This hybrid conference is an annual review of cloud computing developments and trends, impact on world economy And society
Day 1 Tuesday, Dec 4 Mountain View
Day 2 Tuesday, Dec 6 Mountain View
Day 3 Wednesday, Dec 7 Virtual
Day 4 Thursday, Dec 8 Virtual
Day 5 Friday, Dec 9 Virtual

Up in the Air:  The Future of Cloud Identity Management

Cloud computing is a compelling service delivery model for Financial Industry. Industry analysts are predicting increasing numbers of organizations will look to cloud services to cut the cost, reduce total cost of ownership and to expand business to the cloud. Worldwide revenue from public IT cloud services exceeded $16 billion in 2009 and is expected to reach $55.5 billion in 2014, according to recent analysis from International Data (IDC). For three service models in the cloud: SAAS, IAAS and PAAS, the key component is the Identity and Access Management since the service provider needs to know who has what access to the cloud service. Identity Access Management in the cloud is only in its beginning stages. The opportunity to develop and promote new standards is imminent. Four major standards organizations are currently undertaking this development. OASIS has formed OASIS Identity in the Cloud (IDCloud) to identify gaps and investigate the interoperability within current identity management standards. As an organization comprised of mainly higher education institutions, InCommon coordinates common definitions and guidelines for security, privacy, and data interchange among identity and cloud service providers. This information is then encapsulated in metadata that is included within certificates, allowing the identity provider and the service provider to share information. The Trusted Cloud Initiative (TCI) formed by Novell and the Cloud Security Alliance promotes certification of secure and interoperable identity in the cloud. Jericho Forum has proposed a cloud architecture that uses identity management across all levels of the cloud (infrastructure, platform, software, and process) in a design it calls collaboration-oriented architecture (COA). COA is intended to organize the identification, authentication, and authorization credentials of organizations, individuals, and systems in a standardized form that could be validated across cloud platforms. This session will discuss the top issues each standards organization must address and compare and contrast each still under development standards to provide additional details and insights. We believe that collaboration among standards organizations is necessary to eliminate the duplication of standard and to increase the interoperability. For the user provisioning and deprovisioning on a cloud environment, SPML has not received adequate traction due to its complexity and performance burden. An enhanced standard must ensure this provisioning issue is addressed. The identity data synchronization among cloud providers and between an enterprise directory and cloud directories must be addressed. Authentication and authorization is the key component of identity security in the cloud, SAML and OpenID are widely used today for Authentication and Authorization and should be leveraged in any newly proposed standards. Externalized and fine grained access control should be considered to maximize business values of cloud identity. Various regulations including HIPAA/HITECH, SOX, FISMA, PCI/DSS, and FedRamp must be considered and leveraged in the standard.

- by Ken Huang

Director, Cloud Security of CGI

Author`s Bio:
Mr. Huang has more than 25 years experience in the full life cycle business application development, security architecture and engineering. He led the development of CGI Federal’s Security Testing and Evaluation offering strategy, developed CGI Identity and Access Management Methodology and best practice, and has been a domain expert in many security projects including those in the Cloud Security Service, FISMA compliance, PCI DSS compliance, and HIPAA compliance. He has overseen the security projects in financial services, utilities, and government markets. He is known within the industry and has spoken at United States Department of Defense Cyber Crime Conference, Contingency Planning Management Conferences and New York State Cyber Security Conference.  Mr. Huang holds Certified Information Systems Security Professional (CISSP) certification from ISC2 and has been awarded engineering certifications from Sun Microsoft System. Mr. Huang currently is a Practice Lead/Director of Cloud Security at CGI. Blog: http://cloud-identity.blogspot.com/ Linkedin: www.linkedin.com/in/kenhuang8 Twitter: http://twitter.com/#!/kenhuangus



register today!

Thank you for your interest in Second Annual UP 2011 conference. Please use the form below to register for full access to the conference. If you experience any problems with this form, or it does not render please try to register directly at http://up11.eventbrite.com If you still experience any difficulties, please contact us at info@up-con.com For feature comparison list, please visit this page.

A partial list of organizations who attended UP 2010 Conference

  • Orange/France Telecom
  • Credit Suisse
  • Brookfield Asset Management
  • BlueScope Steel
  • Raytheon
  • Glenn Wells
  • Exxon Mobil
  • Trilogy International Partners
  • General Electric
  • First Command Financial Services
  • Southern California Edison/IT &BI
  • Denovo
  • Karyn Mashima Consulting, LLC
  • PwC
  • Infralogic Technology Resources
  • Datameer
  • Sun Microsystems, Inc.
  • Atos Origin
  • City Of Orlando
  • Blyth, Inc.
  • SunTrust Bank
  • AXIS Capital
  • JPMC
  • Makara
  • IES
  • Lockhead Martin
  • Nextpoint
  • SITA
  • Cisco Systems India (P) Ltd
  • Maxim Integrated Products
  • Ford Motor
  • Knorr-Bremse
  • Xerox
  • Bruce Power
  • Johnson Controls Inc.
  • Bank of America
  • Sodexo
  • Trelleborg
  • Fidelity Institutional Wealth Services
  • Johnson & Johnson
  • UM
  • CA Technologies Inc
  • Navega.com
  • Fidelity Investments
  • Capgemini
  • EMC
  • Ernst & Young
  • Assurant Solutions
  • Boeing
  • BeyondCore, Inc.
  • PureInbox Inc.
  • Nike
  • Immunet Corporation
  • Accenture
  • CSC
  • AEG Resources
  • Lulea University of Technology
  • PricewaterhouseCoopers LLP
  • Verizon
  • Verizon Business
  • Salesforce.com
  • Pfizer Inc
  • ANSYS
  • Brocade Communications Systems, Inc.
  • Lifestreet
  • Banco General
  • Sovereign Sense Consulting
  • Corticon
  • Nimbula
  • USWired Inc.
  • Zetta
  • PayDeg
  • Tyson Foods
  • Kkogyo Chosakai Publishing
  • Technical School Corfu
  • ARSYS INTERNET S.L.
  • RMS, Inc.
  • Rackspace
  • J.P. Morgan Chase
  • Cronos Group
  • GoGrid
  • GSA USA
  • Pareto Networks
  • IMEX Research
  • Systems & Consulting Inc
  • Bits Republic Technologies
  • Tripwire
  • Walt Disney
  • Synmotive BV
  •
    05-07 DECEMBER 2011
    Hello,