Follow the Money How Cloud Providers' Business Needs Drive Enterprise Identity & Security

Similar documents
Oracle Applications and Cloud Computing - Future Direction

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

It s All About Cloud Key Concepts, Players, Platforms And Technologies

1 Novell Use Cases. 1.1 Use Case: Per Tenant Identity Provider Configuration Description/User Story Goal or Desired Outcome

Cloud Computing Technology

TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER IT S ALL ABOUT CLOUD CONCEPTS, STRATEGIES, ARCHITECTURES, PLAYERS, AND TECHNOLOGIES

Inside the Cloud The Supporting Architecture of Cloud Computing. Jack Hanison

Architectural Implications of Cloud Computing

1 The intersection of IAM and the cloud

Program. Maria Fiore Business Development Manager Hartco. Hugo Boutet igovirtual. Introduction to MicroAge. SME and «cloud computing» 2006 MicroAge

Cloud Essentials for Architects using OpenStack

Building Out Your Cloud-Ready Solutions. Clark D. Richey, Jr., Principal Technologist, DoD

A Hotel in the Cloud. Bruno Albietz

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

CHAPTER 8 CLOUD COMPUTING

Certified Cloud Computing Professional VS-1067

CLOUD MANAGEMENT GUIDE

TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER CLOUD 2.0 MOVING FROM COST SAVINGS TO AGILE IT

CLOUD COMPUTING OVERVIEW

Ensuring High Service Levels for Public Cloud Deployments Keys to Effective Service Management

Introduction What is the cloud

The Benefits of Cloud Computing to the E-Commerce Industry July 2011 A whitepaper on how hosting on a cloud platform can lower costs, improve

EMA Radar for Private Cloud Platforms: Q1 2013

THE POWER OF THE CLOUD IS CLOSER THAN YOU THINK. Michael Lee Aaron Saposnik SWC Technology Partners

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

White Paper on CLOUD COMPUTING

Trust but Verify. Vincent Campitelli. VP IT Risk Management

Optimizing Service Levels in Public Cloud Deployments

Cloud Computing An Elephant In The Dark

Secure Identity in Cloud Computing

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY

Welcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014

Cloud Computing The Evolution of IT

Users VM A A A. Application. Compute/Storage/Network. VM Virtual Machine. On-Premises Data Center

Hosting and Colocation Regional Strategies for Growth. April 2015

Commercial Software Licensing

Using Cloud Computing to Drive Innovation: Technological Opportunities and

BMC Control-M for Cloud. BMC Control-M Workload Automation

IT architecture in a cloudified IT organization. Sander Schouten / Richard Bussink Nov, 2012

Definitions. Hardware Full virtualization Para virtualization Hosted hypervisor Type I hypervisor. Native (bare metal) hypervisor Type II hypervisor

Cloud Platforms Today: The Big Picture

World Cloud Computing Market

The Top 5 Federated Single Sign-On Scenarios

Using Cloud Services for Test Environments A case study of the use of Amazon EC2

Open Source Middleware for the Cloud Stratos. Dimuthu Leelarathne Technical Lead and Product Manager

Abstract 1. INTRODUCTION

Lecture 02a Cloud Computing I

CLOUD COMPUTING. A Primer

Dynamic Ranking of Cloud Providers

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Cloud Computing. Bringing the Cloud into Focus

A Gentle Introduction to Cloud Computing

The Top 5 Most Common Cloud Management Functions

ASG CloudFactory IT Transformation with Cloud Orchestration and Service Delivery Automation TECHNOLOGY TO RELY ON

Cloud Computing; What is it, How long has it been here, and Where is it going?

A Study of Infrastructure Clouds

Cloud computing and SAP

OpenStack & AWS: The Fastest Path to Hybrid IT

EXECUTIVE VIEW. Centrify Identity Service. KuppingerCole Report. by Martin Kuppinger January 2015

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors

Cloud Computing From Hype to Reality Use cases. Lars Andersen April 2013

Cloud Computing. Key Considerations for Adoption. Abstract. Ramkumar Dargha

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Cloud Hosting. QCLUG presentation - Aaron Johnson. Amazon AWS Heroku OpenShift

DIGITAL PRESERVATION AND CONTENT MANAGEMENT IN THE CLOUD AGE: ISSUES AND CHALLENGES

Cloud Potential in 2012

Cloud SingularLogic:

Security in Changing IT Ecosystem: Virtualization and Cloud Computing

A Primer on Cloud Computing. By Anand Ganesan Byteonic.com

Digital Forensics. Lab 10: Cloud Computing & the Future of Digital Forensics

Cloud Computing 101 Dissipating the Fog 2012/Dec/xx Grid-Interop 2012

The Cloud. JL Cabrera LTEC 4550

Challenges in embracing cloud storage

Mobile cloud business

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era ( ) Workstation Era ( ) Xerox Star 1981!

IT as a Service. Transforming IT with the Windows Azure Platform. November 2010

Cloud Computing: Making the right choices

Fundamentals of Cloud Computing

Adopting Cloud Computing Build, Buy or Both? Pascal Walschots Communication Sector EMEA HQ February 11, 2009

CLOUD COMPUTING An Overview

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Cloud computing - Architecting in the cloud

1 Introduction Product Description Strengths and Challenges Copyright... 5

Platform Leadership in Software as a Service: How Platforms Facilitate Innovation

utilitycomputing.wordpress.com personal.lse.ac.uk/venters 2012 Will Venters

What is Cloud Computing? Why call it Cloud Computing?

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

Hybrid Cloud Identity and Access Management Challenges

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Lets SAAS-ify that Desktop Application

Keywords Cloud Computing, Platform as a Service, Software as a Service, Infrastructure as a Service, Architecture.

Identity Management Roadmap and Maturity Levels. Martin Kuppinger Kuppinger Cole + Partner mk@kuppingercole.de

Subash Krishnaswamy Applications Software Technology Corporation

Management Consulting for Media and Telecoms. Cloud Service Trends. Solon TMT Industry Briefing. Munich, London, Budapest September 2012

How to Grow and Transform your Security Program into the Cloud

What is a Networked Information System

Security Issues In Cloud Computing And Their Solutions

SECURE CLOUD COMPUTING

Transcription:

Follow the Money How Cloud Providers' Business Needs Drive Enterprise Identity & Security Kuppinger Cole + Partner European Identity Conference 2010 Dale Olds, Distinguished Engineer, Cloud Security Services dolds@novell.com https://virtualsoul.org

Agenda 2 Identify business drivers behind the shifting landscape of enterprise IT, SaaS vendors, and cloud providers Anticipate resulting trends and their implications for security and identity systems Put it all together with some recommendations

The Shifting Landscape of Enterprise IT, SaaS Vendors, and Cloud Providers

A Series of Shifts in the IT Landscape Mainframe to mini computing 4 For example, the Digital Equipment Corporation Programmed Data Processors such as the PDP-11 Mini and mainframes to PCs and Macs Workgroup networks and NetWare Open Source: Linux, Apache, etc. Cloud computing and SaaS In all of these cases, the driving force was departmental autonomy pulling in products and services under the enterprise IT radar

The Players: Enterprises, SaaS Vendors, Hosters/Cloud Providers SaaS Vendors Enterprise Host enterprise applications, Reduce IT costs, Increase reliability ISPs Hosters Pre-Cloud IaaS PaaS Cloud Providers 5

Motivations for the Shift to the Cloud Easy to try, and use deep domain expertise Low commitment, no cap-ex, departments need no IT approval SaaS Vendors Enterprise Outsource compute/storage/net to focus on domain expertise Elasticity and the rest of Cloud Goodness ISPs Hosters 6 IaaS PaaS Value added services, incremental revenue gains More automation, virtualization, lower costs

What Enterprises, SaaS vendors, and Cloud Providers Want Now Enterprises want: SaaS Vendors want: Security and reduced risks for their customers reduced liability Focus on core competencies and domain expertise Increase and retain customers by building community around their application Cloud Providers want: 7 Easy and simple to try, use, and discard Deep domain expertise, expertise more easily accessed No commitments, no cap-ex, no IT dept approval, etc. Customer retention stickiness Value added services up the stack incremental revenue Lower administration and management costs automation

Current Trends and Traps

Three Trends Affecting Cloud Evolution & Enterprise Security 1.Identity-based security is increasing in importance Cloud services are pushing enterprises to emphasize identitybased security rather than network security 2.SaaS and IaaS are converging on PaaS Infrastructure providers are moving up stack and applications need to be extensible... converging on platform services, including identity services. 3.Cloud providers are increasingly offering identity services and becoming identity providers 9 Identity services provide much needed security, and stickiness. Application marketplaces are growing around identity hubs

Trend 1: Identity-based Security is Increasingly Required

Identity-based Security Cloud services are pushing enterprises to emphasize identity-based security rather than network security information security rather than network security. Network security services like SSL connections, firewalls, edge security devices are insufficient when accessing Cloud services. It could be that moving even more stuff to the cloud is what will cause the debates, design and actions to build in identity, claim, tokens, policies and related security services. You can't hide behind a facade of 'network security' when there is no network. From Gunnar Peterson, 1raindrop.typepad.com Separating identity sources from applications that securely use identity information is essential the identity provider model 11

Authentication Methods Supported by SaaS Applications SAML2 was the most common authentication method supported of the methods tested with ¼ of SaaS Providers supporting, but another ¼ indicated supporting other authentication methods not listed. 1/3 of respondents were not aware of the specific authentication methods supported by their SaaS application. 12

Security Capabilities Customers Are Asking SaaS Providers About 13 Audit tracking, Single sign-on and Provisioning of users were the three main security capabilities customers are asking SaaS providers about; about ½ of SaaS providers indicated customers asked them about these capabilities.

Trap: Don't Be Lulled by Exclusive Focus on Authentication and SSO Externalized authentication and the identity provider model is essential, urgent, and solvable now it's the lowest hanging fruit BUT externalized authentication is just the first step and is not sufficient for security in the cloud There are huge benefits of less identification more externalized authorization. > 14 See Identity Crisis by Jim Harper Claims, policies Transparency, audit, compliance Externalized authentication is the means to an end

Trend 2: SaaS and IaaS are Converging on PaaS

SaaS and IaaS => PaaS Extensibility, Customizability, Community Common services e.g. billing, identity, load balancing, elasticity of storage and compute, etc. Value added services, billing, SLAs 16 Software as a Service Platform as a Service Infrastructure as a Service Pivotlink, Salesforce, Netsuite, Taleo, SuccessFactors. etc. Apps are secured by vendors Google App Engine, force.com, Azure. GoGrid, Amazon EC2, Opsource, etc. Machine images are secured by vendors

Security Responsibilities? Software as a Service Full application stack and infrastructure is secured by vendors customer handles data in and out Platform as a Service Who is responsible for securing the application here? Infrastructure as a Service 17 Machine images are secured by vendors, everything else is up to customer no guarantees about running code, etc.

Trap: Don't Assume PaaS Security is like SaaS or IaaS Security responsibilities on PaaS applications are not so clearly delineated IaaS security responsibilities end at the virtual machine boundary customer is responsible for security of all code above the hypervisor 18 http://www.voiptechchat.com/voip/457/amazon-ec2-sip-brute-force-attacks-on-rise/ SaaS security responsibility is entire application code stack PaaS contains some customer code and some cloud provider code Know your security responsibilities

Trend 3: Cloud Providers Are Adding Identity Services

Cloud Providers as Identity Providers Cloud providers are increasingly offering federated identity services and becoming identity providers Identity providers in the sense of a federation hub and optionally user accounts Identity services provide much needed security, and stickiness. If... Cloud operators want to woo mature enterprise customers to use their services, they are leaving money on the table and not fulfilling customer needs by failing to roll out complimentary security capabilities which lessen the compliance and security burdens of their prospective customers. From Chris Hoff, www.rationalsurvivability.com/blog 20

Primary Type of Hosting Environment SaaS Applications Use Third Party dedicated hosting was the most common hosting environment used by 38%, but followed closely by the use of own internal servers by 35%. 28% indicated using Cloud hosting through an IaaS provider. All three show significant levels of usage by SaaS Providers. 21

SaaS Provider Preferred Method to Offer Security Capabilities to Customers 1/3 of SaaS Providers prefer to build the requested security capabilities inhouse but 1/3 above were also unaware of their authentication methods. ¼ indicated they would prefer to OEM from a third party vendor and another ¼ indicated they would prefer to source as part of their hosting environment. 22

Cloud Providers and the Opportunity of a SaaS Marketplace Beyond providing common identity services to their SaaS customers, Cloud Providers benefit directly Needed stickiness Incremental revenue Explosive growth is possible with network effects of multiple SaaS vendors User account (or federation broker) is the hub Possible integration of other services Ultimately SLAs come from the cloud provider 23 Including identity as an integration service on that foundation is key to producing a platform

Examples Google Apps Marketplace Common accounts via Google Apps Federated to applications with OpenID Force.com Common accounts via Salesforce.com Federated with SAML Opsource Billing for SaaS vendors And as of last week, stronger SLAs > 24 http://www.opsource.net/press/opsource-sets-new-sla-standard-cloud-computing-guarantees-cloud-reliability-perfo Possible marketplace providers: Telcos, hosters

Traps: Cloud Provider Services vs SaaS & IDaaS Point Solutions Identity as a Service vendors Exist between the enterprise and the SaaS vendor > 25 Passport model see Kim's Law of Justifiable Parties Here now and not going away but may conflict with cloud providers growing tendency to be the identity provider Departmental adoption vs. identity provider operating on behalf of the enterprise Market forces lead to cloud providers with common identity services hubs But there are disjoint management boundaries between departmental adoption of SaaS and enterprise identity providers

Putting it all Together with Recommendations

Summary 27 Identity provider model is essential for cloud computing Increasing need for identity-based security in addition to network security SaaS and IaaS are moving toward PaaS, with undefined security responsibilities Identity services offered by cloud providers make sense SaaS marketplaces provide advantages to SaaS vendors, cloud providers and enterprises

Recommendations There are many excellent standards that support the identity provider model SAML, WS-Fed, OpenID, information cards and shipping products that implement them. Use them. them Make your security needs known to your SaaS vendors, hosters, cloud providers Look for the rise of SaaS application stores built around a cloud provider hub with common identity and security infrastructure. They are a good idea. Beware of the interplay between departmental use of Cloud services and IT control of the Identity Provider. 28 If you're an enterprise, it's politics. If you're a cloud provider or identity services vendor, we still have technology design and standards work to do.

Thank you

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information