CIS13: Next Generation Privileged Identity Management: A Market Overview
-
Upload
cloudidsummit -
Category
Technology
-
view
728 -
download
0
description
Transcript of CIS13: Next Generation Privileged Identity Management: A Market Overview
Next Genera*on Privileged Iden*ty Management: A Market Overview
Patrick McBride Vice President, Marke0ng
June 2013 © Copyright 2013, Xceedium, Inc. 2
Patrick McBride – Old Security Guy…
PMB Consulting!
Presentation Sponsored by:
§ Security soKware company providing Next-‐Genera*on Privileged Iden*ty Management solu*ons
§ Global Fortune 1000 and Government customer base
§ Headquartered in Herndon, VA
§ XsuiteTM PlaSorm
June 2013 © Copyright 2013, Xceedium, Inc. 3
Xceedium
Cool Vendor
Best Overall IT Company
Top 100 Global Company
Hot Company to Watch
RSA 2011 Hot New Security Product
Best Privileged Access Management
Solution
June 2013 © Copyright 2013, Xceedium, Inc. 4
Privileged Iden;ty Management
June 2013 © Copyright 2013, Xceedium, Inc. 5
The “Two Man” Rule…Really? REALLY?
June 2013 © Copyright 2013, Xceedium, Inc. 6
Who Are Privileged Users? On Premise
Employees/Partners • Systems Admins • Network Admins • DB Admins • Applica*on Admins
Partners Systems/NW/DB/Application Admins
Employees Systems/NW/DB/Application Admins
Public Cloud
Apps
Apps
Unauthorized User Hacker (Malware/APT)
VMware Administrator
AWS Administrator
MicrosoK Office 365 Administrator
Internet
Ops Automation & DevOps
What Else is Privileged? Let’s Talk APIs…
June 2013 7
Public Cloud Private Cloud Tradi;onal IT
Home Grown Scripts
Infrastructure Configura*on APIs (SDN/SDC)
Business Applica*on APIs
© Copyright 2013, Xceedium, Inc.
APIs
“All APIs are equal, but some APIs are more equal than others.” George Orwell, Animal Farm (1945)
June 2013 © Copyright 2013, Xceedium, Inc. 8
A Brief History of Privileged Iden;ty Management
Do It Yourself • Jump Boxes/Bas*on Hosts • SSL/VPN • Network Access Control (NAC) • Firewall Rules • Router ACL/Logical NW Segmenta*on • Physical NW Segmenta*on
(Third Party) Access Control Systems
Password Vaul*ng Systems
Logging & Recording Systems
Iden*ty Bridges Modern PIM (circa 2011)
June 2013 © Copyright 2013, Xceedium, Inc. 9
What’s New? Migra;on to the New Enterprise
Figure 2. The Virtualization Road Map Through Private Cloud Computing
Source: Gartner (February 2012)
• Consolida*on • Capital expense
• Capital expense elimina*on
• Increased flexibility (up and down)
• Flexibility and speed • Opera*onal expense automa*on
• Less down*me
• Self-‐serve agility • Standardiza*on • IT as a business • Usage metering
STAGE 1: Server
Virtualization
STAGE 5: Public Cloud
STAGE 2: Distributed
Virtualization
STAGE 3: Private Cloud
STAGE 4: Hybrid Cloud
• Costs for peak loads • Flexibility for peak loads
MANAGEMENT PLANE
Business Drivers: § Cost Reduction § Speed § Agility § New Applications
Software Defined IT Infrastructure New IT Operations Model New Risk/Compliance Issues
STAGE 1: Server
Virtualization
STAGE 5: Public Cloud
STAGE 2: Distributed
Virtualization
STAGE 3: Private Cloud
STAGE 4: Hybrid Cloud
Com
plex
ity
Cloud Evolution
Security & Compliance Risks • Extended Management Plane & Risk Surface Area
• Shared Security and Audit Model
• On Demand Procurement Paradigm
• Federated Privileged Identity & Attribution
• New Regulatory Mandates & Auditor Scrutiny
• Highly Dynamic, Elastic Environments
June 2013 © Copyright 2013, Xceedium, Inc. 10
New Enterprise New Security, Risk, Opera;onal Challenges
1. Comprehensive/Integrated Control Set Table stakes…point products need not apply
2. Protect Systems/Applica*ons/Consoles Across Hybrid-‐Cloud Environments
3. Architected Specifically for Highly Dynamic Cloud No Cloud Washing
June 2013 © Copyright 2013, Xceedium, Inc. 11
Next Genera;on PIM Requirements
Attribute Identity for Shared Accounts (e.g., Root/Admin)
Control Access to Target Systems
Prevent Leapfrogging
Monitor Sessions & Prevent Unauthorized Commands
Record Sessions
Positively Authenticate Users
Before: ID: abc123 PW: Redskins
After: ID: abc123 PW:x8km&eie10$
Vault & Manage Credentials
Least Privilege & Layering PIM Controls
12
Iden*ty Integra*on Enterprise-‐Class Core
Hardware Appliance AWS AMI OVF Virtual Appliance
Unified Policy Management
Control and Audit All Privileged Access • Vault Credentials • Centralized Authentication • Federated Identity • Privileged Single Sign-on
• Role-Based Access Control • Prevent Leapfrogging • Monitor & Record Sessions • Full Attribution
June 2013 © Copyright 2013, Xceedium, Inc. 13
Xsuite™ Next Genera*on Privileged Iden*ty Management
New Enterprise
Tradi;onal Data Center
Mainframe, Windows, Linux, Unix, Networking
Virtualized Data Center
vCenter Server
SaaS Applica;ons
Office 365 Admin Center
Public Cloud -‐ IaaS
AWS Management Console
“I bet you $50.00 that you can’t integrate all of the following into your Cloud Iden*ty Summit Presenta*on.”
• Authors Washington Irving & George Orwell • Where’s Waldo • A Saturday Night Live Quote • Grecian Formula • “A half a bowl of fruit went out of style 100 years ago.”
-‐Mo Rosen, EVP Corporate Development, Xceedium Twi]er “@xceedium: Next Gen PIM & a half bowl of fruit!”
June 2013 © Copyright 2013, Xceedium, Inc. 14
Now I need your help…
2214 Rock Hill Road, Suite 100 Herndon, VA 20170 Phone: 866-‐636-‐5803
June 2013 © Copyright 2013, Xceedium, Inc. 15
Contact Us
facebook.com/xceedium
@Xceedium @pmcbrideva1