Service
EmployeeEmployee
…… ……
…… The InternetThe Internet
Models
Simulations
Data Analysis
Decision Support ToolsDecision Support Tools
• Threat Environment• IAM Processes• Security Processes• Users’ Behaviours
• Threat Environment• IAM Processes• Security Processes• Users’ Behaviours
• Threat Environment• Assumptions & Facts on IAM Processes - Cloud and Service Provides• Assumptions & Facts on Security Processes - Cloud and Service Providers
• Threat Environment• Assumptions & Facts on IAM Processes - Cloud and Service Provides• Assumptions & Facts on Security Processes - Cloud and Service Providers
• Investments• Choices• Hypothesis• …
• Investments• Choices• Hypothesis• …
• Explanation & Predictions• Trade-offs• Economics Analysis
• Explanation & Predictions• Trade-offs• Economics Analysis
Identity Analytics Applied to The Cloud
# Hanging Accounts # Denied Good Accounts# Misconfigured Accounts
Overall Approval Time Overall Deployment Time Bypassed Approval Step
Case #1Current State
0.83 0.89 0.94 0.990.84 0.90 0.95 1
EffortLevel
3480 1032 1134 3378 45122281 2230
AccessAccuracy
ApprovalAccuracy
ProductivityCost
IDM ProvisioningCosts
#Internally Managed Provisioning Activities(Internal Apps)
# Externally Managed Provisioning Activities (Services in the Cloud)
Case #2
Case #3
Case #4
Acc
ura
cy M
easu
res
1
Co
st M
easu
res
0.5
1000
020
000
3000
040
000
3385
5
2575
3
1794
9
1040
3
1120
0
1430
0
1740
0
2050
0
High-Level MetricsTailored to Target CIOs/CISOs &Strategic decision makers
High-Level MetricsTailored to Target CIOs/CISOs &Strategic decision makers
Low-Level MeasuresTailored to Target Domain ExpertsLow-Level MeasuresTailored to Target Domain Experts
Example: Predictions of Outsourcing of IAM Services to the CloudExample: Predictions of Outsourcing of IAM Services to the Cloud
Security & Identity Analytics Methodology
Information System
EmpiricalData/
Knowledge
ConceptualModelling
FormalModelling
Information SystemPP&T
validation
Design explorationeconomic analysis
04/12/2342 HP Confidential
Scientific Approach based on Modelling & SimulationScientific Approach based on Modelling & Simulation
4. TSB EnCoRe Project Consent and Revocation Management
• EnCoRe: Ensuring Consent and Revocation UK TSB Project –
http://www.encore-project.info/
“EnCoRe is a multi-disciplinary research project, spanning across a number of IT and social science specialisms, that is researching how to improve the rigour and ease with which individuals can grant and, more importantly, revoke their consent to the use, storage and sharing of their personal data by others”
• Recognise the Importance of Cloud Computing and its Impact on Identities and Privacy
Problem: Management of Personal Data (PII) and Confidential Information along driven by Consent & Revocation
Identity Data + Consent/Revocation
DataStorageService
DataStorageService
OfficeAppsOfficeApps
On DemandCPUs
On DemandCPUsPrinting
ServicePrintingService
Cloud Provider #1Cloud Provider #1
Cloud Provider #2Cloud Provider #2
CRMServiceCRM
Service
DeliveryServiceDeliveryService
Service 3Service 3
BackupService BackupService
ILMService
ILMService
UserUser
…………
…… The InternetThe Internet
Identity Data & Credentials + Consent/Revocation
Identity Data & Credentials + Consent/Revocation Identity Data & Credentials
+ Consent/Revocation
Identity Data & Credentials + Consent/Revocation
Identity Data & Credentials + Consent/Revocation
Identity Data & Credentials + Consent/Revocation
DataStorageService
DataStorageService
OfficeAppsOfficeApps
On DemandCPUs
On DemandCPUsPrinting
ServicePrintingService
Cloud Provider #1Cloud Provider #1
Cloud Provider #2Cloud Provider #2
CRMServiceCRM
Service
……
Service 3Service 3
BackupService BackupService
ILMService
ILMService
UserUser
…………
…… The InternetThe Internet
EnCoReToolboxEnCoReToolbox
EnCoReToolBoxEnCoReToolBox
EnCoReToolBoxEnCoReToolBox EnCoRe
ToolBoxEnCoReToolBox
EnCoReToolBoxEnCoReToolBox
EnCoRe: Explicit Management of Consent and Revocation
EnCoRe: Explicit Management of Consent and Revocation
PersonalConsent &RevocationAssistant
Por
tals
&A
cces
s P
oint
s
(Virtual)Data
Registry
EnterpriseDataRepositories
ApplicationsServicesBusiness Processes
Disclosure &NotificationManager
Data + Consent
Data location& consent/revocationregistration
Policy & PreferencesConfiguration
Service A
Service B
Revocation
Audit- Data and Consent (& Constraints)
- Revocation
RiskAssessment
-Data and Consent (& Constraints)- Revocation
Notifications
Privacy–aware Policy Enforcement
Policies
Update
Update
Access toServices
Data +Consent &Revocation Requests Registration
& Update
Em
ploy
ees
ServiceRequests Agents
User AccountProvisioning &Data Storage
Consent & RevocationProvisioning
DataStorage
User
Cloud Provider
Presentation Outline
• Setting the Context: Cloud Computing• Identity in the Cloud, Risks and Requirements• Current Approaches and Initiatives• Towards the Future of Identity in the Cloud• Conclusions
Conclusions
• The Cloud and Cloud Computing are Real, Happening Now!• Identity & Identity Management have a key role in the
Cloud• Need to be aware of Involved Issues and Risks:
- Lack of Control on Data - Trust on Infrastructure - Privacy Issues - Assurance and Accountability - New Threat Environments - Complexity in handling Identities - Complexity of making informed decisions
• Need to re-think to the Identity Paradigm in the Cloud rather than just Adapting Current Solutions
• New Opportunities for Research and Development of Innovative Solutions for various Stakeholders
Thanks and Q&A
Contact: Marco Casassa Mont, HP Labs, [email protected] Contact: Marco Casassa Mont, HP Labs, [email protected]
04/12/2351 HP Confidential