ESSENTIAL RECIPES FOR THE DIGITAL JOURNEY OF ENTERPRISES

Similar documents
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

5 OAuth Essentials for API Access Control

5 OAuth EssEntiAls for APi AccEss control layer7.com

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Real-time Communications Security and SDN

Enterprise Guest Access

WHITE PAPER. ENSURING SECURITY WITH OPEN APIs. Scott Biesterveld, Lead Solution Architect Senthil Senthil, Development Manager IBS Open APIs

CipherCloud CASB+ Connector for ServiceNow

Cloud Computing: Making the Right Choice for Your Organization

Liferay Security Features Overview. How Liferay Approaches Security

Authlogics for Azure and Office 365

The security challenge in a mobile world

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Sentinet for BizTalk Server SENTINET

SAP Security in a Hybrid World. Kiran Kola

THE SECURITY LEADER S GUIDE TO SSO

CISCO SHIELDED OPTICAL NETWORKING

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

IBM Security Access Manager

How a Federated Identity Service Turns Identity into a Business Enabler, Not an IT Bottleneck

Modernizing Healthcare IT for the Data-driven Cognitive Era Storage and Software-Defined Infrastructure

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

Oracle Buys Corente. Extends Oracle s Virtualization Capabilities with Leading Software-Defined Networking Technology to Deliver Cloud Services

Modern Database Architectures Demand Modern Data Security Measures

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Accelerate Your Enterprise Private Cloud Initiative

CONNECTED IDENTITY: BENEFITS, RISKS, AND CHALLENGES DIRECTOR - SECURITY ARCHITECTURE, WSO2

Sentinet for Microsoft Azure SENTINET

by Cisco Intercloud Fabric and the Cisco

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

App Gateway Deployment Guide

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

5 Pillars of API. management

PCI DSS Compliance. White Paper Parallels Remote Application Server

DreamFactory Security Guide

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

The Why, What, and How of Cisco Tetration

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Cisco Cloud Application Centric Infrastructure

Verizon Software Defined Perimeter (SDP).

WHITEPAPER ON NEXT-LEVEL ACCESS MANAGEMENT

Fine-Grained Access Control

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Google Identity Services for work

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

LinQ2FA. Helping You. Network. Direct Communication. Stay Fraud Free!

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

Next Generation Privilege Identity Management

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Overview. Business value

Sentinet for Windows Azure VERSION 2.2

Hassle-free banking in the DIGITAL AGE through NEXT-GEN. Technologies W H I T E PA P E R

Identity Management as a Service

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Securing Digital Transformation

Dynamic Network Segmentation

Solution. Imagine... a New World of Authentication.

THE HYBRID CLOUD. Private and Public Clouds Better Together

Novell Access Manager 3.1

BUILDING the VIRtUAL enterprise

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Digital Co-Creation with Hybrid IT. Fujitsu World Tour 2017

Accelerate AI with Cisco Computing Solutions

SECURE DATA EXCHANGE

Cloud Security: Constant Innovation

Systems Manager Cloud-Based Enterprise Mobility Management

Securing Data in the Cloud: Point of View

Integrated Access Management Solutions. Access Televentures

The Identity-Based Encryption Advantage

Executive Summary Spear 150 Spear Street, Street, Suite 1400, San Francisco, CA CA

Evaluating Cloud Databases for ecommerce Applications. What you need to grow your ecommerce business

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

Creating new data freedom with the Shared Data Layer

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

WSO2 Identity Management

Keep the Door Open for Users and Closed to Hackers

HDP Security Overview

HDP Security Overview

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

21ST century enterprise. HCL Technologies Presents. Roadmap for Data Center Transformation

All-in one security for large and medium-sized businesses.

The Top Five Reasons to Deploy Software-Defined Networks and Network Functions Virtualization

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

Keynote: The Future of Data Leakage Prevention

FROM A RIGID ECOSYSTEM TO A LOGICAL AND FLEXIBLE ENTITY: THE SOFTWARE- DEFINED DATA CENTRE

Cracking the Access Management Code for Your Business

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

5 Challenges for Public Sector Data Centre Modernisation. And how to address them

Huawei Agile Campus Network Solution

Composite Software Data Virtualization The Five Most Popular Uses of Data Virtualization

Securing Your SWIFT Environment Using Micro-Segmentation

Securing Modern API and Microservice Based Applications by Design A closer look at security concerns for modern applications Farshad Abasi / Forward

Run the business. Not the risks.

Safelayer's Adaptive Authentication: Increased security through context information

THE ROLE OF ADVANCED AUTHENTICATION IN CYBERSECURITY FOR CREDIT UNIONS AND BANKS

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Transcription:

DIRK KRAFZIG MANAS DEB MARTIN FRICK DIGITAL COOKBOOK ESSENTIAL RECIPES FOR THE DIGITAL JOURNEY OF ENTERPRISES For more details visit: https://digital-cookbook.com/ GRAPHIC DESIGN BY KNUT JUNKER AND DIETMAR GRUBERT

332 Chapter 11: Executing the Digital Transformation What if unauthorised guests show up? No way. Only authorised personnel would pass the iris scan. Digital Identity Decouple digital identity and access control policies from your business logic and services Create and govern a catalogue of roles, data sensitivity levels and usage contexts Provide the greatest level of flexibility for consumers by enabling popular standards

Chapter 11: Executing the Digital Transformation 333 11.7 Digital Identity M. Yunus Identity is the most fundamental tenet of establishing digital trust. As a producer of digital assets, you have to know who is interested in using your assets. A passenger has to present a passport to an officer who verifies their identity before letting them board a plane. Similarly, in the digital world, a consumer of your digital assets or services has to provide digital identities such as a username and password, which the producer of the service has to verify before letting the consumer access the digital asset. In the era of legacy mainframe systems, the burden of managing identity was low given the closed nature of such systems. As mainframes evolved into open distributed systems communicating over the Internet, identity management across internal systems and corporate boundaries became necessary. Identity stores such as LDAP 268 servers became a central system of record for identities with a variety of standards such as Kerberos, SAML and OAuth enabling the sharing of identity information. With corporations rapidly adopting public cloud services with their own set of identity requirements and users moving to mobile devices, handling a large variety of digital identities is now a critical issue for companies. Layered on top of the efficient handling of identities is building mechanisms that prevent identity theft 269 an issue that continues to plague our society with profound political, financial and social impacts. Multifactor authentication that requires additional factors (e.g. biometrics or SMS validation) beyond a simple username and password is now becoming a norm for most organisations. 270 Email systems, such as Gmail from Google and many online bank applications, now provide such multifactor capabilities. So, what are the challenges for large corporations? Establishing identity (authentication): In a highly distributed ecosystem of IoT, cloud, mobile, enterprise systems and humans, each consumer of a service, human or machine, has to let the service know who is trying to invoke it. With artificial intelligence (AI) driven devices, such as Amazon Echo, iphone Siri, autonomous drones and vehicles replacing human functions, the 268 Lightweight Directory Access Protocol. 269 Puscual, A., Marchini, K., Miller, S.: 2017 Identity Fraud Study: Securing the Connected Life, Javelin Strategy & Research, 2017. 270 Ackerman, P.: Impediments to Adoption of Two-Factor Authentication by Home End-Users, white paper, SANS Institute InfoSec Reading Room, 2017.

334 Chapter 11: Executing the Digital Transformation number of non-human services interacting with each other will inevitability surpass human-todevice interaction. These services have to consume digital identity tokens and then make a decision on whether to allow the consumer, human or non-human, to use it. Once the service has properly interpreted the identity provided by a consumer, it then has to go to a central identity store, most likely an LDAP server, and check if the consumer is on the list of known users. In a rapidly scaling digital API economy, a service consumer may quickly face the challenge that a producer service may only know how to interpret a single type of identity, such as OAuth. 271 So it then becomes the responsibility of the consumer to provide the token in the correct format in order to invoke the service. This is, of course, neither user-friendly nor a policy that can be kept up to cover a global market. Establishing access rights (authorisation): Who gets to see or use what is a simple exercise for a single application. However, opening up hundreds or thousands of applications is a different story. Once a consumer s identity is validated by checking against an identity store, the next step is to decide whether or not the consumer should be given access to the requested service. Such digital access policies have to be established based on the value and sensitivity of the digital assets and intended actions requested by the consumer. Managing authorisation involves understanding the business value of the digital asset, who should be allowed to use this asset and for what purpose, when it should be accessible and from where a user can request the digital asset. Context is everything: As we just described, with a well-established digital identity, the next decision of whether or not to authorise the consumer to invoke a service usually involves a significant number of attributes, such as consumer location, membership level (e.g. TOP SECRET) and, most importantly, the content sent by and returned to the consumer. Without deep business-level understanding of corporate data, user profiles and roles, service invocation patterns and the business partnership ecosystem, effective context-based access policies are impossible to implement. Once a corporate-level understanding is established, the next step is to use this knowledge to deploy an access control gateway. All identity policies and actions should be consistently enforced across an enterprise. 271 OAuth (Open Authorization) is an open standard for token-based authentication and authorisation on the Internet.

Chapter 11: Executing the Digital Transformation 335 They should be actively managed and audited for compliance with corporate governance directives. Letting API service producers and consumers code their own identity policies right into the business service components should be avoided at all costs since it results in an inconsistent and nonauditable infrastructure with a high-risk profile. We therefore recommend establishing a centralised and dedicated identity layer, which decouples business logic and services. This layer can be implemented by an API security gateway, which brings authentication, authorisation and contextbased access control all together in a centralised gateway model for strong governance. It provides deep, fine-grained content-based access control in a decoupled manner by sitting between the consumer and the producer services. Through centralised access control policies, API security gateways enable rapid deployment of business services. This level of agility is crucial in an era of accelerating digital transformation. Consumer Access Layer Consumer Consumer Governance Authentication Authorisation Token Management Auditing Identity Store Integration Hybrid cloud environments with mobile end-user devices will continue to be the norm for most corporations. To succeed in a fast-moving, complex and heterogeneous environment, where flexibility and cooperation are expected by all partners, digital identity management is crucial. The digital economy is inherently entropic: more APIs continue to be produced and consumed, new data and identity standards continue to emerge, and the enterprise boundaries and functions continue to blur. To flourish in this digital economy, it is imperative for everyone to build a scalable, flexible and agile architecture that adapts rapidly in an ever-changing environment without compromising security.

382 Guest Authors Mamoon Yunus is visionary in API, cloud and XML-based technologies. As the founder of Forum Systems, Yunus pioneered API Security Gateways and Firewalls with the only granted patent for XML network appliances. For over 15 years, he has spearheaded award-winning API and XML security products. Yunus holds two graduate degrees in engineering from MIT and a BSME from Georgia Institute of Technology. Yunus enjoys playing squash and running computations on GPUs.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback