Putting Security in Identity-as-a-Service

32
Putting Security in Identity-as-a-Service Nishant Kaushik Security CA Technologies Advisor, Product Management SCT22T @NishantK #CAWorld

Transcript of Putting Security in Identity-as-a-Service

Putting Security inIdentity-as-a-Service

Nishant Kaushik

Security

CA Technologies

Advisor, Product Management

SCT22T

@NishantK

#CAWorld

2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

For Informational Purposes Only

© 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The presentation provided at CA

World 2015 is intended for information purposes only and does not form any type of warranty. Some of the specific slides with customer

references relate to customer's specific use and experience of CA products and solutions so actual results may vary.

Certain information in this presentation may outline CA’s general product direction. This presentation shall not serve to (i) affect the rights

and/or obligations of CA or its licensees under any existing or future license agreement or services agreement relating to any CA software

product; or (ii) amend any product documentation or specifications for any CA software product. This presentation is based on current

information and resource allocations as of November 18, 2015, and is subject to change or withdrawal by CA at any time without notice. The

development, release and timing of any features or functionality described in this presentation remain at CA’s sole discretion.

Notwithstanding anything in this presentation to the contrary, upon the general availability of any future CA product release referenced in

this presentation, CA may make such release available to new licensees in the form of a regularly scheduled major product release. Such

release may be made available to licensees of the product who are active subscribers to CA maintenance and support, on a when and if-

available basis. The information in this presentation is not deemed to be incorporated into any contract.

Terms of this Presentation

3 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Agenda

CLOUD IN THE ENTERPRISE

SECURITY CONCERNS WHEN MANAGING SAAS

INTRODUCING CA SAAS APP SECURITY

THE SHARED RESPONSIBILITY MODEL

THE MYTH OF SSO BASED CONTROL

COMPREHENSIVE ENTERPRISE IDENTITY-AS-A-SERVICE

1

2

3

4

5

6

4 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Modern Enterprise IT is Cloudy

5 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Greater Collaboration & Productivity

6 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Enabling the Agile Enterprise

7 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Any Where, Any Time, Any Device

8 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Impact on the Bottom Line

9 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Making the Leap to SaaS

10 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

But … What About Security?

11 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Greater Convenience, Greater Risk

12 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Enterprises Recognize A Problem

Over two-thirds of businesses lack full confidence in their ability to effectively and securely manage permissions within SaaS applications

Source: A commissioned study conducted by Forrester Consulting on behalf of CA Technologies, September 2015

13 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

The Shared Responsibility Model

Cloud Service Providers play a key role in delivering security, but as part of the shared responsibility model, they are not liable for access to & usage of the cloud application

14 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

What is the most common way in which your organization has implemented the following security capabilities for SaaS applications?”

Enterprises are Looking for Answers

Source: A commissioned study conducted by Forrester Consulting on behalf of CA Technologies, September 2015

0%

20%

40%

60%

80%

100%

1 2 3 4

Series4

Series3

Series2

Series1

15 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

A Problem of Scale & Expertise

16 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

The Myth of SSO-based Control

17 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Myth Busting SSO-based Control

Account De-provisioning Reliance on password replay Automatic provisioning Entitlement process Centralized compliance reporting

18 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

So What are You Really Missing?

How do I get visibility into who has what access to my applications, and my data?

How can I manage the security of my cloud applications the same way I would on-premises applications?

IT’s new role is to enable, so how can I scale the secure adoption of SaaS?

19 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Current IDaaS has Limited Scope

Au

then

tication

Basic o

r JIT User

Man

agemen

t

Directo

ry Services

Federatio

n

Directo

ry Sync

SaaS Applications

On-premises Applications

Current IDaaS

Directory

20 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Comprehensive IDaaS Delivers Security

Au

then

tication

Iden

tity An

alytics

Privileged

Acco

un

t M

anagem

ent

Iden

tity LifecycleM

anagem

ent

Directo

ry Services+

Au

tho

rization

Federatio

n

Fine

-grained

User P

rovisio

nin

g

SaaS Applications

On-premises Applications

Comprehensive IDaaS

Access

Go

vernan

ce

21 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Introducing CA SaaS App Security

22 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Introducing CA SaaS App Security

Deep, contextual identity-based security controls out-of-the-box enables organizations to Quickly Adopt SaaSWithout Compromising Security

Increased Productivity and Security by automating your Identity & Access Management processes and enforcing policies

Deliver an Easy-to-Manage and Cost Effective IDaaSsolution by enabling self-service administration, and providing predefined capabilities and integrations based on industry best practices

Simple, Intuitive User Experience for End-Users, Business Users and Administrators

Built to Meet the Needs of the Modern Enterprise

23 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Introducing CA SaaS App SecurityBuilt to Meet the Needs of the Modern Enterprise

User Account Provisioning, De-provisioning

SingleSign-on

Rogue & Orphan Account Detection & Remediation

Authenticationw/ 2FA

CA SaaS App Security

Active Directory

User Management

24 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

A True Identity GraphThe Foundation for delivering comprehensive, identity-based security services

ChatterModerator

SystemAdmin

SalesDirectors

CFO

ChannelSalesTeam

[email protected]

Sales

Profile

Profile

Role

RoleRole

App

Account

Person

Person

Department

Has Account

Has Manager

Member Of

Account

Privilege

Privilege

Privilege

Privilege

Privilege

Has Privilege

Has Privilege

25 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Make it Easy and Secure for People to Sign In

Authenticate users using a strong password supplemented by two-factor authentication

Reduce helpdesk overhead thanks to self-service password management and forgotten password recovery

Give your users the ease and convenience of Single Sign-On to your SaaS apps

Authentication Services

26 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Take Control of Who has What Access in your SaaS AppFine-Grained User Provisioning

Automate the provisioning and de-provisioning of user accounts in your SaaS Apps

Go deeper to manage the entitlements (groups, roles, permissions) of your users

Get visibility into existing accounts & entitlements

Detect and remediate the existence of orphan and rogue accounts thanks to continuous monitoring

Leverage pre-defined integrations that understand the specific nuances of the target application

27 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Manage the Lifecycle of Identities and Enforce PoliciesIdentity Lifecycle Management

Comprehensive Joiner, Mover and Leaver processes

Automated Rule-based Provisioning and De-provisioning of Accounts (with Entitlements) triggered by Joiner & Mover events

Leaver Process that automates Account De-provisioning

Self-Service and Administrative Profile Management

28 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Some Ways that CA SaaS App Security Can Help

Manage and Control Access to Amazon Web Services In a Devops and Agile environment, track the access and authorization users have in

different AWS accounts Automate the management of privileged accounts Automate removal of access in response to change events Provide SSO for users to access multiple AWS accounts

Contractor Management Create a System of Record for tracking contractors Avoid forcing contractors into employee systems Give hiring managers an easy way to self-manage their contractors Define and enforce policies around contractor access Remove access when the contractors leave

29 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Partner With Us

For a limited time, sign up to become a customer validation partner for CA SaaS App Security. Special incentives are available.

Just register at http://bit.ly/validate-ca-saas-app-security, or send an email to [email protected]

See A Demo

Secure Access to SaaS Apps

Exhibition Center

Security Content Area

Discuss

Learn MoreAbout CA SaaS App Security

Nishant [email protected]

30 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Recommended Sessions

SESSION # TITLE DATE/TIME

SCT18TCommon Challenges of Identity Management and

Federated Single Sign-On in a SaaS World 11/19/2015 at 3:45 pm

31 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Q & A

32 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

For More Information

To learn more, please visit:

http://cainc.to/Nv2VOe

CA World ’15