Strategy
Automation
Security
Compliance
Lao Cloud IT Network intends to reach millions of IT Professionals periodically to help set security standards, raise awareness, and provide materials and templates for the technical implementation of Identity and Access Management, Service-Oriented Architecture, and Cloud security. We wish to grow using research materials and empower you with the tools and answers needed to set up, configure, and maintain—our team of experts is dedicated to empowering you with the knowledge and resources you need to succeed. Let help you take your business the next level.
Capabilities: Provision | Authentication | Authorization
Log & Monitor | Audit
Reduce application, planning, design, and documentation time by 60%
Risk-Based Planning
Innovation by turning Security Operations team to Implementation machine
IAM, SOA, Cloud Security Standards
Oversight, Governance and Reporting
Components that are manageable, secure, perform, discoverable and reusable
Build Relationships & Accountability
Risk-Based Planning | IAM Maturity
Governance
Select tools that will provide the controls and then automate
Program has established a portfolio of IAM projects/services
Strategy and roadmap is defined
High-risk systems and apps are assessed and monitored
Role and entitlement management strategies are defined
Business/technical roles and separation-of-duties roles are formally managed
Access requests are managed centrally
Access approval workflows is are implemented
Access audit reporting is automated
Execution
Program Risk Dimension
Project deliverables are defined clearly
Project timelines are realistic
Project resources are sized appropriately
Projects are on budget
Projects are on time
Project products and services meet functional requirements
Project requirements are managed
Project outcome meet end-user expectation
Process
Program Risk Dimension
Mass identity maintenance process is implemented
Identity offbaording process is implemented
Birthright access provisioning is automated
Access Request Process uses an entitlement catalog
Access Request Process leverages manual/automated fulfillments
Access certification process is implemented
Privileged access management process is implemented
Identity certification/audit process is implemented
Runtime
Architectural Risk Dimension
Unified authentication to network is implemented (e.g., Active Directory)
Risk-appropriate remote authentication is implemented
Reduced sign-on (RSO) to platforms are implemented
Credential and privileged account management (PAM) tools are implemented
AuthN and AuthZ logs are fed to SIEM
Authorization policy management is being formalized
Cloud integration use cases and architecture are defined and implemented
Homegrown IAM utilities have been retired as part of system life cycle management
Customized authorization is minimized
Data
Architectural Risk Dimension
Identity data model and architecture is defined
Authoritative sourced are identified
Authoritative sources conflicts are reconciled
HR systems are consolidated
Contractors authoritative source is identified
Authoritative identity repository is implemented in the enterprise/cloud
Authoritative identity repository is in sync with network authentication repository
Entitlement data is centralized and managed
Access activity data is logged, managed and monitored
Authentication
A secure sockets layer VPN (SSL VPN) enables individual users to access an organization's network,
client-server applications, and internal network utilities and directories without the need for specialized software.
Recommendations
Password: LastPass
VPN: Express VPN
Service-Oriented Architecture
Design to make SOA components Discoverable
Bringing back the importance of Enterprise Architecture where they must design the roadmap for how components are to be reused and for which business units. During the implementation there must a tools that categorize artifacts and can socialize the components so other teams can reuse at a later time
Design to make SOA components Secure
Use SAML standards or XML gateway features to include PKI, Digital Signature, encryption, XML schema validation, antivirus, and pattern recognition
Design to make SOA components Perform well
Purge SOA composites not in use, load balancing, use cloud components
Design to make SOA components Manageable with Governance
,
Design to make SOA components Reusable via Orchestration and Abstraction
The main return on investment nature is the ability to design and implement components that can be reused. How you can reuse is having the ability for your developers to maintain and discover the components
Provide template for Error Handling between System Faults and Business Faults
Know the difference in your errors in SOA and design to triage errors for the people that can look into the errors in mostly automated method