• No results found

IBM. How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area?

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "IBM. How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area?"

Copied!
13
0
0

Loading.... (view fulltext now)

Download now ( 13 Page )

Full text

(1)

© 2011 IBM Corporation

IBM

How can we support the requirement of

creating dynamic, flexible and cost

effective solution in the IAM area?

Sven-Erik Vestergaard

Nordic Security Architect

IBM Software group

[email protected]

(2)

Security is becoming a board room discussion

Business

results

Sony estimates

potential $1B

long term

impact –

$171M / 100

customers

Supply chain

Epsilon breach

impacts 100

national brands

Legal

exposure

TJX estimates

$150M class

action

settlement in

release of

credit / debit

card info

Impact of

hacktivism

Lulzsec 50-day

hack-at-will

spree impacts

Nintendo, CIA,

PBS, UK NHS,

UK SOCA,

Sony …

Audit risk

Zurich

Insurance PLc

fined £2.275M

($3.8M) for the

loss and

exposure of

46K customer

records

Brand image

HSBC data

breach

discloses 24K

private banking

customers

(3)

© 2011 IBM Corporation 3

Security challenges are impacting innovation

 Cyber attacks

 Organized crime

 Corporate espionage

 State-sponsored attacks

 Social engineering

External threats

Sharp rise in external attacks

from non-traditional sources

 Administrative mistakes

 Careless inside behavior

 Internal breaches

 Disgruntled employee actions

 Mix of private / corporate data

Internal threats

Ongoing risk of careless and

malicious insider behavior

 National regulations

 Industry standards

 Local mandates

Compliance

Growing need to address an

increasing number of mandates

Mobility

Mobility

Cloud / Virtualization

Cloud / Virtualization

Social Business

Social Business

Impacting innovation

Business Intelligence

Business Intelligence

(4)

Do we need Policy Management

to handle the challenges ?

(5)

© 2011 IBM Corporation 5

Policy & Policy Management

 Policy - What is it?

–Principle or rule to guide decisions and achieve a desired and

rational outcome

–Contains attributes detailing the 'what', the 'how', the 'where', and

the 'when'

–Published, it becomes the standardized guidelines used by a

system to govern its behavior within its environment and

transactions

 Policy Management

provides an approach for efficiently and

effectively addressing the many risks and requirements inherent in

electronic communication:

–Policy definition (structured way to declare policy constraints)

–Policy enforcement, according to defined policies

(6)

Business Policy

Author

Policy

Lifecycle

Management

Transform Enforce Monitor Service Lifecycle & Governance Policy Policy Lifecycle

& Governance Policy

Architectural Policy

Process Service Information

Service

Development

Lifecycle

Model Assemble Deploy Manage

Operational Policy

Security Monitor Mediation Service Support & Delivery Policy Situational Awareness Business Process Business Services Service Level Management

Policy Reference Architecture

Enablers

Business Policy

Business Policy domains for behavior and performance

Architectural Policy domains for SOA Resources

(7)

© 2011 IBM Corporation 7

Policy aligns individual roles with broader business

objectives

 Architecture layer

– Capture policy as requirements and architectural standards that address

resources

– (e.g.) Limit client credit report access to owning managers

– (e.g.) A particular provider service must respond within 2 seconds in order to

meet business need of end to end 3 second response

 Business layer

– Capture policy as business statements that describe the intent of the

business or specific business level policy

– (e.g.) Compliance officer requires personal information be protected

– (e.g.) Business requires that information be available within 3 seconds of

request

 Operational layer

– Operational Policy are actionable statements that provide specific runtime

actions

– (e.g.) Configure message security to support digital signature and

restricted authorization

– (e.g.) Mediation layer will reroute traffic to secondary endpoint if primary

endpoint does not respond in 2 seconds

(8)

Policy Tree – Example of deriving policy from business

requirements through the various policy layers

Comply with all laws and regulations

Business Requirement

Keep consumer data private as called for by EU privacy reg.

Business Policy

Encrypt consumer name, address, phone numbers and social security

number when such data is stored

Architectural Policy

Encrypt consumer name, address, phone numbers and social security number when such data is transmitted

Access control via userid & password sign on to corporate LDAP directory

for any attempt to access private consumer data

Operational Policy

Encrypt consumer name, address,

Phone numbers and social security number in ESB gateway

(9)

© 2011 IBM Corporation 9

Consumer

Provider

Author Repository Store Enforce Monitor

Architectural Pattern for Service Policy:

Consumer

Provider

Author WSRR ALE Store Enforce Monitor

Key Scenario: SLA Management

e.g.

Consumer

Provider

Author TSPM / WSRR Store Enforce Monitor

Key Scenario: Security

e.g.

Middleware

Consumer

Provider

Author WSRR Store Deploy Monitor

Key Scenario: Service Support & Delivery

Same Architectural Pattern applied across key scenarios

(10)

Elements of an Policy Lifecycle Management solution

 Policy Authoring (Author)

– Policy Selection

Creating instances of standard domains (security, transactions)

Predefine some domains and provide tooling for those domains

– Policy Creation

Allowing users to create policy

 Policy Distribution (Transform

)

– Storage and assignment of policies to resources

– Transform to an actionable form

– Pushing updates or notifications of change to PEPs / PDPs

– Policy administration

– Lifecycle and governance of policies

– Making service descriptions and/or associated policies available

– Pushing updates or notifications of change to PEPs / PDPs

 Policy Enforcement (Enforce)

– Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs)

– Enforcement of policies relating to metadata

– Enforcement of policies relating to SOA endpoint interactions

 Policy Monitoring (Monitor)

– Recording decisions made by PDPs and PEPs

Monitor, measure, and analyze policies

1

2

3

4

Middleware Security Enforcement Record Alerts Distribute

Policy Monitor Policies

Registry Repository Policy Pol icy Policy Web Services Endpoint Policy Authoring

1

2

3

4

Enforce Policies DataPower XS40 DataPower XS40

Tivoli Access Manager

WebSphere App Server

MQ Server Nortel L7 Module

Tivoli NetView

DataPower XS40 DataPower XS40

Tivoli Access Manager

WebSphere App Server

MQ Server Web service client Nortel L7 Module Tivoli NetView

(11)

© 2011 IBM Corporation 11

IBM Reference Architecture for IT Security

Enterprise Service Bus .

Enterprise

Directory

Identity and Access

Management

Enterprise

Directory

Security Services

Presentation/Application Server

Security Enforcement w s -tr u s t, X A C M L

Enterprise

Information

System

Enterprise Auditing & Compliance

ws-trust,

XACML ws-trust, XACML

ws-SecurityPolicy, XACML, etc.

AAA Federated SSO (Point of Contact)

Security Enforcement

Integrated Policy Management Services

ws-security

XML

Security

Gateway

Web Services Web ws-security Audit Events

Sec

urity

Infrastruc

ture

Sec

urity

Serv

ic

es

Appl

ic

ati

ons

& S

ervi

c

es

Pol

ic

y

Mgm

t

(12)

So how do you start ?

 Get Ecxecutive sponsorship

 Get Stakeholders

 Application assement

Policies, start with the most strategic and less complicated (don’t

boil the ocean)

 Identify opereation requirements

(13)

© 2011 IBM Corporation 13

z

z

z

z

z

z

z

Questions ??

References

Download now ( PDF - 13 Page - 871.23 KB )

Related documents

Benefits to the Quality Management System in implementing an IT Service Management Standard ISO/IEC

Key Process in Service Business Suppliers / Subcontractors • Capacity Management • Service Level Management • Continuity & Availability Management • Security Management

Commercial Support Services

We can help you employ, support and keep the best people for your business with services including recruitment, hr advice and policy development, disclosure and barring

HFT and Market Quality

Third, HFTs might crowd out slow liquidity providers, who trade on long term fundamental information but are exposed to the risk of being picked off in the short term. Now, these

IBM 2011 All Rights Reserved. Cloud Computing Reference Architecture v2.0

Common Cloud Management Platform (CCMP) Operational Support Services (OSS) Cloud Services Infrastructure-as-a-Service Platform-as-a-Service Software-as-a-Service

The psychology of mukbang watching: a scoping review of the academic and non-academic literature

Although the reviewed publications did not directly discuss or theorize about addictive mukbang watching, in addition to social uses of mukbang, there are several

A Native Hawaiian Focus on Post-Secondary Education within the University of Hawaiʻi System Hoʻonaʻauao (Education) Fact Sheet, Vol. 2014, No.

University of Hawai ʻ i Community Colleges offer more than 200 certificate and degree programs (including three baccalaureate programs at UH Maui College), classes

Kristin Donceel June IBM Corporation

Common Cloud Management Platform (CCMP) Operational Support Services (OSS) Cloud Services Infrastructure-as-a-Service Platform-as-a-Service Software-as-a-Service

INSTRUCTION MANUAL HI99121

a) Extract a sample of the substrate and allow it to dry. Remove any plant residues and rocks. This will allow the soil to release soluble nutrients. e) Immerse the pH electrode