Identity Access Management 101

2,264 views

Published on

Security from the cloud is challenging traditional approaches. As organizations transition from perimeter-based security towards user-centric approaches, Security and Risk professionals are transitioning to cloud IAM services or IDaaS (Identity as a Service) to manage identities across cloud environments. By overcoming the limitations of legacy on-premises IAM solutions, organizations are accelerating SaaS adoption, increasing user productivity and recognizing greater returns on their cloud investments.

View our slides for IAM overview and learn about:

• Trends in cloud, and the standards to support them
• State of Identity, Digital Trust, Authentication and Access
• Directory Services and Federation
• SSO (Desktop SSO, Web SSO, and Mobile SSO)
• Automating Onboarding Practices, Provisioning and Deprovisioning

Watch the on-demand webinar here: https://www.brighttalk.com/channel/12923/onelogin?utm_source=brighttalk

Published in: Internet
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,264
On SlideShare
0
From Embeds
0
Number of Embeds
597
Actions
Shares
0
Downloads
122
Comments
0
Likes
6
Embeds 0
No embeds

No notes for slide
  • Hello and welcome to IAM 101.

    Before we begin...

    On your screen you’ll see a panel through which you can submit questions at any time through this webinar. We’ll reserve some time at the end to get to your questions and we’ll be sure to answer any ones that we can’t get to during the webcast.

    Also, this is being recorded so we’ll share the recording as well as the slide deck in the next few days via email to you and any of your colleagues who couldn’t make it live.
  • Today, we’ll talk about the trends that necessitate a new approach to access management for cloud app initiatives and cloud-first companies.

    We’ll talk about what identity is and what it means to your organization.

    And then, we’ll pass it over to Rob to share the most common elements and things you need to know about how OneLogin can help you.
  • Little background on myself, my role is about seeing the OneLogin platform through the eyes of our customers and really empower them to better understand how they can tie OneLogin into their business and cloud initiatives. Prior to OneLogin, I was the first business hire to Mojave Networks, a company that delivers a mobile security solution that encompasses mobile device management, app-aware cloud firewall policy management and malware detection for Android. Spent about three years helping grow the business through a successful acquition to Sophos.

    Joining us today is OneLogin Sales Engineer Rob Capozzi. Rob has led our most successful customers through their journey with cloud identity management from providing inititial demonstrations, to proof of concepts, through onboarding and just ensuring they get the most utility out of their investment in OneLogin.

    Today, Rob is going cover the latter three topics by way of a product overview.
  • To set some context about why we’re here we want to talk about three key trends that are changing how we think about our apps and information, and some of the challenges that are coming out of them.

    Namely, the shift from on-prem networks to cloud apps and infrastructure and the implications of decentralized user administration - secondly, the continued growth in cloud apps and why it’s challenging to deliver secure and convenient access to a growing breadth of services - and three, the challenges we are facing with a new and broad device population.

  • Collectively, organizations are going through a seismic shift or transformation in the way IT is run - the shift from On-Premise to Cloud-based systems
  • In the old model, information ideally resided in two places.

    1) in a small centralized app-set like email, file share, ERP and CRM that lived on our own network servers where access was controlled by our user directory and security appliances. We had full visibility and control of all traffic flowing in and out of our networks.

    OR

    2) if our information wasn’t on our networks, it was in vacuum on our devices where it was hopefully protected by device-level policies and antivirus software

    We’d be either physically on the network or dialed in through our VPN service and authenticated through a password and keyfob


  • 10 years ago, back around 2005, technology and business leaders aligned to catalyze a revolution that changed how we think about enterprise apps.

    We live in a different world now.

    In that short time, those hardware and software investments, have been flipped on their heads.

    We now have thousands of business apps at our disposal that deliver on a more targeted use-purpose, a better user experience with broader accessibility, substantially lower total cost of ownership with no hardware or maintenance costs and a more elastic licensing. We can access our information from anywhere and any device.

    We’ve been talking about the benefits of cloud adoption for years now but we believe the inertia in the market is there for a few reasons.


  • Slide 10:

    So what’s the problem?

    Feelings of apprehension around adopting cloud services are usually based on the lack of visibility and control over business-critical information.

    We have the issue of Shadow IT - IT is in the dark about who has access to which of our apps and information, and people are using unapproved, unendorsed apps outside the scope of the IT.

    Then you have Onboarding / Offboarding, another administration problem - if users join and leave the organization, we need to be able to onboard users by giving them access to their apps and information to ensure they are successful right out of the gate, … and offboard, deprovision users from our apps when they part from organization to control lingering access to our information. As our app-set grows, managing users in each independently simply doesn’t scale.

    So, before cloud IAM solutions, the only way to manage our users accounts in our cloud apps was through the admin console of each respective app. So, in order for me to control who gets access to Salesforce.com or to reset a user’s password for their app, my IT person, or whoever’s responsible for managing access to Salesforce, would need to log in as an admin user and manually add or remove users accordingly. When you have 20 employees and 3 applications, this way of doing things is pretty manageable. Your HR person would notify IT when an employee joins, leaves or changes their role within the company, and then IT would make those changes. But what if you 500 employees and 20 cloud apps, or 10,000 employees and 200 apps? The process of managing user access quickly becomes unmanageable.
  • Slide 11: The second trend we’ll talk to is…


  • Slide 12: The explosive growth in enterprise apps. over the past 10 years, the sheer volume and quality of applications at our disposal has made it possible to operate fully in the cloud and own no hardware and no software. CRM like Salesforce.com or SugarCRM, Marketing tools like Marketo and Hubspot, HR apps like Workday and Zenefits, File Synchronization and Collaboration like Dropbox, email and business productivity suites like Google Apps and Microsoft Office 365, and thousands of point solutions for just about everything, and it’s only just begun.
  • The total global spend in Enterprise Application software is expected to grow to over $150B by 2017.

    While Cloud apps still only comprise a small percentage of these figures, that number is growing steadily.
  • Slide 14:

    So what is the challenges that has arisen with the rampant growth of cloud apps?

    There has been a longstanding notion that security and convenience are at odds, that they are a compromise, that improving security meant reducing convenience for end users. With users being able to access business apps and information from anywhere, anytime and any device, a lot of organizations are feeling like they’ve lost both.

  • Slide 15: This might be a little tongue in cheek but it tells you the severity of credential theft as a security problem.



  • Slide 16: A little more on authetication because it’s a really pressing issue to manage security in the cloud -

    when it comes to accessing our apps and information, organizations need to ensure that users are truly who they’re claiming to be and so we to assert our user’s identity in a way that goes beyond just the password.

    An authentication "factor" or “credential” is:
    something you know - for example, a password, PIN or answer to a secret question
    something you have - e.g. key fob, mobile phone, ultimately a cryptographic token
    something you are - e.g. fingerprint, retina/iris, voice, face topography


  • Slide 17: So it’s simply validating that the person in-front of that computer screen is the same person that corresponds to their digital identity in our user directory and so we can then properly authorize them to access the right information.

    And with a growing app-set, users need convenience access. This notion of password fatigue a real problem for productivity. With the average business users accessing 12 apps every day, and many others using tens of apps every day, conveniently accessing all this services is key.

    So we’ve talked about the shift from on-prem to cloud and decentralized administration, we’ve talked about security and convenient access to a growing cloud app-set is going to be important to your organization… I’d like to pass it over to Shake over at dropbox to lead us through the third challenge

  • The third and final trend is the growth and breadth of devices through which users access business apps.

    Productive users demand simple and convenient access to the information and tools they need to get things done and they demand access to their company apps from work, home, in transit, and everywhere they go from from company-owned laptops, personally owned mobile phones and tablets and a range of devices. The majority of information or knowledge-workers have over four devices.


  • So, we need to be able to make that as easy as possible but meanwhile assert that the user in front of that screen is truly the authorized user they’re claiming to be.



  • So we’ve talked about the context we’re all operating in. So, what is IAM?

    For some, Cloud Identity Management makes crystal clear sense and we have some of the largest and most reputable brands that have bought into the idea of shifting the nexus of access control from their network perimeter to the user identity.

    For others, it’s still a little fuzzy, so we appreciate the opportunity to promote the notion.

    Identity and Access Management security discipline that covers a set of really complex business logic and it spans Compliance and Risk Management, Security Operations and, of course, IT administration. But fundamentally, it’s about people.

  • As a software system, it simplifies the management effort of delivering this goal.
  • Slide: 31

    OneLogin’s fundamental reason for being is to make cloud identity management simple and secure.
    OneLogin solves all these problems around DECENTRALIZED CONTROL, SECURE AND CONVENIENT ACCESS, BYOD - by providing a cloud-based solution that manages identities across all users, apps and devices.

    Securely accessing your apps has never been easier.


    Improved security - IT can centralize access control, enforce strong authentication, automate user provisioning and de-provisioning and audit a central log of all sign-in activity.

  • If your organization has an existing on-prem directory, by delivering a unified cloud directory of all your users, and that unified directory into all of your apps, getting a whole new level of security, control, simplicity and convenience.
  • Since your users access all their apps through OneLogin, they no longer have to remember or ever enter their passwords to log in. We generate and store a complex password for your apps and log users in by dropping the password into the login form on your web apps. All your users need to do is click through from the OneLogin Single Sign-On portal.

    For apps that are SAML-enabled which has become the prevalent authentication standards across all major enterprise apps including google apps, salesforce, box and about 850 others, apps that talk to OneLogin using the open protocol, passwords are effectively eliminated. This is perfect access control and it’s perfectly convenient.


  • Going beyong SAML and single sign-on, we talked about Multi-factor authentication - adding a layer of protection and eliminating the risk of password loss or theft. Our free one-time password apps makes MFA easier than ever for users.
  • Slide 36: User provisioning. Imagine you had one central place to provide and revoke user access to all your apps. Now stop imagining. We can help you with that.
  • Slide 37: And we support all major browsers and mobile platforms.
  • End users no longer have to deal with passwords and can always get to their data the most efficient way.

    Continued investment in legacy IAM solutions ensure countless hours of integration work. With OneLogin, you’re gaining the fastest path to cloud app access control from one pane of glass.

    When you configure your entire app set with OneLogin, we effectively become a gateway through which your apps and information are accessed. From there, you remain in control of user accounts and policies that govern who can access which apps.
  • How many apps do you support?

    Out of the box, 850 including major business cloud apps. If you don’t see an app in our catalogue, just let us know. Also our toolkits have enabled enterprises to integrate their own internally-developed apps in just a few days.


    What separates you from other services? First we’re the only solution that offers true real-time synchronization with Active Directory. THis is really important for a lot of reasons but the most obvious one that comes to mind is for security and compliance, when employees depart from the organization, you need instant revocation of access across all their apps.

    Another key thing that sets OneLogin apart is a philosophy around open software and collaboration. We provide toolkits that make developers successful in their careers and meanwhile simplify the process of implementing open standards like SAML, SCIM and Napps, into their web and native mobile apps.
  • Identity Access Management 101

    1. 1. I D E N T I T Y A C C E S S M A N A G E M E N T 1 0 1
    2. 2. A G E N D A + Trends in Cloud + State of Identity + Directory Services & Federation + Single Sign-On (Desktop, Web & Mobile) + User Provisioning
    3. 3. S P E A K E R S @onelogin Samer Baroudi Product Marketing Rob Capozzi Sales Engineering
    4. 4. SUPPORTING NATIVE, BROWSER AND MOBILE DELIVERING SECURE & CONVENIENT ACCESS DECENTRALIZED ADMINISTRATION SHIFT FROM ON-PREMISE TO CLOUD T R E N D S & C H A L L E N G E S C H A L L E N G E C H A L L E N G E C H A L L E N G E C H A L L E N G E NEW DEVICES: ANYTIME, ANYWHERE ACCESS C H A L L E N G E EXPLOSIVE GROWTH IN APPLICATIONS 1 2 3
    5. 5. SHIFT FROM ON-PREMISE TO CLOUD 1 T R E N D
    6. 6. S H I F T F R O M O N - P R E M I S E
    7. 7. … T O W A R D C L O U D S E R V I C E S
    8. 8. DECENTRALIZED ADMINISTRATION 1 P R O B L E M
    9. 9. EXPLOSIVE GROWTH IN APPLICATIONS 2 T R E N D
    10. 10. A P P E X P L O S I O N
    11. 11. Trend
    12. 12. DELIVERING SECURE & CONVENIENT ACCESS 2 P R O B L E M
    13. 13. P O S S E S S I O N W H A T I S A N A U T H E N T I C A T I O N F A C T O R ? K N O W L E D G E I N H E R E N C E Something Known to Only the User Something Held by Only the User (Token) Something Inherent to Only the User (Biometric Trait) A password a passphrase a pin An OTP Token A Smartcard with x.509 public key infrastructure credentials A biological or behavioral trait such as fingerprint, voice or retina
    14. 14. E M P L O Y E E S - P A R T N E R S - C U S T O M E R S D I G I T A L I D E N T I T Y A U T H E N T I C A T I O N
    15. 15. NEW DEVICES: ANYTIME, ANYWHERE ACCESS 3 T R E N D
    16. 16. 3 P R O B L E M MAKING IT SAFE AND EASY
    17. 17. Assets Trust Identity Roles Rights Auditing Authorization Authentication Privilege Administration Certification Permissions Intelligence Entitlement Information Security Data Protection Cryptography Passwords Fraud Prevention Tokens Keys Process Compliance Control Governance Accounts Rules Policy People Context Groups Risk Management Apps Information Resources Devices Enrollment Training Onboarding W H A T I S I A M ?
    18. 18. Identity & Access Management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons.
    19. 19. Firewall Active Directory Mobile Workers Customers & Partners Employees +
    20. 20. O N E L O G I N E N T E R P R I S E I D E N T I T Y Unified Cloud Directory Single Sign-On Multi-factor Authentication User Provisioning Anywhere, Any-Device
    21. 21. Unified Cloud Directory Single Sign-On Multi-factor Authentication User Provisioning Anywhere, Any-Device O N E L O G I N E N T E R P R I S E I D E N T I T Y
    22. 22. Unified Cloud Directory Single Sign-On Multi-factor Authentication User Provisioning Anywhere, Any-Device O N E L O G I N E N T E R P R I S E I D E N T I T Y
    23. 23. Unified Cloud Directory Single Sign-On Multi-factor Authentication User Provisioning Anywhere, Any-Device O N E L O G I N E N T E R P R I S E I D E N T I T Y
    24. 24. Unified Cloud Directory Single Sign-On Multi-factor Authentication User Provisioning Anywhere, Any-Device O N E L O G I N E N T E R P R I S E I D E N T I T Y
    25. 25. O N E L O G I N I N C R E A S E S S E C U R I T Y, R E D U C E S I T C O S T S , & I M P R O V E S P R O D U C T I V I T Y Securely add Apps at the Speed of Business Minimize Identity Management spend Increase IT team productivity and enterprise security Enforce Security for Apps and Devices Engage employees to enforce policy and work more productively
    26. 26. OneLogin Product DemoProduct Tour
    27. 27. THANK YOU Rob Capozzi Sales Engineer rob.capozzi@onelogin.com Samer Baroudi Product Marketing samer.baroudi@onelogin.com

    ×