SlideShare una empresa de Scribd logo

CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps

CloudIDSummit
CloudIDSummit

David McNeely, Director of Product Management, Centrify When it comes to identity, thinking outside of the box benefits both end users and IT organizations alike. IDaaS allows enterprises to make identity a transparent and ubiquitous part of their cloud and mobile applications, securely. Whether you’re developing application services, in-house mobile apps or taking advantage of existing SaaS apps, gain insight into integrating and managing mobile user access with your existing Identity Services, all while ensuring consistency in authentication, authorization, security policy and compliance. Attend this session and learn how to establish one single login for users and one unified identity infrastructure for IT.

TecnologíaEmpresariales
1 de 26
Descargar para leer sin conexión
©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.     Beyond  the  Building:   Secure  Identity  Services  for  Mobile  and  Cloud  Apps  
2   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  The  Shift  to  a  People  Oriented  IT  is  driving  BYO   •  Users  are  bringing  their  own  Devices,  Laptops,  Mobile  and  SaaS  Apps   •  This  creates  risk  as  users  end  up  with  too  many  accounts  and  passwords   •  IT  must  control  and  secure  the  applications  and  data   •  Centralizing  control  over  these  new  mobile  and  SaaS  Applications   •  Embracing  Federated  Authentication  for  SaaS  and  Mobile  Apps   •  Extending  the  Enterprise  login  to  SaaS  applications   •  Federated  Authentication  for  Mobile  Apps  and  Containers   Secure  Identity  Services  for  Mobile  &  Cloud  Apps  
3   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. IT  is  evolving  from  an  IT  asset-­‐centric  perspective  to  a  user-­‐centric  perspective   The  New  Challenges  of  a  People  Oriented  IT   15 Years Ago Current Environment Enterprise IT Systems Just core processes All the business processes Application Users A few transaction experts Most employees Access Device Desktop PC Desktop, Laptop, Tablet or Smartphone Access Location Your desk Anywhere Application usage modality Specific data entry and access On demand, ongoing, mostly for access to information Security risk Limited – access by specific individuals, from known locations for predictable purposes Much Larger – potentially from any device, located anywhere
4   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Organizations  are  increasingly   allowing  employees  to  bring   their  own  devices   •  Enterprise  Device  Alliance   (EDA)  polled  277  organizations   representing  ~1.5M  users   Bring  Your  Own:  Laptop,  Smartphone,  Tablet   66% 85% 67% 78% 75% 10000+ 2-10,000 500-2,000 100-500 All Responding Organizations by Number of Employees EDA: 3/4 of All Organizations Condone BYOD
5   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Organizations  are  increasingly   allowing  employees  to  bring  their   own  devices   •  Laptops  are  no  different:   •  Given  a  choice,  many  users  will   choose  an  Apple  MacBook   •  Forrester  predicts  that  Mac   systems  will  grow  by  52%  in  the   Enterprise   Bring  Your  Own:  Laptop,  Smartphone,  Tablet   0% 10% 20% 30% 40% 50% 60% 70% 10000+ 2000-10,000 500-2,000 100-500 35% 31% 22% 36% 60% 50% 48% 45% Mac Laptops Windows Laptops Macs make up over 1/3 of all Laptops in the Enterprise
6   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Consumer  oriented  features  present  security  challenges  for  the  Enterprise   •  OS  X  Internet/File/Screen  Sharing   •  iCloud  Document  and  Data  Sharing   •  “Day  1”  effect  for  new  products   •  Consumers  want  to  use  new     products  and  updates  the  day     that  they  are  launched   •  Users  tend  to  update  devices   every  2  years   •  End  User  is  the  “admin”   •  IT  has  much  less  control  over     configuration   •  Enforcing  security  is  challenging   Bring  Your  Own  Presents  New  Challenges  
7   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. BYOD  Drives  Mobile  App  and  SaaS  Adoption   Which  creates  risk   •  Multiple  logins  for  users   •  Multiple  identity  infrastructures  for  IT  to  manage   ID Smartphones and Tablets End Users Laptops ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID
8   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. IT  Must  Ensure  Compliance  with  Regulations   •  Security  Policies  are  designed  to  protect:   •  Government,  business  and  financial  data   •  Consumer  and  patient  privacy     •  The  Rules  are  well  defined  for  IT:     •  Establish  separation  of  duties   •  Enforce  system  security  policies   •  Enforce  network  access  policies   •  Encrypt  data-­‐in-­‐motion  and  at  rest   •  Enforce  “least  access”   •  Grant  privileges  to  individuals  granularly   •  Audit  user  access  and  privileged  user  activities   Payment Card Industry Data Security Standard Federal Information Security Management Act NIST Special Publication 800-53 Basel II. FFIEC Information Security Booklet Health Insurance Portability and Accountability Act Sarbanes-Oxley Act Section 404
9   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. 1.  Enable  employee  productivity   •  They  can  access  data  they  need  for  work,  anywhere  at  anytime   •  IT  and  security  don’t  get  in  the  way   2.  Ensure  compliance  requirements  are  addressed   •  IT  can  enforce  requires  security  policies  on  business  data   •  IT  is  able  to  maintain  access  controls  over  business  applications   3.  Efficient  management   •  Security  officers  can  easily  describe  the  security  policies  to  be  enforced   •  Helpdesk  can  easily  take  on  the  responsibilities  of  managing     Requirements  for  Enabling  People  Oriented  IT  
10   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. IT  Needs  a  Unified  Identity  Service   Where  users  have  one  login  ID  and  password       And  IT  has  one  Federated  Identity  Infrastructure  to  manage   Smartphones and Tablets Laptops ID End Users
11   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Federated  Identity  ensures  that  users  only   need  to  use  their  AD  userid/password   •  Only  one  password  to  remember   •  Password  is  protected  by  the  Enterprise  in   AD   •  AD-­‐based  federation  provides  several   advantages  for  IT   •  Leverages  existing  account  and  password   policies  –  simplifying  management   •  Ensures  that  IT  controls  access     eliminating  risk  of  orphaned  accounts           Strengthen  Security  with  Federated  Identity   Federa&on   Trust   ID Cloud Proxy Server IDP as a Service Firewall ID
12   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. Mobilize  app  and  service  access   •  Enable  mobile  access  to  Enterprise  services  and  applications   •  Design  mobile  interfaces  to  seamlessly  integrate  with  the  Enterprise  services   Containerization  to  separate  work  from  personal   •  Protect  work  applications  and  data  from  data  leakage   •  Provide  the  laptop  experience  on  mobile,  unlock  and  access  all  business  apps   Centralize  mobile  and  application  administration   •  Enabling  IT  to  manage  security  policies  for  Mobile,  Workstations  and  Servers   •  Unifying  app  management  into  one  interface  for  Mobile,  Web  and  SaaS  Apps   •  Leveraging  automated  lifecycle  management  through  AD   Extend  Identity  Services  to  Mobile  Platforms  
13   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Ensure  Integrity  of  the  mobile  platform,  since  the  user  is  the  admin   •  Prevent  unauthorized  access  to  the  mobile  platform   •  Leverage  PKI  authentication  for  SSO  to  Exchange  ActiveSync  ,  Wi-­‐Fi  and  VPN   •  Design  mobile  apps  to  use  federated  SSO  where  possible   Mobilize  App  and  Service  Access   Active Directory-based Security Infrastructure ID
14   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Platform  Security  can  be  compromised  if  the  mobile  platform  has  been   “jailbroken”  (iOS)  or  “rooted”  (Android)   •  This  then  enables  unsigned  applications  to  run  on  the  device   •  It  also  enables  tampering  or  modification  of  the  OS   •  And  allows  malicious  applications  to  access  data  contained  in  other  applications   •  As  long  as  the  device  has  not  been  “jailbroken”  or  “rooted”  then  Enterprise  Apps  can   be  safely  run  on  the  device   •  There  is  no  need  to  worry  about  Applications  that  a  user  may  install,  IF  sandboxing  is  intact   •  We  do  need  to  look  at  what  users  can  do  with  data  in  these  apps  –  this  is  where  containers   are  needed   Actions:     •  Establish  an  acceptable  use  policy  that  prevents  usage  of  “jailbroken”  or  “rooted”  devices   •  Leverage  an  MDM  that  provides  continuous  “jailbreak”  or  “rooted”  device  detection,   enforcing  this  policy   Ensure  Integrity  of  Mobile  Platform  
15   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  There  are  several  scenarios  that  must  be  addressed  to  prevent  unauthorized  access  to   the  device  and  any  applications  or  data  it  may  have:   •  Misplaced  -­‐  passcode  policy  to  wipe  on  X  number     of  invalid  unlock  attempts   •  Misplaced/Lost  –  Remove  Profiles  to  ensure     no  access  to  corporate  resources   •  Lost/Stolen  –  Remote  Wipe  to  ensure     no  access  to  device  contents   Actions:     •  Establish  policy  to  auto-­‐lock  the  device   •  Establish  policy  to  wipe  on  max  invalid     passcode  attempts   •  Leverage  MDM  for  Remote  Wipe  for     lost  devices   Prevent Unauthorized Access
16   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  The  goal  is  to  eliminate  the  weakness  of  password  based  authentication   •  Leverage  strong  PKI  Certificate  based  authentication  where  possible   •  Eliminates  the  account  lockout  issue  when  multiple  devices  cache  a  user’s  password   •  Enterprise  Networks   •  WiFi  should  be  configured  for  PKI  authentication,  eg.  EAP-­‐TLS   •  VPN  should  be  configured  For  PKI  authentication   •  Exchange  ActiveSync   •  Only  allow  access  by  authorized  systems,  eg.  require  PKI  authentication   •  Ensure  that  only  register  devices  access  ActiveSync,  e.g.  turn  on  automatic  mobile  device   quarantine  and  grant  access  only  to  registered  devices  for  each  user.   Provide  Secure  Access  to  Enterprise  Services   16
17   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. Mobilize  Apps  with  Federated  Zero  Sign-­‐On   Cloud Proxy Server IDP as a Service Firewall Integrate  Mobile  App  Authentication   •  Mobile  app  authenticates  and  registers   AD  as  it’s  identity  provider   •  Mobile  app  can  access  information   about  user  attributes  in  AD   •  Mobile  app  gains  SSO  to  backend   services   Hosted Application Mobile OS Mobile App Mobile Auth SDK MDM Step 2 One time user authentication & device registration Step 1 Web Application Registration Step 4 Token based Authentication Step 3 Token Generation ID
18   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Example  Sales  app  integrated  into  Federated  Authentication  via   Mobile  Authentication  Service  SDK   •  App  launch  calls  EnterpriseAuthentication.getUserInformation()   •  If  the  app  is  not  registered  OR  if  reauth  is  required  then   •  The  EnterpriseAuthentication  SDK  will:   •  Display  enterprise  login  screen   •  Login  to  AD   •  Check  user  authorization   •  Check  device  Jailbreak  status   •  Request  Certificate   •  Display  “Welcome  %username”   •  else   •  Display  “Welcome  %username”   •  onClick  “Profile”   •  Call  EnterpriseAuthentication.userLookup()   •  Display  User  Attributes  from  AD   •  onClick  “Sales  Records”   •  Call  EnterpriseAuthentication.getSecurityToken(target)   •  Request  data  from  target  using  SecurityToken  to  authenticate   Mobile  Authentication  Service  SDK  
19   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Secure  Container  built  on  a  Secure  OS  for  both  security  and  usability   •  Provides  dual  persona  usage  of  popular  mobile  applications   •  SSO  for  all  apps  in  container  -­‐  enabling  the  laptop  experience  on  a  mobile  device     Containerization  Separates  Work  From  Personal  
20   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  HW  level  and  OS  level  Security     •  Secure  Boot  for  preventing  “Unauthorized”  Operating  System     •  Security  Enhanced  (SE)  Android  developed  by  NSA  (National  Security  Agency)     •  TrustZone-­‐based  Integrity  Measurement     •  Android  F/W  and  Application  level  Security     •  Application  and  data  isolation  for  work  and  play  with  Container     •  On-­‐Device  Data  Encryption   •  Virtual  Private  Network  (FIPS  140-­‐2)   •  Support  for  management  via     Active  Directory  /  Group  Policy     Manager   •  Policies  to  comply  with  the     US  DoD  Mobile  OS  Security     Requirements  Guide*   •  including  CAC  /  PIV  card  support     Security  From  The  Ground  Up  
21   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Multi-­‐application  SSO  is  built   into  the  Knox  Container   •  One  SSO  Registration  for  the   Container   •  Whitelisted  apps  can  use  the   Enterprise  SSO  Service   •  The  container  provides   Enterprise  SSO  as  a  Service   •  Identifies  the  authenticated   user  to  the  apps   •  Provides  AD  attributes  of  the   user  such  as  group   memberships   •  Grants  security  tokens  upon   request  for  authorized  web   app/service   Containerization  with  Multi-­‐App  SSO   Cloud Proxy Server IDP as a Service Firewall Web Application Samsung SE Android Step 2 One time user authentication & Container registration Step 1 Web Application Registration Step 4 Token based Authentication ID KNOX Container Mobile App 2 Mobile Auth SDK Enterprise SSO Mobile App 1 Mobile Auth SDK Personal App Step 3 Token Generation
22   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Dual  persona  enables  usage  of  the  same  app  with  different  personalities   •  Personal  Mail  on  the  device,  Business  Mail  in  the  container   •  Personal  Box  account  on  the  device,  Business  Box  account  in  the  container   Containerization  for  Dual  Persona  Usage   Office 365: david.mcneely@centrify.com Box: david.mcneely@centrify.com Mail: david@mcneely.com Gmail: dfmcneely@gmail.com Box: david@mcneely.com
23   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Unifying  Application  management  into  one  interface  for  Mobile,  Web  and  SaaS   Applications   •  Leveraging  processes  and  knowledge  of  lifecycle  management  through  AD   Integrated  Mobile  and  App  Administration  
24   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. Active Directory-based Security Infrastructure •  You  have  existing  Infrastructure,  Management  Tools  and  Processes   •  Look  to  leverage  these  where  possible  to  minimize  retraining   •  Examples  of  existing  IT  Management  Infrastructure  and  Tools:   •  Active  Directory  is  typically  used  to  manage  both  User  and  Computer   •  Active  Directory  groups  are  used  to  manage  user  access   •  Group  Policy  is  typically  used  to  manage  System  security  policies  based  on  group   membership   •  Microsoft  Certificate  Authority  is  used  to  manage  PKI  keys  for  all  Windows  systems,   Automatically   Leverage  Existing  Knowledge,  Tools  and  Processes   Active Directory User & Computer Windows Certificate AuthorityActive Directory Group Policy
25   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. Federated  Identity  Service  centralizes  application  authorization  under  IT  control   •  Providing  users  with  SSO  to  authorized  services  and  applications   •  Eliminates  the  multiple  password  challenges  associated  with  hosted  applications  and  services   Mobilized  application  access  and  ZSO  enables  employee  productivity   •  Users  can  access  data  they  need  for  work,  anywhere  at  anytime  with  mobile  access  to  email,   shared  files  and  applications   •  IT  and  security  don’t  get  in  the  way  with  zero  sign-­‐on  and  container-­‐based  management   Containerization  enables  security  to  addresses  compliance  requirements   •  IT  can  enforce  requires  security  policies  on  business  data  using  Group  Policy   •  IT  is  able  to  maintain  access  controls  over  business  applications   Integrated  administration  enables  IT  to  efficiently  manage  mobility   •  Security  officers  can  easily  describe  the  security  policies  to  be  enforced   •  Helpdesk  can  easily  take  on  the  responsibilities  of  managing       Security  Beyond  the  Building  
©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.     Thank  You  

Recomendados

CIS14: Mobilize Your Workforce with Secure Identity Services
CIS14: Mobilize Your Workforce with Secure Identity ServicesCIS14: Mobilize Your Workforce with Secure Identity Services
CIS14: Mobilize Your Workforce with Secure Identity Services
CloudIDSummit
 
BYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security IssuesBYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security Issues
Harsh Kishore Mishra
 
Wp byod
Wp byodWp byod
Wp byod
J
 
Preparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility StrategyPreparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility Strategy
Logicalis Australia
 
Byod
ByodByod
Byod
Asifulla Azad
 
Bring your own device
Bring your own deviceBring your own device
Bring your own device
C/D/H Technology Consultants
 
BYOD
BYODBYOD
BYOD
Neeraj Muduli
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
Cisco Canada
 

Recomendados

CIS14: Mobilize Your Workforce with Secure Identity Services
CIS14: Mobilize Your Workforce with Secure Identity ServicesCIS14: Mobilize Your Workforce with Secure Identity Services
CIS14: Mobilize Your Workforce with Secure Identity Services
CloudIDSummit
 
BYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security IssuesBYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security Issues
Harsh Kishore Mishra
 
Wp byod
Wp byodWp byod
Wp byod
J
 
Preparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility StrategyPreparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility Strategy
Logicalis Australia
 
Byod
ByodByod
Byod
Asifulla Azad
 
Bring your own device
Bring your own deviceBring your own device
Bring your own device
C/D/H Technology Consultants
 
BYOD
BYODBYOD
BYOD
Neeraj Muduli
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
Cisco Canada
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
Murray Security Services
 
BYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And BenefitsBYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And Benefits
Modis
 
BYOD: Implementation and Security Issues
BYOD: Implementation and Security IssuesBYOD: Implementation and Security Issues
BYOD: Implementation and Security Issues
Harsh Kishore Mishra
 
Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD]
Md Yousup Faruqu
 
Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation
Delivery Centric
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
Sina Manavi
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
k33a
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
OracleIDM
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
Chris Pepin
 
Mobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - AtidanMobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - Atidan
David J Rosenthal
 
Bring Your Own Device - DesktopDirect by Array Networks
Bring Your Own Device - DesktopDirect by Array Networks Bring Your Own Device - DesktopDirect by Array Networks
Bring Your Own Device - DesktopDirect by Array Networks
Intellicomp GmbH
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Mobile Device Management for Dummies
Mobile Device Management for DummiesMobile Device Management for Dummies
Mobile Device Management for Dummies
Sybase Türkiye
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot
Caston Thomas
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
Intel IT Center
 
IBM Connect 2013: BYOD at IBM
IBM Connect 2013: BYOD at IBMIBM Connect 2013: BYOD at IBM
IBM Connect 2013: BYOD at IBM
Chris Pepin
 
Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own Device
Waterstons Ltd
 
Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise Authentication
Entrust Datacard
 
Its cabinet jan24_2011
Its cabinet jan24_2011Its cabinet jan24_2011
Its cabinet jan24_2011
jeremychobbs
 
Mobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefitsMobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefits
Waterstons Ltd
 
Mobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesMobilize your workforce with secure identity services
Mobilize your workforce with secure identity services
Sumana Mehta
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
Sumana Mehta
 

Más contenido relacionado

La actualidad más candente

BYOD: Implementation and Security Issues
BYOD: Implementation and Security IssuesBYOD: Implementation and Security Issues
BYOD: Implementation and Security Issues
Harsh Kishore Mishra
 
Mobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - AtidanMobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - Atidan
David J Rosenthal
 
Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own Device
Waterstons Ltd
 
Mobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefitsMobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefits
Waterstons Ltd
 

La actualidad más candente (20)

Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
BYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And BenefitsBYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And Benefits
 
BYOD: Implementation and Security Issues
BYOD: Implementation and Security IssuesBYOD: Implementation and Security Issues
BYOD: Implementation and Security Issues
 
Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD]
 
Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
 
Mobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - AtidanMobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - Atidan
 
Bring Your Own Device - DesktopDirect by Array Networks
Bring Your Own Device - DesktopDirect by Array Networks Bring Your Own Device - DesktopDirect by Array Networks
Bring Your Own Device - DesktopDirect by Array Networks
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
Mobile Device Management for Dummies
Mobile Device Management for DummiesMobile Device Management for Dummies
Mobile Device Management for Dummies
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
 
IBM Connect 2013: BYOD at IBM
IBM Connect 2013: BYOD at IBMIBM Connect 2013: BYOD at IBM
IBM Connect 2013: BYOD at IBM
 
Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own Device
 
Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise Authentication
 
Its cabinet jan24_2011
Its cabinet jan24_2011Its cabinet jan24_2011
Its cabinet jan24_2011
 
Mobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefitsMobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefits
 

Similar a CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps

Mobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesMobilize your workforce with secure identity services
Mobilize your workforce with secure identity services
Sumana Mehta
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
Sumana Mehta
 
Wally Mead - Managing mobile devices with system center 2012 r2 configuration...
Wally Mead - Managing mobile devices with system center 2012 r2 configuration...Wally Mead - Managing mobile devices with system center 2012 r2 configuration...
Wally Mead - Managing mobile devices with system center 2012 r2 configuration...
Nordic Infrastructure Conference
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Security
 
Ebc collab portfolio_master
Ebc collab portfolio_masterEbc collab portfolio_master
Ebc collab portfolio_master
dakins090174
 
Security Management in the Cloud
Security Management in the CloudSecurity Management in the Cloud
Security Management in the Cloud
GaryArdito
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2
 

Similar a CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps (20)

Mobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesMobilize your workforce with secure identity services
Mobilize your workforce with secure identity services
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Primendi Pilveseminar - Enterprise Mobility suite
Primendi Pilveseminar - Enterprise Mobility suitePrimendi Pilveseminar - Enterprise Mobility suite
Primendi Pilveseminar - Enterprise Mobility suite
 
Security Beyond the Firewall
Security Beyond the FirewallSecurity Beyond the Firewall
Security Beyond the Firewall
 
Session 4 Enterprise Mobile Security
Session 4 Enterprise Mobile SecuritySession 4 Enterprise Mobile Security
Session 4 Enterprise Mobile Security
 
Wally Mead - Managing mobile devices with system center 2012 r2 configuration...
Wally Mead - Managing mobile devices with system center 2012 r2 configuration...Wally Mead - Managing mobile devices with system center 2012 r2 configuration...
Wally Mead - Managing mobile devices with system center 2012 r2 configuration...
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...
 
Microsoft Enterprise Mobility Suite Launch Presentation - Atidan
Microsoft Enterprise Mobility Suite Launch Presentation - AtidanMicrosoft Enterprise Mobility Suite Launch Presentation - Atidan
Microsoft Enterprise Mobility Suite Launch Presentation - Atidan
 
MMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itMMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure it
 
#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck
 
Modern Management for Identiteter og Enheter – Azure AD, Intune og Windows 10
Modern Management for Identiteter og Enheter – Azure AD, Intune og Windows 10Modern Management for Identiteter og Enheter – Azure AD, Intune og Windows 10
Modern Management for Identiteter og Enheter – Azure AD, Intune og Windows 10
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
 
MobileIron's Enterprise Solution for Mobile Web Browsing
MobileIron's Enterprise Solution for Mobile Web BrowsingMobileIron's Enterprise Solution for Mobile Web Browsing
MobileIron's Enterprise Solution for Mobile Web Browsing
 
Ebc collab portfolio_master
Ebc collab portfolio_masterEbc collab portfolio_master
Ebc collab portfolio_master
 
Security Management in the Cloud
Security Management in the CloudSecurity Management in the Cloud
Security Management in the Cloud
 
Three Keys to Building a Secure Mobile Infrastructure in Government Environments
Three Keys to Building a Secure Mobile Infrastructure in Government EnvironmentsThree Keys to Building a Secure Mobile Infrastructure in Government Environments
Three Keys to Building a Secure Mobile Infrastructure in Government Environments
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
 

Más de CloudIDSummit

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 

Más de CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 

Último (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps

  • 1. ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.     Beyond  the  Building:   Secure  Identity  Services  for  Mobile  and  Cloud  Apps  
  • 2. 2   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  The  Shift  to  a  People  Oriented  IT  is  driving  BYO   •  Users  are  bringing  their  own  Devices,  Laptops,  Mobile  and  SaaS  Apps   •  This  creates  risk  as  users  end  up  with  too  many  accounts  and  passwords   •  IT  must  control  and  secure  the  applications  and  data   •  Centralizing  control  over  these  new  mobile  and  SaaS  Applications   •  Embracing  Federated  Authentication  for  SaaS  and  Mobile  Apps   •  Extending  the  Enterprise  login  to  SaaS  applications   •  Federated  Authentication  for  Mobile  Apps  and  Containers   Secure  Identity  Services  for  Mobile  &  Cloud  Apps  
  • 3. 3   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. IT  is  evolving  from  an  IT  asset-­‐centric  perspective  to  a  user-­‐centric  perspective   The  New  Challenges  of  a  People  Oriented  IT   15 Years Ago Current Environment Enterprise IT Systems Just core processes All the business processes Application Users A few transaction experts Most employees Access Device Desktop PC Desktop, Laptop, Tablet or Smartphone Access Location Your desk Anywhere Application usage modality Specific data entry and access On demand, ongoing, mostly for access to information Security risk Limited – access by specific individuals, from known locations for predictable purposes Much Larger – potentially from any device, located anywhere
  • 4. 4   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Organizations  are  increasingly   allowing  employees  to  bring   their  own  devices   •  Enterprise  Device  Alliance   (EDA)  polled  277  organizations   representing  ~1.5M  users   Bring  Your  Own:  Laptop,  Smartphone,  Tablet   66% 85% 67% 78% 75% 10000+ 2-10,000 500-2,000 100-500 All Responding Organizations by Number of Employees EDA: 3/4 of All Organizations Condone BYOD
  • 5. 5   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Organizations  are  increasingly   allowing  employees  to  bring  their   own  devices   •  Laptops  are  no  different:   •  Given  a  choice,  many  users  will   choose  an  Apple  MacBook   •  Forrester  predicts  that  Mac   systems  will  grow  by  52%  in  the   Enterprise   Bring  Your  Own:  Laptop,  Smartphone,  Tablet   0% 10% 20% 30% 40% 50% 60% 70% 10000+ 2000-10,000 500-2,000 100-500 35% 31% 22% 36% 60% 50% 48% 45% Mac Laptops Windows Laptops Macs make up over 1/3 of all Laptops in the Enterprise
  • 6. 6   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Consumer  oriented  features  present  security  challenges  for  the  Enterprise   •  OS  X  Internet/File/Screen  Sharing   •  iCloud  Document  and  Data  Sharing   •  “Day  1”  effect  for  new  products   •  Consumers  want  to  use  new     products  and  updates  the  day     that  they  are  launched   •  Users  tend  to  update  devices   every  2  years   •  End  User  is  the  “admin”   •  IT  has  much  less  control  over     configuration   •  Enforcing  security  is  challenging   Bring  Your  Own  Presents  New  Challenges  
  • 7. 7   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. BYOD  Drives  Mobile  App  and  SaaS  Adoption   Which  creates  risk   •  Multiple  logins  for  users   •  Multiple  identity  infrastructures  for  IT  to  manage   ID Smartphones and Tablets End Users Laptops ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID ID
  • 8. 8   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. IT  Must  Ensure  Compliance  with  Regulations   •  Security  Policies  are  designed  to  protect:   •  Government,  business  and  financial  data   •  Consumer  and  patient  privacy     •  The  Rules  are  well  defined  for  IT:     •  Establish  separation  of  duties   •  Enforce  system  security  policies   •  Enforce  network  access  policies   •  Encrypt  data-­‐in-­‐motion  and  at  rest   •  Enforce  “least  access”   •  Grant  privileges  to  individuals  granularly   •  Audit  user  access  and  privileged  user  activities   Payment Card Industry Data Security Standard Federal Information Security Management Act NIST Special Publication 800-53 Basel II. FFIEC Information Security Booklet Health Insurance Portability and Accountability Act Sarbanes-Oxley Act Section 404
  • 9. 9   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. 1.  Enable  employee  productivity   •  They  can  access  data  they  need  for  work,  anywhere  at  anytime   •  IT  and  security  don’t  get  in  the  way   2.  Ensure  compliance  requirements  are  addressed   •  IT  can  enforce  requires  security  policies  on  business  data   •  IT  is  able  to  maintain  access  controls  over  business  applications   3.  Efficient  management   •  Security  officers  can  easily  describe  the  security  policies  to  be  enforced   •  Helpdesk  can  easily  take  on  the  responsibilities  of  managing     Requirements  for  Enabling  People  Oriented  IT  
  • 10. 10   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. IT  Needs  a  Unified  Identity  Service   Where  users  have  one  login  ID  and  password       And  IT  has  one  Federated  Identity  Infrastructure  to  manage   Smartphones and Tablets Laptops ID End Users
  • 11. 11   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Federated  Identity  ensures  that  users  only   need  to  use  their  AD  userid/password   •  Only  one  password  to  remember   •  Password  is  protected  by  the  Enterprise  in   AD   •  AD-­‐based  federation  provides  several   advantages  for  IT   •  Leverages  existing  account  and  password   policies  –  simplifying  management   •  Ensures  that  IT  controls  access     eliminating  risk  of  orphaned  accounts           Strengthen  Security  with  Federated  Identity   Federa&on   Trust   ID Cloud Proxy Server IDP as a Service Firewall ID
  • 12. 12   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. Mobilize  app  and  service  access   •  Enable  mobile  access  to  Enterprise  services  and  applications   •  Design  mobile  interfaces  to  seamlessly  integrate  with  the  Enterprise  services   Containerization  to  separate  work  from  personal   •  Protect  work  applications  and  data  from  data  leakage   •  Provide  the  laptop  experience  on  mobile,  unlock  and  access  all  business  apps   Centralize  mobile  and  application  administration   •  Enabling  IT  to  manage  security  policies  for  Mobile,  Workstations  and  Servers   •  Unifying  app  management  into  one  interface  for  Mobile,  Web  and  SaaS  Apps   •  Leveraging  automated  lifecycle  management  through  AD   Extend  Identity  Services  to  Mobile  Platforms  
  • 13. 13   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Ensure  Integrity  of  the  mobile  platform,  since  the  user  is  the  admin   •  Prevent  unauthorized  access  to  the  mobile  platform   •  Leverage  PKI  authentication  for  SSO  to  Exchange  ActiveSync  ,  Wi-­‐Fi  and  VPN   •  Design  mobile  apps  to  use  federated  SSO  where  possible   Mobilize  App  and  Service  Access   Active Directory-based Security Infrastructure ID
  • 14. 14   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Platform  Security  can  be  compromised  if  the  mobile  platform  has  been   “jailbroken”  (iOS)  or  “rooted”  (Android)   •  This  then  enables  unsigned  applications  to  run  on  the  device   •  It  also  enables  tampering  or  modification  of  the  OS   •  And  allows  malicious  applications  to  access  data  contained  in  other  applications   •  As  long  as  the  device  has  not  been  “jailbroken”  or  “rooted”  then  Enterprise  Apps  can   be  safely  run  on  the  device   •  There  is  no  need  to  worry  about  Applications  that  a  user  may  install,  IF  sandboxing  is  intact   •  We  do  need  to  look  at  what  users  can  do  with  data  in  these  apps  –  this  is  where  containers   are  needed   Actions:     •  Establish  an  acceptable  use  policy  that  prevents  usage  of  “jailbroken”  or  “rooted”  devices   •  Leverage  an  MDM  that  provides  continuous  “jailbreak”  or  “rooted”  device  detection,   enforcing  this  policy   Ensure  Integrity  of  Mobile  Platform  
  • 15. 15   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  There  are  several  scenarios  that  must  be  addressed  to  prevent  unauthorized  access  to   the  device  and  any  applications  or  data  it  may  have:   •  Misplaced  -­‐  passcode  policy  to  wipe  on  X  number     of  invalid  unlock  attempts   •  Misplaced/Lost  –  Remove  Profiles  to  ensure     no  access  to  corporate  resources   •  Lost/Stolen  –  Remote  Wipe  to  ensure     no  access  to  device  contents   Actions:     •  Establish  policy  to  auto-­‐lock  the  device   •  Establish  policy  to  wipe  on  max  invalid     passcode  attempts   •  Leverage  MDM  for  Remote  Wipe  for     lost  devices   Prevent Unauthorized Access
  • 16. 16   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  The  goal  is  to  eliminate  the  weakness  of  password  based  authentication   •  Leverage  strong  PKI  Certificate  based  authentication  where  possible   •  Eliminates  the  account  lockout  issue  when  multiple  devices  cache  a  user’s  password   •  Enterprise  Networks   •  WiFi  should  be  configured  for  PKI  authentication,  eg.  EAP-­‐TLS   •  VPN  should  be  configured  For  PKI  authentication   •  Exchange  ActiveSync   •  Only  allow  access  by  authorized  systems,  eg.  require  PKI  authentication   •  Ensure  that  only  register  devices  access  ActiveSync,  e.g.  turn  on  automatic  mobile  device   quarantine  and  grant  access  only  to  registered  devices  for  each  user.   Provide  Secure  Access  to  Enterprise  Services   16
  • 17. 17   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. Mobilize  Apps  with  Federated  Zero  Sign-­‐On   Cloud Proxy Server IDP as a Service Firewall Integrate  Mobile  App  Authentication   •  Mobile  app  authenticates  and  registers   AD  as  it’s  identity  provider   •  Mobile  app  can  access  information   about  user  attributes  in  AD   •  Mobile  app  gains  SSO  to  backend   services   Hosted Application Mobile OS Mobile App Mobile Auth SDK MDM Step 2 One time user authentication & device registration Step 1 Web Application Registration Step 4 Token based Authentication Step 3 Token Generation ID
  • 18. 18   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Example  Sales  app  integrated  into  Federated  Authentication  via   Mobile  Authentication  Service  SDK   •  App  launch  calls  EnterpriseAuthentication.getUserInformation()   •  If  the  app  is  not  registered  OR  if  reauth  is  required  then   •  The  EnterpriseAuthentication  SDK  will:   •  Display  enterprise  login  screen   •  Login  to  AD   •  Check  user  authorization   •  Check  device  Jailbreak  status   •  Request  Certificate   •  Display  “Welcome  %username”   •  else   •  Display  “Welcome  %username”   •  onClick  “Profile”   •  Call  EnterpriseAuthentication.userLookup()   •  Display  User  Attributes  from  AD   •  onClick  “Sales  Records”   •  Call  EnterpriseAuthentication.getSecurityToken(target)   •  Request  data  from  target  using  SecurityToken  to  authenticate   Mobile  Authentication  Service  SDK  
  • 19. 19   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Secure  Container  built  on  a  Secure  OS  for  both  security  and  usability   •  Provides  dual  persona  usage  of  popular  mobile  applications   •  SSO  for  all  apps  in  container  -­‐  enabling  the  laptop  experience  on  a  mobile  device     Containerization  Separates  Work  From  Personal  
  • 20. 20   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  HW  level  and  OS  level  Security     •  Secure  Boot  for  preventing  “Unauthorized”  Operating  System     •  Security  Enhanced  (SE)  Android  developed  by  NSA  (National  Security  Agency)     •  TrustZone-­‐based  Integrity  Measurement     •  Android  F/W  and  Application  level  Security     •  Application  and  data  isolation  for  work  and  play  with  Container     •  On-­‐Device  Data  Encryption   •  Virtual  Private  Network  (FIPS  140-­‐2)   •  Support  for  management  via     Active  Directory  /  Group  Policy     Manager   •  Policies  to  comply  with  the     US  DoD  Mobile  OS  Security     Requirements  Guide*   •  including  CAC  /  PIV  card  support     Security  From  The  Ground  Up  
  • 21. 21   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Multi-­‐application  SSO  is  built   into  the  Knox  Container   •  One  SSO  Registration  for  the   Container   •  Whitelisted  apps  can  use  the   Enterprise  SSO  Service   •  The  container  provides   Enterprise  SSO  as  a  Service   •  Identifies  the  authenticated   user  to  the  apps   •  Provides  AD  attributes  of  the   user  such  as  group   memberships   •  Grants  security  tokens  upon   request  for  authorized  web   app/service   Containerization  with  Multi-­‐App  SSO   Cloud Proxy Server IDP as a Service Firewall Web Application Samsung SE Android Step 2 One time user authentication & Container registration Step 1 Web Application Registration Step 4 Token based Authentication ID KNOX Container Mobile App 2 Mobile Auth SDK Enterprise SSO Mobile App 1 Mobile Auth SDK Personal App Step 3 Token Generation
  • 22. 22   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Dual  persona  enables  usage  of  the  same  app  with  different  personalities   •  Personal  Mail  on  the  device,  Business  Mail  in  the  container   •  Personal  Box  account  on  the  device,  Business  Box  account  in  the  container   Containerization  for  Dual  Persona  Usage   Office 365: david.mcneely@centrify.com Box: david.mcneely@centrify.com Mail: david@mcneely.com Gmail: dfmcneely@gmail.com Box: david@mcneely.com
  • 23. 23   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. •  Unifying  Application  management  into  one  interface  for  Mobile,  Web  and  SaaS   Applications   •  Leveraging  processes  and  knowledge  of  lifecycle  management  through  AD   Integrated  Mobile  and  App  Administration  
  • 24. 24   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. Active Directory-based Security Infrastructure •  You  have  existing  Infrastructure,  Management  Tools  and  Processes   •  Look  to  leverage  these  where  possible  to  minimize  retraining   •  Examples  of  existing  IT  Management  Infrastructure  and  Tools:   •  Active  Directory  is  typically  used  to  manage  both  User  and  Computer   •  Active  Directory  groups  are  used  to  manage  user  access   •  Group  Policy  is  typically  used  to  manage  System  security  policies  based  on  group   membership   •  Microsoft  Certificate  Authority  is  used  to  manage  PKI  keys  for  all  Windows  systems,   Automatically   Leverage  Existing  Knowledge,  Tools  and  Processes   Active Directory User & Computer Windows Certificate AuthorityActive Directory Group Policy
  • 25. 25   ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.   | Identify. Unify. Centrify. Federated  Identity  Service  centralizes  application  authorization  under  IT  control   •  Providing  users  with  SSO  to  authorized  services  and  applications   •  Eliminates  the  multiple  password  challenges  associated  with  hosted  applications  and  services   Mobilized  application  access  and  ZSO  enables  employee  productivity   •  Users  can  access  data  they  need  for  work,  anywhere  at  anytime  with  mobile  access  to  email,   shared  files  and  applications   •  IT  and  security  don’t  get  in  the  way  with  zero  sign-­‐on  and  container-­‐based  management   Containerization  enables  security  to  addresses  compliance  requirements   •  IT  can  enforce  requires  security  policies  on  business  data  using  Group  Policy   •  IT  is  able  to  maintain  access  controls  over  business  applications   Integrated  administration  enables  IT  to  efficiently  manage  mobility   •  Security  officers  can  easily  describe  the  security  policies  to  be  enforced   •  Helpdesk  can  easily  take  on  the  responsibilities  of  managing       Security  Beyond  the  Building  
  • 26. ©  2004-­‐2012.    Centrify  Corporation.    All  Rights  Reserved.     Thank  You