2012-01 How to Secure a Cloud Identity Roadmap


Published on

2012-01 How to Secure a Cloud Identity Roadmap
by Tony LoCasio, Sr Engineer, Symplified

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Thanks for joining us.I’m DP, Symplified’s CTOGoing to discuss a couple of aspects of how Symplified’s service helps our customers with their Cloud Roadmap by discussing a couple of the ‘lessons learned’ or principles we’ve based our architecture and design on, and how those are manifested in our design..
  • “The global cloud computing market will grow from $40.7 billion in 2011 to more than $241 billion in 2020, according to new Forrester forecast data reported in Sizing The Cloud by Stefan Ried, Ph.D. and HolgerKisker, Ph.D. Based on Forrester’s cloud market taxonomy, this new report outlines the different market dynamics for the three core layers of cloud computing – the public cloud, the virtual private cloud, and the private cloud. The total size of the public cloud market will grow from $25.5 billion in 2011 to $159.3 billion in 2020. The market for virtual private cloud solutions will grow from $7.5 billion in 2011 to $66.4 billion in 2020. The market for private cloud solutions will grow from $7.8 billion in 2011 to $15.9 billion in 2020.”
  • It’s these challenges around integration that drives customers to a “cloud broker’ model. Very much like we saw in the EDI market with the advent of ‘value added networks’.Rather than every company building the integration for themselves, have a broker do it once and share that cost across customers. Something a cloud-delivered service is very good at doing.
  • The CIA Triad is a venerable, well-known model for security policy development, used to identify problem areas and necessary solutions for information security.
  • It’s not about features and functions – not yet.These important culture characteristics must be understood and respected
  • Last couple of slides discussed the challenges an IDP, or service consumer, faces. This slide describes the challenge faced by SPs.
  • Last lesson learned we’ll discuss today that Federation is about establishing relationships. The technology is based on establishing one to one relationships.What we’ve learned is that the one to one model doesn’t work – let’s take a closer look at why.
  • So what does this have to do with my business, my architecture? So if we can’t grow our IT resources to meet this growth what can we do? By a show of hands who’s IT teams are growing linearly? Most IT teams I’m working with today are seeing their teams/resources either staying flat or growing at most incrementally. Well, its critical to understand the dynamics of growth to devise a successful technology strategy. As SaaS and the Cloud grow, either linearly or exponentially, our IT organizations aren’t growing that fast. The result is a deterioration in security, agility or flexibility.It comes down to rethinking how federation is done. There is an alternative, made possible by the Cloud, to managing this growth.I posit that there is only one way that this will scale. And that means we transform our thinking towards a radically simple alternative. Move from a one-to-one mindset to a one-to-many. This is the proven model of utility scalability.
  • One of our observations about Identity technology is that many of the problems that exist, and we are solving by creating WAM and IAM solutions is that one of the fundamental problems we’re addressing is Identity Silos – the fact that users are being administered separatedly in different applications. First generation WAM products solved this within enterprises, but a new approach is required between/across them.Some of the aspects/drivers are discussed on this slide.
  • So let’s discuss a real world scenario and demonstrate why this is a problem.
  • Need an ability to extend internal controls to the cloud. Otherwise latency associated with propagating that user delete can cause issues around unauthorized access or elevation of privelege.
  • (Key benefit is that Symplified makes these all work together so you don’ have to integrate it like with Oracle/CA etc and also that you have something complete unlike Ping who is just federated SSO)
  • 2012-01 How to Secure a Cloud Identity Roadmap

    1. 1. How to Secure a CloudIdentity RoadmapTony LoCascio, CISSPSr. Systems Engineer | Symplified January 2012
    2. 2. AGENDA• Market Dynamics of Cloud Computing• The Cloud Innovation• Building a Cloud Roadmap• Security & Risk Consideration• The Cloud Broker• About Symplified
    3. 3. Market Dynamics of Cloud Computing:The real market size of cloud computingand how the different markets will evolve
    4. 4. Evolution to cloud computing CloudBusiness BrokerEvolution Private Cloud- Cloud bursting Consolidation Virtualization Technical Silo’d Grid Evolution Source: Forrester Research, Inc.
    5. 5. Cloud Computing Market:• Infrastructure as a service market will peak at $5.9 billion in global revenue in 2014 and then commoditization, price pressure and falling margins kick in.• Software as a service will be adopted by companies of all sizes. In 2011, SaaS will be a $21.2 billion market and grow to $92.8 billion in 2016. AT that point SaaS comes closer to saturation.• Business Process as a service will be notable, but face modest revenue.
    6. 6. Cloud Innovation:Examples of how the cloud is not typically replacing existing assets but used to accelerate innovation
    7. 7. Some Examples:1. Hosted email: (Google mail, Microsoft…)2. Remote Storage: (Box.net, Humyo, Amazon S3, Apple MobileMe…)3. Collaboration: (Salesforce, Google Wave, WebEx, Spicebird…)4. Virtual office (Google Apps, MS 365…)5. Streaming Media: (Netflix, Hulu, Crackle…)6. Social Media: (Facebook, LinkedIn, Twitter…)7. Extra processing power (Amazon EC2, Rackspace…)
    8. 8. AHA Launches Collaboration ServicesChallenge(B2E/Employee-to-SaaS):Needed seamless login totheir Collaboration platform;supporting intranetapplications and SaaSservicesResults:Increased user adoption ofthe collaboration platform,bridging private and publiccloud apps. Up and runningin less than two months. We are extremely pleased with the Symplified solution as it has allowed us to deliver on all of our security and compliance objectives for the Social Intranet & Collaboration platform project. We have been very impressed by the professionalism and level of support from Symplified throughout the entire sales and implementation process. Jack MacKay Vice President & Chief Information Officer American Hospital Association
    9. 9. Cloud Computing proposes to transform the way IT is deployed and managed, promising: 1. Faster time-to-market 2. Accelerated Innovation 3. Reduced Complexity 4. Lower implementation, maintenance costs 5. Scale applications and infrastructure on demand
    10. 10. Building a Cloud Roadmap:Recommendations for building a cloud roadmap and navigating fromvirtualization to private cloud and public cloud offerings
    11. 11. Information Security Focal Areas Access Least ControlPrivileged Multi-Encryption Factor Confidentiality Integrity Only authorized Data has not Disclosure been modified Authenticity Verifies Identity Possession Control of Information Availability Key Data accessible when needed Core Concept Utility Related Concept Redundancy Usefulness of data Technique Recovery
    12. 12. Roadmap Recommendations:1. Building a security program2. Confidential data protection3. Data availability4. Implementing strong access and identity5. Application provisioning and de-provisioning6. Governance audit management7. Vulnerability management8. Testing and validation
    13. 13. Selecting the right strategy Understand the industry verticals tendencies External factors (PCI, HIPAA, FISMA…) Internal drivers  Compliance / Audit  Recent Breach or Threats  M&A / Divestitures  User Experience / Ease of Use Business culture  Leadership  Technical landscape  Outsourcing adoption  Cloud adoption  Risk tolerance  Cost cutting initiatives
    14. 14. Security & Risk Considerations: How to integrate internal IT with externalcloud services and overcome security and risk barriers
    15. 15. SaaS Inhibitors What are your firms concerns, if any, with software-as-a-service (SaaS)? Security concerns Integration challenges with other applications Application performance (e.g., downtime, speed) Total cost concerns (total cost of ownership) Lack of maturity Not customizable Difficulty and risk of migration or installation Pricing is unclear or complicatedWere locked in financially with our current vendor We cant find the specific application we need None. We dont have any concerns Other Dont know 0% 10% 20% 30% 40% 50% 60% 70% Base: 913 North American and European software decision makers .Source: Fossights Software Survey, Q4, 2010
    16. 16. A Federater’s ChallengeTechnical Sophistication & Capabilities Fortune 500 Midmarket & SMB Enterprise Consumers & Individuals
    17. 17. Cloud Provider InfrastructureSecurity & Privacy1. Privacy2. Identity Management3. Application Security4. Data Protection5. Physical Security6. AvailabilityCompliance1. Business Continuity2. AuditabilityLegal and Contractual1. Public Record2. SLAs
    18. 18. The Cloud Broker:Introduce the new concept of the cloud broker, as it relates to Identity
    19. 19. The Problem: Identity SilosUser Growth Fuels Complexity Sensitive Data Outside Firewall SaaS Creates Management Silos Enterprise Integration
    20. 20. Scenario: Deprovisioning» Terminated employee is removed from Active Directory» Admin must repeat Removal from all siloed apps But Cloud apps aren’t integrated so a terminated employee can access company data and apps
    21. 21. Scenario: Deprovisioning» Terminated employee is removed from Active Directory» One step for admin» Centralized policies Terminated employee no longer has access to apps
    22. 22. The role of the Identity Broker Internal Web Apps Public Cloud Apps Identity Broker
    23. 23. About Symplified
    24. 24. Proven Team Eric Olden | CEO & Founder Top Tier Investors Former CTO of Securant | ClearTrust Built first WAM & Provisioning product Co-author AuthXML (now SAML) Jonti McLaren | EVP Services Delivery & Founder Former President of Securant | ClearTrust Scaled Securant to more than 300 customers in 18 months Darren Platt | CTO & Founder Buzz Former VP Engineering of Securant | ClearTrust Built first STS & federation product Co-author AuthXML (now SAML) Jason Merrick Mike Corbisiero VP Alliances VP Sales Josh Forman Jay Wallingford VP Services Delivery VP Engineering Pioneered Identity & Access Management with ClearTrust Acquired by
    25. 25. Thank You!Tony LoCascio, CISSPtlocascio@symplified.com 29