2012-01 How to Secure a Cloud Identity Roadmap
•Descargar como PPTX, PDF•
1 recomendación•640 vistas
2012-01 How to Secure a Cloud Identity Roadmap by Tony LoCasio, Sr Engineer, Symplified
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (20)
Similar a 2012-01 How to Secure a Cloud Identity Roadmap
Similar a 2012-01 How to Secure a Cloud Identity Roadmap (20)
Más de Raleigh ISSA
Más de Raleigh ISSA (20)
Último
Último (20)
2012-01 How to Secure a Cloud Identity Roadmap
- 1. How to Secure a Cloud Identity Roadmap Tony LoCascio, CISSP Sr. Systems Engineer | Symplified January 2012
- 2. AGENDA • Market Dynamics of Cloud Computing • The Cloud Innovation • Building a Cloud Roadmap • Security & Risk Consideration • The Cloud Broker • About Symplified
- 3. Market Dynamics of Cloud Computing: The real market size of cloud computing and how the different markets will evolve
- 4. Evolution to cloud computing Cloud Business Broker Evolution Private Cloud- Cloud bursting Consolidation Virtualization Technical Silo’d Grid Evolution Source: Forrester Research, Inc.
- 5. Cloud Computing Market: • Infrastructure as a service market will peak at $5.9 billion in global revenue in 2014 and then commoditization, price pressure and falling margins kick in. • Software as a service will be adopted by companies of all sizes. In 2011, SaaS will be a $21.2 billion market and grow to $92.8 billion in 2016. AT that point SaaS comes closer to saturation. • Business Process as a service will be notable, but face modest revenue.
- 6. Cloud Innovation: Examples of how the cloud is not typically replacing existing assets but used to accelerate innovation
- 8. Some Examples: 1. Hosted email: (Google mail, Microsoft…) 2. Remote Storage: (Box.net, Humyo, Amazon S3, Apple MobileMe…) 3. Collaboration: (Salesforce, Google Wave, WebEx, Spicebird…) 4. Virtual office (Google Apps, MS 365…) 5. Streaming Media: (Netflix, Hulu, Crackle…) 6. Social Media: (Facebook, LinkedIn, Twitter…) 7. Extra processing power (Amazon EC2, Rackspace…)
- 9. AHA Launches Collaboration Services Challenge (B2E/Employee-to-SaaS): Needed seamless login to their Collaboration platform; supporting intranet applications and SaaS services Results: Increased user adoption of the collaboration platform, bridging private and public cloud apps. Up and running in less than two months. We are extremely pleased with the Symplified solution as it has allowed us to deliver on all of our security and compliance objectives for the Social Intranet & Collaboration platform project. We have been very impressed by the professionalism and level of support from Symplified throughout the entire sales and implementation process. Jack MacKay Vice President & Chief Information Officer American Hospital Association
- 10. Cloud Computing proposes to transform the way IT is deployed and managed, promising: 1. Faster time-to-market 2. Accelerated Innovation 3. Reduced Complexity 4. Lower implementation, maintenance costs 5. Scale applications and infrastructure on demand
- 11. Building a Cloud Roadmap: Recommendations for building a cloud roadmap and navigating from virtualization to private cloud and public cloud offerings
- 12. Information Security Focal Areas Access Least Control Privileged Multi- Encryption Factor Confidentiality Integrity Only authorized Data has not Disclosure been modified Authenticity Verifies Identity Possession Control of Information Availability Key Data accessible when needed Core Concept Utility Related Concept Redundancy Usefulness of data Technique Recovery
- 13. Roadmap Recommendations: 1. Building a security program 2. Confidential data protection 3. Data availability 4. Implementing strong access and identity 5. Application provisioning and de-provisioning 6. Governance audit management 7. Vulnerability management 8. Testing and validation
- 14. Selecting the right strategy Understand the industry vertical's tendencies External factors (PCI, HIPAA, FISMA…) Internal drivers Compliance / Audit Recent Breach or Threats M&A / Divestitures User Experience / Ease of Use Business culture Leadership Technical landscape Outsourcing adoption Cloud adoption Risk tolerance Cost cutting initiatives
- 15. Security & Risk Considerations: How to integrate internal IT with external cloud services and overcome security and risk barriers
- 16. SaaS Inhibitors What are your firm's concerns, if any, with software-as-a-service (SaaS)? Security concerns Integration challenges with other applications Application performance (e.g., downtime, speed) Total cost concerns (total cost of ownership) Lack of maturity Not customizable Difficulty and risk of migration or installation Pricing is unclear or complicated We're locked in financially with our current vendor We can't find the specific application we need None. We don't have any concerns Other Don't know 0% 10% 20% 30% 40% 50% 60% 70% Base: 913 North American and European software decision makers .Source: Fossights Software Survey, Q4, 2010
- 17. A Federater’s Challenge Technical Sophistication & Capabilities Fortune 500 Midmarket & SMB Enterprise Consumers & Individuals
- 18. Cloud Provider Infrastructure Security & Privacy 1. Privacy 2. Identity Management 3. Application Security 4. Data Protection 5. Physical Security 6. Availability Compliance 1. Business Continuity 2. Auditability Legal and Contractual 1. Public Record 2. SLAs
- 19. The Cloud Broker: Introduce the new concept of the cloud broker, as it relates to Identity
- 20. The Problem: Identity Silos User Growth Fuels Complexity Sensitive Data Outside Firewall SaaS Creates Management Silos Enterprise Integration
- 21. Scenario: Deprovisioning » Terminated employee is removed from Active Directory » Admin must repeat Removal from all siloed apps But Cloud apps aren’t integrated so a terminated employee can access company data and apps
- 22. Scenario: Deprovisioning » Terminated employee is removed from Active Directory » One step for admin » Centralized policies Terminated employee no longer has access to apps
- 23. The role of the Identity Broker Internal Web Apps Public Cloud Apps Identity Broker
- 24. About Symplified
- 25. Proven Team Eric Olden | CEO & Founder Top Tier Investors Former CTO of Securant | ClearTrust Built first WAM & Provisioning product Co-author AuthXML (now SAML) Jonti McLaren | EVP Services Delivery & Founder Former President of Securant | ClearTrust Scaled Securant to more than 300 customers in 18 months Darren Platt | CTO & Founder Buzz Former VP Engineering of Securant | ClearTrust Built first STS & federation product Co-author AuthXML (now SAML) Jason Merrick Mike Corbisiero VP Alliances VP Sales Josh Forman Jay Wallingford VP Services Delivery VP Engineering Pioneered Identity & Access Management with ClearTrust Acquired by
- 26. Thank You! Tony LoCascio, CISSP tlocascio@symplified.com 29
Notas del editor
- Thanks for joining us.I’m DP, Symplified’s CTOGoing to discuss a couple of aspects of how Symplified’s service helps our customers with their Cloud Roadmap by discussing a couple of the ‘lessons learned’ or principles we’ve based our architecture and design on, and how those are manifested in our design..
- “The global cloud computing market will grow from $40.7 billion in 2011 to more than $241 billion in 2020, according to new Forrester forecast data reported in Sizing The Cloud by Stefan Ried, Ph.D. and HolgerKisker, Ph.D. Based on Forrester’s cloud market taxonomy, this new report outlines the different market dynamics for the three core layers of cloud computing – the public cloud, the virtual private cloud, and the private cloud. The total size of the public cloud market will grow from $25.5 billion in 2011 to $159.3 billion in 2020. The market for virtual private cloud solutions will grow from $7.5 billion in 2011 to $66.4 billion in 2020. The market for private cloud solutions will grow from $7.8 billion in 2011 to $15.9 billion in 2020.”
- It’s these challenges around integration that drives customers to a “cloud broker’ model. Very much like we saw in the EDI market with the advent of ‘value added networks’.Rather than every company building the integration for themselves, have a broker do it once and share that cost across customers. Something a cloud-delivered service is very good at doing.
- The CIA Triad is a venerable, well-known model for security policy development, used to identify problem areas and necessary solutions for information security.
- It’s not about features and functions – not yet.These important culture characteristics must be understood and respected
- Last couple of slides discussed the challenges an IDP, or service consumer, faces. This slide describes the challenge faced by SPs.
- Last lesson learned we’ll discuss today that Federation is about establishing relationships. The technology is based on establishing one to one relationships.What we’ve learned is that the one to one model doesn’t work – let’s take a closer look at why.
- So what does this have to do with my business, my architecture? So if we can’t grow our IT resources to meet this growth what can we do? By a show of hands who’s IT teams are growing linearly? Most IT teams I’m working with today are seeing their teams/resources either staying flat or growing at most incrementally. Well, its critical to understand the dynamics of growth to devise a successful technology strategy. As SaaS and the Cloud grow, either linearly or exponentially, our IT organizations aren’t growing that fast. The result is a deterioration in security, agility or flexibility.It comes down to rethinking how federation is done. There is an alternative, made possible by the Cloud, to managing this growth.I posit that there is only one way that this will scale. And that means we transform our thinking towards a radically simple alternative. Move from a one-to-one mindset to a one-to-many. This is the proven model of utility scalability.
- One of our observations about Identity technology is that many of the problems that exist, and we are solving by creating WAM and IAM solutions is that one of the fundamental problems we’re addressing is Identity Silos – the fact that users are being administered separatedly in different applications. First generation WAM products solved this within enterprises, but a new approach is required between/across them.Some of the aspects/drivers are discussed on this slide.
- So let’s discuss a real world scenario and demonstrate why this is a problem.
- Need an ability to extend internal controls to the cloud. Otherwise latency associated with propagating that user delete can cause issues around unauthorized access or elevation of privelege.
- (Key benefit is that Symplified makes these all work together so you don’ have to integrate it like with Oracle/CA etc and also that you have something complete unlike Ping who is just federated SSO)