Securing Your Cloud Applications with Novell® Cloud Security Service

Dale Olds, Distinguished EngineerBen Fjeldstet, Sr. EngineerTom Cecere, Product StrategyNovell Cloud Security ServiceMarch 24, 2010

M

© Novell, Inc. All rights reserved.2

SaaS adoption is projected to increase three-fold to US$14 Billion by 2012, according to Gartner.

“SaaS sprawl” is causing IT administration and security nightmare for enterprises.

Enforcing consistent policies for internal and cloud applications is key to effective governance.

Novell® Cloud Security Service allows organizations to extend its internal policies, roles and workflow and manage a multi-SaaS environment consistently.

Novell is a leading provider of identity and security solutions and has been for over 20 years.

Key Takeaways

© Novell, Inc. All rights reserved.3

Why Novell® Cloud Security Service (NCSS)?

What Is NCSS and How Does It Work?

Demo

How Is NCSS Different?

Agenda

© Novell, Inc. All rights reserved.4

SaaS Adoption Growing As Model Matures: $8B in ’09 to $14.7B in ‘12

With Customer Relationship Management and Content/Communication and Collaboration leading the way

Source: Gartner Saas Trends 2007-2012

© Novell, Inc. All rights reserved.5

Users

User data/permissions

User data/permissions

User data/permissions

User data/permissions

User data/permissions

Creating IT Administration Nightmare

User data/permissions

Systems/tools

Directory

AppsIT Department Enterprise Challenge

• Multiple usernames/passwords• Multiple identity silos• Disparate administration tools• Challenge in timely deprovisioning accounts of ex-employees

© Novell, Inc. All rights reserved.6

• DuPont: “When a sales person leaves the company, it takes 10 days to de-provision their account in SalesForce.com. Until then, the sales person has access to his account. This is a real problem.”

• International Fragrances & Flavors: At an executive briefing told us, “We cannot use SaaS until it uses our identity management systems.”

• “What’s keeping us from getting more large enterprise customers? Trust.” –David Carroll, Salesforce.com evangelist

And Concerns Over Security

© Novell, Inc. All rights reserved.7

Why Novell Cloud Security Service (NCSS)?

What Is NCSS and How Does It Work?

Demo

How Is NCSS Different?

Agenda

© Novell, Inc. All rights reserved.8

Enterprise with any credentials

system

Cloud vendor with NCSS

NCSS is a Web-based identity and access solution that enables an enterprise to manage a multi-SaaS environment and enforce its policies, roles and workflows in the cloud.

Simplified Single Sign-onEnterprise-directed Provisioning/DeprovisioningLeveraging Enterprise-defined Identities & Roles

Security Montioring/Compliance ReportingInspecting WRT Specific Tenants

User Identity and Roles

Compliance Events

Novell® Cloud Security Service (NCSS)

© Novell, Inc. All rights reserved.9

NCSS handles both use cases: A user directly logging into a cloud service or user logging into their enterprise system first.

How Does NCSS Work?

Novell CloudSecurity Services

IdP

AuthN ServiceUser Store

EnterpriseUser Store

Relying PartyParticipant

SaaS Application

1 UserAuthentication 3User Access

SaaS Resources

2

SAML 1,SAML 2,WS-Fed

NCSSecureBridge

1

© Novell, Inc. All rights reserved.10

1. Active security services for annexing cloud services into an enterprise, including

• Federated authentication and provisioning, role mapping, and audit event routing

2. Connectors to • SaaS and PaaS providers• Enterprise identity systems

3. Deployment, configurationand monitoring tools for service management ofNCSS by cloud providers

4. Per-enterprise view and management of their use of SaaS and PaaS, and the connections to their internal systems

NCSS Key Features

NCSS Dashboard “Risk Meter”

Demo of Novell® Cloud Security Service

© Novell, Inc. All rights reserved.12

Benefits

• Automatic identity federation

• Single sign-on to SaaS applications securely and automatically

• Enforce your internal policies, roles and workflows in the cloud

• Keep sensitive information behind the firewall

• Zero day start/stop

• Get detailed audit logs from your cloud applications

• Manage all your SaaS applications via a single dashboard interface

• Reduce IT costs from better SaaS administration

• Supports multiple industry standards

© Novell, Inc. All rights reserved.13

Why Novell Cloud Security Service (NCSS)?

What Is NCSS and How Does It Work?

Demo

How Is NCSS Different?

Agenda

© Novell, Inc. All rights reserved.14

Competitive Advantages

High Security– Firewall safe– Automated alerts

Ease of Use and Management– Audit report– Intuitive management dashboard interface

Integration with On-premise Infrastructure– Leverage existing identity infrastructure– Extend enterprise roles, policies and workflows into

the cloud– Future integrations with SIEM, workflows, usage data– Support for multiple industry standards

© Novell, Inc. All rights reserved.15

Competitive Advantages

Intangibles– Only vendor to offer identity and access solutions for

both sides of the cloud– Foundational block for an enterprise intelligent

workload management strategy– Financially stable vendor: US$1B cash—able to build

and buy– Extensive network of ISVs– 24x7 Worldwide support

Questions and Answers

Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.