MULTI-TENANCY IN THE ENTERPRISE AN AOL CASE STUDY
Jul 25, 2015
Copyright © Identity Summit 2015, all rights reserved.
MEET AOL NOT AMERICA ONLINE
MEMBERSHIPCONTENTADVERTISING
Copyright © Identity Summit 2015, all rights reserved.
AOL: A COMPANY OF BRANDS
ADVERTISING CONTENT MEMBERSHIP
EXAMPLE: AOL CORP
• Specialized corp password policy• Highly integrated with
onboarding/offboarding process• Leverages identity data store external
to identity system• Branded identity management UI
Copyright © Identity Summit 2015, all rights reserved.
EXAMPLE: AOL ADVERTISING
• Support external customers• Different password policy requirements• Roles and access control
Copyright © Identity Summit 2015, all rights reserved.
LET THE EXPERTS BE EXPERTS!
• A brand needs to remain laser-focused on its product
• Identity management requires a focused skillset
Copyright © Identity Summit 2015, all rights reserved.
SECURITY THREATS ON THE RISE
• Over the last 10 years the number of data breaches has been steadily growing
• An astounding 43% of companies in the US were hit by a data breach, according to a 2014 study by Experian and Ponemon – a 10% increase from the previous year
Copyright © Identity Summit 2015, all rights reserved.
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
SECURITY ATTACKS CONSTANTLY CHANGING
POS SYSTEM COMPROMISECopyright © Identity Summit 2015, all rights reserved.
SOPHISTICATED NATION-STATE
ATTACK
CONTENT BREACH
BENEFITS OF A CENTRAL IDENTITY SYSTEM
• Maximize specific skill sets• Protect critical enterprise assets• Enhance security• Provide autonomy and customization
Copyright © Identity Summit 2015, all rights reserved.
MULTI-TENANT SOLUTION
• Standards Based (OpenID Connect & OAuth2)
• Single-Sign-On only within a Tenant• Self-Provisioning Tools• Dynamic risk-based security protections
Copyright © Identity Summit 2015, all rights reserved.
DEPLOYMENT STRATEGY: DEVOPS
Copyright © Identity Summit 2015, all rights reserved.
Automated Tests
Continuous Security Testing
Monitor and Alarm
Dynamic Provisioning of
Test Environments
A/BDeployment
Strategy
Source Quality Gates
PUBLIC CLOUD DEPLOYMENT
• Encryption of data at rest• Risk-based security protections• API Authorization (PKI-based)
Copyright © Identity Summit 2015, all rights reserved.
FEATURES AND BENEFITS
Copyright © Identity Summit 2015, all rights reserved.
• Customizable workflows for partners• Cost effective and quick-to-market
customer onboarding• Automated provisioning capabilities• End-user and admin email notifications• Dashboard for partners to track
registrations and AuthN/AuthZ requests• Enhanced audit controls
CHALLENGES• Tools to simplify standard deployments• Authorized access to on-premise Identity
stores (e.g. brand specific Active Directory)• Self-provisioning tools that support
necessary roles within the multi-tenant ecosystem
• Federations between tenants and/or consumer facing systems
• Registration fraud (when self-provisioning allowed)
• Securing data access in multi-tenant deployment
Copyright © Identity Summit 2015, all rights reserved.