SlideShare a Scribd company logo
1 of 32
Download to read offline
Putting Security in
Identity-as-a-Service
Nishant Kaushik
Security
CA Technologies
Advisor, Product Management
SCT22T
@NishantK
#CAWorld
2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
For Informational Purposes Only
© 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The presentation provided at CA
World 2015 is intended for information purposes only and does not form any type of warranty. Some of the specific slides with customer
references relate to customer's specific use and experience of CA products and solutions so actual results may vary.
Certain information in this presentation may outline CA’s general product direction. This presentation shall not serve to (i) affect the rights
and/or obligations of CA or its licensees under any existing or future license agreement or services agreement relating to any CA software
product; or (ii) amend any product documentation or specifications for any CA software product. This presentation is based on current
information and resource allocations as of November 18, 2015, and is subject to change or withdrawal by CA at any time without notice. The
development, release and timing of any features or functionality described in this presentation remain at CA’s sole discretion.
Notwithstanding anything in this presentation to the contrary, upon the general availability of any future CA product release referenced in
this presentation, CA may make such release available to new licensees in the form of a regularly scheduled major product release. Such
release may be made available to licensees of the product who are active subscribers to CA maintenance and support, on a when and if-
available basis. The information in this presentation is not deemed to be incorporated into any contract.
Terms of this Presentation
3 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Agenda
CLOUD IN THE ENTERPRISE
SECURITY CONCERNS WHEN MANAGING SAAS
INTRODUCING CA SAAS APP SECURITY
THE SHARED RESPONSIBILITY MODEL
THE MYTH OF SSO BASED CONTROL
COMPREHENSIVE ENTERPRISE IDENTITY-AS-A-SERVICE
1
2
3
4
5
6
4 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Modern Enterprise IT is Cloudy
5 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Greater Collaboration & Productivity
6 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Enabling the Agile Enterprise
7 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Any Where, Any Time, Any Device
8 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Impact on the Bottom Line
9 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Making the Leap to SaaS
10 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
But … What About Security?
11 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Greater Convenience, Greater Risk
12 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Enterprises Recognize A Problem
Over two-thirds of businesses lack full
confidence in their ability to effectively and
securely manage permissions within SaaS
applications
Source: A commissioned study conducted by Forrester Consulting
on behalf of CA Technologies, September 2015
13 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
The Shared Responsibility Model
Cloud Service Providers play a key role in
delivering security, but as part of the shared
responsibility model, they are not liable for
access to & usage of the cloud application
14 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
What is the most common way in which your
organization has implemented the following
security capabilities for SaaS applications?”
Enterprises are Looking for Answers
Source: A commissioned study conducted by Forrester Consulting
on behalf of CA Technologies, September 2015
0%
20%
40%
60%
80%
100%
1 2 3 4
Series4
Series3
Series2
Series1
15 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
A Problem of Scale & Expertise
16 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
The Myth of SSO-based Control
17 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Myth Busting SSO-based Control
 Account De-provisioning
 Reliance on password replay
 Automatic provisioning
 Entitlement process
 Centralized compliance reporting
18 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
So What are You Really Missing?
 How do I get visibility into who has what
access to my applications, and my data?
 How can I manage the security of my cloud
applications the same way I would on-
premises applications?
 IT’s new role is to enable, so how can I scale
the secure adoption of SaaS?
19 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Current IDaaS has Limited Scope
Authentication
BasicorJITUser
Management
DirectoryServices
Federation
DirectorySync
SaaS
Applications
On-premises
Applications
Current
IDaaS
Directory
20 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Comprehensive IDaaS Delivers Security
Authentication
IdentityAnalytics
PrivilegedAccount
Management
IdentityLifecycle
Management
DirectoryServices+
Authorization
Federation
Fine-grained
UserProvisioning
SaaS
Applications
On-premises
Applications
Comprehensive
IDaaS
Access
Governance
21 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Introducing CA SaaS App Security
22 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Introducing CA SaaS App Security
 Deep, contextual identity-based security controls out-of-
the-box enables organizations to Quickly Adopt SaaS
Without Compromising Security
 Increased Productivity and Security by automating your
Identity & Access Management processes and enforcing
policies
 Deliver an Easy-to-Manage and Cost Effective IDaaS
solution by enabling self-service administration, and
providing predefined capabilities and integrations based on
industry best practices
 Simple, Intuitive User Experience for End-Users, Business
Users and Administrators
Built to Meet the Needs of the Modern Enterprise
23 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Introducing CA SaaS App Security
Built to Meet the Needs of the Modern Enterprise
User Account
Provisioning,
De-provisioning
Single
Sign-on
Rogue & Orphan
Account
Detection &
Remediation
Authentication
w/ 2FA
CA SaaS App Security
Active Directory
User
Management
24 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
A True Identity Graph
The Foundation for delivering comprehensive, identity-based security services
Chatter
Moderator
System
Admin
Sales
Directors
CFO
Channel
Sales
Team
jsmith@
forwardinc.com
Sales
Profile
Profile
Role
Role
Role
App
Account
Person
Person
Department
Has
Account
Has
Manager
Member
Of
Account
Privilege
Privilege
Privilege
Privilege
Privilege
Has
Privilege
Has
Privilege
25 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Make it Easy and Secure for People to Sign In
 Authenticate users using a strong
password supplemented by two-factor
authentication
 Reduce helpdesk overhead thanks to self-
service password management and
forgotten password recovery
 Give your users the ease and convenience
of Single Sign-On to your SaaS apps
Authentication Services
26 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Take Control of Who has What Access in your SaaS App
Fine-Grained User Provisioning
 Automate the provisioning and de-provisioning of
user accounts in your SaaS Apps
 Go deeper to manage the entitlements (groups,
roles, permissions) of your users
 Get visibility into existing accounts & entitlements
 Detect and remediate the existence of orphan and
rogue accounts thanks to continuous monitoring
 Leverage pre-defined integrations that understand
the specific nuances of the target application
27 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Manage the Lifecycle of Identities and Enforce Policies
Identity Lifecycle Management
 Comprehensive Joiner, Mover and
Leaver processes
 Automated Rule-based Provisioning
and De-provisioning of Accounts
(with Entitlements) triggered by
Joiner & Mover events
 Leaver Process that automates
Account De-provisioning
 Self-Service and Administrative
Profile Management
28 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Some Ways that CA SaaS App Security Can Help
Manage and Control Access to Amazon Web Services
 In a Devops and Agile environment, track the access and authorization users have in
different AWS accounts
 Automate the management of privileged accounts
 Automate removal of access in response to change events
 Provide SSO for users to access multiple AWS accounts
Contractor Management
 Create a System of Record for tracking contractors
 Avoid forcing contractors into employee systems
 Give hiring managers an easy way to self-manage their contractors
 Define and enforce policies around contractor access
 Remove access when the contractors leave
29 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Partner With Us
For a limited time, sign up to
become a customer validation
partner for CA SaaS App
Security. Special incentives are
available.
Just register at
http://bit.ly/validate-ca-saas-
app-security, or send an email
to nishant.kaushik@ca.com
See A Demo
Secure Access to
SaaS Apps
Exhibition Center
Security Content Area
Discuss
Learn More
About CA SaaS App Security
Nishant Kaushik
nishant.kaushik@ca.com
30 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Recommended Sessions
SESSION # TITLE DATE/TIME
SCT18T
Common Challenges of Identity Management and
Federated Single Sign-On in a SaaS World
11/19/2015 at 3:45 pm
31 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Q & A
32 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
For More Information
To learn more, please visit:
http://cainc.to/Nv2VOe
CA World ’15

More Related Content

What's hot

What's hot (20)

Reduce Software Release Cycles by 4-5x with Application Release Automation fo...
Reduce Software Release Cycles by 4-5x with Application Release Automation fo...Reduce Software Release Cycles by 4-5x with Application Release Automation fo...
Reduce Software Release Cycles by 4-5x with Application Release Automation fo...
 
Discovery Model— An Approach for Agile at Scale
Discovery Model—An Approach for Agile at ScaleDiscovery Model—An Approach for Agile at Scale
Discovery Model— An Approach for Agile at Scale
 
Dispatches from the Front: How IoT is Becoming a Game Changer
Dispatches from the Front: How IoT is Becoming a Game ChangerDispatches from the Front: How IoT is Becoming a Game Changer
Dispatches from the Front: How IoT is Becoming a Game Changer
 
How to Leverage New Capabilities in the CA Identity Suite
How to Leverage New Capabilities in the CA Identity SuiteHow to Leverage New Capabilities in the CA Identity Suite
How to Leverage New Capabilities in the CA Identity Suite
 
Tech Talk: CA Project and Portfolio Management Team Member Experience
Tech Talk: CA Project and Portfolio Management Team Member ExperienceTech Talk: CA Project and Portfolio Management Team Member Experience
Tech Talk: CA Project and Portfolio Management Team Member Experience
 
Case Study: Gala Coral Improves the Odds in Retail Gaming and Entertainment w...
Case Study: Gala Coral Improves the Odds in Retail Gaming and Entertainment w...Case Study: Gala Coral Improves the Odds in Retail Gaming and Entertainment w...
Case Study: Gala Coral Improves the Odds in Retail Gaming and Entertainment w...
 
CA PPM : Aligning Projects With Strategy
CA PPM: Aligning Projects With StrategyCA PPM: Aligning Projects With Strategy
CA PPM : Aligning Projects With Strategy
 
Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...
Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...
Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...
 
Hands-On Lab: Integrate Your Monitoring Tools into an Automated Service Impac...
Hands-On Lab: Integrate Your Monitoring Tools into an Automated Service Impac...Hands-On Lab: Integrate Your Monitoring Tools into an Automated Service Impac...
Hands-On Lab: Integrate Your Monitoring Tools into an Automated Service Impac...
 
The Advisory Board Company Drives Healthcare Transformation with APIs and Mob...
The Advisory Board Company Drives Healthcare Transformation with APIs and Mob...The Advisory Board Company Drives Healthcare Transformation with APIs and Mob...
The Advisory Board Company Drives Healthcare Transformation with APIs and Mob...
 
Pre-Con Education: Get the Most Out of CA Service Management Unified Self-s...
Pre-Con Education: Get the Most Out of CA Service Management Unified Self-s...Pre-Con Education: Get the Most Out of CA Service Management Unified Self-s...
Pre-Con Education: Get the Most Out of CA Service Management Unified Self-s...
 
Aligning IT With World-Class Fashion
Aligning IT With World-Class FashionAligning IT With World-Class Fashion
Aligning IT With World-Class Fashion
 
Achieving a Successful Identity Management and Governance Deployment The Flor...
Achieving a Successful Identity Management and Governance Deployment The Flor...Achieving a Successful Identity Management and Governance Deployment The Flor...
Achieving a Successful Identity Management and Governance Deployment The Flor...
 
Panel Discussion: Migrating to 14.2 and Advanced Reporting
Panel Discussion: Migrating to 14.2 and Advanced ReportingPanel Discussion: Migrating to 14.2 and Advanced Reporting
Panel Discussion: Migrating to 14.2 and Advanced Reporting
 
CA Single Sign-On (CA SSO), The Innocent Bystander
CA Single Sign-On (CA SSO),The Innocent BystanderCA Single Sign-On (CA SSO),The Innocent Bystander
CA Single Sign-On (CA SSO), The Innocent Bystander
 
Agile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueAgile Capitalization For Greater Business Value
Agile Capitalization For Greater Business Value
 
TechTalk: Extreme Automation Creating Headless Tests “Automagically”
TechTalk: Extreme Automation Creating Headless Tests “Automagically”TechTalk: Extreme Automation Creating Headless Tests “Automagically”
TechTalk: Extreme Automation Creating Headless Tests “Automagically”
 
Secure the Open Enterprise with CA API Management
Secure the Open Enterprise with CA API ManagementSecure the Open Enterprise with CA API Management
Secure the Open Enterprise with CA API Management
 
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...Common Challenges of Identity Management and Federated Single Sign-On in a Sa...
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...
 
Case Study: Implementing CA Strong Authentication in 30 Days
Case Study: Implementing CA Strong Authentication in 30 DaysCase Study: Implementing CA Strong Authentication in 30 Days
Case Study: Implementing CA Strong Authentication in 30 Days
 

Viewers also liked

Ocean Power Engineering & Offshore Pte Ltd
Ocean Power Engineering & Offshore Pte LtdOcean Power Engineering & Offshore Pte Ltd
Ocean Power Engineering & Offshore Pte Ltd
jesuraj stalin
 
Portafolio digital
Portafolio digitalPortafolio digital
Portafolio digital
yudyedith
 

Viewers also liked (13)

Proyecto tics
Proyecto ticsProyecto tics
Proyecto tics
 
Ocean Power Engineering & Offshore Pte Ltd
Ocean Power Engineering & Offshore Pte LtdOcean Power Engineering & Offshore Pte Ltd
Ocean Power Engineering & Offshore Pte Ltd
 
Samuel gomez lopez
Samuel gomez lopezSamuel gomez lopez
Samuel gomez lopez
 
Portafolio digital
Portafolio digitalPortafolio digital
Portafolio digital
 
Rabbit mq
Rabbit mqRabbit mq
Rabbit mq
 
Como ganar-mercado-en-seguros
Como ganar-mercado-en-segurosComo ganar-mercado-en-seguros
Como ganar-mercado-en-seguros
 
Attest_Elkjop
Attest_ElkjopAttest_Elkjop
Attest_Elkjop
 
Line
LineLine
Line
 
The article the little owls that live undergound pp2analyzehow lessonslides pptx
The article the little owls that live undergound pp2analyzehow lessonslides pptxThe article the little owls that live undergound pp2analyzehow lessonslides pptx
The article the little owls that live undergound pp2analyzehow lessonslides pptx
 
Deconstruyendo Google - Edición 2016
Deconstruyendo Google - Edición 2016Deconstruyendo Google - Edición 2016
Deconstruyendo Google - Edición 2016
 
سيناريوهات المستقبل "المعرفة"
سيناريوهات المستقبل "المعرفة"سيناريوهات المستقبل "المعرفة"
سيناريوهات المستقبل "المعرفة"
 
Sécurité Réseau à Base d'un Firewall Matériel (fortigate)
Sécurité Réseau à Base d'un Firewall Matériel (fortigate)Sécurité Réseau à Base d'un Firewall Matériel (fortigate)
Sécurité Réseau à Base d'un Firewall Matériel (fortigate)
 
Facebook marketing
Facebook marketingFacebook marketing
Facebook marketing
 

Similar to Putting Security in Identity-as-a-Service

Similar to Putting Security in Identity-as-a-Service (20)

Creating an Omnichannel Experience for Your Customers
Creating an Omnichannel Experience for Your CustomersCreating an Omnichannel Experience for Your Customers
Creating an Omnichannel Experience for Your Customers
 
CA Identity Suite – Extending Identity Management to the Business User
CA Identity Suite – Extending Identity Management to the Business UserCA Identity Suite – Extending Identity Management to the Business User
CA Identity Suite – Extending Identity Management to the Business User
 
API’s and Identity: Enabling Optum to become the HealthCare cloud
API’s and Identity: Enabling Optum to become the HealthCare cloudAPI’s and Identity: Enabling Optum to become the HealthCare cloud
API’s and Identity: Enabling Optum to become the HealthCare cloud
 
Tech Talk: Preventing Data Breaches with Risk-Aware Session Management
Tech Talk: Preventing Data Breaches with Risk-Aware Session ManagementTech Talk: Preventing Data Breaches with Risk-Aware Session Management
Tech Talk: Preventing Data Breaches with Risk-Aware Session Management
 
Centralized, Convenient Application Access–the One Stop Shop for Identity Ser...
Centralized, Convenient Application Access–the One Stop Shop for Identity Ser...Centralized, Convenient Application Access–the One Stop Shop for Identity Ser...
Centralized, Convenient Application Access–the One Stop Shop for Identity Ser...
 
Tech Talk: Service Virtualization on Demand—Have Everything, Whenever and Whe...
Tech Talk: Service Virtualization on Demand—Have Everything, Whenever and Whe...Tech Talk: Service Virtualization on Demand—Have Everything, Whenever and Whe...
Tech Talk: Service Virtualization on Demand—Have Everything, Whenever and Whe...
 
The Why, Where and How of Service Virtualization Adoption
The Why, Where and How of Service Virtualization AdoptionThe Why, Where and How of Service Virtualization Adoption
The Why, Where and How of Service Virtualization Adoption
 
Mainframe Software Management Made Easier
Mainframe Software Management Made EasierMainframe Software Management Made Easier
Mainframe Software Management Made Easier
 
Technology Primer: Building Applications the New-Fashioned Way
Technology Primer: Building Applications the New-Fashioned WayTechnology Primer: Building Applications the New-Fashioned Way
Technology Primer: Building Applications the New-Fashioned Way
 
Introduction to CA Service Virtualization
Introduction to CA Service VirtualizationIntroduction to CA Service Virtualization
Introduction to CA Service Virtualization
 
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
 
Case Study: Digital Transformation Through Successful, Large-scale Identity M...
Case Study: Digital Transformation Through Successful, Large-scale Identity M...Case Study: Digital Transformation Through Successful, Large-scale Identity M...
Case Study: Digital Transformation Through Successful, Large-scale Identity M...
 
Freeing the World from Slow: How Service Virtualization and the Concept of S....
Freeing the World from Slow: How Service Virtualization and the Concept of S....Freeing the World from Slow: How Service Virtualization and the Concept of S....
Freeing the World from Slow: How Service Virtualization and the Concept of S....
 
Survive Industry Disruption and Deliver a Great Customer Experience with APIs...
Survive Industry Disruption and Deliver a Great Customer Experience with APIs...Survive Industry Disruption and Deliver a Great Customer Experience with APIs...
Survive Industry Disruption and Deliver a Great Customer Experience with APIs...
 
Vision and Roadmap: Learn How Application Release Solutions Help You Lead th...
Vision and Roadmap: Learn How Application Release Solutions Help You Lead th...Vision and Roadmap: Learn How Application Release Solutions Help You Lead th...
Vision and Roadmap: Learn How Application Release Solutions Help You Lead th...
 
Tech Talk: Predictive Workload Analytics with CA Workload Automation iDash
Tech Talk: Predictive Workload Analytics with CA Workload Automation iDashTech Talk: Predictive Workload Analytics with CA Workload Automation iDash
Tech Talk: Predictive Workload Analytics with CA Workload Automation iDash
 
CA Gen Exploration – What's New and Cool in Application Development
CA Gen Exploration – What's New and Cool in Application DevelopmentCA Gen Exploration – What's New and Cool in Application Development
CA Gen Exploration – What's New and Cool in Application Development
 
Case Study: Ball Corporation Spurs Customer Experience and Staff Productivity...
Case Study: Ball Corporation Spurs Customer Experience and Staff Productivity...Case Study: Ball Corporation Spurs Customer Experience and Staff Productivity...
Case Study: Ball Corporation Spurs Customer Experience and Staff Productivity...
 
Technology Primer: How to Achieve a Customer-Centric View in an Omni-Channel ...
Technology Primer: How to Achieve a Customer-Centric View in an Omni-Channel ...Technology Primer: How to Achieve a Customer-Centric View in an Omni-Channel ...
Technology Primer: How to Achieve a Customer-Centric View in an Omni-Channel ...
 
Enable and Secure Business Growth in the New Application Economy
 Enable and Secure Business Growth in the New Application Economy Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application Economy
 

More from CA Technologies

More from CA Technologies (20)

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
 
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCase Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
 
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security Program
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
 
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
 

Recently uploaded

Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 

Recently uploaded (20)

AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
 
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfBuy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdf
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in  GERMANY for 2024: IPTVreelTHE BEST IPTV in  GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 

Putting Security in Identity-as-a-Service

  • 1. Putting Security in Identity-as-a-Service Nishant Kaushik Security CA Technologies Advisor, Product Management SCT22T @NishantK #CAWorld
  • 2. 2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD For Informational Purposes Only © 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The presentation provided at CA World 2015 is intended for information purposes only and does not form any type of warranty. Some of the specific slides with customer references relate to customer's specific use and experience of CA products and solutions so actual results may vary. Certain information in this presentation may outline CA’s general product direction. This presentation shall not serve to (i) affect the rights and/or obligations of CA or its licensees under any existing or future license agreement or services agreement relating to any CA software product; or (ii) amend any product documentation or specifications for any CA software product. This presentation is based on current information and resource allocations as of November 18, 2015, and is subject to change or withdrawal by CA at any time without notice. The development, release and timing of any features or functionality described in this presentation remain at CA’s sole discretion. Notwithstanding anything in this presentation to the contrary, upon the general availability of any future CA product release referenced in this presentation, CA may make such release available to new licensees in the form of a regularly scheduled major product release. Such release may be made available to licensees of the product who are active subscribers to CA maintenance and support, on a when and if- available basis. The information in this presentation is not deemed to be incorporated into any contract. Terms of this Presentation
  • 3. 3 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Agenda CLOUD IN THE ENTERPRISE SECURITY CONCERNS WHEN MANAGING SAAS INTRODUCING CA SAAS APP SECURITY THE SHARED RESPONSIBILITY MODEL THE MYTH OF SSO BASED CONTROL COMPREHENSIVE ENTERPRISE IDENTITY-AS-A-SERVICE 1 2 3 4 5 6
  • 4. 4 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Modern Enterprise IT is Cloudy
  • 5. 5 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Greater Collaboration & Productivity
  • 6. 6 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Enabling the Agile Enterprise
  • 7. 7 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Any Where, Any Time, Any Device
  • 8. 8 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Impact on the Bottom Line
  • 9. 9 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Making the Leap to SaaS
  • 10. 10 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD But … What About Security?
  • 11. 11 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Greater Convenience, Greater Risk
  • 12. 12 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Enterprises Recognize A Problem Over two-thirds of businesses lack full confidence in their ability to effectively and securely manage permissions within SaaS applications Source: A commissioned study conducted by Forrester Consulting on behalf of CA Technologies, September 2015
  • 13. 13 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD The Shared Responsibility Model Cloud Service Providers play a key role in delivering security, but as part of the shared responsibility model, they are not liable for access to & usage of the cloud application
  • 14. 14 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD What is the most common way in which your organization has implemented the following security capabilities for SaaS applications?” Enterprises are Looking for Answers Source: A commissioned study conducted by Forrester Consulting on behalf of CA Technologies, September 2015 0% 20% 40% 60% 80% 100% 1 2 3 4 Series4 Series3 Series2 Series1
  • 15. 15 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD A Problem of Scale & Expertise
  • 16. 16 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD The Myth of SSO-based Control
  • 17. 17 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Myth Busting SSO-based Control  Account De-provisioning  Reliance on password replay  Automatic provisioning  Entitlement process  Centralized compliance reporting
  • 18. 18 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD So What are You Really Missing?  How do I get visibility into who has what access to my applications, and my data?  How can I manage the security of my cloud applications the same way I would on- premises applications?  IT’s new role is to enable, so how can I scale the secure adoption of SaaS?
  • 19. 19 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Current IDaaS has Limited Scope Authentication BasicorJITUser Management DirectoryServices Federation DirectorySync SaaS Applications On-premises Applications Current IDaaS Directory
  • 20. 20 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Comprehensive IDaaS Delivers Security Authentication IdentityAnalytics PrivilegedAccount Management IdentityLifecycle Management DirectoryServices+ Authorization Federation Fine-grained UserProvisioning SaaS Applications On-premises Applications Comprehensive IDaaS Access Governance
  • 21. 21 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Introducing CA SaaS App Security
  • 22. 22 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Introducing CA SaaS App Security  Deep, contextual identity-based security controls out-of- the-box enables organizations to Quickly Adopt SaaS Without Compromising Security  Increased Productivity and Security by automating your Identity & Access Management processes and enforcing policies  Deliver an Easy-to-Manage and Cost Effective IDaaS solution by enabling self-service administration, and providing predefined capabilities and integrations based on industry best practices  Simple, Intuitive User Experience for End-Users, Business Users and Administrators Built to Meet the Needs of the Modern Enterprise
  • 23. 23 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Introducing CA SaaS App Security Built to Meet the Needs of the Modern Enterprise User Account Provisioning, De-provisioning Single Sign-on Rogue & Orphan Account Detection & Remediation Authentication w/ 2FA CA SaaS App Security Active Directory User Management
  • 24. 24 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD A True Identity Graph The Foundation for delivering comprehensive, identity-based security services Chatter Moderator System Admin Sales Directors CFO Channel Sales Team jsmith@ forwardinc.com Sales Profile Profile Role Role Role App Account Person Person Department Has Account Has Manager Member Of Account Privilege Privilege Privilege Privilege Privilege Has Privilege Has Privilege
  • 25. 25 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Make it Easy and Secure for People to Sign In  Authenticate users using a strong password supplemented by two-factor authentication  Reduce helpdesk overhead thanks to self- service password management and forgotten password recovery  Give your users the ease and convenience of Single Sign-On to your SaaS apps Authentication Services
  • 26. 26 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Take Control of Who has What Access in your SaaS App Fine-Grained User Provisioning  Automate the provisioning and de-provisioning of user accounts in your SaaS Apps  Go deeper to manage the entitlements (groups, roles, permissions) of your users  Get visibility into existing accounts & entitlements  Detect and remediate the existence of orphan and rogue accounts thanks to continuous monitoring  Leverage pre-defined integrations that understand the specific nuances of the target application
  • 27. 27 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Manage the Lifecycle of Identities and Enforce Policies Identity Lifecycle Management  Comprehensive Joiner, Mover and Leaver processes  Automated Rule-based Provisioning and De-provisioning of Accounts (with Entitlements) triggered by Joiner & Mover events  Leaver Process that automates Account De-provisioning  Self-Service and Administrative Profile Management
  • 28. 28 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Some Ways that CA SaaS App Security Can Help Manage and Control Access to Amazon Web Services  In a Devops and Agile environment, track the access and authorization users have in different AWS accounts  Automate the management of privileged accounts  Automate removal of access in response to change events  Provide SSO for users to access multiple AWS accounts Contractor Management  Create a System of Record for tracking contractors  Avoid forcing contractors into employee systems  Give hiring managers an easy way to self-manage their contractors  Define and enforce policies around contractor access  Remove access when the contractors leave
  • 29. 29 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Partner With Us For a limited time, sign up to become a customer validation partner for CA SaaS App Security. Special incentives are available. Just register at http://bit.ly/validate-ca-saas- app-security, or send an email to nishant.kaushik@ca.com See A Demo Secure Access to SaaS Apps Exhibition Center Security Content Area Discuss Learn More About CA SaaS App Security Nishant Kaushik nishant.kaushik@ca.com
  • 30. 30 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Recommended Sessions SESSION # TITLE DATE/TIME SCT18T Common Challenges of Identity Management and Federated Single Sign-On in a SaaS World 11/19/2015 at 3:45 pm
  • 31. 31 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Q & A
  • 32. 32 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD For More Information To learn more, please visit: http://cainc.to/Nv2VOe CA World ’15