The Good, The Bad, and the Government: Wrangling A6ributes in the State of Texas
Wendy Nather @451wendy Research Director, Enterprise Security Prac=ce
The backdrop
Custom-‐wriDen single sign-‐on portal (10+ years old) Provides SSO for ~60-‐75 apps External user base of ~50,000 Internal user base of ~800 The challenge: drag it kicking and screaming into some part of the 21st century
2
Other complica=ng factors
Family Educa=onal Rights and Privacy Act (FERPA) compliance ~1300 school districts ~8,000 campuses ~20 regional educa=onal service centers (ESCs) Other partners/stakeholders: other Texas state agencies, higher educa=on, contractors of all kinds, nonprofits, educators, cer=fica=on bodies … roughly 2500 different organiza=ons
3
Mul=ple roles and contexts
TEA employee of some division or cost center, at some posi=on level Contractors pretending to be TEA employees Personnel at ESCs, districts, campuses Administrators, educators, auditors, researchers People using different applica=ons in different capaci=es on behalf of mul=ple organiza=ons Differing levels of delega=on, both organiza=onal and legal
4
Ge`ng a clue
Professor Plum
in the kitchen
with a lead pipe
with a candles=ck
in the library
with a lead pipe
with a rope
Ge`ng a clue
Professor Plum
killing in the kitchen
with a lead pipe
with a candles=ck
being killed in the library
with a lead pipe
with a rope
Ge`ng a clue
Professor Plum
killing
in the kitchen
with a lead pipe
with a candles=ck
in the library
with a lead pipe
with a rope
being killed
in the kitchen
with a lead pipe
with a rope
in the library
with a lead pipe
with a candles=ck
Ge`ng a clue
Professor Plum
killing
in the kitchen
with a lead pipe
with a candles=ck
in the library
with a lead pipe
with a rope
being killed
in the kitchen
with a lead pipe
with a rope
in the library
with a lead pipe
with a candles=ck
Ge`ng a clue
Professor Plum
killing
in the kitchen
with a lead pipe
with a candles=ck
in the library
with a lead pipe
with a rope
being killed
in the kitchen
with a lead pipe
with a rope
in the library
with a lead pipe
with a candles=ck
Context plus governance = …
Iden=ty authority Access authority
Who you are + Why you should have
access What you may access
En=tlements
Example
11
Workflow example
TEA
ESC
District1
User
District2
App owner
App owner
Delegate
12
Constraints
Can’t be full federa=on due to compliance requirements Principle of least privilege means scoping down wherever possible Separa=on of du=es requires discrete roles and en=tlements
13
Constraints
Can’t be full federa=on due to compliance requirements Principle of least privilege means scoping down wherever possible Separa=on of du=es requires discrete roles and en=tlements And remember … Most of the users don’t really want to be there.
14
Constraints
Can’t be full federa=on due to compliance requirements Principle of least privilege means scoping down wherever possible Separa=on of du=es requires discrete roles and en=tlements And remember … Most of the users don’t really want to be there. They are not at all technical.
15
Constraints
Can’t be full federa=on due to compliance requirements Principle of least privilege means scoping down wherever possible Separa=on of du=es requires discrete roles and en=tlements And remember … Most of the users don’t really want to be there. They are not at all technical. And you can’t fire them.
16
Moral of the story
Need to be granular with iden=ty, authoriza=on and en=tlements for risk and compliance management Be careful with RBAC – keep it out of your code IAM is not a project, it’s an ongoing journey
17
Ques=ons? Comments? [email protected]