The document discusses how organizations can regain control over their hybrid cloud environments through identity and access management, visibility, and continuous compliance. It recommends starting with a strong identity fabric and leveraging identity context to gain awareness and visibility. Continuous monitoring is needed to maintain security and compliance across physical, virtual, and cloud systems through automation and real-time alerts. Role-based dashboards can provide the right visibility for different users. NetIQ provides expertise and products that can help power cloud service providers and enterprises in securing hybrid cloud environments.

1. Reigning in the Cloud:
Regaining control of your Hybrid Cloud
environment
Gary Ardito
Chief Architect, Cloud Service Provider Solutions
Gary.Ardito@NetIQ.com

2. © 2012 NetIQ Corporation. All rights reserved.2
Who am I?
o 30 years solving business problems with
technology
o 15 + years as as principal architect – solutions
that matter – Fortune 500, .com, Non Profits,
Olympic Games
o Consulted on business inhibitors, technology
enablers and risk mitigation – thought
leadership to move businesses forward
o Historical leader of Identity and Access
Management Market
o Market leading products across Identity,
Access, SIEM, and Compliance
Management
o Enabling cloud adoption by powering
both service providers and enterprises

3. © 2012 NetIQ Corporation. All rights reserved.3
Why are we here?
o Cloud use is expanding and maturing … we are all
moving to a hybrid cloud future
o Mobile, Social, BYOD and the Internet Of Things are
all reeking havoc with our security management
o Current security management approaches are
broken
o Challenges exist for both Service Providers and
Enterprises

4. © 2012 NetIQ Corporation. All rights reserved.4
The Intelligent combination of internal and external resources
to deliver the right mix of cost savings, service levels and
business agility.
Start with the Hybrid Cloud

5. © 2012 NetIQ Corporation. All rights reserved.5
Add new computing contexts
Users are driving change.
Mobility BYOD Social IdentityCloud
Enterprise Service Provider

6. © 2012 NetIQ Corporation. All rights reserved.6
With new and unprecedented challenges
New, Persistent
Threats
Expanding
Computing
Environment
Business / Mission
Keeps
Moving
Staff
Stretched
Thin
Constant change & complexity results in
lack of control and visibility

7. © 2012 NetIQ Corporation. All rights reserved.7
How do we regain control?
 Protection: Strongly enforce access, compliance,
security and behavioral policies across all computing
domains
 Awareness: Capture activity with context for all
events across the breadth of your computing
environment
 Visibility: Provide role-specific, business level
dashboards exposing critical activity and patterns
 Action: Policy based, real-time action based on
appropriate remediation strategies

8. © 2012 NetIQ Corporation. All rights reserved.8
Physical Virtual Cloud
Secure
Measure
Manage
Identity, Access, and Compliance
Operational and SLA Dashboards
Migrations, DR, and Brokering
FIREWALL
INTERNAL CLOUD (on-premise) EXTERNAL CLOUD (off-premise)
Hybrid Cloud
Requires new management frameworks.

9. © 2012 NetIQ Corporation. All rights reserved.9
Hybrid Cloud Environment
It starts with IDENTITY
Access
Mgmt
Identity &
Context
Identity
Management
Awareness
& Visibility

10. © 2012 NetIQ Corporation. All rights reserved.10
Who and what interacts with the computing
environment?
What behavior do I expect of each identity?
• Benefits of an Identity fabric include:
• Manages full lifecycle of user/device identities and privileges
• Ensures that identities have the right access to right
resources
• Traces all activity to the identity responsible – contextual
accountability
• Keeps sensitive information protected regardless of location
and method of access
• Keeps security credentials protected
Start with a Strong Identity Fabric

11. © 2012 NetIQ Corporation. All rights reserved.11
Go beyond with “Identity Context”
• Deliver additional, rich context
about users and events to
security monitoring tools
• See “who” the individual is;
know if their activities are
business-appropriate.
– Integrate identity intelligence
with security monitoring
– Roles, access rights, permissions
– Increase visibility and control
across complex IT landscape
– Cloud, mobile, virtual

12. © 2012 NetIQ Corporation. All rights reserved.12
Go further with “Identity Context”
Speed response times to threats and reduce the compliance effort.
• Identify when user activity is unusual, anomalous or
outside normal business practices
• Demonstrate that access is under control, meets
compliance requirements
Andy Anderson
What actions have they been
performing in those applications?
What applications has this user
been using?
What privilege changes have
been applied?

13. © 2012 NetIQ Corporation. All rights reserved.13
Leverage the Identity Fabric
Access can be a service consumed from a
cloud provider or provided within the organization
Access control MUST include the following:
- Federated Identity Controls
- Multi domain
- Cloud awareness
- Audit history of cloud activity
Then Access Management….

14. © 2012 NetIQ Corporation. All rights reserved.14
Problem…
CLOUD RESOURCES
• Separate accounts exist in cloud-based
resources
• Creating accounts in cloud services is a manual
process, whether IT creates the account or if the
user creates the account
• Users must remember separate passwords for
each cloud service, and often use their
credentials
• No compliance reporting of user activity in the
cloud service
Corporate
credentials
No single sign-
on or strong
authentication
Manual
process
IT department No reporting

15. © 2012 NetIQ Corporation. All rights reserved.15
Solution…
CLOUD RESOURCES
• Provide an automated process to provision
user accounts to the cloud resources
• Provide secure single sign-on to the cloud
services w/o the credentials leaving the security
realm
• Provide the ability for users to securely access
the cloud service inside or outside of the
organization
• Provide compliance reporting of the users’
activities in the cloud service
Corporate credentials
Single sign-on
and strong
authentication
Automatic
process
IT department
Full
reporting
Cloud
Access

16. © 2012 NetIQ Corporation. All rights reserved.16
Results…
ENFORCED SECURITY to the Cloud without
impacting existing infrastructure
Onsite IAM
Cloud
Resources
Provisioning /
de-provisioning
Compliance
event reporting
Strong AuthN
SSO
LDAP directories
Federated

17. © 2012 NetIQ Corporation. All rights reserved.17
With Continuous Monitoring and
Compliance
• Maintain security and
compliance processes to
defend against attacks.
• Implement a lifecycle approach
to reduce risk from threats.
– Define and refine processes
– Good security should be the goal,
not “passing the audit.”
Policy
Assess
Evaluate
Risk
AuditRemediate

18. © 2012 NetIQ Corporation. All rights reserved.18
More On Continuous Compliance
Need to close security and compliance gaps by combining user
provisioning, access management, security
monitoring, privileged user management.
Provide process automation working in real time ensuring
compliance with predefined policies.
Provide both data correlation and anomaly detection to address
known and unknown risk areas.
Provide real-time event alerts and remediation based
on policy.

19. © 2012 NetIQ Corporation. All rights reserved.19

20. © 2012 NetIQ Corporation. All rights reserved.20
NEEDED: both business and technical views of
what’s happening across your hybrid cloud infrastructure.
An effective visibility solution must include:
Role-based dashboards based on the image required for
the user to do their job
Business metrics tie-in as basis of upcoming business
decisions based on data provided
Aggregation and analysis of events occurring on-premise
and across all cloud environments
And Visibility…

21. © 2012 NetIQ Corporation. All rights reserved.21
EFFECTIVE VISIBILITY solutions must include:
• Integrate & correlate cross domain data into one
centralized dashboard
• Automatically model IT, application, & business services
• Intuitive, role-based “service view” speeds problem
isolation
• Built-in impact & root-cause analysis to shorten resolution
time by 50%, or more
More on Visibility…

22. © 2012 NetIQ Corporation. All rights reserved.22
ADM
SLM
CMDB360
Asset Data
Compliance
Data
Business
Metrics
Configuration
DataIT Management
Data
Discovery
Data
• Integrates & correlates
existing IT data into one
centralized dashboard
• Automatically models IT,
application, & business
services
• Intuitive, role-based
“service view” speeds
problem isolation
• Built-in impact & root-
cause analysis shortens
resolution time by 50%,
or more
Single Pane of Glass View

23. © 2012 NetIQ Corporation. All rights reserved.23
It’s possible: a secure, compliant
multi-domain environment
1. You must start with a strong on-premise
identity platform
2. You must architect for loosely coupled, federated
access to cloud and on-premise services
3. You must leverage technologies designed to include
cloud domains
4. You must select service providers that support your
multi-domain management architecture.

24. © 2012 NetIQ Corporation. All rights reserved.24
About NetIQ
• Provide expertise and experience in Identity, Access
Management and Security Management
• Help reduce number of privileged users
• Reduce and manage privileges
• Monitor users and look for unusual activity
• Provide visibility into access rights to critical resources
• Harden systems against attackers

25. © 2012 NetIQ Corporation. All rights reserved.25

26. © 2012 NetIQ Corporation. All rights reserved.26
Powering Cloud Service Providers
NetIQ
Cloud Manager
NetIQ
Services Director
Monetizable
As A Service
Offerings
Infrastructure
Marketplace &
Deployment
Monitoring
Identity
Management
Access
Management
SEIM
Privileged
User Mgmt
Identity
Management
Access
Management
Compliance
Management
Infrastructure
Disaster
Recovery
Migrating to
Cloud
SLA
Dashboards
Monitoring
Governance

27. © 2012 NetIQ Corporation. All rights reserved.27

28. © 2012 NetIQ Corporation. All rights reserved.28
+1 713.548.1700 (Worldwide)
888.323.6768 (Toll-free)
info@netiq.com
NetIQ.com
Worldwide Headquarters
1233 West Loop South
Suite 810
Houston, TX 77027 USA
http://community.netiq.com

29. This document could include technical inaccuracies or typographical errors. Changes are
periodically made to the information herein. These changes may be incorporated in new
editions of this document. NetIQ Corporation may make improvements in or changes to the
software described in this document at any time.
Copyright © 2013 NetIQ Corporation. All rights reserved.
ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the
cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration
Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy
Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit,
PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite,
Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ
Corporation or its subsidiaries in the United States and other countries.