How to Secure a Cloud Identity Roadmap

Tony LoCascio, CISSP

Sr. Systems Engineer | Symplified January 2012

• Market Dynamics of Cloud Computing

• The Cloud Innovation

• Building a Cloud Roadmap

• Security & Risk Consideration

• The Cloud Broker

• About Symplified

AGENDA

Market Dynamics of Cloud Computing: The real market size of cloud computing and how the different markets will evolve

Evolution to cloud computing

Business

Evolution

Technical

EvolutionSilo’d Grid

Consolidation Virtualization

Cloud-bursting

CloudBroker

PrivateCloud

Source: Forrester Research, Inc.

Cloud Computing Market:

• Infrastructure as a service market will peak at $5.9 billion in global revenue in 2014 and then commoditization, price pressure and falling margins kick in.

• Software as a service will be adopted by companies of all sizes. In 2011, SaaS will be a $21.2 billion market and grow to $92.8 billion in 2016. AT that point SaaS comes closer to saturation.

• Business Process as a service will be notable, but face modest revenue.

Cloud Innovation: Examples of how the cloud is not typically

replacing existing assets but used to accelerate innovation

Some Examples:

1. Hosted email: (Google mail, Microsoft…)

2. Remote Storage: (Box.net, Humyo, Amazon S3, Apple MobileMe…)

3. Collaboration: (Salesforce, Google Wave, WebEx, Spicebird…)

4. Virtual office (Google Apps, MS 365…)

5. Streaming Media: (Netflix, Hulu, Crackle…)

6. Social Media: (Facebook, LinkedIn, Twitter…)

7. Extra processing power (Amazon EC2, Rackspace…)

AHA Launches Collaboration Services

Challenge(B2E/Employee-to-SaaS): Needed seamless login to their Collaboration platform; supporting intranet applications and SaaS services

Results: Increased user adoption of the collaboration platform, bridging private and public cloud apps. Up and running in less than two months.

We are extremely pleased with the Symplified solution as it has allowed us to deliver on all of our security and compliance objectives for the Social Intranet & Collaboration platform project. We have been very impressed by the professionalism and level of support from Symplified throughout the entire sales and implementation process.Jack MacKayVice President & Chief Information OfficerAmerican Hospital Association

Cloud Computing proposes to transform the way IT is deployed and managed, promising:

1. Faster time-to-market

2. Accelerated Innovation

3. Reduced Complexity

4. Lower implementation, maintenance costs

5. Scale applications and infrastructure on demand

Building a Cloud Roadmap: Recommendations for building a cloud

roadmap and navigating from virtualization to private cloud and public

cloud offerings

Information Security Focal Areas

Key

Core Concept

Related Concept

Technique

Confidentiality

Only authorized Disclosure

Possession

Control of Information

Encryption

Recovery

Multi-FactorIntegrity

Data has not been

modified

AvailabilityData

accessible when needed

Authenticity

Verifies Identity

UtilityUsefulness

of data

Access Control

Redundancy

Least Privileged

Roadmap Recommendations:

1. Building a security program

2. Confidential data protection

3. Data availability

4. Implementing strong access and identity

5. Application provisioning and de-provisioning

6. Governance audit management

7. Vulnerability management

8. Testing and validation

Selecting the right strategy

Understand the industry vertical's tendencies External factors (PCI, HIPAA, FISMA…) Internal drivers

Compliance / Audit Recent Breach or Threats M&A / Divestitures User Experience / Ease of Use

Business culture Leadership Technical landscape Outsourcing adoption Cloud adoption Risk tolerance Cost cutting initiatives

Security & Risk Considerations: How to integrate internal IT with external

cloud services and overcome security and risk barriers

SaaS Inhibitors

Don't know

Other

None. We don't have any concerns

We can't find the specific application we need

We're locked in financially with our current vendor

Pricing is unclear or complicated

Difficulty and risk of migration or installation

Not customizable

Lack of maturity

Total cost concerns (total cost of ownership)

Application performance (e.g., downtime, speed)

Integration challenges with other applications

Security concerns

0% 10% 20% 30% 40% 50% 60% 70%

What are your firm's concerns, if any, with software-as-a-service (SaaS)?

Base: 913 North American and European software decision makers .Source: Fossights

Software Survey, Q4, 2010

Fortune 500

Midmarket & SMB

Enterprise

Consumers & Individuals

Tech

nica

l Sop

hist

icat

ion

& C

apab

ilitie

s

A Federater’s Challenge

Cloud Provider InfrastructureSecurity & Privacy

1. Privacy

2. Identity Management

3. Application Security

4. Data Protection

5. Physical Security

6. Availability

Compliance

7. Business Continuity

8. Auditability

Legal and Contractual

9. Public Record

10. SLAs

The Cloud Broker: Introduce the new concept of the cloud

broker, as it relates to Identity

User Growth Fuels Complexity Sensitive Data Outside Firewall

SaaS Creates Management SilosEnterprise Integration

The Problem: Identity Silos

» Terminated employee is removed from Active Directory

» Admin must repeat Removal from all siloed apps

But Cloud apps aren’t integrated so a terminated employee can access company data and apps

Scenario: Deprovisioning

» Terminated employee is removed from Active Directory

» One step for admin

» Centralized policies

Terminated employee no longer has access to apps

Scenario: Deprovisioning

The role of the Identity Broker

Identity Broker

Internal Web Apps Public Cloud Apps

About Symplified

Proven Team

Top Tier Investors

Buzz

Pioneered Identity & Access Management with ClearTrust

Eric Olden | CEO & FounderFormer CTO of Securant | ClearTrustBuilt first WAM & Provisioning productCo-author AuthXML (now SAML)

Jonti McLaren | EVP Services Delivery & FounderFormer President of Securant | ClearTrustScaled Securant to more than 300 customers in 18 months

Darren Platt | CTO & FounderFormer VP Engineering of Securant | ClearTrustBuilt first STS & federation productCo-author AuthXML (now SAML)

Jason MerrickVP Alliances

Josh FormanVP Services Delivery

Mike CorbisieroVP Sales

Jay WallingfordVP Engineering

Acquired by

29

Thank You!

Tony LoCascio, CISSP

tlocascio@symplified.com