Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Single Identity – Multiple services how do I stay compliant? Wade Tongen NA Commercial SE.

Slides:



Advertisements
Similar presentations
Scalable Privileged Access Management Deployment experience of a global-scale privileged access management system at Bank of America. Identity and Access.
Advertisements

© Centrify Corporation. All Rights Reserved. Evolving Enterprise Identity: From the Data Center to Cloud and Mobile Centrify Corporation
The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
BalaBit Shell Control Box
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Privileged Identity Management Enterprise Password Vault
Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.
Privileged Account Management Jason Fehrenbach, Product Manager.
COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
© 2012 Lathrop & Gage LLP ILTA SOS Webinar: Remove Administrator Rights and Secure a Law Firm’s Greatest Asset- Its Reputation Sean M. Power Chief Information.
© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Dell Connected Security Solutions Simplify & unify.
Delivering Security for Mobile Device and Mobile Application Management INSERT MSP LOGO HERE.
Netwrix product briefing n4.0 Unified Auditing for Critical IT Systems.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Secure & Unified Identity for End Users & Privileged Users.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
Access resources in a federation partner organization.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Identity is the new Perimeter of Security Wade Tongen NA Enterprise SE Manager
Identity Management and Enterprise Single Sign-On (ESSO)
Manage and secure identities in a cloud and mobile world
User and Device Management
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Company Overview & Strategy Lance McAndrew Product Line Sales Engineer.
Module 7: Designing Security for Accounts and Services.
©2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE. 1 Bomgar Privileged Access Management.
OTech CalCloud Security General 1  Meets the operational and compliance requirements of the State  SAM/SIMM  NIST  FedRAMP v2  Other necessary regulatory.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.
Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Securing Enterprise Identities Against Cyberthreats Brian Krause Manager of North America.
Today’s challenges Data Users Apps Devices
Reduce Risk Across Hybrid IT
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
Stopping Attacks Before They Stop Business
Secure Connected Infrastructure
Reduce Risk Across Hybrid IT
Data and Applications Security Developments and Directions
Reduce Risk Across Hybrid IT
Centrify Identity Service Balancing Security & Productivity
Secure & Unified Identity
BOMGAR REMOTE SUPPORT Karl Lankford
Company Overview & Strategy
PRIVILEGED ACCOUNT ABUSE
Access and Information Protection Product Overview October 2013
Contact Center Security Strategies
The Software-Defined Perimeter in Action
System Center Marketing
PLANNING A SECURE BASELINE INSTALLATION
TechEd /6/ :24 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Microsoft Data Insights Summit
IT Management Services Infrastructure Services
Microsoft Virtual Academy
Presentation transcript:

Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Single Identity – Multiple services how do I stay compliant? Wade Tongen NA Commercial SE Manager

Copyright © 2015 Centrify Corporation. All Rights Reserved. 2 Overview of Today’s Environment Common Themes of Today’s Standards Identity Topics The New Perimeter Controlling Privileged Access Accountability for Privileged Actions Agenda

Copyright © 2015 Centrify Corporation. All Rights Reserved. 3 The Modern IT Enterprise The Business of IT Staff Security Infrastructure BudgetEmployees SaaS Outsourced IT Infrastructure as a Service

Copyright © 2015 Centrify Corporation. All Rights Reserved. 4 Desktops Data Center Apps Data Center Servers …and Harder to Manage as Infrastructure Evolves Cloud (IaaS & PaaS)Cloud (SaaS)MobileBig Data ID

Copyright © 2015 Centrify Corporation. All Rights Reserved. 5 Core Challenges in Managing Privileged Identity Disgruntled IT Worker Holds Company Hostage Disgruntled IT Worker Holds Company Hostage Snowden Used Low-Cost Tool to Scrape N.S.A. Snowden Used Low-Cost Tool to Scrape N.S.A. Massive Retailer Identity Theft Threats & Breaches Over-Privileged Users APTs & Malware Insider Threats Data Center Heterogeneity SOX PCI FISMA NIST HIPAA Regulations Modern Enterprise

Copyright © 2015 Centrify Corporation. All Rights Reserved. 6 Regulations Share Common Tenants No matter the standard the many themes are common Generic Accounts are Bad Have users access the services/applications as themselves vs administrator or root or SA or oracle Have a Least Privileged Model If there is not a business need for the access/right they should not have it Accountability for Actions Essential for privileged actions Lock down shared accounts When there is not another option

Copyright © 2015 Centrify Corporation. All Rights Reserved. 7 Identity Management Needs to be Holistic

Copyright © 2015 Centrify Corporation. All Rights Reserved. 8 The Common/Weakest Link

Copyright © 2015 Centrify Corporation. All Rights Reserved. 9 Identity at Center of Cyber Attacks… ID END USERS PRIVILEGED USERS

Copyright © 2015 Centrify Corporation. All Rights Reserved. 10 Cloud (IaaS & PaaS)Big Data Unify Identity Management Stores Were Possible… Desktops Data Center Apps Data Center Servers Cloud (SaaS) Mobile ID MS AD or LDAP ID Reduced Identity Footprint ID

Copyright © 2015 Centrify Corporation. All Rights Reserved. 11 The Case for a Reduced Identity Footprint Users are and will continue to be the weak link In the security chain The more the identities the more likely: Weaker passwords Same password Store on a sticky note Store In a spreadsheet Store in a browser without institutional control Use a personnel password product

Copyright © 2015 Centrify Corporation. All Rights Reserved. 12 The Traditional Thought was the Firewall was the Perimeter This approach was much better before: Explosion of virtualization Mobile workforce SaaS offerings Elastic environments

Copyright © 2015 Centrify Corporation. All Rights Reserved. 13 IDENTITY IDENTITY IDENTITY IDENTITY IDENTITY IDENTITYIDENTITY IDENTITY IDENTITYIDENTITY IDENTITY IDENTITY IDENTITY IDENTITY IDENTITY IDENTITY IDENTITY IDENTITY IDENTITY IDENTITY The Paradigm Shift Means the Identity is the New Perimeter Authenticate Determine Access Enforce Policies Track

Copyright © 2015 Centrify Corporation. All Rights Reserved. 14 So Where Do We Consolidate? MS Windows: Use SSPI (Security Support Provider Interface) Built into MS applications Leverages Kerberos or NTLM to provide a single identity External trusts are possible between environments

Copyright © 2015 Centrify Corporation. All Rights Reserved. 15 So Where Do We Consolidate? UNIX/Linux: Utilize the PAM authentication – Trust the OS for authentication Use GSSAPI (Generic Security Services Application Program Interface) Supported by open source and commercial vendors Leverages Kerberos or NTLM to provide a single identity External trusts are possible between environments

Copyright © 2015 Centrify Corporation. All Rights Reserved. 16 So Where Do We Consolidate? Applications: Utilize the PAM Authentication – Trust the OS for authentication Use SSPI & GSSAPI (Generic Security Services Application Program Interface) In the Data Center Leverages Kerberos or NTLM In the Cloud Leverage SAML and OAuth

Copyright © 2015 Centrify Corporation. All Rights Reserved. 17 So Where Do We Consolidate? Infrastructure: Routers Switches Appliances Typically accessed via CLI or web interface for local accounts External protocols such as: Radius LDAP

Best Practices for Controlling Privileged Identity

Copyright © 2015 Centrify Corporation. All Rights Reserved. 19 Path to Reducing Identity-related Risk for Privileged Users Privileged Accounts Least privilege access Single identity source Limited # of privileged accounts (root, local admin, service accounts) Individual Accounts Many privileged passwords Individual identities with unstructured access Many identity silos Optimized Risk Profile Poor Risk Profile

Copyright © 2015 Centrify Corporation. All Rights Reserved. 20 Two Main Ways to Control Privileged Identities Super User Privilege Management (SUPM) Assigning the privilege to user or groups at the OS or device level Shared Account Password Management (SAPM) Assigning a user to temporarily have access to accounts such as: Root Administrator SA Oracle DATA CENTER SERVERS

Copyright © 2015 Centrify Corporation. All Rights Reserved. 21 Super User Privilege Management OS Level – Can grant granularity to the individual executables UNIX/Linux – sudo & 3 rd Party Tools Take extra precautions if the tool modifies the kernel Windows - MS GPO & 3 rd party tools A single cross-platform architecture across would be easiest to deploy Applications Typically defined in the application but try externalize the authentication Appliance Typically configured in the context of the device DATA CENTER SERVERS

Copyright © 2015 Centrify Corporation. All Rights Reserved. 22 Shared Account Privilege Management Typically this is implemented by using a vaulted password in an appliance, virtual appliance, or service The password is checked out/in or provided without the user knowing the password A complete log of who had access to which privileged account and when Some typical needs for this are: Break Glass Loss of Connectivity Appliances that do not support external authentication Service Accounts DATA CENTER SERVERS

Copyright © 2015 Centrify Corporation. All Rights Reserved. 23 …to Enable Maximum Security for Privileged Users Privileged Accounts Check out account password Log in as shared account Attribute account use to individual Log in as yourself Elevate privilege when needed Attribute activity to individual Centrify manages identity for both individual and Privileged accounts for maximum security + IT efficiency and Individual Accounts Core Rule: “Get users to log in as themselves, while maximizing control of privileged accounts”

Accountability for Privileged Actions

Copyright © 2015 Centrify Corporation. All Rights Reserved. 25 Auditing & Compliance Privileged session monitoring (PSM) for Linux, UNIX and Windows and appliances No anonymous activity with complete session record All activity associated to a single identity across all platforms User session auditing with video and searchable event records Must scale to tens of thousands of systems; data stored in SQL database Satisfies regulatory mandates including PCI, HIPAA, SOX and ISO A single audit store across individual and privileged access Network Monitoring Privileged Access Security Perimeter Firewall Report and Replay Privileged Sessions DATA CENTER SERVERS

Copyright © 2015 Centrify Corporation. All Rights Reserved. 26 Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.