2012-01 how to secure a cloud identity roadmap
DESCRIPTION
2012-01 How to Secure a Cloud Identity Roadmap by Tony LoCasio, Sr Engineer, SymplifiedTRANSCRIPT
How to Secure a Cloud Identity Roadmap
Tony LoCascio, CISSP
Sr. Systems Engineer | Symplified January 2012
• Market Dynamics of Cloud Computing
• The Cloud Innovation
• Building a Cloud Roadmap
• Security & Risk Consideration
• The Cloud Broker
• About Symplified
AGENDA
Market Dynamics of Cloud Computing: The real market size of cloud computing and how the different markets will evolve
Evolution to cloud computing
Business
Evolution
Technical
EvolutionSilo’d Grid
Consolidation Virtualization
Cloud-bursting
CloudBroker
PrivateCloud
Source: Forrester Research, Inc.
Cloud Computing Market:
• Infrastructure as a service market will peak at $5.9 billion in global revenue in 2014 and then commoditization, price pressure and falling margins kick in.
• Software as a service will be adopted by companies of all sizes. In 2011, SaaS will be a $21.2 billion market and grow to $92.8 billion in 2016. AT that point SaaS comes closer to saturation.
• Business Process as a service will be notable, but face modest revenue.
Cloud Innovation: Examples of how the cloud is not typically
replacing existing assets but used to accelerate innovation
Some Examples:
1. Hosted email: (Google mail, Microsoft…)
2. Remote Storage: (Box.net, Humyo, Amazon S3, Apple MobileMe…)
3. Collaboration: (Salesforce, Google Wave, WebEx, Spicebird…)
4. Virtual office (Google Apps, MS 365…)
5. Streaming Media: (Netflix, Hulu, Crackle…)
6. Social Media: (Facebook, LinkedIn, Twitter…)
7. Extra processing power (Amazon EC2, Rackspace…)
AHA Launches Collaboration Services
Challenge(B2E/Employee-to-SaaS): Needed seamless login to their Collaboration platform; supporting intranet applications and SaaS services
Results: Increased user adoption of the collaboration platform, bridging private and public cloud apps. Up and running in less than two months.
We are extremely pleased with the Symplified solution as it has allowed us to deliver on all of our security and compliance objectives for the Social Intranet & Collaboration platform project. We have been very impressed by the professionalism and level of support from Symplified throughout the entire sales and implementation process.Jack MacKayVice President & Chief Information OfficerAmerican Hospital Association
Cloud Computing proposes to transform the way IT is deployed and managed, promising:
1. Faster time-to-market
2. Accelerated Innovation
3. Reduced Complexity
4. Lower implementation, maintenance costs
5. Scale applications and infrastructure on demand
Building a Cloud Roadmap: Recommendations for building a cloud
roadmap and navigating from virtualization to private cloud and public
cloud offerings
Information Security Focal Areas
Key
Core Concept
Related Concept
Technique
Confidentiality
Only authorized Disclosure
Possession
Control of Information
Encryption
Recovery
Multi-FactorIntegrity
Data has not been
modified
AvailabilityData
accessible when needed
Authenticity
Verifies Identity
UtilityUsefulness
of data
Access Control
Redundancy
Least Privileged
Roadmap Recommendations:
1. Building a security program
2. Confidential data protection
3. Data availability
4. Implementing strong access and identity
5. Application provisioning and de-provisioning
6. Governance audit management
7. Vulnerability management
8. Testing and validation
Selecting the right strategy
Understand the industry vertical's tendencies External factors (PCI, HIPAA, FISMA…) Internal drivers
Compliance / Audit Recent Breach or Threats M&A / Divestitures User Experience / Ease of Use
Business culture Leadership Technical landscape Outsourcing adoption Cloud adoption Risk tolerance Cost cutting initiatives
Security & Risk Considerations: How to integrate internal IT with external
cloud services and overcome security and risk barriers
SaaS Inhibitors
Don't know
Other
None. We don't have any concerns
We can't find the specific application we need
We're locked in financially with our current vendor
Pricing is unclear or complicated
Difficulty and risk of migration or installation
Not customizable
Lack of maturity
Total cost concerns (total cost of ownership)
Application performance (e.g., downtime, speed)
Integration challenges with other applications
Security concerns
0% 10% 20% 30% 40% 50% 60% 70%
What are your firm's concerns, if any, with software-as-a-service (SaaS)?
Base: 913 North American and European software decision makers .Source: Fossights
Software Survey, Q4, 2010
Fortune 500
Midmarket & SMB
Enterprise
Consumers & Individuals
Tech
nica
l Sop
hist
icat
ion
& C
apab
ilitie
s
A Federater’s Challenge
Cloud Provider InfrastructureSecurity & Privacy
1. Privacy
2. Identity Management
3. Application Security
4. Data Protection
5. Physical Security
6. Availability
Compliance
7. Business Continuity
8. Auditability
Legal and Contractual
9. Public Record
10. SLAs
The Cloud Broker: Introduce the new concept of the cloud
broker, as it relates to Identity
User Growth Fuels Complexity Sensitive Data Outside Firewall
SaaS Creates Management SilosEnterprise Integration
The Problem: Identity Silos
» Terminated employee is removed from Active Directory
» Admin must repeat Removal from all siloed apps
But Cloud apps aren’t integrated so a terminated employee can access company data and apps
Scenario: Deprovisioning
» Terminated employee is removed from Active Directory
» One step for admin
» Centralized policies
Terminated employee no longer has access to apps
Scenario: Deprovisioning
The role of the Identity Broker
Identity Broker
Internal Web Apps Public Cloud Apps
About Symplified
Proven Team
Top Tier Investors
Buzz
Pioneered Identity & Access Management with ClearTrust
Eric Olden | CEO & FounderFormer CTO of Securant | ClearTrustBuilt first WAM & Provisioning productCo-author AuthXML (now SAML)
Jonti McLaren | EVP Services Delivery & FounderFormer President of Securant | ClearTrustScaled Securant to more than 300 customers in 18 months
Darren Platt | CTO & FounderFormer VP Engineering of Securant | ClearTrustBuilt first STS & federation productCo-author AuthXML (now SAML)
Jason MerrickVP Alliances
Josh FormanVP Services Delivery
Mike CorbisieroVP Sales
Jay WallingfordVP Engineering
Acquired by