Security Management in the Cloud

Reigning in the Cloud: Regaining control of your Hybrid Cloud environment

Gary ArditoChief Architect, Cloud Service Provider Solutions

[email protected]

mailto:[email protected]

© 2012 NetIQ Corporation. All rights reserved.2

Who am I?

o 30 years solving business problems with technology

o 15 + years as as principal architect – solutions that matter – Fortune 500, .com, Non Profits, Olympic Games

o Consulted on business inhibitors, technology enablers and risk mitigation – thought leadership to move businesses forward

o Historical leader of Identity and Access Management Market

o Market leading products across Identity, Access, SIEM, and Compliance Management

o Enabling cloud adoption by powering both service providers and enterprises


Why are we here?

o Cloud use is expanding and maturing … we are all moving to a hybrid cloud future

o Mobile, Social, BYOD and the Internet Of Things are all reeking havoc with our security management

o Current security management approaches are broken

o Challenges exist for both Service Providers and Enterprises


The Intelligent combination of internal and external resources to deliver the right mix of cost savings, service levels and business agility.

Start with the Hybrid Cloud


Add new computing contexts

Users are driving change.

Mobility BYOD Social IdentityCloud

Enterprise Service Provider


With new and unprecedented challenges

New, PersistentThreats

Expanding Computing

Environment

Business / MissionKeepsMoving

StaffStretched

Thin

Constant change & complexity results in lack of control and visibility


How do we regain control?

Protection: Strongly enforce access, compliance, security and behavioral policies across all computing domains

Awareness: Capture activity with context for all events across the breadth of your computing environment

Visibility: Provide role-specific, business level dashboards exposing critical activity and patterns

Action: Policy based, real-time action based on appropriate remediation strategies


Physical Virtual Cloud

Secure

Measure

Manage

Identity, Access, and Compliance

Operational and SLA Dashboards

Migrations, DR, and Brokering

FIR

EW

AL

L

INTERNAL CLOUD (on-premise) EXTERNAL CLOUD (off-premise)

Hybrid CloudRequires new management frameworks.


Hybrid Cloud Environment

It starts with IDENTITY

AccessMgmt

Identity & Context

Identity Management

Awareness & Visibility


Who and what interacts with the computing environment?

What behavior do I expect of each identity?

• Benefits of an Identity fabric include:• Manages full lifecycle of user/device identities and privileges• Ensures that identities have the right access to right

resources• Traces all activity to the identity responsible – contextual

accountability• Keeps sensitive information protected regardless of location

and method of access• Keeps security credentials protected

Start with a Strong Identity Fabric


Go beyond with “Identity Context”

• Deliver additional, rich context about users and events to security monitoring tools

• See “who” the individual is; know if their activities are business-appropriate.

– Integrate identity intelligence with security monitoring

– Roles, access rights, permissions

– Increase visibility and control across complex IT landscape

– Cloud, mobile, virtual


Go further with “Identity Context”

Speed response times to threats and reduce the compliance effort.

• Identify when user activity is unusual, anomalous or outside normal business practices

• Demonstrate that access is under control, meets compliance requirements

Andy Anderson

What actions have they been performing in those applications?

What applications has this user been using?

What privilege changes have been applied?


Leverage the Identity Fabric

Access can be a service consumed from a cloud provider or provided within the organization

Access control MUST include the following:- Federated Identity Controls

- Multi domain

- Cloud awareness

- Audit history of cloud activity

Then Access Management….


Problem…

CLOUD RESOURCES

• Separate accounts exist in cloud-based resources

• Creating accounts in cloud services is a manual process, whether IT creates the account or if the user creates the account

• Users must remember separate passwords for each cloud service, and often use their credentials

• No compliance reporting of user activity in the cloud service

Corporate credentials

No single sign-on or strong authentication

Manual process

IT department No reporting


Solution…

CLOUD RESOURCES

• Provide an automated process to provision user accounts to the cloud resources

• Provide secure single sign-on to the cloud services w/o the credentials leaving the security realm

• Provide the ability for users to securely access the cloud service inside or outside of the organization

• Provide compliance reporting of the users’ activities in the cloud service

Corporate credentials

Single sign-on and strong authentication

Automatic process

IT department

Full reporting

Cloud Access


Results…

ENFORCED SECURITY to the Cloud without impacting existing infrastructure

Onsite IAM

Cloud Resources

Provisioning / de-provisioning

Compliance event reporting

Strong AuthN

SSO

LDAP directories

Federated


With Continuous Monitoring and Compliance

• Maintain security and compliance processes to defend against attacks.

• Implement a lifecycle approach to reduce risk from threats.

– Define and refine processes– Good security should be the goal,

not “passing the audit.”

Policy

Assess

Evaluate Risk

AuditRemediate


More On Continuous Compliance

Need to close security and compliance gaps by combining user provisioning, access management, security monitoring, privileged user management.

Provide process automation working in real time ensuring compliance with predefined policies.

Provide both data correlation and anomaly detection to address known and unknown risk areas.

Provide real-time event alerts and remediation based on policy.



NEEDED: both business and technical views of

what’s happening across your hybrid cloud infrastructure.

An effective visibility solution must include:

Role-based dashboards based on the image required for the user to do their job

Business metrics tie-in as basis of upcoming business decisions based on data provided

Aggregation and analysis of events occurring on-premise and across all cloud environments

And Visibility…


EFFECTIVE VISIBILITY solutions must include:

• Integrate & correlate cross domain data into one centralized dashboard

• Automatically model IT, application, & business services

• Intuitive, role-based “service view” speeds problem isolation

• Built-in impact & root-cause analysis to shorten resolution time by 50%, or more

More on Visibility…


ADM

SLM

CMDB360

Asset Data

Compliance

Data

Business

Metrics

Configuration Data

IT Management

Data

Discovery

Data

• Integrates & correlates existing IT data into one centralized dashboard

• Automatically models IT, application, & business services

• Intuitive, role-based “service view” speeds problem isolation

• Built-in impact & root-cause analysis shortens resolution time by 50%, or more

Single Pane of Glass View


It’s possible: a secure, compliant multi-domain environment

1. You must start with a strong on-premise identity platform

2. You must architect for loosely coupled, federated access to cloud and on-premise services

3. You must leverage technologies designed to include

cloud domains

4. You must select service providers that support your

multi-domain management architecture.


About NetIQ

• Provide expertise and experience in Identity, Access Management and Security Management

• Help reduce number of privileged users

• Reduce and manage privileges

• Monitor users and look for unusual activity

• Provide visibility into access rights to critical resources

• Harden systems against attackers



Powering Cloud Service Providers

NetIQ Cloud Manager

NetIQ Services Director

Monetizable As A Service Offerings

Infrastructure

Marketplace & Deployment

Monitoring

IdentityManagement

Access Management SEIMPrivileged

User Mgmt

IdentityManagement

AccessManagement

ComplianceManagementInfrastructure

Disaster Recovery

Migrating to Cloud

SLA Dashboards

Monitoring

Governance



+1 713.548.1700 (Worldwide)888.323.6768 (Toll-free)[email protected]

Worldwide Headquarters1233 West Loop South Suite 810 Houston, TX 77027 USA

http://community.netiq.com

mailto:[email protected]

http://www.netiq.com/

http://community.netiq.com/

http://www.facebook.com/netiq

http://www.twitter.com/netiq

http://www.linkedin.com/groups?gid=2745833

http://community.netiq.com/

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

Copyright © 2013 NetIQ Corporation. All rights reserved.

ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other countries.

Technology

Security Management in the Cloud