Upload
garyardito
View
130
Download
0
Tags:
Embed Size (px)
Citation preview
Reigning in the Cloud: Regaining control of your Hybrid Cloud environment
Gary ArditoChief Architect, Cloud Service Provider Solutions
© 2012 NetIQ Corporation. All rights reserved.2
Who am I?
o 30 years solving business problems with technology
o 15 + years as as principal architect – solutions that matter – Fortune 500, .com, Non Profits, Olympic Games
o Consulted on business inhibitors, technology enablers and risk mitigation – thought leadership to move businesses forward
o Historical leader of Identity and Access Management Market
o Market leading products across Identity, Access, SIEM, and Compliance Management
o Enabling cloud adoption by powering both service providers and enterprises
© 2012 NetIQ Corporation. All rights reserved.3
Why are we here?
o Cloud use is expanding and maturing … we are all moving to a hybrid cloud future
o Mobile, Social, BYOD and the Internet Of Things are all reeking havoc with our security management
o Current security management approaches are broken
o Challenges exist for both Service Providers and Enterprises
© 2012 NetIQ Corporation. All rights reserved.4
The Intelligent combination of internal and external resources to deliver the right mix of cost savings, service levels and business agility.
Start with the Hybrid Cloud
© 2012 NetIQ Corporation. All rights reserved.5
Add new computing contexts
Users are driving change.
Mobility BYOD Social IdentityCloud
Enterprise Service Provider
© 2012 NetIQ Corporation. All rights reserved.6
With new and unprecedented challenges
New, PersistentThreats
Expanding Computing
Environment
Business / MissionKeepsMoving
StaffStretched
Thin
Constant change & complexity results in lack of control and visibility
© 2012 NetIQ Corporation. All rights reserved.7
How do we regain control?
Protection: Strongly enforce access, compliance, security and behavioral policies across all computing domains
Awareness: Capture activity with context for all events across the breadth of your computing environment
Visibility: Provide role-specific, business level dashboards exposing critical activity and patterns
Action: Policy based, real-time action based on appropriate remediation strategies
© 2012 NetIQ Corporation. All rights reserved.8
Physical Virtual Cloud
Secure
Measure
Manage
Identity, Access, and Compliance
Operational and SLA Dashboards
Migrations, DR, and Brokering
FIR
EW
AL
L
INTERNAL CLOUD (on-premise) EXTERNAL CLOUD (off-premise)
Hybrid CloudRequires new management frameworks.
© 2012 NetIQ Corporation. All rights reserved.9
Hybrid Cloud Environment
It starts with IDENTITY
AccessMgmt
Identity & Context
Identity Management
Awareness & Visibility
© 2012 NetIQ Corporation. All rights reserved.10
Who and what interacts with the computing environment?
What behavior do I expect of each identity?
• Benefits of an Identity fabric include:• Manages full lifecycle of user/device identities and privileges• Ensures that identities have the right access to right
resources• Traces all activity to the identity responsible – contextual
accountability• Keeps sensitive information protected regardless of location
and method of access• Keeps security credentials protected
Start with a Strong Identity Fabric
© 2012 NetIQ Corporation. All rights reserved.11
Go beyond with “Identity Context”
• Deliver additional, rich context about users and events to security monitoring tools
• See “who” the individual is; know if their activities are business-appropriate.
– Integrate identity intelligence with security monitoring
– Roles, access rights, permissions
– Increase visibility and control across complex IT landscape
– Cloud, mobile, virtual
© 2012 NetIQ Corporation. All rights reserved.12
Go further with “Identity Context”
Speed response times to threats and reduce the compliance effort.
• Identify when user activity is unusual, anomalous or outside normal business practices
• Demonstrate that access is under control, meets compliance requirements
Andy Anderson
What actions have they been performing in those applications?
What applications has this user been using?
What privilege changes have been applied?
© 2012 NetIQ Corporation. All rights reserved.13
Leverage the Identity Fabric
Access can be a service consumed from a cloud provider or provided within the organization
Access control MUST include the following:- Federated Identity Controls
- Multi domain
- Cloud awareness
- Audit history of cloud activity
Then Access Management….
© 2012 NetIQ Corporation. All rights reserved.14
Problem…
CLOUD RESOURCES
• Separate accounts exist in cloud-based resources
• Creating accounts in cloud services is a manual process, whether IT creates the account or if the user creates the account
• Users must remember separate passwords for each cloud service, and often use their credentials
• No compliance reporting of user activity in the cloud service
Corporate credentials
No single sign-on or strong authentication
Manual process
IT department No reporting
© 2012 NetIQ Corporation. All rights reserved.15
Solution…
CLOUD RESOURCES
• Provide an automated process to provision user accounts to the cloud resources
• Provide secure single sign-on to the cloud services w/o the credentials leaving the security realm
• Provide the ability for users to securely access the cloud service inside or outside of the organization
• Provide compliance reporting of the users’ activities in the cloud service
Corporate credentials
Single sign-on and strong authentication
Automatic process
IT department
Full reporting
Cloud Access
© 2012 NetIQ Corporation. All rights reserved.16
Results…
ENFORCED SECURITY to the Cloud without impacting existing infrastructure
Onsite IAM
Cloud Resources
Provisioning / de-provisioning
Compliance event reporting
Strong AuthN
SSO
LDAP directories
Federated
© 2012 NetIQ Corporation. All rights reserved.17
With Continuous Monitoring and Compliance
• Maintain security and compliance processes to defend against attacks.
• Implement a lifecycle approach to reduce risk from threats.
– Define and refine processes– Good security should be the goal,
not “passing the audit.”
Policy
Assess
Evaluate Risk
AuditRemediate
© 2012 NetIQ Corporation. All rights reserved.18
More On Continuous Compliance
Need to close security and compliance gaps by combining user provisioning, access management, security monitoring, privileged user management.
Provide process automation working in real time ensuring compliance with predefined policies.
Provide both data correlation and anomaly detection to address known and unknown risk areas.
Provide real-time event alerts and remediation based on policy.
© 2012 NetIQ Corporation. All rights reserved.19
© 2012 NetIQ Corporation. All rights reserved.20
NEEDED: both business and technical views of
what’s happening across your hybrid cloud infrastructure.
An effective visibility solution must include:
Role-based dashboards based on the image required for the user to do their job
Business metrics tie-in as basis of upcoming business decisions based on data provided
Aggregation and analysis of events occurring on-premise and across all cloud environments
And Visibility…
© 2012 NetIQ Corporation. All rights reserved.21
EFFECTIVE VISIBILITY solutions must include:
• Integrate & correlate cross domain data into one centralized dashboard
• Automatically model IT, application, & business services
• Intuitive, role-based “service view” speeds problem isolation
• Built-in impact & root-cause analysis to shorten resolution time by 50%, or more
More on Visibility…
© 2012 NetIQ Corporation. All rights reserved.22
ADM
SLM
CMDB360
Asset Data
Compliance
Data
Business
Metrics
Configuration Data
IT Management
Data
Discovery
Data
• Integrates & correlates existing IT data into one centralized dashboard
• Automatically models IT, application, & business services
• Intuitive, role-based “service view” speeds problem isolation
• Built-in impact & root-cause analysis shortens resolution time by 50%, or more
Single Pane of Glass View
© 2012 NetIQ Corporation. All rights reserved.23
It’s possible: a secure, compliant multi-domain environment
1. You must start with a strong on-premise identity platform
2. You must architect for loosely coupled, federated access to cloud and on-premise services
3. You must leverage technologies designed to include
cloud domains
4. You must select service providers that support your
multi-domain management architecture.
© 2012 NetIQ Corporation. All rights reserved.24
About NetIQ
• Provide expertise and experience in Identity, Access Management and Security Management
• Help reduce number of privileged users
• Reduce and manage privileges
• Monitor users and look for unusual activity
• Provide visibility into access rights to critical resources
• Harden systems against attackers
© 2012 NetIQ Corporation. All rights reserved.25
© 2012 NetIQ Corporation. All rights reserved.26
Powering Cloud Service Providers
NetIQ Cloud Manager
NetIQ Services Director
Monetizable As A Service Offerings
Infrastructure
Marketplace & Deployment
Monitoring
IdentityManagement
Access Management SEIMPrivileged
User Mgmt
IdentityManagement
AccessManagement
ComplianceManagementInfrastructure
Disaster Recovery
Migrating to Cloud
SLA Dashboards
Monitoring
Governance
© 2012 NetIQ Corporation. All rights reserved.27
© 2012 NetIQ Corporation. All rights reserved.28
+1 713.548.1700 (Worldwide)888.323.6768 (Toll-free)[email protected]
Worldwide Headquarters1233 West Loop South Suite 810 Houston, TX 77027 USA
http://community.netiq.com
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
Copyright © 2013 NetIQ Corporation. All rights reserved.
ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other countries.