Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control



Similar documents
identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

1 CA SECURITY SAAS VALIDATION PROGRAM 2015 ca.com. CA Security SaaS Validation Program. Copyright 2015 CA. All Rights Reserved.

agility made possible

how can I improve performance of my customer service level agreements while reducing cost?

expanding web single sign-on to cloud and mobile environments agility made possible

Authentication Strategy: Balancing Security and Convenience

CA Technologies Strategy and Vision for Cloud Identity and Access Management

5 Pillars of API Management with CA Technologies

A to Z Information Services stands out from the competition with CA Recovery Management solutions

CA Business Service Insight

SOLUTION BRIEF CA Cloud Compass how do I know which applications and services to move to private, public and hybrid cloud? agility made possible

agility made possible

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

CA SiteMinder SSO Agents for ERP Systems

agility made possible

assure the quality and availability of business services to your customers

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

CA Clarity PPM. Overview. Benefits. agility made possible

agility made possible

Architecture in the API Era

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

Transforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency

CA Spectrum and CA Embedded Entitlements Manager

An Enterprise Architect s Guide to API Integration for ESB and SOA

Enabling and Protecting the Open Enterprise

Technology Partner Program

are you helping your customers achieve their expectations for IT based service quality and availability?

Grants Management for CA Clarity PPM gives you the confidence to choose the RIGHT applicants, make the RIGHT decisions, award the RIGHT funds, and to

accelerating time to value in Microsoft Hyper-V environments

Fujitsu Australia and New Zealand provides cost-effective and flexible cloud services with CA Technologies solutions

how can I comprehensively control sensitive content within Microsoft SharePoint?

can you effectively plan for the migration and management of systems and applications on Vblock Platforms?

CA Service Desk Manager - Mobile Enabler 2.0

CA Capacity Manager. Product overview. agility made possible

Logica Sweden provides secure and compliant cloud services with CA IdentityMinder TM

Next-Generation Performance Testing with Service Virtualization and Application Performance Management

agility made possible

Insights: Data Protection and the Cloud North America

Evolving the IT Service Experience to Meet New Business and User Demands

Elevate the Consumer Experience: Creating a Win-win for Both IT and its Consumers

Closing the Biggest Security Hole in Web Application Delivery

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

CA Technologies optimizes business systems worldwide with enterprise data model

White paper December Addressing single sign-on inside, outside, and between organizations

How Can Central IT Use Cloud Technologies to Revolutionize Remote Store Operation?

can I customize my identity management deployment without extensive coding and services?

Security in the App Economy

Can you simplify the buying and managing of services for your customers?

Logicalis delivers low-risk, cost-effective cloud computing services with CA Technologies

Federated Identity and Single Sign-On using CA API Gateway

SOLUTION BRIEF BIG DATA MANAGEMENT. How Can You Streamline Big Data Management?

can I consolidate vendors, align performance with company objectives and build trusted relationships?

can you simplify your infrastructure?

AVTech provides customers with end-to-end recovery management service with CA ARCserve solutions

solution brief September 2011 Can You Effectively Plan For The Migration And Management of Systems And Applications on Vblock Platforms?

how can you shift from managing technology to driving new and innovative business services?

Don t Go In Blind: Navigating the Journey to the Cloud. agility made possible

CA Service Desk Manager

A FinCo Case Study - Using CA Business Service Insight to Manage Outsourcing Suppliers

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

SOLUTION BRIEF MOBILE SECURITY. Securely Accelerate Your Mobile Business

The Top 5 Federated Single Sign-On Scenarios

Broadcloud improves competitive advantage with efficient, flexible and scalable disaster recovery services

can you improve service quality and availability while optimizing operations on VCE Vblock Systems?

Radix Technologies China establishes compelling cloud services using CA AppLogic

Web Admin Console - Release Management. Steve Parker Richard Lechner

CA Workload Automation for SAP Software

How To Be A World Class Data Center

Dynamic Data Center Update:

TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA. Colruyt ensures data privacy with Identity & Access Management.

Flexible Identity Federation

we can Automating service delivery for the dynamic data center of the future Brandon Whichard

Leveraging Mobility to Drive Productivity and Provide a Superior IT Service Management Experience

content-aware identity & access management in a virtual environment

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. Identity-centric Security: The ca Securecenter Portfolio

CA NSM System Monitoring Option for OpenVMS r3.2

how can you stop sprawl in your IT infrastructure?

NCSU SSO. Case Study

CA Performance Center

Data Deduplication: An Essential Component of your Data Protection Strategy

How Can I Deliver Innovative Customer Services Across Increasingly Complex, Converged Infrastructure With Less Management Effort And Lower Cost?

Achieve Your Business and IT Goals with Help from CA Services

how can I deliver better services to my customers and grow revenue?

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Designing a CA Single Sign-On Architecture for Enhanced Security

CA Virtual Assurance for Infrastructure Managers

Enterprise On The Go: 5 Essentials For BYOD & Mobile Enablement

WHITE PAPER JANUARY CA Identity Manager One Hundred Million User Test: Results & Analysis

IBM Tivoli Federated Identity Manager

CA Nimsoft Service Desk

Pick Your Identity Bridge

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

IntelliNet Delivers APM Service with CA Nimsoft Monitor

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

1 Introduction Product Description Strengths and Challenges Copyright... 5

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

Transcription:

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control agility made possible

Enterprises Are Leveraging Both On-premise and Off-premise Resources Most organizations want to leverage the cloud, but also recognize that migrating all their applications all at once is not always practical. In taking a prudent and measured approach, they are seeking ways to utilize cloud-based applications and infrastructure while maintaining certain applications on-premise. The resulting architecture is referred to as a hybrid environment because it features both on-premise and cloud-based resources. For organizations in this situation, one of their major challenges is providing users with the flexibility to seamlessly move around the environment while still maintaining appropriate security levels or more specifically, ensuring consistent control and security policy between on-premise applications and cloud services.

The Network Perimeter Is Disappearing Once organizations simultaneously leverage applications via a variety of IT models, such as on-premise applications and SaaS-based services, the traditional notion of a network perimeter simply no longer exists. And as a result, our ideas about how we manage security and identity have to change. 03

Identity Is the New Network Perimeter So, how do we ensure appropriate security levels within this hybrid environment? The key is utilizing a centralized identity and access (IAM) service that provides access to all services no matter where they reside. This approach ensures that all the identity-related functions, such as authentication and ultimately authorization are consistently managed by the enterprise. In this new model, identity is the new perimeter and extends to all users: employees, partners, and customers, alike. 04

Identity Is the New Network Perimeter continued How does one create such a security utopia? To avoid building separate identity silos solely for cloud-based services resources (the result of unique accounts within each of those providers and applications), enterprises should look for a centralized IAM service that can manage all users access and authentication before they go to any applications on-premise or in the cloud. For employees, authentication is against a corporate directory. For partners, it could entail using identity federation via standards such as SAML that enable the users of an organization to easily and securely access the data and applications of other organizations as well as cloud services via cloud single sign-on, thus preventing the need to maintain another list of user accounts. 05

Identity Is the New Network Perimeter continued For customers who may already have an existing digital social identity (such as Facebook or Google) and would like to be able to leverage that identity, standards such as OpenID and OAuth would allow those users to access cloud resources using those credentials and not require additional user registration steps. For special employees or high-value transactions, a higher level of authentication might be required before allowing the user access to a particular service. There might be very sensitive data that goes into an SaaS-based HR application, for example. If the necessary level of required authentication is not native to that particular SaaS environment, the enterprise could require an additional step-up authentication via a centralized identity service before granting access. 06

Re-engineering Security Thinking for Today s Realities Within a strictly on-premise model, IT focuses on building physical infrastructures servers, virtualization layers, operating systems, and middleware applications and delivering security throughout the whole stack. With a hybrid model, however, IT must change its perspective and style, treating any and all IT components (cloud-based or otherwise) as services that are available for the business to consume. In doing so, IT security needs to ensure consistent protection between and among the organizations and all the instances of applications where sensitive data exists (i.e., the broader and fragmented data center). At first blush, it might seem that the role of IT security is significantly diminished by this process. The reality, however, is that securely enabling the access to and interaction of cloud services provides much more value to the business. In doing so, IT is enabling an organization to move more quickly. Furthermore, IT is facilitating the adoption of the consumer-oriented IT capabilities that employees are demanding. In other words, utilizing more cloud-based services puts the IT security function front and center in the day to day of a company s planning activities. 07

Integrated Identity and Access Management Understanding and embracing the need for a centralized identity service spanning on-premise and off-premise resources is the first crucial step. But, the next step of assessing how to implement such a solution is equally as important. Existing IAM solutions, such as CA CloudMinder, were specifically designed to support this specific hybrid-based approach. With a combination of on-premise software and SaaS services, CA CloudMinder can support various use cases, such as requiring customers, employees, and partners to authenticate centrally prior to being provided access to on-premise components or cloud services via federated single sign-on. As hybrid environments become the norm, the need for solutions that can interoperate in on-premise and cloud environments will be paramount. And, it will be especially attractive to those companies lacking the skills and infrastructure to deploy extensive local security. 08

Practical Examples of Hybrid IAM Best Practices The following scenarios illustrate how a centralized, best-practice-based identity service might be implemented by an organization. 09

Secure Single Sign On (SSO) 1 In this scenario, the user: Authenticates to the on-premise directory/database Launches an intranet website Uses SSO to access a cloud-based IAM hub Sees a homepage with icons representing available services Connects to the desired service 2 This example illustrates SSO for an employee from on-premise to identity and a federation hub. With this approach, federated SSO and advanced authentication are employed, and the company typically owns the application, consumer, and partner communities. 10

Universal SSO and Access Request This example illustrates SSO for an employee from on-premise, requesting access to SaaS applications. With this approach, federated SSO is employed. 2 3 1 In this scenario, the user: Authenticates to the CA CloudMinder instance Clicks on My Request and selects a desired application from a list of available services Initiates the back-end workflow request to the administrator to approve access to new services Once approved, re-authenticates to CA CloudMinder and is given SSO to the new service 11

Extending Identity Management This example illustrates an employee using both on-premise and enterprise cloud applications and specifically requesting access to an on-premise application. 1 In this scenario, the user: Authenticates to their CA CloudMinder instance Sees a homepage with list of available services and applications Clicks on an application icon Is redirected and given SSO into on-premise application 2 3 12

Basic User Management Ideal for large user populations, this example illustrates such basic tasks as a password reset, with an employee inside the network complying with mandatory password policies. In this scenario, the user: Authenticates to the CA CloudMinder instance Clicks on the My Profile icon Sees a link to Reset password Completes the task Receives an email that the password has been successfully changed across all target endpoints 1 2 3 13

About the Solutions From CA Technologies CA CloudMinder offers cloud security solutions that enable organizations to access cloud IAM services and enterprise resources securely and from a centralized and consistent interface. CA CloudMinder services enable organizations to centrally control users identities and their access to both SaaS services and on-premise applications in a hybrid environment with a common consistent security policy. This helps organizations utilize the cloud with confidence and adopt a best-of-breed approach that relies on existing on-premise applications and SaaS applications, while also helping to reduce the cost of security administration. These services enable organizations of all types and sizes to realize efficiency gains while still protecting their critical digital resources, regardless of whether those resources are on-premise or in the cloud. This can result in: Reduced security risk for all systems, applications, and information Reduced administrative expenses and improved efficiency Improved IT agility through flexible deployment options across on-premise and cloud environments Ability to move to the cloud on a comfortable schedule 14

CA Technologies (NASDAQ: CA) is an IT management software and solutions company with expertise across all IT environments from mainframe and distributed, to virtual and cloud. CA Technologies manages and secures IT environments and enables customers to deliver more flexible IT services. CA Technologies innovative products and services provide the insight and control essential for IT organizations to power business agility. The majority of the Global Fortune 500 relies on CA Technologies to manage evolving IT ecosystems. For additional information, visit CA Technologies at ca.com. Copyright 2013 CA. All rights reserved. Microsoft and Office 365 are registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised in advance of the possibility of such damages.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information