Transforming IT Blog
Join us in the Transforming IT HP Blog where we will discuss reinventing IT to overcome obstacles and take advantage of Instant on Enterprise opportunities.

Part 5/Secure Federated Identity Management: Enable 5 Key Security Processes to Protect a Conv Cloud

 

By Jan DeClercq

 

The final key security process for protecting a converged cloud environment is secure federated identity and access management. It is a major enabler for secure interactions between internal cloud platforms, users, administrators, applications and cloud providers in a converged cloud environment.

Secure federated identity and access management incorporates the following identity and access management disciplines or sub- functions:

  • Identity repositories (directories)
  • Access management (authentication, authorization, and auditing, including logging and activity monitoring)
  • Identity provisioning
  • Single sign-on
  • Self-service (password management and identity attribute management)
  • Identity federation
  • Workflow for identity-related approval and activation and de-activation processes
  • Dashboard for tracking identity-related events, issues, and problems
  • Identity governance for establishing and managing identity-related processes, policies, and procedures

Identify federation is a particularly important area of identity and access management in a converged cloud. Identity federation allows for the secure and transparent exchange of identity attributes between identity providers (the organization) and service providers (cloud service providers). It also enables important services in a converged cloud environment, such as single sign-on.

 

Federated identity and access management in a converged cloud deals with the following entities:

  • Identity provider (organization)—stores and maintains identities and attributes (e.g., using the corporate directory)
  • Authentication – authorization service (organization)—authenticates, authorizes accounts, and creates secure tokens (assertions), vouches for one or more identity attributes, and acts as a Secure Token Service (STS).
  • Federation service—creates and maintains federation trust relationships and assures identity attribute mapping.
  • Service provider—provides services and controls access to services

Federated identity and access management in a converged cloud also includes automated user provisioning to create shadow identities. This includes the replication of changes made by the identity provider to the service providers. Equally important in federated identity and access management is the logging and auditing of service requests received by the cloud service provider. This allows the cloud service provider to make more intelligent security decisions and achieve better compliance reporting.

 

Secure Federated Identity and Access Management

Secure Federated Identity and Access Management

 

Taken together, these five key security processes—secure virtual machine lifecycle management, secure service aggregation and cloud bursting, secure data lifecycle management, secure universal remote access and secure federated identity and access management—can help mitigate important risks associated with converged cloud environments.

Remember that this is not an exhaustive list of the security processes that are needed to securely operate and maintain a converged cloud environment. I selected these five processes because organizations not always pay the same level attention to them as they do for other classical security management-related processes such patch, change, incident, compliance management and so on.

This is the Sixth and final article on the series "Enable 5 Key Security Processes to Protect a Converged Cloud". To read the rest of the articles on the "Cloud Protection" series, go to these links:

  1. NEW Cloud Security Series:  Enable 5 Key Security Processes to Protect a Converged Cloud (link)
  2. Part 1/VM Image Lifecycle:  Enable 5 Key Security Processes to Protect a Converged Cloud (link)
  3. Part 2/Service Aggregation and Cloud Bursting:  Enable 5 Key Security Processes to Protect a Converged Cloud (link)
  4. Part 3/Secure Virtual Machine Lifecycle Management: Enable 5 Key Security Processes to Protect a Converged Cloud (link)
  5. Part 4/Secure Universal Remote Access: Enable 5 Key Security Processes to Protect a Converged Cloud (link)

Additional resources:

 

 


Jan De Clercq_2012.jpgJan De Clercq is a solution architect with HP's worldwide HP Technology Consulting IT assurance portfolio team. He focuses on cloud security, identity and access management, mobility security, and security for Microsoft platforms and solutions.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation