About the Summitnav-buttons-a_02nav-buttons-a_03Solutions CenterEventsTravel Info

 

Any intelligent fool can make things bigger and more complex... It takes a touch of genius and a lot of courage to move in the opposite direction.

-- Einstein

 


Register Today!

Download Summit Overview

sponsors

Silver Sponsors

verisign-logo

Show Sponsors

SafeNet-Black

Solution Center

Ping Identity
BitKoo logo
logoSecureAuth
conformity

Mailing List
Register Now

Follow us on Twitter

Featured Speakers
RussellDietz60 SafeNet-Black
Russell Dietz, CTO

TomFisher60 SuccessFactors144
Tom Fisher, VP Cloud Computing

Patrick60 PingIdentity144
Patrick Harding, CTO
ChristoferHoff60cisco144
Christofer Hoff, Director Cloud & Virtualization

Chuck Mortimoresalesforce.com
Chuck Mortimore, Dir Product Mgmt, Identity & Security

AndreNash60PayPal144
Andrew Nash, Sr. Dir. Identity Services

MikeNeuenschwander60Accenture144
Mike Neuenschwander, Sr. Manager Security Consulting Practice

GunnarPeterson60ArctecGroup144
Gunnar Peterson, Managing Principal

Nico PoppVeriSign
Nico Popp, VP Product Development, Authentication & Trust Services

JimReavis60CloudSecurityAlliance144
Jim Reavis, Executive Director

Christian Reilly Bechtel
Christian Reilly, Mgr Global Systems Engineering

esachsforwebgoogle_logo
Eric Sachs, Google Product Mgr
Google Security & CIO Dept.

John_S60microsoft144w
John Shewchuk, Technical Fellow
Cloud Identity & Access



Special Presentations


AnilSaldhanaAnil Saldhana
Red Hat
IDCloud TC

 
Eve MalerEve Maler
PayPal
User-Managed Access for OAuth


Industry Analysts

Steve Coplan

Sr. Analyst

Enterprise Security

451 Group


Communities Welcome!

  • OIDF
  • ICF
  • OIX
  • OSIS
  • IIW
  • Oauth IETF
  • Oauth WRAP
  • SPML
  • XACML
  • KMIP
  • SSTC
  • WS-Federation
  • WS-SX (WS-Trust
  • IMI
  • Kantara
  • Concordia
  • Identity in the Cloud (new OASIC TC)
  • Shibboleth
  • OpenSAML
  • Cloud Security Alliance
  • TV Everywhere

Cloud Identity and Access Management - Trusted Front Door to the Cloud

Nico Popp

IT Infrastructure and information are moving to the clouds; the shift is inevitable. The drivers are both economic (commoditization of IT) and technological (virtualization). Nevertheless, the largest obstacle to cloud adoption remains trust. Trust is a complex and multi-faceted challenge that encompasses broad and complex issues such as security, privacy, governance, compliance, and reliability. The dislocation of users, data, and applications that can now move beyond the traditional controls of the network perimeter present a news set of risks still unaddressed by today’s cloud infrastructures.

Policy setting mechanisms are primitive. Audit and controls are minimal. Monitoring remains adhoc. Certification programs are missing. Like eCommerce before it, the cloud needs a trust framework. The trust framework will define a set of common policies (certification programs) and shared infrastructures (trust brokers). The first priority is to create trusted identities for the cloud. Like Certificate authorities for ecommerce before, new Identity trust infrastructures will appear, creating a “trusted front door” between private enterprises and cloud providers. More than simple SSO solutions, identity brokers will enable IAM interoperability, security, governance, compliance, and monitoring.

This presentation proposes a straw man for the trusted identity broker. Furthermore, the distributed, multi-tenant and virtualized nature of the cloud forces us to rethink identity beyond mere user identifiers and credentials. In a world where data can move across networks, applications and their intellectual property have become files (virtual images) and network devices solely exist as memory segment (virtual switches), data, application and devices will all require their own digital identity so that they can be authenticated, signed, encrypted, authorized, and audited by the trusted front doors to the cloud. The last part of the presentation will consider the implications of “an identity for all virtual things” by providing a few examples of innovative trust services that these new identities can enable.