About the SummitProgramWorkshopsSolutions CenterEventsnav-buttons-a_06_4_2

 

Any intelligent fool can make things bigger and more complex... It takes a touch of genius and a lot of courage to move in the opposite direction.

-- Einstein

 


Sponsors

Workshop Sponsor

Google logo

Solution Sponsor

Ping Identity logo

Innotribe logo

Radiant-Logic-Logo


Become a Sponsor

Mailing List
shim

Twitter logo
#CIS2012

Featured Speakers

Bob Blakley
Bob Blakley, Distinguished Analyst

Patrick Harding
Patrick Harding, CTO

Daniel Headrick
Daniel Headrick, Senior Enterprise Security Architect

Chuck Mortimore
Chuck Mortimore, PM Director for Identity and Security

Peter-Vanderauwera
Peter Vanderauwera, Innovation Leader

Communities Welcome!

  • OIDF
  • OIX
  • OASIS SPML
  • OASIS XACML
  • OASIS KMIP
  • OASIS SSTC
  • OASIS WS-Federation
  • OASIS WS-SX (WS-Trust)
  • OASIS Identity in the Cloud
  • OAuth IETF
  • Kantara
  • Shibboleth
  • OpenSAML
  • Cloud Security Alliance
  • TV Everywhere - OATC & OLCA
  • SCIM

Cloud Identity and Access Management - Trusted Front Door to the Cloud

Nico Popp

IT Infrastructure and information are moving to the clouds; the shift is inevitable. The drivers are both economic (commoditization of IT) and technological (virtualization). Nevertheless, the largest obstacle to cloud adoption remains trust. Trust is a complex and multi-faceted challenge that encompasses broad and complex issues such as security, privacy, governance, compliance, and reliability. The dislocation of users, data, and applications that can now move beyond the traditional controls of the network perimeter present a news set of risks still unaddressed by today’s cloud infrastructures.

Policy setting mechanisms are primitive. Audit and controls are minimal. Monitoring remains adhoc. Certification programs are missing. Like eCommerce before it, the cloud needs a trust framework. The trust framework will define a set of common policies (certification programs) and shared infrastructures (trust brokers). The first priority is to create trusted identities for the cloud. Like Certificate authorities for ecommerce before, new Identity trust infrastructures will appear, creating a “trusted front door” between private enterprises and cloud providers. More than simple SSO solutions, identity brokers will enable IAM interoperability, security, governance, compliance, and monitoring.

This presentation proposes a straw man for the trusted identity broker. Furthermore, the distributed, multi-tenant and virtualized nature of the cloud forces us to rethink identity beyond mere user identifiers and credentials. In a world where data can move across networks, applications and their intellectual property have become files (virtual images) and network devices solely exist as memory segment (virtual switches), data, application and devices will all require their own digital identity so that they can be authenticated, signed, encrypted, authorized, and audited by the trusted front doors to the cloud. The last part of the presentation will consider the implications of “an identity for all virtual things” by providing a few examples of innovative trust services that these new identities can enable.