Page 5 - index
P. 5
Securing the Cloud with Identity Management: Best Practices
What is a “cloud identity?” A cloud identity is created during the birth of a user’s “digital identity,”
and includes attributes that represent the user in the cloud. The term cloud identity has been
used in the industry for some time, but has recently taken hold as the best method to define
someone in the cloud. There’s a lot of attention in how to enable secure authentication events
through federation mechanisms like ADFS or fsShibboleth, as authentication is a critical
component needed to ensure the integrity of a transaction. By integrity, I mean that the cloud
identity represents the right person with the right attributes and the right attribute values. Sound
identity management (IdM) practices, with a razor-sharp focus on attribute management and
policy enforcement, are the only way to secure the integrity of a cloud-identity transaction.
The foundation of cloud-identity security is proficient attribute management. Attributes and their
values are the determinants for an individual’s (or entity’s) digital identity. If your true goal is the
validity of transactions, one cannot understate the importance of properly representing each
user in the cloud. Thus, when considering the integrity of attributes in this context, it’s clear why
IdM must be the control center for cloud-identity security.
Though some think of attribute as “just a middleware component,” at a fundamental level, it’s
actually identity management. As the industry begins discussions on large-scale initiatives for
creating a common “ecosystem” through which cloud identities will travel, we must not overlook
attribute management.
Regarding best practices, automation and policy management / enforcement are key
components of the IdM stack.
Best Practice #1: Automation
Sound IdM practices require automation. This includes event detection and subsequent user
provisioning, i.e., automatically detect when users, along with their data, are added / modified /
deleted within a system of record, then automatically provisioning the user accounts and related
attributes in downstream systems. Detecting changes in key attributes comprising a user’s
5 Cyber Warnings E-Magazine – October 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
