Identity and Access Management

Identity & Access ManagementLEVERAGING CONNECTIONS IN DATA WITH GRAPH DATABASES

Webinar, September 22, 2016

Alessandro SvenssonSolutions @ Neo Technology

Ryan BoydDeveloper Relations @ Neo Technology

AgendaIntro to Graph ThinkingDefining Identity & Access ManagementHow IAM is evolvingUse of graph databases in IAMCase studies - Adoption of Neo4jDemoWrap up & Questions.

Intro to Graph Thinking

Databases have evolved in order to handle large networks of connected data

Databases have evolved in order to handle large networks of connected data

RELATIONAL DATABASES

The internet is a graph

Huge networks of connected

data

This is data modelled as graph!

A Graph Is

NODE

NODE

NODE

RELATIONSHIP

RELATIONSHIP

RELATIONSHIP

WITH

PERSON

CHECKING ACCOUNT

BANK

A Graph IsH

AS

HA

S

HAS

HOTEL

ROOM

BOOKING

A Graph Is

KNOWS

KN

OW

S

KNOWS

WO

RK

S_AT

WORKS_AT

WORKS_AT

COMPANY

STANFORD

STU

DIE

D_A

T

KNOWS

NEO

COLUMBIA

STU

DIE

D_A

T

STUDIED_AT

STUDIED_AT

NAME:ANNE

SINCE:2012

A Graph Is

Company

Stanford

Carl

Tom

Columbia

Bob

NeoAnne

WE

NT_

TO

KNOWS

WO

RK

S_A

T

WORKS_AT

KN

OW

S

KNOWS

KNOWS

WE

NT_

TO

WORKS_AT

A Graph Is

A Graph Is

and for the right reason

at the right time,Who gets access to what,

Identity & Access Management (IAM)

& Access Management

IdentityDefining Identity

& Access Management

Identity

The structure of organisations

Traditional IAM-systems

2) Underlying assumption that organisations are

hierarchal

1) Static idea of Identity

http://blogs.gartner.com/ian-glazer/2013/02/08/killing-iam-in-order-to-save-it/

IAM

Active Directory

SAP

Knowledge Base

CRM

HR-system


Customer Support

IAM

Active Directory

SAP

Knowledge Base

CRM

HR-system

ADD


IAM

Active Directory

SAP

Knowledge Base

CRM

Customer Support

Inside Sales

HR-system

CHANGE


IAM

Active Directory

SAP

Knowledge Base

CRM

Customer Support

Inside Sales

HR-system

LEAVE

1) Identity is increasingly complex

What’s happening in the world of IAM?

2) Traditional hierarchies are being revised



2) Traditional hierarchies are being revised



3) Access Management is more and more about the relationships between users, partners, customers, things and their different touchpoint within organisations and eco-systems

Emerging Complexity of Identity

Complexity of Digital Identities

User identities Identity of Things

Serial # Unique idPersonal Customer Partner

Consumer Citizen

Device <-> ServiceSecurity End to EndIdentity of users

Identity of things

Applicationsand services

Complexity of Digital Identities

Identity Relationship ManagementIdentity Access Management

Applications and data

Endpoints

People

Customers(millions)

Partners and Suppliers

Workforce(thousands)

PCs Tablets

On-premises Private Cloud

Public Cloud

Things(Tens of millions)

WearablesPhones

PCs

Customers(millions)

On-premises


Endpoints

People



Endpoints

People

Customers(millions)



PCs Tablets


Public Cloud


WearablesPhones

PCs

Customers(millions)

On-premises


Endpoints

People



Endpoints

People

Customers(millions)



PCs Tablets


Public Cloud


WearablesPhones

PCs

Customers(millions)

On-premises


Endpoints

People

Access Management is traditionally designed with the underlying assumption that everything is hierarchal

Access Management is traditionally designed with the underlying assumption that everything is hierarchal

Rigid hierarchies have defined how we have built IAM-systems in the past

Representing your organisation as a graph, enables you to build stronger

and more accurate IAM

Parent-Child relationships

Ideal World

Query complex relationships in real-time

Real World

How Neo4j is used in IAM

1. Build your IAM as a Graph2. Augment your existing IAM with Neo4j

Different ways of adopting Neo4j

Case Study

Identity and Access Management

Telenor

Background• Oslo-based telcom provider, #1 in Nordic

countries and #10 in world• Online, mission-critical, self-serve system lets

users manage subscriptions and plans• Availability and responsiveness is critical to

customer satisfaction

Business Problem• Logins took minutes to retrieve relational access

rights• Massive joins across millions of plans,

customers, admins, groups• Nightly batch production required 9 hours and

produced stale data

Solution and Benefits• Shifted authentication from Sybase to Neo4j• Moved resource graph to Neo4j• Replaced batch process with real-time login

response using most recent data• Mitigated customer retention risks

Identity and Access Management

Telenor

Background• Oslo-based telcom provider, #1 in Nordic

countries and #10 in world• Online, mission-critical, self-serve system lets

users manage subscriptions and plans• Availability and responsiveness is critical to

customer satisfaction

Business Problem• Logins took minutes to retrieve relational access

rights• Massive joins across millions of plans,

customers, admins, groups• Nightly batch production required 9 hours and

produced stale data

Solution and Benefits• Shifted authentication from Sybase to Neo4j• Moved resource graph to Neo4j• Replaced batch process with real-time login

response using most recent data• Mitigated customer retention risks

Case Study

Challenges with existing IAM:

Partner

• Employee ID• Partner ID• Digital credentials• Sales record• Job Performance

Customer

• Employee ID• Company ID• Digital credentials• Devices managed• Portal software• Maintenance

Employee

• Employee ID• Roles• Digital Identities• Digital credentials• Personal devices

Device

• Serial number• Digital credentials• Make & model• GPS location• IP-adress• Firmware• Maintenance

Consumer

• Full name• Date/place birth• Home adress• Eye & hair color• Height/weight• Email Adress

Data will be separated in Silos

Partner


Customer


Employee


Device


Consumer


Data will be separated in SilosIdentity data will be very static


Partner


Customer


Employee


Device


Consumer


Data will be separated in SilosIdentity data will be very staticBased on a hierarchal representation of an organisation


Partner


Customer


Employee


Device


Leverage Cross-Silo Relationships to drive new business value

Name

CuID

Emp ID

Partner

Emp ID

Company Y

Emp ID

GPS Loc

GPS Loc

Emp ID

Dig Serial

#

GPS Loc

GPS Loc

Firmware

Serial#

Consumer


RelationshipLayer

How Can You Augment This with Graphs?

Partner


Customer


Employee


Device


Leverage Cross-Silo Relationships to drive new business value

Name

CuID

Emp ID

Partner

Emp ID

Company Y

Emp ID

GPS Loc

GPS Loc

Emp ID

Dig Serial

#

GPS Loc

GPS Loc

Firmware

Serial#

Consumer


RelationshipLayer

How Can You Augment This with Graphs?

Architecture openIDM

openIDM

Relationship layer

Connector

Datasources

OpenAM Agent

Service that user wants to

use

Login

username

passwords

Host

Architecture OpenAM

Write Event

AuthZPlugin

Authorize Service for

User

Learn more about this case study, visit the

Neo4j Youtube-channel

or graphconnect.com

http://graphconnect.com/

Ryan BoydDeveloper Relations @ Neo Technology

Neo4j DEMO

Who’s using Neo4j?

Government Commercial clients

Who’s Using Neo4j?Institutions

Local Governments

Law Enforcement

Military & Intelligence

Neo4j Adoption by Selected VerticalsSOFTWARE FINANCIAL

SERVICES RETAIL MEDIA & OTHER

SOCIALNETWORKS TELECOM HEALTHC

ARE

Towards Graph Inevitability

“Graph analysis is possibly the single most effective competitive differentiator for

organizations pursuing data-driven operations and decisions after the design of data capture.

“By the end of 2018, 70% of leading organizations will have one or more pilot or proof-of-concept efforts underway utilizing

graph databases.”


“Forrester estimates that over 25% of enterprises will be using graph databases

by 2017.”


Valuable Resources!

neo4j.com/developer neo4j.com/solutions neo4j.com/product

Developers Solutions Product

http://neo4j.com/developer

http://neo4j.com/solutions

http://neo4j.com/product

Thank you!