230 likes | 456 Views
A Practical Approach To Secure Access To On Premise And Off Premise Applications & Solving The Problem Of Cloud Security: Top 3 Ways To Secure A Cloud Roadmap Darren Platt CTO | Symplified. The Problem: Identity Silos. User Growth Fuels Complexity. Sensitive Data Outside Firewall.
E N D
A Practical Approach To Secure Access To On Premise And Off Premise Applications & Solving The Problem Of Cloud Security: Top 3 Ways To Secure A Cloud RoadmapDarren PlattCTO | Symplified
The Problem: Identity Silos User Growth Fuels Complexity Sensitive Data Outside Firewall SaaS Creates Management Silos Enterprise Integration
Identity Management Challenges in the Cloud – De-provisioning Example »Terminated employee is removed from Active Directory »Admin must repeat Removal from all siloed apps But Cloud apps aren’t integrated so a terminated employee can access company data and apps
Identity Management Challenges in the Cloud – De-provisioning Example » Terminated employee is removed from Active Directory » One step for admin » Centralized policies Terminated employee no longer has access to apps
Service Providers’ Challenge Technical Sophistication & Capabilities Fortune 500 Midmarket & SMB Enterprise Consumers & Individuals
The Iceberg Network Security SSO (some anyway)--------------------Access ManagementProvisioningAuditSLA Management
Above Waterline:Single Sign On for Cloud Apps • Standards Exist, but are Complicated • SAML, OpenID, OAuth, Shibboleth, WS-Federation • Standards are Not Broadly Adopted • Often Requires Custom Development and/or Standards Expertise • Traditional Internal Security Tools Don’t Apply • Point to Point Federation Model Does NOT Scale
Below Waterline:The Remaining Work • Access Management / Authorization • XACML • Provisioning User Accounts • SPML • De-provisioining • Audit • CloudAudit • SLA Management & Verification
Point-To-Point Doesn’t Scale The Math Of One-To-Many a e (ex a) e = enterprise a = applications Linear Growth In Connections SaaS Adoption Adding More Apps
Point-To-Point Doesn’t Scale The Math Of Many-To-Many 1e x 1a = 1 2e x 2a = 4 3e x 3a = 9 4e x 4a = 16 5e x 5a = 25 (e x a) e = enterprise a = applications Geometric Growth In Connections SaaS Adoption Adding More Business Units and Apps
Point-To-Point Doesn’t Scale The Math of One-to-Broker (E) Linear Solves both SaaS Adoption and Collaboration
Point-To-Point Doesn’t Scale Graph Perspective Scaled Geometric Linear Cost Per User Extra Cost Constant Number Of Apps
SymplifiedProblemSpace Internal Web Apps Public Cloud Apps Symplified Solution
THE USER EXPERIENCE Mobile Portals for SSO and Access control for iPads, iPhones, Android and others SaaS SSO Portals
Simple Deployment 1. Choose Deployment 2. Integrate & Unify Seams 3. Go Live! Trust Cloudor Portal Custom Portal On Premises Virtual Appliance Mobile Portal WebServices StrongAuthentication Web Apps Databases Active Directory
SymplifiedSign-On Symplified Access Manager Symplified Identity Manager The Symplified Platform One universal login for authentication to many applications Centralized management of user access with dynamic, policy based controls Self-service user registrationand account management, user provisioning and password reset and policies »Authentication » SAML & HTTP & OpenID » Authorization » Dynamic Access Control » User Management » Account Synchronization Mobile Edition Audit and Reporting SinglePoint Identity as a Service Platform Applications Public & Private Cloud SinglePoint Studio (Admin UI) SSO Portal (End user SSO portal for desktop, tablets and phones) Identity Router (Layer 4 Proxy on Trust Cloud or Appliance) DeliveryAny DeviceAny Location Integration Cloud User Stores & Identity Vaults »Trust Fabric (App Store for Identity) »Trust Connector (No Coding Integration Tool) »Web Service API’s (Platform as a Service) »SimpleLink™ (SSL VPN to access behind firewall systems) »Multiple Authentication (Kerberos, SAML, tokens) »Virtual Directory (AD, LDAP, SQL, Web Services) »KeyChain (Credential Vault & Persona Mapping) CustomerInfrastructureDB, LDAP, Web Services, Authentication Sources Existing Portals Multi-tenancy | Security | Monitoring | Redundancy | Upgrades
The Symplified Vision Converging Revolutions Seamless Identity With Symplified »IT as a Service »The Cloud »Mobile Everywhere »Any User »Any Device »Any App »Any Location » Be Like Amazon » Save Millions on Integration » Embrace The Cloud
OVER 1 MILLION USERS RELY ON SYMPLIFIED Customers Symplified scales from workgroups of 50 to the Fortune 500 Pfizer Charming Merit Schumacher Serena AHA Forest GLS Moody’s Amylin Dolby InMage Script DWR Schlumberger Ivie DemandTec Coty Symplified Ecosystem Symplified has the largest Cloud Identity Ecosystem
Schumacher Portal Streamlines Revenue Challenge(B2C/Business-to-Customer): Needed to add 3rd party apps to their external portal, leveraging existing provider log-in and authentication. Results: Symplified technology integrated with Schumacher’s portal provides stronger authentication due to ease-of-use and because providers only have to authenticate one time. This allows for a more seamless communication channel with their provides, their main revenue source. Our employees are very pleased that bookmarks in their browser lead them straight into applications, without any additional sign-on. Doug MenefeeCIO Schumacher Group
AHA Cures SSO Headaches with Symplified Challenge (B2E/Employee-to-SaaS): Needed seamless login to their Collaboration platform; supporting intranet portal, SAML and non-SAML SaaS apps. Results: Increased user adoption of the collaboration platform, bridging private and public cloud apps. Up and running in less than two months. We are extremely pleased with the Symplified solution as it has allowed us to deliver on all of our security and compliance objectives for the Social Intranet & Collaboration platform project. We have been very impressed by the professionalism and level of support from Symplified throughout the entire sales and implementation process. Jack MacKay Vice President & Chief Information Officer American Hospital Association
Merit Medical Mobilizes with Symplified Challenge (Mobile): Issued mobile devices to field sales team and wanted to secure and manage access to productivity/training applications to increase sales in the field. Results: Centralized authentication, access control and more secure and efficient end user experience – no systems or human resource costs; one man band supporting 100s of field reps. Enabingmashups that combine data from eLeap and Google to supply better insight, rather than more data to mine. Symplified's technology and customer service have taken us to the cloud with confidence. Lincoln Cannon Director of Web Systems Merit Medical