Identity and Access Management : Trust Boundaries and IAM

11/28/2010 3:13:00 PM
In a typical organization where applications are deployed within the organization’s perimeter the “trust boundary” is mostly static and is monitored and controlled by the IT department. In that traditional model, the trust boundary encompasses the network, systems, and applications hosted in a private data center managed by the IT department (sometimes third-party providers under IT supervision). And access to the network, systems, and applications is secured via network security controls including virtual private networks (VPNs), intrusion detection systems (IDSs), intrusion prevention systems (IPSs), and multifactor authentication.

With the adoption of cloud services, the organization’s trust boundary will become dynamic and will move beyond the control of IT. With cloud computing, the network, system, and application boundary of an organization will extend into the service provider domain. (This may already be the case for most large enterprises engaged in e-commerce, supply chain management, outsourcing, and collaboration with partners and communities.) This loss of control continues to challenge the established trusted governance and control model (including the trusted source of information for employees and contractors), and, if not managed properly, will impede cloud service adoption within an organization.

To compensate for the loss of network control and to strengthen risk assurance, organizations will be forced to rely on other higher-level software controls, such as application security and user access controls. These controls manifest as strong authentication, authorization based on role or claims, trusted sources with accurate attributes, identity federation, single sign-on (SSO), user activity monitoring, and auditing. In particular, organizations need to pay attention to the identity federation architecture and processes, as they can strengthen the controls and trust between organizations and cloud service providers (CSPs).

Identity federation is an emerging industry best practice for dealing with the heterogeneous, dynamic, loosely coupled trust relationships that characterize an organization’s external and internal supply chains and collaboration model. Federation enables the interaction of systems and applications separated by an organization’s trust boundary, e.g., a sales person interacting with from a corporate network. Since federation coupled with good IAM practice can enable strong authentication by way of delegation, web single sign-on, and entitlement management via centralized access control services, it will play a central role in accelerating cloud computing adoption within organizations.

In some cases, the practice of IAM within an organization may suffer due to a lack of central governance and identity information architecture. More often than not, identity storage is managed via manual entry by multiple administrators, and user provisioning processes are not well orchestrated. This process is not only inefficient, but it will also propagate existing bad practice to the cloud services. In such cases, the weak access model will extend excess privileges for unauthorized users to cloud services.

IAM is a two-way street. CSPs need to support IAM standards (e.g., SAML) and practices such as federation for customers to take advantage of and extend their practice to maintain compliance with internal policies and standards. Cloud services that support IAM features such as federation will accelerate the migration of traditional IT applications from trusted corporate networks into a trusted cloud service model. For customers, well-implemented user IAM practices and processes will help protect the confidentiality and integrity and manage compliance of the information stored in the cloud. Cloud services that support IAM standards such as SAML can accelerate the adoption of new cloud services and migration of IT applications from trusted corporate networks into a trusted cloud service model.

Other -----------------
- Parallel Programming with Microsoft .Net : Parallel Tasks - The Default Task Scheduler
- Parallel Programming with Microsoft .Net : Parallel Tasks - Design Notes
- Parallel Programming with Microsoft .Net : Parallel Tasks - Anti-Patterns
- Parallel Programming with Microsoft .Net : Parallel Tasks - Variations (part 2)
- Parallel Programming with Microsoft .Net : Parallel Tasks - Variations (part 1)
- Parallel Programming with Microsoft .Net : Parallel Tasks - An Example
- Parallel Programming with Microsoft .Net : Parallel Tasks - The Basics
- jQuery 1.3 : The jQuery UI plugin library
- jQuery 1.3 : The Form plugin
- jQuery 1.3 : How to use a plugin
- jQuery 1.3 : Sharing a plugin with the world
- Auditing an Existing Site to Identify SEO Problems (part 3) - Fixing an Internal Linking Problem
- Auditing an Existing Site to Identify SEO Problems (part 2) - The Importance of Keyword Reviews
- Auditing an Existing Site to Identify SEO Problems (part 1 - Elements of an Audit
- First Stages of SEO : Defining Your Site’s Information Architecture
- First Stages of SEO : The Major Elements of Planning
- Understanding Your Audience and Finding Your Niche
- Developing an SEO Plan Prior to Site Development
- Setting SEO Goals and Objectives
- jQuery 1.3 : Developing plugins - Adding a selector expression
- First look: Apple Watch

- 10 Amazing Tools You Should Be Using with Dropbox

- Sigma 24mm f/1.4 DG HSM Art

- Canon EF11-24mm f/4L USM

- Creative Sound Blaster Roar 2

- Alienware 17 - Dell's Alienware laptops

- Smartwatch : Wellograph

- Xiaomi Redmi 2
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8