2. • Identity and Access Management Overview
• What is a graph database?
• Why is Neo4j a great fit for IAM?
• Great customer stories
2
Agenda
3. “Ensuring the right Identity have access to the right resources at the right
times and for the right reasons”
What do we need to do (at least)?
• Define identity
• Define the structure of an organization
3
What is Identity and Access Management?
4. Device <-> Service
Security End to EndIdentity of users
Identity of things
Applications
and services
Complexity of Digital Identities
5. Jane Smith the…
• Business Analyst for Customer Support at ABC Inc.
• interim Head of BI and Reporting at ABC Inc.
• line manager of Joe Brown, who’s working on a Strictly Confidential
portfolio at ABC Inc.
• employee of ABC Inc.
• and so on...
5
The Identity?
6. It looks like a hierarchy...
6
So what does ABC Inc. look like?
7. Access Management is traditionally
designed with the underlying assumption
that everything is hierarchal
9. 9
What about “dotted lines”?
ABC Inc
(CEO)
IT Dept
Risk Analysis
“Security and
Compliance”
10. 10
What about “Conditional Approvals”?
ABC Inc
(CEO)
IT Dept
General
access
“acess to
sensitive data”
“Security and
Compliance”
11. • Distributed access across on premise and in the cloud for in-
house/custom off the shelf/SaaS applications
• De-centralized resources that are assigned to people rather than roles
• The rise of IoT and different identities that people and services assume
in different contexts
11
Modern challenges for IAM
12. • Multiple and conditional approval levels
• History of approval chains / time series (eg „who approved at 5th of July
User xyc access to system abc?“)
• GDRP and Compliance
• Performance
• Intuitivity
• Agility:
• Adding new use cases as needed
• Changing hierarchies on the fly12
… other challenges for IAM
16. 16
Graph Databases are Designed for Connected Data
TRADITIONAL
DATABASES
BIG DATA
TECHNOLOGY
Store and retrieve data Aggregate and filter data Connections in data
Real time storage & retrieval Real-Time Connected Insights
Long running queries
aggregation & filtering
“Our Neo4j solution is literally thousands of times faster
than the prior MySQL solution, with queries that require
10-100 times less code”
Volker Pacher, Senior Developer
Up to
3
Max #
of
hops
1 Millions
17. 17
What is a graph database?
HAS_ROLE
name: “Joe Brown”
employeeID: 456
name: “Jane
Smith”
employeeID: 123
from:
1/3/2018
Nodes
• Can have Labels to classify nodes
• Can have more than one label
Relationships
• Relate nodes by type and direction
Properties
• Attributes of Nodes &
Relationships
MANAGES
HAS_ROLE
Employee Employee
from:
1/6/2017
from:
1/3/2018
name: “Business
Analyst”
Role
18. 18
The GQL ISO Standard: gqlstandard.org
• Introduced in May 2018: https://gql.today/
• An initiative to immediately
rally support for a unified
Graph Query Language
• Standards meetings are ongoing
• Significant Upvote
•Databricks &
Apache Spark accepted
Cypher project
19. Design
• Authorization data model maps closely to the conceptual view
• Closer alignment to processes
Maintenance
• Easy to understand code to query and explore the data
• Pain-free to update and modify model structure as and when required
Performance
• Traversing the authorization tree is fast, providing real-time authorization
capability
19
Why Neo4j is a great fit for IAM
20. Three potential approaches:
• Create a graph-based repository to store identity and access information
metadata
• Integrate Neo4j with current IAM data for authorization
• Import IAM data into Neo4j to perform audit
• For instance load AD structures to find security risks
20
How can Neo4j fit into IAM approaches?
22. Find out more about IAM implementations in Neo4j:
• Telenor: www.youtube.com/watch?v=kM2NWM0t-2s
• ForgeRock/Nulli: www.youtube.com/watch?v=R9Vdm2ZqlpQ
Have a go with Neo4j and an IAM example:
• https://neo4j.com/graphgist/entitlements-and-access-control
22
Check it out