Understanding Cloud Security and IAM Components

cloud computing n.w
1 / 15
Embed
Share

Explore the world of cloud security and Identity and Access Management (IAM) components. Learn about the challenges specific to the cloud environment, IAM processes, standards, and specifications like SAML, SPML, XACML, and OAuth. Dive into Security Assertion Markup Language (SAML) and its role in authentication and authorization data exchange between parties. Enhance your knowledge of cloud security with insights from Keke Chen's book on cloud security and privacy.

  • Cloud Computing
  • IAM Components
  • Security
  • SAML
  • Cloud Security
rayaanacharya
ana_s Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Cloud Computing Cloud Security an overview and IAM Keke Chen

  2. Introduction Many security problems in non-cloud environment are still applicable We focus on cloud-specific problems Reference book cloud security and privacy

  3. Overview

  4. Introduction Many security problems in non-cloud environment are still applicable We focus on cloud-specific problems Reference book cloud security and privacy

  5. Identity and Access Management Traditional trust boundary reinforced by network control VPN, Intrusion detection, intrusion prevention Loss of network control in cloud computing Have to rely on higher-level software controls Application security User access controls - IAM

  6. IAM components Authentication Authorization Auditing IAM processes User management Authentication management Authorization management Access management access control Propagation of identity to resources Monitoring and auditing

  7. IAM standards and specifications avoid duplication of identity, attributes, and credentials and provide a single sign-on user experience SAML(Security Assertion Markup Lang) automatically provision user accounts with cloud services and automate the process of provisioning and deprovisioning SPML (service provisioning markup lang). provision user accounts with appropriate privileges and manage entitlements XACML (extensible access control markup lang). authorize cloud service X to access my data in cloud service Y without disclosing credentials Oauth (open authentication).

  8. Security Assertion Markup Language (SAML, pronounced sam-el[1]) is an XML-based, open- standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. Google Account Example: ACS: Assertion Consumer Service. SSO : single sign-on

  9. SPML example: What happens when an account is created?

  10. XACM Examples: How does your access is verified? PEP: policy enforcement point (app interface) PDP: policy decision point

  11. OAUTH Frequently used service A asks you to authorize the access provided by service B without leaking credentials If you use google services, you may have experienced this procedure Example: You want to share an image stored on google drive for an online printing service You don t want to provide your google password to the printing service Oauth keeps your data safe during data transfers between parties

  12. Oauth procedure Access token: a secret representing the access right on a specific resource on behalf of the end-user Authorization server: keeps a mapping between tokens and access right/resource Resource server: verifies the token with the authorization server Client: need to keep the token securely

  13. OAuth example: Authorize the third party to Access your data/credential

  14. IAM practice- Identity federation Dealing with heterogeneous, dynamic, loosely coupled trust relationships Enabling Login once, access different systems within the trust boundary Single sign-on (SSO) Centralized access control services Yahoo! OpenID

Related


Benefits of Using Busy software on the Cloud (BsoftIndia) - Google Docs

Benefits of Using Busy software on the Cloud (BsoftIndia) - Google Docs

Bsoft
Cloud Managed Services Market

Cloud Managed Services Market

ankita
Cloud Security Market Worth $83.03 Billion by 2029

Cloud Security Market Worth $83.03 Billion by 2029

SHITAL
Update on Computing and IAM Service Developments in WLCG/HSF Workshop

Update on Computing and IAM Service Developments in WLCG/HSF Workshop

amon
Ensuring Cloud Security: Strategies for a Safe Transition

Ensuring Cloud Security: Strategies for a Safe Transition

verena
Enhancing Security with Multi-Factor Authentication in IAM

Enhancing Security with Multi-Factor Authentication in IAM

elspeth
Cloud Federation and Identity Management

Cloud Federation and Identity Management

islarose
Cloud-Optimized HDF5 Files Overview

Cloud-Optimized HDF5 Files Overview

gianni
Emerging Trends in Cloud Databases: Challenges and Opportunities

Emerging Trends in Cloud Databases: Challenges and Opportunities

phuong_o
Cloud_cci: Comprehensive Overview of Available Data and Evaluation

Cloud_cci: Comprehensive Overview of Available Data and Evaluation

ksned
Overview of VIIRS Cloud Properties Products and Requirements

Overview of VIIRS Cloud Properties Products and Requirements

alexande
Cloud Security Threats and Vulnerabilities

Cloud Security Threats and Vulnerabilities

mesa_i
Challenges and Solutions in Elastic Cloud Security

Challenges and Solutions in Elastic Cloud Security

mancini_a
Online Procurement Auctions for Resource Pooling in Client-Assisted Cloud Storage Systems

Online Procurement Auctions for Resource Pooling in Client-Assisted Cloud Storage Systems

addingt
Secure Cloud Applications with Intel SGX - OSDI 2014 Presentation Summary

Secure Cloud Applications with Intel SGX - OSDI 2014 Presentation Summary

albritton_a
Cloud Adoption and Organizational Change Management Program Overview

Cloud Adoption and Organizational Change Management Program Overview

topolski_m
Simplify Label Design with Label.Cloud

Simplify Label Design with Label.Cloud

urso_rz
Integrating Cloud Service and Security Management Systems

Integrating Cloud Service and Security Management Systems

tong654
State-of-the-art Analysis of VM-based Cloud Management Platforms

State-of-the-art Analysis of VM-based Cloud Management Platforms

kolb_926
Advancing Networks: Cloud Computing and Zero Trust

Advancing Networks: Cloud Computing and Zero Trust

medidoc
VIIRS Cloud Base & Optical Properties Review

VIIRS Cloud Base & Optical Properties Review

lakia
Data Security in the Cloud: A Proposed Model

Data Security in the Cloud: A Proposed Model

rayy_884

More Related Content