Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity & Service Broker Solving Cloud Access Complexity

Similar presentations


Presentation on theme: "Identity & Service Broker Solving Cloud Access Complexity"— Presentation transcript:

1 Identity & Service Broker Solving Cloud Access Complexity
Using a Broker Model Presented by: Girish Juneja – Director- Intel Application Security & Identity Products Group

2 Enterprise Now Using Several Cloud Applications
Public Cloud SaaS Virtual Service Collab App Portal CRM HR Social Apps Private Cloud A Enterprise Legacy Infrastructure Financial System Web Gateway ID Store Let’s take a walk through memory lane. The journey to cloud & saas began long before these terms were in vogue. Early foray’s included the Enterprise HR using ADP for payroll or fidelity for managing 401k for their employees. Then Business units entered the world of SaaS to use applications, like Salesforce.com CRM or Box.net . In short order the word spread from the business to IT who quickly embraced secondary storage and hosting on EC2 for a tremendous return on ROI Most recently CIOs began to apply a consolidated enterprise wide cloud-first strategy where, any new system should be deployed on either a public cloud, or within regulated industries- private clouds delivered greater control. (Push Build) A journey that started in an innocent cost saving or business process improvement exercise, soon begins to look like a pasta press with users, data and assets, connected in varied ways to environments that are external to an enterprise. Many IT environments are somewhere in this journey. IT now has to re-think how to provide some level of governance to this honeycombed environment, and at the same time reduce the bewildering service level and commercial complexity when dealing with multiple providers. Simplicity and scale have become the new terms that are in Vogue. Mainframe Data Warehouse ESB Private Cloud B BPMS Identity Messaging Service File System PKI

3 Market Shifting to Cloud Broker Model
Simplified Service Consumption 1-n Departments 1-n Providers IdM Legacy Mobile Provider SaaS, PaaS, IaaS B2B Mashups Apps IT Broker 3rd Party Broker Provider CSB Platform CSB Platform Private Cloud Public Cloud Provider The notion of cloud brokering is one way to think about addressing these issues. While many varying definitions of a Cloud Service Brokerage exist, in general they follow the same value propositions. Gartner defines a CSB as a role in which a company or other entity adds value to one or more cloud services on behalf of 1-n consumers of those services. In the CSB realm there is a role for 3rd party broker operators and a role where IT creates a brokerage for a certain set of services it wishes to maintain under its control as it manages consumption by internal departments. Many IT departments are already planning for a unified cloud access layer in their enterprise architectures to be operated in a private cloud. On the adoption cycle, we are passing from the conceptual to real market opportunity. Statistics from Analysts like Gartner underscore the traction: By 2015, 20% of cloud services will be intermediated by CSBs Cloud Service Brokerages that manage APIs represents the single biggest revenue growth opportunity in cloud computing 46% of survey respondents indicate CSB will play major IT role - Daryl Plummer & Benoit Lleureux Bottom line CSBs- help simplify sourcing, technical consumption, increase time to market and most importantly enable enterprise embrace of the Cloud to scale past its glass ceiling. A CSB aggregates services from multiple cloud providers, adds value, & simplifies consumption for the enterprise Do-it-yourself IT and/or 3rd Party Intermediary Consumption Models

4 When Do You Need a Broker?
High volume of nested provider relationships To manage risk across providers Complexity of service interoperability Compelling value added services IT has capacity to manage Key Services Brokered Different provider offerings Broker identity & authentication Manage & govern APIs Coordinate different SLAs Broker CSB Platform Shielded from overhead and complexity API Billing Support Security Governance Integration Focus on core business Enterprise Providers So what are the signs that a broker may be of value; either managed by IT, a third party, or a combination of both? Clearly a large number of disparate provider relationships is one sign. For example, even managing 4 SaaS relationships introduces a complex identity and access management burden on IT to manage identities in a regulated compliant way. On the application consumption side, the cloud API has emerged as the new enterprise control point….according to the Programmable Web industry site that tracks API trends 1/3 of all Enterprise application traffic is already proxied through an API. ….managing this level of complexity is another proof point for the broker model. The role of deparmental IT is changing to focus on consumption of a core set of services leaving the complexity of Billing, Support, Service Governance, and Integration to a central IT managed broker or 3rd party. Traditional Role of IT Changes with CSBs

5 Sample CSB Models & Providers Today
Integration Focused Customized Process Outsourcing SaaS & Service Aggregation Value Add CSB Operating CSBs are a reality today and can be further segmented into 3 general classifications. An Aggregation brokerage unifies service access for consumers through service bundling, unified billing, and is responsible for overall SLAs- today this is a common- for instance there are CSBs that say aggregate licensing, support, reporting, migration kits, etc for google apps. Many other examples exist. Integration Brokerages go one step further by organizing services, integrating multiple on-prem & cloud data service providers to create a complete product offering generally around a vertical industry or community business process. An example of this are many of the large B2B supply chain oriented exchanges that have connected vertical industries for years like GHX in healthcare or Covisint in automotive supply chain management. This role will go beyond the narrow B2B role to service any community business process. Customization Brokerages actually create brand new value added services that may tailored uniquely for the Enterprise cloud consumer. Similar to How EDI Evolved from Internal to Outsourced Vertical Exchanges *Other names and brands may be claimed as the property of others.

6 Identity Brokerage - An Essential CSB Service
Multiple Logins Weak Security Manual Provisioning Secure SSO Secure APIs Identity Broker Identity Broker Mobile Access/ Visibility Admin Control ? Anywhere Access Let us take a deeper look at Identity. Often today, the identities in the cloud/saas environment are a case of wild west. Everyone is managing anywhere from 5-20 username and passwords on multiple SaaS and Cloud platforms. Each application is a new login. Provisioning process is manual and de-provisioning non-existent. Orphan accounts abound, in many cases with privileges they should not have. Password security works differently for different SaaS and Cloud Services, some are strong other are weak. Some applications have better controls, they verify that you are coming from the device you signed in and not a new device, others really do not care. And there is no way to track who accessed what when, or correlate usage for departmental charge back. Using some industry examples: The marketing automation provider Marketo is estimated to cloud applications A VP of sales for a major cloud vendor fired sales guy, it took him 7 days to de-provision from all the cloud apps. Because ADP was brought in by Finance, Echosign by legal, etc..locating the administrators and then de-provisioning was a major task So in short a ripe case can be made for an identity service broker. But one that can not only address single sign-on, a huge convenience to the user, but also provision and deprovisioning identities, simplifying on-boarding process. One that can connect cloud based identities as well as Enterprise directories in a seamless manner. And one that provides the governance controls that IT needs for enabling user access in a simple yet secure & compliant way. Lack of Enterprise Control Enterprise Control Security technology is evolving to a specialized cloud broker model delivered “as a service”

7 Building a Strong Standards Based CSB Platform
Cloud Computing Reference Architecture Defines CSB Role Self certification of a 3rd Party CSB Consensus Assessments Initiative Questionnaire (CAIQ) Public registry Obviously, operating a CSB requires attention to standards and enterprise class operating regulations. We recently did a CSB web webinar with NIST where they presented their definitions of the CSB role within their Cloud Computing Reference Architecture document. NIST and other standards will help accelerate role and boundary lines for a CSB. On the operating side, the new CSA Star initiative is a publicly accessible registry that documents the security controls provided by cloud offerings. A enterprise class CSB should utilize this searchable registry to allow potential cloud consumers to review their security practices, accelerate their due diligence and leading to higher quality procurement experiences. Specifically, on the cloud identity side, the CSA’s Domain 12 set of standards outlines the best practice guidance for Identity and Access Management. This is a must for any identity oriented CSBs to follow. Domain 12: Guidance for Identity & Access Management

8 Identity Brokerage Technology
Introducing: Identity in the cloud, for the cloud Now I am excited to announce Intel Cloud SSO.. a real world example of an operating identity brokerage. It’s a collaborative offering that leverages Intel’s identity expertise, McAfee’s deep experience with Security as a Service, and Salesforce’s enterprise class delivery platforms. Let’s get the covers off this one and dive into some detail. - Platform -Trusted SaaS Operator - Identities

9 Intel® Cloud SSO - Your Trusted Identity Broker
Certified Operating Environment Hybrid Deployment Connectivity to Enterprise IDs & Threat Protection Enterprise IntelCloudSSO.com is hosted on Force.com cloud platform; our partner, and it provides the ability to simplify, secure and govern user access to multiple cloud application providers. For this important role, we have gone through several steps to ensure this offering is standards based, independently certified, and delivered proven cloud platforms. First Intel Cloud SSO is nearly complete with its certification and listing on CSA’s Star registry to ensure we have followed industry best practices for identity and operating procedures. Next, IntelSSO offers a cloud only or a hybrid model. The cloud only model makes the most sense for users who are essentially trying to avoid having to manage cloud access from enterprise directories or have a relatively smaller user population that is using cloud and saas. The hybrid model, involves deploying McAfee Identity Manager on premise to provide connectivity to AD and other Enterprise ID stores.This is useful in supplemental use cases where contractors may be managed entirely in the cloud while employees are corporate directories. As we know the migration to 100% cloud will go in phases, we offer a flexible pricing model where you can deploy on-prem, as a service or across 1-n cloud applications with a single price. One price: on-prem, as a service, or 1-n target apps

10 Drive Cloud ROI with Identity-as-a-Service
My Apps Enterprise Laptop Account Provisioning One Time Password SSO Portal iPad Force.com Apps Mobile Access 100s of External SaaS Apps Browser IntelSSO.com is a Multi-tenant offering hosted on Force.com with worldclass support from Salesforce. A user can now login with a Single credential to access custom force.com apps or 100s of External SaaS apps like Web X, Success factors, Silk Road. We go beyond just SSO to provide the same level of enterprise- class, compliant controls that administrators mandate across internal applications and Identity system today. We deliver a range of standards based federation standards such as SAML, Oauth, and open id, we package full identity lifecycle management with account provisioning, & deprovisioning, and as needed administrators can create policies to invoke strong authentication as needed. For an existing Salesforce user or any user in general, it is simple yet powerful service to enhance productivity, reduce costs and provide security controls for compliance. Let’s see how it works. Delivers same level of control as on-prem IAM Leverage Salesforce or enterprise accounts for SSO Trigger mobile & hardware assisted authentication

11 SSO Portal 100s of Out-of-Box Connectors
In a hybrid mode on-premise or from within the cloud based service, a user can utilize the SSO Portal for streamlined access to private, public, or SaaS application environments. Adminstrators can personalize and control access to any of our 100s of pre-configured cloud application providers delivering fast day 1 user productivity to company approved cloud applications.

12 Simple Set-up for Fast Productivity
Simple 3 Step Configuration for: Packaged Connectors SaaS & Custom Apps For those who have used current SaaS services, many of us, just cannot imagine having to go back to the complexity of their older on-premise cousins. Same is true of identity as a service in this case. Making things simple for users and admins is key….the provider connectivity, the auditable provisioning of ids, the ability to restrict access for certain users. We focused on this aspect to create a fast 3-step process for the admin – pick the apps, assign users or groups and if needed, control access. If the user identity is in the cloud, the process can be even simpler, user gets auto-assigned based on their profile to the application! Full Provisioning Engine

13 Context Aware Authentication
Hardware Assisted AuthN Intel Identity Protection Technology Embedded in 120 million Ultra Books And what about having the ability to limit access based on the context of user access? Powerful yet simple ability to ask for 2-factor authentication for a group or up-level the native capabilities of the service provider, limit access by network, time and in future by location, client patch levels, even to verify that 2-factor originated from trusted client hardware – this provides the kinds of controls Enterprise IT is used to. Only in this case, there is no software to install, no hardware to buy, yet the same level of control. This is just the start, Intel’s investment in hardware assisted security will bring new capabilities and control to access policies controlled through Intel CloudSSO. Our first integrations include ties to Intel Identity Protection Technology for device hardened OTP. For applications that require another layer of secure access, strong authentication Intel Cloud SSO delivers new cloud controlled capabilities that are help to secure the connection from client to cloud. Fast enrollment mobile OTP Equip IT with Same Level of On-prem Security Controls Access Decision

14 Senior Vice President, ISV Alliances
Ron Huddleston Senior Vice President, ISV Alliances Salesforce.com

15 Salesforce.com: Proven Cloud Platform
100K Customers Millions of Identities 1,300,000+ Custom Apps 40 Billion+ Transactions /QTR All Major Certifications Apps Thank you Girish. We are excited about the Intel partnership.  Bringing together 2 leaders in the industry to serve the growing demand for cloud based identify as a service.  SFDC has seen amazing growth, and continues to bring on a wide range of customers.  From the SMB to the enterprise, Facebook to US government. Force.com is the leading platform for social and mobile applications.  And the foundation / center of the social enterprise transformation, transformation that’s happening now and we are helping our customers of all sizes embrace.  Over 1.3M custom apps have been built on Force.com and in Q4 we processed over 45 billion transactions and XX authentications. All of this on the most trusted and secure platform in the industry, and that’s whats really great about our partnership. Because Intel Cloud SSO is built on force, their product and their customers can leverage all of the platforms transactional scale, security and trust…and all the future innovations people have come to expect from salesforce. One of the Fastest Growing Cloud Platform

16 Intel® Cloud SSO IDaaS Built on Salesforce PaaS
Enterprise Laptop Force.com Apps iPad Mobile Browser Access 100s of External SaaS Apps And that’s what intel has done! Intel leveraged our amazing open API technology and force.com declarative app environment to quickly build a enterprise class solution that will connect enterprise apps of all kinds. Intel Cloud SSO: …is Easy to deploy: Identities are falling into various silos, CRM silo, HR silos, and legacy apps. By bringing all these into one service customers have a single point of control, audit and reporting while still retaining the flexibility. …Leverages Enterprise account identities:  Intel’s integrated offering on Force.com leverages Salesforces large identity store.  Intel Cloud SSO is seamless and helps bridge the social enterprise transition to cloud. …helps with Enterprise integration: Companies of all sizes are fully standardizing on cloud based deployment. There are companies with 50+ cloud application used by their employees. By providing a cloud only solution companies have a single location to create/manage/delete user accounts across all cloud apps. By building Intel Cloud SSO natively on Salesforce platform Intel is building a better way to manage and provide Identity-as-a service and a better way to enable customers of all sizes to embrace the social enterprise, extending their reach into customers, products, and employee networks while maintaining the highest levels of trust and security. THANK YOU FOR YOUR TIME – Now back to Girish. Ease of deployment Enterprise accounts “identities” Enterprise integration

17 Visit Intel Booth for Cloud SSO, OTP, IPT Demos
Wed 9:15 am RSA Talk: Blending Embedded Hardware OTP, SSO, and Out of band Auth for Secure Cloud Access Mar 29 - Kuppinger Cole Webinar How To Outsource Identity to the Cloud On-Demand Webinar Apply for “Beta” Today at Site Cloud Service Brokers w/CSA & NIST We invite you to stop by the Intel booth for demos, catch our detailed technical break out Wed at 9:15, or view our CSB and Identity as a Service webinars on our site. Apply for the Intel Cloud SSO Beta today and at launch our partner Box.net is providing bones free accounts to box.net so you can trial their service with federated access delivered by Intel Cloud SSO. Experience the future of identity, brokered, simplified, and enterprise class…Intel cloud ssso. Meet the Cloud API w/Forrester Research Bonus Free Box.net Account

18 More Contact: todd.cramer@intel.com
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS.  EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY RELATING TO SALE AND/OR USE OF INTEL PRODUCTS, INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT, OR OTHER INTELLECTUAL PROPERTY RIGHT. Intel may make changes to specifications, product descriptions, and plans at any time, without notice.  All dates provided are subject to change without notice. Intel is a trademark of Intel Corporation in the U.S. and other countries. *Other names and brands may be claimed as the property of others. Copyright © 2012, Intel Corporation. All rights are protected.


Download ppt "Identity & Service Broker Solving Cloud Access Complexity"

Similar presentations


Ads by Google