Hybrid Cloud Identity and Access Management Challenges
Intro: Timothy P. McAliley timothy.mcaliley@microsoft.com Microsoft Premier Field Engineer, SQL Server, Washington, DC CISA, CISM, CISSP, ITIL V3, MCSA, MCSE, MCITP, MCTS, MCT, PMP www.itprocamp.com www.meetup.com/mfcf-dc
Key Take-Aways Know the general definitions of Hybrid Cloud Identity & Access Management Know the challenges of Hybrid Cloud Identity & Access Management
Agenda Cloud Primer What Is Hybrid Identity & Access Management (IAM)? What Are The Challenges Of Hybrid IAM? Example of Hybrid IAM Capabilities From A Cloud Service Provider Resources
Cloud Primer
Cloud Primer Spot Quiz: What Document Provides Key Recommendations for Defining Cloud Computing? Answer: NIST Special Publication 800-145, The NIST Definition of Cloud Computing
Cloud Primer What Is In The NIST SP 800-145, Definition of Cloud Computing? Essential Characteristics: On-demand self-service. Broad network access. Resource pooling. Rapid elasticity. Measured service.
Cloud Primer What Is In The NIST SP 800-145, Definition of Cloud Computing? Service Models: Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Identity and Access Management as a Service (IAMaaS)
Cloud Primer
Cloud Primer What Is In The NIST SP 800-145, Definition of Cloud Computing? Deployment Models: Private Cloud Community Cloud Public Cloud Hybrid Cloud
Cloud Trends By 2015, 50% of all new application independent software vendors will be pure SaaS providers. Through 2015, more than 90% of private cloud computing deployments will be for infrastructure as a service. By 2015, 50% of large global enterprises will rely on external cloud computing services for at least one of their top 10 revenue-generating processes. By 2016, all large global enterprises will use some level of public cloud services. Through 2020, the most common use of cloud services will be a hybrid model combining on-premises and external cloud services. Gartner: Cloud Computing Innovation Key Initiative Overview, 2014
Cloud Providers Amazon - Offerings include Amazon Web Services (AWS). Google - Offerings include the Google Cloud Platform. IBM - Offerings include enabling technologies to build private clouds and services for public cloud applications, platforms and infrastructure. Microsoft - Offerings include Microsoft Azure for public cloud, and Windows Server and Systems Center for private cloud. salesforce.com - Offerings include sales, marketing and customer service application services and platform services. VMware -Offerings include vcloud Hybrid Service for public cloud and the vcloud Suite for private cloud. Gartner: Cloud Computing Innovation Key Initiative Overview, 2014
What Is Microsoft Azure?
What Is Hybrid Identity & Access Management (IAM)?
What Is Hybrid Identity & Access Management (IAM)? Hybrid Identity: Identity solutions which span on-premises and cloud-based capabilities Creating a single user identity for authentication and authorization to all resources, regardless of location. Configuration and Administration of On-Premise and Cloud-Based Account & Authentication Management On-Premise and Cloud-Based Resource Access
What Is Hybrid Identity & Access Management (IAM)?
What Are The Challenges Of Hybrid IAM?
What Are The Challenges Of Hybrid IAM? Gartner Views on Cloud IAM Challenges: Identity management to the cloud being able to send something from the enterprise to the cloud. Identity management from the cloud being able to send something that exists somewhere else, to your organizations. Identity management within the cloud to cloud. Gartner- 2013
What Are The Challenges Of Hybrid IAM? Protection of Organizational Information User Productivity & Mobility The Consumerization of IT / BYOD Account Provisioning/Management Password Synchronization User/Group Change Synchronization Enterprise Access to SaaS Applications Operational Risks
Example of Hybrid IAM Capabilities From A Cloud Service Provider
Example of Hybrid IAM Capabilities From A Cloud Service Provider Microsoft Active Directory Extend On-Premises Active Directory Into the Cloud Azure Active Directory Multi-Factor Authentication
What is Azure Active Directory?
Identity
Identity across multiple devices
Flexible access makes for happy users
Extend On-Premises Active Directory Into the Cloud Azure AD Connect Azure AD Connect is the single tool and guided experience for connecting your on-premises directories with Azure Active Directory Synchronization - This part is made up of the the components and functionality previously released as Dirsync and AAD Sync. This is the part that is responsible for creating users and groups. It is also responsible for making sure that the information on users and groups in your on-premises environment, matches in the cloud. AD FS - This is an optional part of Azure AD Connect and can be used to setup a hybrid environment using an on-premises AD FS infrastructure. This part can be used by organization's to address complex deployments that include such things as domain join SSO, Enforcement of AD login policy and smart card or 3rd party MFA. Health Monitoring - For complex deployments using AD FS, Azure AD Connect Health can provide robust monitoring of your federation servers and provide a central location in the Azure portal to view this activity. NOTE: Dirsync and AAD Sync are longer being released individually, and all future improvements will be included in updates to Azure AD Connect, so that you always know where to get the most current functionality. Until the GA release of Azure AD Connect you can continue use Azure AD Sync for new production deployments.
Extend On-Premises Active Directory Into the Cloud Azure AD Connect
Extend On-Premises Active Directory Into the Cloud Run Domain Controllers on Azure VMs as Part of Your On-Premise AD
Centrally managed identities and access
Common identity with sync & federation
Monitor & protect access to enterprise apps
Monitor & protect access to enterprise apps
What is Azure multi-factor authentication?
How it works
Your directory on the cloud
Selection of pre-integrated SaaS apps
Example workload: single sign-on to 2,400+ SaaS apps
Resources
Resources Gartner: Cloud Computing Innovation Key Initiative Overview, 2014 https://www.gartner.com/doc/2718918?ref=sitesearch&sthkw=cloud&fnl=search&srcid=1-3478922254 GCN Special Report: Breaking Through the Security Cloud http://gcn.com/microsites/2015/snapshot-qts-cybersecurity/03-iam-essential-for-hybridclouds.aspx Microsoft Azure Compliance Portal http://azure.microsoft.com/en-us/support/trust-center/compliance/ Microsoft Azure Handbook http://i.microsoft.com/global/en/in/renderingassets/assets/microsoft-azure-handbook.pdf Microsoft Azure Whitepapers http://www.microsoft.com/en-in/download/details.aspx?id=36391
Resources Microsoft Azure Portal http://azure.microsoft.com Microsoft Virtual Academy Azure Rights Management/Azure Active Directory Courses http://www.microsoftvirtualacademy.com/ Microsoft TechNet Virtual Labs https://technet.microsoft.com/en-us/virtuallabs NIST Special Publication 800-145, The NIST Definition of Cloud Computing http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf
Summary Cloud Primer What Is Hybrid Identity & Access Management (IAM)? What Are The Challenges Of Hybrid IAM? Example of Hybrid IAM Capabilities From A Cloud Service Provider Resources
Key Take-Aways Know the general definitions of Hybrid Cloud Identity & Access Management Know the challenges of Hybrid Cloud Identity & Access Management
Thank You!!