Date post: | 18-May-2015 |
Category: |
Technology |
Upload: | cloudidsummit |
View: | 350 times |
Download: | 1 times |
Identity and Access Management: Collaborative Approaches to Novel Use Cases Nate Lesser, Deputy Director National Cybersecurity Center of Excellence
Cloud Identity Summit 2014 July 20, 2014
ENERGY SECTOR USE CASE: IDENTITY AND ACCESS MANAGEMENT
3 Cloud Identity Summit 2014
OVERVIEW
Goals
‣ Authenticate individuals and systems
‣ Enforce authorization control policies
‣ Unify IdAM services
‣ Protect generation, transmission and distribution
Business value
‣ Reduce costs
‣ Increase efficiency
Cloud Identity Summit 2014 4
SILOS
IT network OT network Physical system
Cloud Identity Summit 2014 5
THE IT-OT DIVIDE
Cloud Identity Summit 2014 6
HIGH-LEVEL ARCHITECTURE
Cloud Identity Summit 2014 7
COLLABORATORS
ABOUT THE NCCOE
Cloud Identity Summit 2014 9
STRATEGY
Vision
‣ A secure cyber infrastructure that inspires technological innovation and fosters economic growth
Mission
‣ Collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs
10 Cloud Identity Summit 2014
TENETS
Standards-based
Modular
Usable
Repeatable
Open and transparent
Commercially available
Cloud Identity Summit 2014 11
REALIZED SECURITY
Realized security = security controls + security gains from ease of use
Cloud Identity Summit 2014 12
APPROACH
We seek problems that are:
‣ Broadly relevant
‣ Technology-based
‣ Addressable with multiple commercially available technologies
Cloud Identity Summit 2014 13
REFERENCE DESIGNS
Use cases
‣ Sector-specific challenges
‣ Identified through industry engagement
Building blocks
‣ Technology-specific challenges ‣ Identified through public engagement
Cloud Identity Summit 2014 14
MODEL
Engage ‣ Work with community of interest to define problem
Explore
‣ Map security characteristics to standards, controls and best practices
‣ Circulate drafts and incorporate feedback
Partner ‣ Invite technology vendors to collaborate in our labs
Build ‣ Collaborate on design components
‣ Incorporate feedback from experts in technology community Show ‣ Demonstrate reference designs
Cloud Identity Summit 2014 15
MODEL
Form small community of interest
Provide input and feedback to NCCoE
Expand community of interest
Submit feedback on use cases to
NCCoE
Offer insights on use cases
Community Of Interest
Support deployment, revision and maintenance of products as part of the
practice guide
Collaborate to develop reference designs
Evangelize on behalf of reference design and practice guide
Deploy, test and provide feedback on the reference design
Provide regular feedback on use case builds
Technology Partners Submit letters
of interest
Speak at sector-
specific events
Work with COI to identify cybersecurity challenges
Host sector-specific
workshop
Review & circulate
pre-release use cases
Revise & publish
draft use cases
Revise use cases &
invite participation
from technology
partners
Receive technology
partners letters
of interest
Demonstrate reference designs
Discuss improvements &
modifications
Publish reference
design and practice guide
Develop composed reference
design
Form build
teams Sign
CRADAs Host
partner day
Cloud Identity Summit 2014 16
CORE PARTNERS
BUILDING BLOCK: ATTRIBUTE BASED ACCESS CONTROL
18 Cloud Identity Summit 2014
OVERVIEW
Goals
‣ Enterprise to enterprise identity federation
‣ Enable access control decisions for previously unknown users
‣ Demonstrate security capabilities that support a wide range of enterprise risk postures
Business value
‣ Simplified identity management
‣ Shared IT resources across multiple enterprises
‣ Reduced risk through granular access control
Cloud Identity Summit 2014 19
HIGH-LEVEL WORKFLOW
Cloud Identity Summit 2014 20
HIGH-LEVEL WORKFLOW
Cloud Identity Summit 2014 21
DEFINITIONS
Sources
‣ Authorization and Attribute Services Committee Glossary
‣ FICAM
‣ FIPS 201
‣ NCCoE
‣ NIST SP 800-37-1 ‣ NIST SP 800-63-2
‣ OMB M-04-04
‣ RFC 4949
Cloud Identity Summit 2014 22
HIGH-LEVEL ARCHITECTURE
Next
[email protected] 240-‐314-‐6800
9600 Gudelsky Drive Rockville, MD 20850
hCp://nccoe.nist.gov