• Share
  • Email
  • Embed
  • Like
  • Private Content
Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security
 

Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security

on

  • 1,479 views

Europe CTO Francois Lascelles discusses why standards matter when it comes to SOA and Cloud security.

Europe CTO Francois Lascelles discusses why standards matter when it comes to SOA and Cloud security.

Statistics

Views

Total Views
1,479
Views on SlideShare
1,476
Embed Views
3

Actions

Likes
1
Downloads
35
Comments
0

1 Embed 3

http://www.layer7tech.com 3

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security Presentation Transcript

    • The importance of standards for Enterprise SOA and Cloud Security Francois Lascelles Technical Director, Europe
    • Agenda The importance of standards for Enterprise SOA and Cloud security  SOA and cloud  Loose coupling and security  Agility and security  Vendor neutrality and security  Enterprise cloud and identity  Examples  Layer 7 Solutions Layer 7 Confidential 2
    • Enterprise SOA, cloud landscape SOA Cloud SAAS partner deployed services enterprise boundary • Sensitive data, apps • Mission critical • ID authority • Legacy SAAS Layer 7 Confidential 3
    • Aspects of the cloud-enabled enterprise SOA  Services deployed across multiple zones  On-premise service endpoints  Off-premise service endpoints (public cloud)  SAAS-type cloud services  Partner services endpoints, partner service consumers  Multiple and varying identity authorities  A mix of WS-*, REST and Web API style services Layer 7 Confidential 4
    • Service orientation and security  web apps .  web services Presentation tier Service requester Server code Service instance  Through presentation layer, you  The requester is not necessarily a control requesting side and can more browser easily impose a security mechanism  Often machine to machine  There is a user, a browser  No login forms, sessions, cookies  HTTP-only  Security decoupled from the service implementation Layer 7 Confidential 5
    • Service security and agility  Service orientation is meant to provide agility  Security mechanisms and infrastructure must accommodate agility, not choke it  Service composition patterns and global security requirements require a decoupling of security from service implementation X Security as a Service, Gateways Container X Agent agility security solutions X Security in application logic X decoupling Layer 7 Confidential 6
    • Vendor neutrality  Standards and vendor neutrality - More than best practice - Defining characteristic of SOA  Single vendor platform inhibits future evolution  Don’t think in terms of a isolated platforms - Objective: the ability to substitute/add/remove any component of your SOA  Favor best of breed instead of single vendor platform Layer 7 Confidential 7
    • Enterprise cloud and identity  Is your identity management infrastructure enabling you to adopt cloud solutions securely?  Identity silos represent security risks, management challenges  Enable trust management of issuing authorities  Support standard compliant identity federation mechanisms - SAML, XACML, WS-Trust  Favor cloud solutions (SAAS, PAAS) that support such standards Layer 7 Confidential 8
    • Example: web service access control management WS requester PEP in-line of transaction WS endpoint Identity authentication and authorization LDAP based on group membership or attribute Directory Layer 7 Confidential 9
    • Example: web service access control management WS requester PEP in-line of transaction WS endpoint Delegated authorization to PDP using XACML XACML PDP Layer 7 Confidential 10
    • Example: web service access control management WS requester WS endpoint agent ? Custom IAM, SSO, or governance solution Layer 7 Confidential 11
    • Example: SaaS access control Usernames + passwords Enterprise boundary SF Enterprise Login user Other SAAS Identity silos Google Layer 7 Confidential 12
    • Example: SaaS access control SAAS instance configured with enterprise issuing authority certificate Enterprise boundary DMZ SF Enterprise user SAML issuing authority Login locally via redirect Other SAAS Locally controlled global access control Google Layer 7 Confidential 13
    • Example: SaaS – callback to private resource Enterprise boundary DMZ Secure link, VPN-ish Google Apps Private resource SDC WS Other SAAS endpoint SF Layer 7 Confidential 14
    • Example: SaaS – callback to private resource Enterprise boundary DMZ Google Apps Private resource OAuth WS-S WS Other SAAS endpoint Neutral, standards based SSL mutual gateway SF Layer 7 Confidential 15
    • Layer 7 SecureSpan solution  Standards based, best of breed services gateway  WS-*, REST, XML, JSON  Policy Enforcement Point (PEP)  Access Control  Edge Threat protection  Compliance  Orchestration, virtualization  SLA enforcement  Transformation Layer 7 Confidential 16
    • Layer 7 CloudConnect Securely connect enterprises to the cloud:  Leverage existing IAM infrastructure for SaaS SSO  Securely integrate with SaaS apps  Track usage of SaaS System of Record Existing IAM CloudConnect On Premise Network Layer 7 Confidential 17
    • Layer 7 CloudSpan Family  CloudConnect = “Your Gateway to the Cloud” - Allows enterprises to safely consume SaaS and cloud- based services  CloudProtect = “Your Gatekeeper in the Cloud” - DMZ-level security for applications and services deployed in public and private clouds  CloudControl = “The Gate Minder for your Cloud” - Secure, orchestrate and manage application and service APIs exposed to third-parties Layer 7 Confidential 18
    • For more information  http://www.layer7tech.com