cis14: spinning new threads with existing identity systems
DESCRIPTION
Mike Neuenschwander, iC Consult Americas A comparison of use cases for identity in cloud and enterprise deployments, with ideas on how to intertwine enterprise and cloud identity systems in the emerging cloud fabric.TRANSCRIPT
SPINNING NEW THREADS WITH EXISTING IDENTITY SYSTEMS
2
About iC Consult FOUNDED IN 1997 120+ EMPLOYEES OPERATIONS IN 4 COUNTRIES 2 SERVICE BRANDS
Times have changed
3
Now Then
HR
Cloud Use Cases Shift in the design center • High scale & high availability @ low cost
– Rapid deployment to dozens of environments – On-demand change in capacity – Multi-tenancy – Personalized app presentment on login – Data firewall & data sharing – Frequent, iterative rollout of features – Account creation flows
• Vetting through private (not corporate) email • Device registration on a personal device • Password reset with auto-login • “Page 2” functionality • Multiple personas (i.e., business & consumer)
– Custom UI for users, admins, and CSR’s 4
Architectures have changed
Now Then
Corp Data Center
Corp Pla-orm
Elas1c, Virtualized Compute Service
PaaS
App’s 1 2 3
• Always on • Unscheduled elas1c compute • New features rolled out bi-‐weekly • Very low overhead
Packaged IDM Products
Out-‐of-‐the-‐box UI UI’s
…n
Meanwhile, IDM products have changed little
• Existing products are what they were • Core architecture unchanged
• Standards and practices are evolving – But many of the new protocols are “bolted on” to existing architecture
• Scale, performance requirements outpacing product improvements
6
So is IDM as we know it out of its league?
7
Current Requirements
IDM Products
Shipping products will never meet contemporary needs
IDM Products: – it matters less what you use than how you use it
8
We’ve helped companies solve contemporary problems with existing technology
• Multi-tenant LDAP design – Product teams were surprised by the approach, but
endorsed it in the end • Progressive profile creation
– From low-barrier to validated accounts – Validation UI’s
• Automated rollout – Reduces errors and saves time – Iterative feature deployment
• API-level access controls 9
In Summary…
• For identity and access products, creative and destructive processes are ongoing
• Starting over rarely saves time or effort • Use the technologies available to the best of their
abilities
IAM EXCELLENCE
iC Consult Americas LLC 222 S. Main Street, Suite 500 Salt Lake City, UT 84101 E-Mail: [email protected] www.icconsult.com