White. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013



Similar documents
White. Paper. Cloud Computing Demands Enterprise- class Password Management and Security. April 2013

How To Manage A Plethora Of Identities In A Cloud System (Saas)

White. Paper. Rethinking Endpoint Security. February 2015

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

Research Report. Abstract: 2014 Public Cloud Computing Trends. March 2014

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Online File Sharing and Collaboration: Deployment Model Trends

SunGard Enterprise Cloud Services Date: March 2012 Author: Mark Bowker, Senior Analyst

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

The Benefits of an Integrated Approach to Security in the Cloud

White. Paper. The Application Deluge and Visibility Imperative: How to ensure network performance for your business-critical applications

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst

Advanced Cyber Threats Demand a New Privileged Account Security Model Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

ESG Brief. Overview by The Enterprise Strategy Group, Inc. All Rights Reserved.

Security Intelligence: A Key Component of Big Data Security Analytics Date: December 2012 Author: Jon Oltsik, Senior Principal Analyst

managing SSO with shared credentials

Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Identity in the Cloud

Research Report. Abstract: The Impact of Cloud Computing on the Channel. September By Jeff Hine and Bill Lundell

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Secure Enterprise Online File Sharing with Syncplicity Date: November 2014 Author: Tony Palmer, Senior Lab Analyst, Aviv Kaufmann, Lab Analyst

Research Report. Abstract: 2013 Public Cloud Computing Trends. March 2013

Top Eight Identity & Access Management Challenges with SaaS Applications. Okta White Paper

How To Understand The Needs Of The Network

Platform-as-a-service Usage and Satisfaction Study

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

E l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s

The Benefits of a Hybrid Security Architecture

The State of Mobile Computing Security

Enterprise Strategy Group Getting to the bigger truth. By Bill Lundell, Senior Research Analyst and John McKnight, VP Research and Analysts

NCSU SSO. Case Study

Enterprise Strategy Group Getting to the bigger truth. Radware ADC Survey. Final Results. Jon Oltsik, Senior Principal Analyst

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Integrating Single Sign-on Across the Cloud By David Strom

The Challenge of Securing and Managing Data While Meeting Compliance

1 The intersection of IAM and the cloud

Research Perspectives

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta Inc. 301 Brannan Street San Francisco, CA 94107

The Shift Toward Data Protection Appliances

Prompta volumus denique eam ei, mel autem

Getting on the Road to SDN. Attacking DMZ Security Issues with Advanced Networking Solutions

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

STRONGER AUTHENTICATION for CA SiteMinder

Solution Brief. Introduction

Speeding Office 365 Implementation Using Identity-as-a-Service

Cloud Computing Adoption Trends:

Research Report. Abstract: Social Enterprise Adoption Trends. June 2012

Trends in Private Cloud Infrastructure

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Virtual Patch Management Offers Automation, Availability, and Cost Benefits Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Six Best Practices for Cloud-Based IAM

SaaS with a Face: User Satisfaction in Cloud- based E- mail Management with Mimecast

White. Paper. EMC Isilon: A Scalable Storage Platform for Big Data. April 2014

Cybersecurity Skills Shortage: A State of Emergency

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

a best practices guide Six Best Practices for Cloud-Based Identity Management Services Making Identities Work Securely in the Cloud

Varonis: Secure Enterprise Collaboration and File Sharing Date: June 2015 Author: Terri McClure, Senior Analyst; and Leah Matuson, Research Analyst

Service Updates and Enhancements

Enterprise Big Data, Business Intelligence, and Analytics Trends

Capturing the New Frontier:

Hybrid Cloud Identity and Access Management Challenges

White Pages Managed Service Solution Rapid Global Directory Implementation. White Paper

Safeguarding the cloud with IBM Dynamic Cloud Security

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

Novell Cloud Security Service Reducing Risk by Securing the Cloud. Stefan Stiehl Senior Sales Technology Specialist

Citrix Ready Solutions Brief. CA Single Sign-On and Citrix NetScaler: Quickly Adapt to Your Dynamic Authentication Demands. citrix.

Compensating Security Controls for Windows Server 2003 Security

Optimizing Service Levels in Public Cloud Deployments

White Paper. Getting ahead in the cloud. the need for better identity and access controls

White. Paper. What s Needed for Cloud Computing? Focus on Networking and WAN Optimization. June, 2010

A Security Practitioner s Guide to the Cloud Maintain Trust and Control in Virtualized Environments with SafeNet s Trusted Cloud Fabric

Simplify And Innovate The Way You Consume Cloud

IBM Tivoli Federated Identity Manager

Corporate Online File Sharing and Collaboration Market Trends

The ESG Cybersecurity Maturity Model

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Is your organization developing its own custom applications specifically for mobile devices? (Percent of respondents, N=242)

The Convergence of Big Data Processing and Integrated Infrastructure

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Information-driven Security and RSA Security Analytics and RSA ECAT

How To Make A Cloud Service Federation A Successful Business Model

Business-Driven, Compliant Identity Management

Evaluating IaaS security risks

Choosing the Right Active Directory Framework

The Data Center of the Future

Cloud Identity Buyer s Guide

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

TRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

RSA Identity Management & Governance (Aveksa)

VDI-Centric Endpoint Security Can Help Lower Costs and Increase ROI

Secure Cloud Computing

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

The Aim of IAM: Mycroft s XSpectra Delivers Identity & Access Management to Midmarket & SMBs

This ESG White Paper was commissioned by Extreme Networks and is distributed under license from ESG.

Transcription:

White Paper Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS By Jon Oltsik, Senior Principal Analyst January 2013 This ESG White Paper was commissioned by McAfee. and is distributed under license from ESG. 2013 by The Enterprise Strategy Group, Inc. All Rights Reserved

White Paper: Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS 2 Contents Executive Summary...3 SaaS Is Well Established in the Enterprise...3 SaaS Presents Challenges for User Management... 4 Large Organizations Need an IAM Bridge for SaaS...5 SSO: On-premises or On-demand?...6 The Bigger Truth...8 All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of the Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.

White Paper: Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS 3 Executive Summary For the past several years the IT industry has been buzzing about cloud computing, yet most organizations continue to maintain a cautious plan for Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) use. At the same time however, enterprises are rapidly embracing SaaS applications as replacements for in-house systems or for supporting and automating business processes. While far from perfect, SaaS applications such as Salesforce.com, Google apps, and box.com are helping organizations cut cost, improve communications, and improve efficiency. As promising as these benefits are, however, SaaS can carry a fundamental problem because it circumvents time-tested internal IT processes and controls such as Identity and Access Management (IAM). This white paper concludes: SaaS introduces a layer of management complexity. Bringing SaaS into corporate governance conformance can introduce unwelcome manual processes or new technical integration. This is especially true with Identity and Access Management (IAM) tasks such as provisioning user accounts, managing passwords, and monitoring user behavior. Large organizations need an IAM bridge. Integrating with SaaS on an application-by-application basis can t scale as enterprises deploy more SaaS applications. To bridge this gap, large organizations need IAM tools that centralize internal and SaaS-based user administration, authentication, and monitoring/reporting. These tools should also provide flexible methods for SaaS connectivity. SSO solutions to the rescue? A number of SSO products and services have the potential to act as a nexus for internal and SaaS-based IAM needs. Unfortunately, many organizations find it difficult to choose between on-premises products and on-demand services as neither is a perfect match for their needs. This has led to market confusion and delays in SSO implementation in some cases. Enterprise organizations would benefit from hybrid solutions. Large, geographically dispersed organizations will find use cases for SSO products and services in various business units and locations. Given this, they will benefit most from a hybrid SSO architecture of tightly integrated products and services that integrate into the existing IAM infrastructure, provide flexible options for SaaS integration, and offer common management across product and service deployment. SaaS Is Well Established in the Enterprise Cloud computing can be a controversial topic where opinions range from the future of IT to pure hyperbole. However, this polarization does not apply to one of the variants of cloud computing, Software-as-a-Service (SaaS). According to ESG research, 46% of large midmarket (i.e., 500 to 999 employees) and enterprise (i.e., more than 1,000 employees) organizations already use SaaS services today. Another 17% of organizations plan to use SaaS services in the future and 21% of firms have no concrete plans but are interested in purchasing SaaS services in the future. 1 ESG research indicates that organizations are consuming a wide range of SaaS services led by CRM, e-mail, human resources, and project management (see Figure 1). 2 Why are these firms turning to SaaS? Business managers like the flexibility, choices, and instant access offered by SaaS offerings while CIOs are happy to eliminate capital and operating costs. Growth in BYOD and mobile computing is also driving more and more SaaS consideration and implementation. 1 Source: ESG Research Report, 2012 Public Cloud Computing Trends, March 2012. 2 Source: Ibid.

White Paper: Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS 4 Figure 1. SaaS Applications Deployed What specific applications has your organization currently deployed via a SaaS model? (Percent of respondents, N=283, multiple responses accepted) CRM (Customer Relationship Management) E-mail Human resources Project management Internet / e-mail marketing Security (anti-spam, anti-virus, etc.) Sales force automation Industry-specific applications Content management / document management Data protection (backup and recovery, data Collaboration / file sharing Accounting / financial Business analytics Legal (e-discovery, case management, etc.) 11% 36% 35% 31% 28% 28% 27% 25% 24% 24% 24% 23% 22% 20% 0% 10% 20% 30% 40% SaaS Presents Challenges for User Management Source: Enterprise Strategy Group, 2012. Given the pace of implementation, it seems clear that SaaS is delivering strong business and IT benefits. In spite of these positive results, however, SaaS implementation and management challenges remain, especially with regard to IAM. For example: Business managers need to align SaaS with governance and regulatory compliance. While SaaS applications offload IT costs, they also limit management oversight and visibility. This can present a problem for regulated organizations that need to manage and audit role definition, separation of duties, and access controls. Yes, many SaaS vendors provide administration portals and data feeds for ease of use, but each SaaS provider tends to have its own proprietary tools for monitoring, reporting, and auditing. This forces organizations to manage and audit regulatory compliance activities of a growing number of individual SaaS reports. This creates operations overhead and can lead to more frequent human error. Users struggle with a multitude of authentication methods and credentials. Unfortunately, employees are forced to create a new username and password for each new SaaS application. To manage this situation, many users simply use the same username and password across a multitude of SaaS applications, creating a security vulnerability. Some firms address this situation by demanding strong passwords and active password management for SaaS but this can be counterproductive. Many security researchers find that these strategies alienate employees, compromise user productivity, or force them to write down and display each username/password combination near their desktops. All of these situations limit the value and security of SaaS. User administration becomes an IT nightmare. IAM activities such as provisioning/de-provisioning user accounts, strong authentication, and single sign-on are difficult enough within the enterprise. The addition of SaaS increases IAM complexity further by introducing a host of new applications with minimal control and oversight. Integration with internal tools is possible but can be complex and time consuming.

White Paper: Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS 5 Ironically, the SaaS model strength is also its weakness in this case. Since SaaS is independent of internal IT options, it can provide great opportunities for flexibility, business process enablement, and cost control. At the same time however, this independence means that user accounts and activity monitoring spans across multiple internal and external IT departments, each with its own methodology for user management and reporting. This can only lead to operations overhead, security vulnerabilities, and user productivity issues. Large Organizations Need an IAM Bridge for SaaS ESG believes that the situation described above has reached a tipping point. Large organizations are increasingly turning to SaaS solutions, resulting in user management difficulties and additional IT risk. This Faustian compromise is simply unsustainable. So what s needed? Rather than attempt to perform user management on a SaaS-by-SaaS basis, large organizations need a bridge that centralizes: User lifecycle management. Internal IT must have the ability to provision, de-provision, and change user accounts (i.e., change user role, group, password, etc.) for all SaaS applications from a central console. To minimize redundant operations, these administrative activities must be tightly integrated with existing user repositories such as Active Directory. Authentication controls. User authentication into SaaS applications demands flexible options. IT administrators need the ability to enforce strong password management, leverage existing multi-factor authentication technologies, or seamlessly tie into SaaS-based authentication methods while remaining transparent to user activities. SaaS connectivity. IT managers need tools for single sign-on (SSO) connectivity to disparate SaaS applications. Since these connections will vary, SSO technology must support federated ID standards such as SAML tokens and provide native connectors for proprietary sign-on techniques such as shared secrets. The best SSO tools will also provide form-based authentication for connections with elementary SaaS applications lacking technical integration points. Monitoring, reporting, and auditing. Collecting and analyzing user activity is essential for risk management, compliance, and incident detection/response. Unfortunately, ESG research indicates that the ability to track user behavior for security analysis is an area of weakness at many organizations (see Figure 2). 3 To address this shortcoming, IAM technologies that bridge internal IT and SaaS applications must provide strong monitoring, reporting, and auditing. 3 Source: ESG Research Report, The Emerging Intersection Between Big Data and Security Analytics, November 2012.

White Paper: Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS 6 Figure 2. User Behavior Activity Monitoring Remains a Weakness for Many Enterprises In which of the following areas do you believe your organization s security monitoring is weakest with regard to incident detection? (Percent of respondents, N=257, multiple responses accepted) User behavior activity monitoring/visibility 28% Alternative endpoint monitoring/visibility 25% Current threat intelligence 24% Sensitive data access/activity monitoring/visibility 23% Network traffic monitoring/visibility 22% 0% 5% 10% 15% 20% 25% 30% Source: Enterprise Strategy Group, 2012. Recognizing these new requirements, several technology vendors introduced new single sign-on technologies over the past few years. These SSO tools provide a combination of user management, password management, authentication, federated identity management, and SaaS connectivity to bridge the IAM gap described above. SSO: On-premises or On-demand? Since SSO technologies have the ability to unify internal IT and SaaS IAM, enterprise organizations adopting SaaS applications are actively pursuing these solutions. They then realize that leading SSO solutions can be deployed as on-premises solutions or cloud-based services. This begs an obvious question: Which type of solution is best? The answer here may be obvious to highly regulated companies or organizations associated with law enforcement, defense, or intelligence. These firms will almost always opt for on-premises security solutions. For the vast majority of remaining organizations, however, the answer to this question will depend on a multitude of factors. Is the company centralized or globally distributed? How many user accounts are managed? Is the company highly skilled at IAM? How aggressively is the organization adopting SaaS? While the answers to questions like these may guide IT toward on-premises or on-demand SSO, smart CIOs recognize that their requirements will change over time. Additionally, large global organizations may have business units that align with on-premises SSO products and others that fit the on-demand model. Clearly, the future is uncertain and requirements will undoubtedly change over time. This is exactly why ESG recommends that large organizations work with vendors offering both on-premises and on-demand SSO solutions. By doing so, CIOs can implement SSO where appropriate and have the flexibility to swap on-premises products for on-demand services (or vice versa) in the future. When selecting vendors, however, large organizations should make sure that their SSO solutions:

White Paper: Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS 7 Provide comprehensive IAM capabilities. Look for a portfolio of features/functionality that includes things such as user administration (i.e., user provisioning, change management, password management), SaaS connectivity, strong authentication, and broad reporting (i.e., user behavior, logging, runtime metrics, etc.). The best SSO systems will supplement the existing IAM infrastructure with new capabilities such as onetime passwords (OTP), device authentication, and federated identity support. Integrate into the existing IAM infrastructure. SSO products and services must seamlessly connect with LDAP directories, RADIUS servers, and existing user authentication technologies of all kinds. The best solutions will also provide a wide range of provisioning and SSO custom connectors to leading SaaS solutions and alternative methods for integrating with the plethora of burgeoning SaaS options. Work with leading SaaS providers. In addition to providing connectors, top-tier SSO solution vendors will also work directly with leading SaaS providers to enhance useability and security for their integrated solutions. Offer common management across products and services. Organizations deploying a combination of SSO products and services should demand common command-and-control for policy management, identity administration, monitoring, and reporting. This common management layer can help CIOs align disparate identity management requirements with the right SSO products or services today and provide the flexibility to make changes in the future. CIOs looking for a one-stop shop for SSO products and services may be disappointed as few vendors offer both the form factors and the requirements defined above. McAfee (an Intel company) is one notable exception. While the company s products have different naming conventions, the McAfee Cloud Identity Manager and Cloud SSO service are actually a tightly integrated combination of on-premises and cloud-based SSO with rich IAM feature sets. Both systems support leading SaaS providers such as Salesforce, Google, and Box; offer necessary user administration capabilities; and provide flexible options for authentication. The products and services integrate into existing IAM infrastructure elements and provide good out-of-box reporting and analytics capabilities. As a security market leader, McAfee also surrounds its SSO offering with other leading products and services. For example, McAfee Cloud Identity Manager and Cloud SSO can use Intel Identity Protection Technology (IPT) for device authentication and integrate with McAfee security products such as its Web Gateway. Given these attributes, CIOs should willingly evaluate McAfee s SSO products and services to see how they align with present and future SaaS plans.

The Bigger Truth White Paper: Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS 8 ESG and industry data clearly points to a new direction for enterprise IT. Cloud computing is increasingly attractive and many organizations are actively evaluating use cases. While large organizations are taking a pragmatic approach to IaaS and PaaS, they are aggressively deploying SaaS applications. SaaS simply introduces flexibility and business enablement benefits that internal IT systems can t match. While SaaS continues to gain momentum, ESG recommends that CIOs temper their enthusiasm and assess what this trend means for existing policies, procedures, and technologies. In the case of IAM, SaaS can usurp internal control, add administrative overhead, and increase risk. To maximize SaaS benefits, CIOs need to find ways to bridge the growing gap between internal IT and SaaS. From an IAM perspective, this can be done effectively with the right SSO products and services. Large organizations will likely need to consider and implement both for different facilities and business units. Given this, ESG recommends tightly integrated SSO products and services from vendors such as McAfee and Intel as they can support SSO with the right resources, support, innovation, and industry partnerships.

20 Asylum Street Milford, MA 01757 Tel: 508.482.0188 Fax: 508.482.0218 www.esg-global.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information