Cloud Computing Alliances by Tim Dunn (CA Technologies)
Upcoming SlideShare
Loading in...5
×
 

Cloud Computing Alliances by Tim Dunn (CA Technologies)

on

  • 1,047 views

Seminar: Cloud Computing Alliances by Tim Dunn (CA Technologies) during Infosecurity.be 2011

Seminar: Cloud Computing Alliances by Tim Dunn (CA Technologies) during Infosecurity.be 2011

Statistics

Views

Total Views
1,047
Views on SlideShare
1,026
Embed Views
21

Actions

Likes
0
Downloads
29
Comments
0

1 Embed 21

http://www.infosecurity.be 21

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Cloud Computing Alliances by Tim Dunn (CA Technologies) Cloud Computing Alliances by Tim Dunn (CA Technologies) Presentation Transcript

  • The Evolution OfIdentity and AccessManagement for theCloudTim DunnVP Security Strategy Europe
  • Cloud Adoption Concerns: 87.5% rate cloudsecurity issues as “very significant” IDC Survey
  • #1 Area of Needed Focus for Migration to theCloud?IAM!Security of Cloud Computing Users – A Study of US & EMEA IT Practitioners, Ponemon Institute
  • Why is Identity and Access Management Important? Nearly 90 percent of organizations surveyed expect to maintainSaaS or grow their usage of software as a service (SaaS), citing cost- effectiveness and ease/speed of deployment as primary reasonsAdoption for adoption, according to a recent survey by GartnerMobile By the end of 2013 mobile worker population is expected to exceed 75% and to 1.19bn globally.WorkforceCustomer Over 70% people surveyed believe authentication effects the degree of customer trust in the security offered.Confidence More than 11 million adult consumers became victims ofIncreasing identity fraud in 2009, up from nearly 10 million in 2008. TheeCrime number of fraud victims rose for the second year in a row Organizations that regularly review and maintain complianceRegulatory with leading industry security standards and regulations spend about three times less annually than organizations that fall outPressures of compliance.
  • distribution of users and applications is creating a complex environmentincreasing demand forsecure collaboration Cloud Apps/Platforms & Web Services Partner User Growing Pain multiple user stores to manage too many application & federation links multiple logon credentials SaaS Apps & Web Services Customer inability to log activity to SaaS appsemployees are weak or inconsistent authenticationmoving outsidebounds of enterprise applications are moving Mobile employee outside bounds of enterprise Enterprise Internal Apps Employee compliance processes and business policy is even harder to manage with distributed, cloud-based environment
  • Evolution of IAM for the Cloud enabledEnterprise on-premise extend to cloud / core IAM as-a-service hybrid IAM (typical in mostglobal enterprises) Identity Governance User Management Customer/Partner Mgmt Customer/Partner Mgmt SaaS Management SaaS Management Customer/Partner Mgmt Identity Governance Identity Governance User Management User Management Provisioning Provisioning Provisioning enterprise/web SSO enterprise/web SSO enterprise/web SSO
  • CA’s Security strategy Content-Aware IAM– Bring content to identity and identity to content Secure virtualized IAM & Cloud adoption environments – Extend enterprise security to, for, from– Manage the complexity of securing the Cloud virtualization – Vertically focused communities of trust– Extend the controls into the hypervisor – Partner with service providers (HiTRUST,– Visibility & control to enable IaaS adoption Acxiom, Mycroft, WiPro, BT,…)
  • Security Building Blocks of SuccessThe control you need to confidently drive business forward Control Control Control Identities Access Information Business Manage and govern Control access to systems Find, classify and control Need identities and what they & applications across how information is used can access based on physical, virtual & cloud based on content and their role environments identityCapabilities Identity Governance Privileged User Management Information Discovery Role Management Virtualization Security Classification Provisioning Web Access Management Data Policy Management User Activity & Compliance Federation Reporting Integrated Content Aware Identity and Access Management
  • CA’s Security strategy Content-Aware IAM– Bring content to identity and identity to content Secure virtualized IAM & Cloud adoption environments – Extend enterprise security to, for, from– Manage the complexity of securing the Cloud virtualization – Vertically focused communities of trust– Extend the controls into the hypervisor – Partner with service providers (HiTRUST,– Visibility & control to enable IaaS adoption Acxiom, Mycroft, WiPro, BT,…)
  • Maintaining Adequate Security and access controls is the #1 Customer Challenge What are the greatest challenges you face in virtual server management? Emerging Enterprise Mega and Large Enterprise Ranked by % chosen #1 Ranked by % chosen #1 Maintaining adequate security and access Maintaining adequate security and access 19% 15% 9% 23% 11% 7% controls controls Developing skills and training 13% 14% 12% Capacity management and planning 15% 4% 5% Capacity management and planning 13% 10% 7% Developing skills and training 14% 11% 11% Integration with existing systems / 10% 8% 9% Integration with existing systems / processes 11% 7% 13% processes Obtaining necessary tools under current 8% 9% 9%Managing physical and virtual server interactions 10% 13% 9% budget Managing physical and virtual serverObtaining necessary tools under current budget 9% 6% 10% 7% 19% 7% interactions Minimizing complexity and virtual sprawl 7% 13% 12% Minimizing complexity and virtual sprawl 7% 12% 15% Managing performance and scalability 7% 9% 12% Managing performance and scalability issues 6% 10% 10% issues Minimizing downtime and data loss 6% 7% 12% Minimizing downtime and data loss 5% 4% 13% Losing management control in dynamic virtual Losing management control in dynamic 3% 13% 9% 6% 5% 7% environments virtual environments 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Source: Emerging Enterprise: N = 325, Mega / Large: N = 148
  • How do I secure virtualized environments? Two Primary Issues:1. Managing access by Privileged Users’ on the Data Centre Infrastructure2. Extending and automating IAM controls in Virtualised / Cloud Applications public cloud app 3 app 3 app 1 app 1 app 2 app 3 customer 1 customer 2 customer n enterprise private cloud app 3 enterprise datacenter app 1 app 2 app 3 app 3 hyper visor app 1 app 2 app 3 hardware app1 app2 app3 hyper visor hyper visor hardwa hardwa hardwa iam re re re hardware hardware iam
  • CA’s Security strategy Content-Aware IAM– Bring content to identity and identity to content Secure virtualized IAM & Cloud adoption environments – Extend enterprise security to, for, from– Manage the complexity of securing the Cloud virtualization – Vertically focused communities of trust– Extend the controls into the hypervisor – Partner with service providers (HiTRUST,– Visibility & control to enable IaaS adoption Acxiom, Mycroft, WiPro, BT,…)
  • cloud security Extend enterprise security to include security to cloud based To applications including SFDC, Google, etc Security for cloud providers to ensure they meet the same levelCloud Security For of security as within the enterprise Security as a Service from the cloud including Authentication, From Identity Management, Federation and SSO
  • “To the cloud”: Extend on-premise IAM to Cloudapplications Identity & Access Management to extend the Cloud Apps/Platforms & Web Services Enterprise to the Cloud Partner Users SaaS Apps Customers & Web Services Mobile employees Identity Manager Identity Management & Provisioning Role & Compliance Manager Identity Compliance Enterprise Internal Apps Employees Siteminder Federation Single Sign-On Identity Federation and
  • “For the cloud”: Enable service providers to deliversecure solutions with On-Premise IAM Identity & Access Management for the Cloud platform Cloud Apps/Platforms & Web Services Partner Users Identity Management Identity Federation Web Access Management Log SaaS Apps Customers Management & Web Services Privileged User Mgmt Virtual Server security Mobile employees Enterprise Internal Apps Employees
  • “from the cloud”: cloud based solution is critical to gainingcollaboration and SaaS efficiencies Cloud based solutions for the cloud based enterprise Cloud Apps/Platforms & Web Services Delegated Administrator Partner Users Adv Auth SaaS Apps Customers Identity Access & Web Services Governance Mobile employees Enterprise Internal Apps Employees Interoperability with existing on-premise identity and access mgmt solutions (Provisioning, WAM, eSSO)
  • Identity AssuranceProblem: Identity• Password is just not good enough anymore Increase assurance Assurance• Hard tokens are expensive & difficult to use with enhanced user• Multi-factor should only be used if needed authenticationSolution:• Multi-factor authentication transparent to the Cloud Access end user (certificate on device) Securely connect Management• One time passwords using mobile phone• Adaptive authentication based on risk of user customers and partners or the transaction to enterprise applications• Identity verification via personal questionsBusiness Benefits:• Dramatically reduced capital & operational costs for multi-factor• Business agility Identity• Better experience for customers and Ensure linkage between Governance employees identity and applications follows business policy
  • Cloud Access Management Coming SoonExternal user scenariosProblem:• Lots of consumer identities to manage Identity Increase assurance Assurance• Many partner relationships to manage with enhanced user• Multiple apps need to be shared with cust authentication• Apps are moving to Cloud (SaaS based)• This is not core function of their businessSolution 1: Consumer Access Cloud Access• Cloud based directory Securely connect Management• Self-service password & profile mgmt customers and partners• Single sign-on to multiple applications to enterprise applicationsSolution 2: Bus Customer & Partner Access• Delegated administration for partner’s users• Federation with business customers & partners• Single sign-on to multiple applicationsBusiness Benefits: Identity Ensure linkage between Governance• Dramatically reduced costs• Business agility identity and applications• Better experience for their customers follows business policy
  • Cloud Access Management Coming SoonInternal employee scenariosProblem:• Many new SaaS applications Identity• Loss of identity control & password policy Increase assurance Assurance• No auditing of actual usage with enhanced user• Multiple authentication actions for users authenticationSolution 1: Cloud based employee mgmt• Cloud based user directory Cloud Access• Full access request & approval workflows Management• Provision & de-provision users to SaaS• Single sign-on to SaaS appsSolution 2: Enterprise bridge to cloud Securely connect• Synchronize on-premise to cloud policy employees to cloud &• Provision & de-provision users to SaaS partner applications• Authenticate against on-premise dir• Single sign-on to SaaS apps & VPN• Auditing and reporting of all user access IdentityBusiness Benefits: Ensure linkage between Governance• Dramatically reduced helpdesk costs identity and applications• Business agility thru efficient use of SaaS follows business policy• Better experience for users• Secure, compliant use of SaaS
  • Identity Governance Coming SoonProblem:• Ensuring business & compliance policy (SOD) Identity Increase assurance Assurance is properly configured is very difficult with enhanced user• Access certification is required but often a authentication very manual and expensive process• Collecting audit logs & verifying policy compliance is complex and manual IdentitySolution: Securely connect Federation• Definition & analysis of business/compliance customers and partners policy (SOD) to enterprise applications• Clean-up of entitlements• Access certification & attestation Securely connect• Identity risk dashboard employees to cloud &• Reporting of actual usage with policy partner applicationsBusiness Benefits:• Dramatically reduced compliance costs Deliver identity Identity• Better experience for business managers intelligence to enable Governance performing access certification the business to make better decisions
  • Identity & Access Management Cloud Services Enable secure, simplified access for business collaboration Identity Assurance• Provide transparent multi-factor authentication or mobile phone based one-time passwords across SaaS and enterprise apps• Risk-adaptive authentication based on user and/or transaction• Credential issuance and lifecycle management Cloud Access Management• Register and manage customer & partner identities directly to an on- demand service with self service & delegated administration• Enable single sign-on to enterprise and SaaS apps• Synchronize with on-premise identity or enable full identity lifecycle management from cloud based serviceIdentity Governance• Access certification, business policy (SOD), identity risk rating• Audit all access to SaaS and cloud applications
  • Thank you