New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
2012-01 How to Secure a Cloud Identity Roadmap
1. How to Secure a Cloud
Identity Roadmap
Tony LoCascio, CISSP
Sr. Systems Engineer | Symplified January 2012
2. AGENDA
• Market Dynamics of Cloud Computing
• The Cloud Innovation
• Building a Cloud Roadmap
• Security & Risk Consideration
• The Cloud Broker
• About Symplified
3. Market Dynamics of Cloud Computing:
The real market size of cloud computing
and how the different markets will evolve
4. Evolution to cloud computing
Cloud
Business Broker
Evolution
Private Cloud-
Cloud bursting
Consolidation Virtualization
Technical
Silo’d Grid
Evolution
Source: Forrester Research, Inc.
5. Cloud Computing Market:
• Infrastructure as a service market
will peak at $5.9 billion in global
revenue in 2014 and then
commoditization, price pressure
and falling margins kick in.
• Software as a service will be
adopted by companies of all sizes.
In 2011, SaaS will be a $21.2 billion
market and grow to $92.8 billion in
2016. AT that point SaaS comes
closer to saturation.
• Business Process as a service will
be notable, but face modest
revenue.
6. Cloud Innovation:
Examples of how the cloud is not typically
replacing existing assets but used to
accelerate innovation
7.
8. Some Examples:
1. Hosted email: (Google mail, Microsoft…)
2. Remote Storage: (Box.net, Humyo, Amazon S3, Apple MobileMe…)
3. Collaboration: (Salesforce, Google Wave, WebEx, Spicebird…)
4. Virtual office (Google Apps, MS 365…)
5. Streaming Media: (Netflix, Hulu, Crackle…)
6. Social Media: (Facebook, LinkedIn, Twitter…)
7. Extra processing power (Amazon EC2, Rackspace…)
9. AHA Launches Collaboration Services
Challenge
(B2E/Employee-to-SaaS):
Needed seamless login to
their Collaboration platform;
supporting intranet
applications and SaaS
services
Results:
Increased user adoption of
the collaboration platform,
bridging private and public
cloud apps. Up and running
in less than two months.
We are extremely pleased with the Symplified solution as it has allowed
us to deliver on all of our security and compliance objectives for the
Social Intranet & Collaboration platform project. We have been very
impressed by the professionalism and level of support from Symplified
throughout the entire sales and implementation process.
Jack MacKay
Vice President & Chief Information Officer
American Hospital Association
10. Cloud Computing proposes to transform the way IT is
deployed and managed, promising:
1. Faster time-to-market
2. Accelerated Innovation
3. Reduced Complexity
4. Lower implementation, maintenance costs
5. Scale applications and infrastructure on demand
11. Building a Cloud Roadmap:
Recommendations for building a cloud
roadmap and navigating from
virtualization to private cloud and public
cloud offerings
12. Information Security Focal Areas
Access
Least Control
Privileged
Multi-
Encryption Factor
Confidentiality Integrity
Only authorized Data has not
Disclosure been modified Authenticity
Verifies
Identity
Possession
Control of
Information
Availability Key
Data accessible
when needed Core Concept
Utility Related Concept
Redundancy
Usefulness
of data Technique
Recovery
13. Roadmap Recommendations:
1. Building a security program
2. Confidential data protection
3. Data availability
4. Implementing strong access and identity
5. Application provisioning and de-provisioning
6. Governance audit management
7. Vulnerability management
8. Testing and validation
14. Selecting the right strategy
Understand the industry vertical's tendencies
External factors (PCI, HIPAA, FISMA…)
Internal drivers
Compliance / Audit
Recent Breach or Threats
M&A / Divestitures
User Experience / Ease of Use
Business culture
Leadership
Technical landscape
Outsourcing adoption
Cloud adoption
Risk tolerance
Cost cutting initiatives
15. Security & Risk Considerations:
How to integrate internal IT with external
cloud services and overcome security and
risk barriers
16. SaaS Inhibitors
What are your firm's concerns, if any, with software-as-a-service (SaaS)?
Security concerns
Integration challenges with other applications
Application performance (e.g., downtime, speed)
Total cost concerns (total cost of ownership)
Lack of maturity
Not customizable
Difficulty and risk of migration or installation
Pricing is unclear or complicated
We're locked in financially with our current vendor
We can't find the specific application we need
None. We don't have any concerns
Other
Don't know
0% 10% 20% 30% 40% 50% 60% 70%
Base: 913 North American and European software decision makers .Source: Fossights
Software Survey, Q4, 2010
20. The Problem: Identity Silos
User Growth Fuels Complexity Sensitive Data Outside Firewall
SaaS Creates Management Silos
Enterprise Integration
21. Scenario: Deprovisioning
» Terminated employee is
removed from Active Directory
» Admin must repeat
Removal from all
siloed apps
But Cloud apps aren’t
integrated so a terminated
employee can access
company data and apps
22. Scenario: Deprovisioning
» Terminated employee is
removed from Active Directory
» One step for admin
» Centralized policies
Terminated employee no
longer has access to apps
23. The role of the Identity Broker
Internal Web Apps Public Cloud Apps
Identity
Broker
25. Proven Team
Eric Olden | CEO & Founder Top Tier Investors
Former CTO of Securant | ClearTrust
Built first WAM & Provisioning product
Co-author AuthXML (now SAML)
Jonti McLaren | EVP Services Delivery & Founder
Former President of Securant | ClearTrust
Scaled Securant to more than 300 customers in
18 months
Darren Platt | CTO & Founder Buzz
Former VP Engineering of Securant | ClearTrust
Built first STS & federation product
Co-author AuthXML (now SAML)
Jason Merrick Mike Corbisiero
VP Alliances VP Sales
Josh Forman Jay Wallingford
VP Services Delivery VP Engineering
Pioneered Identity & Access
Management with ClearTrust
Acquired by
Thanks for joining us.I’m DP, Symplified’s CTOGoing to discuss a couple of aspects of how Symplified’s service helps our customers with their Cloud Roadmap by discussing a couple of the ‘lessons learned’ or principles we’ve based our architecture and design on, and how those are manifested in our design..
“The global cloud computing market will grow from $40.7 billion in 2011 to more than $241 billion in 2020, according to new Forrester forecast data reported in Sizing The Cloud by Stefan Ried, Ph.D. and HolgerKisker, Ph.D. Based on Forrester’s cloud market taxonomy, this new report outlines the different market dynamics for the three core layers of cloud computing – the public cloud, the virtual private cloud, and the private cloud. The total size of the public cloud market will grow from $25.5 billion in 2011 to $159.3 billion in 2020. The market for virtual private cloud solutions will grow from $7.5 billion in 2011 to $66.4 billion in 2020. The market for private cloud solutions will grow from $7.8 billion in 2011 to $15.9 billion in 2020.”
It’s these challenges around integration that drives customers to a “cloud broker’ model. Very much like we saw in the EDI market with the advent of ‘value added networks’.Rather than every company building the integration for themselves, have a broker do it once and share that cost across customers. Something a cloud-delivered service is very good at doing.
The CIA Triad is a venerable, well-known model for security policy development, used to identify problem areas and necessary solutions for information security.
It’s not about features and functions – not yet.These important culture characteristics must be understood and respected
Last couple of slides discussed the challenges an IDP, or service consumer, faces. This slide describes the challenge faced by SPs.
Last lesson learned we’ll discuss today that Federation is about establishing relationships. The technology is based on establishing one to one relationships.What we’ve learned is that the one to one model doesn’t work – let’s take a closer look at why.
So what does this have to do with my business, my architecture? So if we can’t grow our IT resources to meet this growth what can we do? By a show of hands who’s IT teams are growing linearly? Most IT teams I’m working with today are seeing their teams/resources either staying flat or growing at most incrementally. Well, its critical to understand the dynamics of growth to devise a successful technology strategy. As SaaS and the Cloud grow, either linearly or exponentially, our IT organizations aren’t growing that fast. The result is a deterioration in security, agility or flexibility.It comes down to rethinking how federation is done. There is an alternative, made possible by the Cloud, to managing this growth.I posit that there is only one way that this will scale. And that means we transform our thinking towards a radically simple alternative. Move from a one-to-one mindset to a one-to-many. This is the proven model of utility scalability.
One of our observations about Identity technology is that many of the problems that exist, and we are solving by creating WAM and IAM solutions is that one of the fundamental problems we’re addressing is Identity Silos – the fact that users are being administered separatedly in different applications. First generation WAM products solved this within enterprises, but a new approach is required between/across them.Some of the aspects/drivers are discussed on this slide.
So let’s discuss a real world scenario and demonstrate why this is a problem.
Need an ability to extend internal controls to the cloud. Otherwise latency associated with propagating that user delete can cause issues around unauthorized access or elevation of privelege.
(Key benefit is that Symplified makes these all work together so you don’ have to integrate it like with Oracle/CA etc and also that you have something complete unlike Ping who is just federated SSO)