Professional Documents
Culture Documents
• Trust boundary
• Static
• Monitoring and controlling
– IT Dept.
• Access
– Network
– System
– Applications
• Access
– Network
– System
– Applications
• Network security controls
• Access
– Network
– System
– Applications
• Network security controls
– Intrusion detection system
– Multifactor authentication
• Cloud computing
– Trust boundary
• Dynamic
• Moves beyond the control of IT
Why IAM?
• Improves operational efficiency and regulatory
compliance management
1. User on-boarding and other repetitive tasks.
– Self-service for users requesting password resets
2. To protect systems, applications and information
from internal and external threats.
– Deleting sensitive files
3. To comply with various regulatory, privacy and
data protection requirements
Use cases
• Employees and on-site contractors of an organization
accessing SaaS service using identity federation.
• IT administrators accessing CSP management console
to provision resources and access for users using a
corporate identity.
• Developers creating accounts in a PaaS platform
• End users accessing storage service in the cloud and
sharing files and objects with users, within and outside
the domain using access policy management features.
• An application residing in a cloud service provider
accessing storage from another cloud service.
– Amazon EC2 can access Mosso.
Why IAM
• Improves operational efficiency and regulatory compliance
management
• IAM enables organizations to achieve access control and
operational security
• Cloud use cases that need IAM
– Organization employees accessing SaaS se4rvidce using identity
federation
– IT admin access CSP management console to provision
resources and access foe users using a corporate identity
– Developers creating accounts for partner users in PaaS
– End uses access storage service in a cloud
– Applications residing in a cloud serviced provider access storage
from another cloud service
Why IAM?
• Improves operational efficiency and regulatory compliance
management
• IAM enables organizations to achieve access control and
operational security
• Cloud use cases that need IAM
– Organization employees accessing SaaS se4rvidce using identity
federation
– IT admin access CSP management console to provision
resources and access foe users using a corporate identity
– Developers creating accounts for partner users in PaaS
– End uses access storage service in a cloud
– Applications residing in a cloud serviced provider access storage
from another cloud service
IAM Challenges
• To rapidly provide appropriate access to the
users whose roles and responsibilities often
change for business reasons.
• Turnover of users within the organization.
IAM Challenges
• To rapidly provide appropriate access to the
users whose roles and responsibilities often
change for business reasons.
• Turnover of users within the organization.
– new product and service releases,
IAM Challenges
• To rapidly provide appropriate access to the
users whose roles and responsibilities often
change for business reasons.
• Turnover of users within the organization.
– new product and service releases,
– changing responsibilities etc.
IAM Challenges
• To rapidly provide appropriate access to the
users whose roles and responsibilities often
change for business reasons.
• Turnover of users within the organization.
– new product and service releases,
– changing responsibilities etc.
Add/update/modify user
SPML Manager
http://tutorials.jenkov.com/oauth2/index.html