Putting Security in Identity-as-a-Service
-
Upload
ca-technologies -
Category
Technology
-
view
707 -
download
1
Transcript of Putting Security in Identity-as-a-Service
Putting Security inIdentity-as-a-Service
Nishant Kaushik
Security
CA Technologies
Advisor, Product Management
SCT22T
@NishantK
#CAWorld
2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
For Informational Purposes Only
© 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The presentation provided at CA
World 2015 is intended for information purposes only and does not form any type of warranty. Some of the specific slides with customer
references relate to customer's specific use and experience of CA products and solutions so actual results may vary.
Certain information in this presentation may outline CA’s general product direction. This presentation shall not serve to (i) affect the rights
and/or obligations of CA or its licensees under any existing or future license agreement or services agreement relating to any CA software
product; or (ii) amend any product documentation or specifications for any CA software product. This presentation is based on current
information and resource allocations as of November 18, 2015, and is subject to change or withdrawal by CA at any time without notice. The
development, release and timing of any features or functionality described in this presentation remain at CA’s sole discretion.
Notwithstanding anything in this presentation to the contrary, upon the general availability of any future CA product release referenced in
this presentation, CA may make such release available to new licensees in the form of a regularly scheduled major product release. Such
release may be made available to licensees of the product who are active subscribers to CA maintenance and support, on a when and if-
available basis. The information in this presentation is not deemed to be incorporated into any contract.
Terms of this Presentation
3 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Agenda
CLOUD IN THE ENTERPRISE
SECURITY CONCERNS WHEN MANAGING SAAS
INTRODUCING CA SAAS APP SECURITY
THE SHARED RESPONSIBILITY MODEL
THE MYTH OF SSO BASED CONTROL
COMPREHENSIVE ENTERPRISE IDENTITY-AS-A-SERVICE
1
2
3
4
5
6
12 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Enterprises Recognize A Problem
Over two-thirds of businesses lack full confidence in their ability to effectively and securely manage permissions within SaaS applications
Source: A commissioned study conducted by Forrester Consulting on behalf of CA Technologies, September 2015
13 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
The Shared Responsibility Model
Cloud Service Providers play a key role in delivering security, but as part of the shared responsibility model, they are not liable for access to & usage of the cloud application
14 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
What is the most common way in which your organization has implemented the following security capabilities for SaaS applications?”
Enterprises are Looking for Answers
Source: A commissioned study conducted by Forrester Consulting on behalf of CA Technologies, September 2015
0%
20%
40%
60%
80%
100%
1 2 3 4
Series4
Series3
Series2
Series1
17 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Myth Busting SSO-based Control
Account De-provisioning Reliance on password replay Automatic provisioning Entitlement process Centralized compliance reporting
18 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
So What are You Really Missing?
How do I get visibility into who has what access to my applications, and my data?
How can I manage the security of my cloud applications the same way I would on-premises applications?
IT’s new role is to enable, so how can I scale the secure adoption of SaaS?
19 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Current IDaaS has Limited Scope
Au
then
tication
Basic o
r JIT User
Man
agemen
t
Directo
ry Services
Federatio
n
Directo
ry Sync
SaaS Applications
On-premises Applications
Current IDaaS
Directory
20 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Comprehensive IDaaS Delivers Security
Au
then
tication
Iden
tity An
alytics
Privileged
Acco
un
t M
anagem
ent
Iden
tity LifecycleM
anagem
ent
Directo
ry Services+
Au
tho
rization
Federatio
n
Fine
-grained
User P
rovisio
nin
g
SaaS Applications
On-premises Applications
Comprehensive IDaaS
Access
Go
vernan
ce
22 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Introducing CA SaaS App Security
Deep, contextual identity-based security controls out-of-the-box enables organizations to Quickly Adopt SaaSWithout Compromising Security
Increased Productivity and Security by automating your Identity & Access Management processes and enforcing policies
Deliver an Easy-to-Manage and Cost Effective IDaaSsolution by enabling self-service administration, and providing predefined capabilities and integrations based on industry best practices
Simple, Intuitive User Experience for End-Users, Business Users and Administrators
Built to Meet the Needs of the Modern Enterprise
23 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Introducing CA SaaS App SecurityBuilt to Meet the Needs of the Modern Enterprise
User Account Provisioning, De-provisioning
SingleSign-on
Rogue & Orphan Account Detection & Remediation
Authenticationw/ 2FA
CA SaaS App Security
Active Directory
User Management
24 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
A True Identity GraphThe Foundation for delivering comprehensive, identity-based security services
ChatterModerator
SystemAdmin
SalesDirectors
CFO
ChannelSalesTeam
Sales
Profile
Profile
Role
RoleRole
App
Account
Person
Person
Department
Has Account
Has Manager
Member Of
Account
Privilege
Privilege
Privilege
Privilege
Privilege
Has Privilege
Has Privilege
25 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Make it Easy and Secure for People to Sign In
Authenticate users using a strong password supplemented by two-factor authentication
Reduce helpdesk overhead thanks to self-service password management and forgotten password recovery
Give your users the ease and convenience of Single Sign-On to your SaaS apps
Authentication Services
26 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Take Control of Who has What Access in your SaaS AppFine-Grained User Provisioning
Automate the provisioning and de-provisioning of user accounts in your SaaS Apps
Go deeper to manage the entitlements (groups, roles, permissions) of your users
Get visibility into existing accounts & entitlements
Detect and remediate the existence of orphan and rogue accounts thanks to continuous monitoring
Leverage pre-defined integrations that understand the specific nuances of the target application
27 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Manage the Lifecycle of Identities and Enforce PoliciesIdentity Lifecycle Management
Comprehensive Joiner, Mover and Leaver processes
Automated Rule-based Provisioning and De-provisioning of Accounts (with Entitlements) triggered by Joiner & Mover events
Leaver Process that automates Account De-provisioning
Self-Service and Administrative Profile Management
28 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Some Ways that CA SaaS App Security Can Help
Manage and Control Access to Amazon Web Services In a Devops and Agile environment, track the access and authorization users have in
different AWS accounts Automate the management of privileged accounts Automate removal of access in response to change events Provide SSO for users to access multiple AWS accounts
Contractor Management Create a System of Record for tracking contractors Avoid forcing contractors into employee systems Give hiring managers an easy way to self-manage their contractors Define and enforce policies around contractor access Remove access when the contractors leave
29 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Partner With Us
For a limited time, sign up to become a customer validation partner for CA SaaS App Security. Special incentives are available.
Just register at http://bit.ly/validate-ca-saas-app-security, or send an email to [email protected]
See A Demo
Secure Access to SaaS Apps
Exhibition Center
Security Content Area
Discuss
Learn MoreAbout CA SaaS App Security
Nishant [email protected]
30 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Recommended Sessions
SESSION # TITLE DATE/TIME
SCT18TCommon Challenges of Identity Management and
Federated Single Sign-On in a SaaS World 11/19/2015 at 3:45 pm
32 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
For More Information
To learn more, please visit:
http://cainc.to/Nv2VOe
CA World ’15