Seeing Shapes in the Cloud How Identity & Security Give the Cloud Shape

Transcription

1 Seeing Shapes in the Cloud How Identity & Security Give the Cloud Shape Identity Management Federated Identity Management Presented by: Aubrey Turner Cloud Identity Management June 28, 2013

2 The computer industry is the only industry that is more fashion driven than women s fashion. Maybe I am an idiot, but I have no idea what anyone is talking about. What is it? When is this idiocy going to stop? We ll make cloud computing announcements but I don t understand what we will do differently in light of the cloud. Larry Ellison, CEO Oracle

3 The Cloud Is Here to Stay 80% of new commercial enterprise apps will be deployed on cloud platforms. IDC At year-end 2016, more than 50% of Global 1000 companies will have stored customer-sensitive data in the public cloud. Gartner SO does Identity Management HAVE to move to the cloud as well?

4 With Clouds Come Storms

5 Traditional IAM Concepts IAM Program Management Security Services Federation Services Identity Data Services Access Governance Services Identity Management Services

6 Option 1: Cloud Identity Delegated Admin Enterprise Cloud Service Provider Most Manual Option ADMIN. SP ADMIN. SaaS PaaS IaaS Lowest Complexity & Risk

7 Option 2: Cloud Identity Internal to Cloud Enterprise w/on-prem IAM IAM Platform Lifecycle Management Traditional Identity Vendors Offer Cloud Bridges Truly Hybrid Solution Leverages Current Investment

8 Option 3: Cloud Identity From the Cloud Enterprise Consuming as a True Service CORP. PROVIDER APPLIANCE Tunnel Cloud-Based IAM Service Little Room for Flexibility In Use Cases ADMIN Might Have Real Value for Certain Verticals

9 In my opinion right now there is way too much hype on the technologies and not enough attention to the real business behind them. Mark Cuban, Owner, Dallas Mavericks

10 Out of 106 Customers in Last 20 Months 22 discussed cloud identity alternatives 7 sought pricing and/or demonstrations 2 released RFI s NONE consumed Identity Management from the cloud 10 built cloud connectors 30 use delegated admins

11 Knowing Cloud Adoption Continues What Remains the Same Business Challenges Timeliness Accuracy End User Experience Program Governance Still Critical Local Infrastructure Still Exists Same Users / Same Credentials

12 Knowing Cloud Adoption Continues Key IAM Changes The Authentication Perimeter No Longer Internally Controllable More unknown endpoints for user access One Size Pushed on All Solutions = Need to Adopt Cloud Strategies Multi-tenant for financial feasibility

13 Use Case Proliferation The largest change brings forward the reality that use cases now have NUMEROUS variances 4 standard actors in every use case: 3 potential locations for each of these actors: IAM System User Application Accessed Auth Point Inside the Perimeter Remote (unknown externally) In the Cloud

14 Cloud Functionality Functional Maturity Cloud Functionality Cloud Maturity Description Cloud Prerequisite Benefit SSO / Federation Med/ High Support SSO of ent apps and SaaS apps Ability to support federation standards Enterprise federation out to SaaS applications Authentication Med Cloud-based MFA, risk based/adaptive auth, streamline proofing process Documented authentication policies, support federation standards Outsource Identity Provider Provisioning / Lifecycle Mgnt Low Automate creation and management of acct lifecycle Well defined ent roles, IAM processes Reduce infrastructure required to manage acct lifecycle Access Governance Low Support access certification campaigns Well defined ent roles Reduce infrastructure required to manage certifications

15

16 Cloud Identity Maturity Cycle Provisioning and Access Governance Current (on-prem) Manual processes Some rule-based provisioning Siloed IAM systems Manual approval workflows and certifications Interim (maturation) Process maturation Business process automation Enterprise role development Roll-out, extension of existing IAM /IAG system Future (hybrid) Cloud based provisioning and access governance into enterprises with mature roles and processes defined

17 Additional Cloud Identity Service Concerns Data Protection (international implications) Maintaining Compliance Externally Impacts of Mission-Critical Applications Service Provider Change is Inevitable Very Limited Flexibility When Consuming Identity Management SLA impacts Network Security impacts 3 rd party agreement impacts

18 In Summary. Hybrid will be the new standard. Noise / Hype still rules the day this will CHANGE, over time. Identity/Cloud Bridges are here to stay. The Cloud should be looked at as just another set of applications.

19 Thank You, and I Leave You With This. The Cloud services companies of all sizes; the cloud is for everyone. The Cloud is a democracy. - Marc Benioff, Founder of Salesforce

20 Questions Aubrey Turner Director Strategic Services, Identity & Access Management FishNet Security