Assuring Access in the Cloud

2

What is the Cloud?

The cloud is a network of servers, and each server has a different function. Some servers use computing power to run applications or "deliver a service.“*

Basically, it’s a network of servers and computers hosting your information away from your physical device.

*From The Beginners Guide to the Cloud: Mashable

“Thunder and lightning isn’t God being angry, its just Microsoft and Google fighting in the

clouds.” - Anonomyus

3

What is Cloud Computing ?

Noun: the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.

Many different varieties: • IT computing accessible online

• Available from anywhere

• Virtualization

• Interchangeable services

• On-demand for peak loads and needs

• IaaS, PaaS, SaaS

4

Drivers of Cloud Adoption

5

Impediments to Cloud Adoption

6

Enabling the Business

If business drivers for cloud computing are: • Agility and flexibility

• Performance and scale

• Operational efficiency

• Universal access

Security must be: • Transparent

• Dynamic

• Flexible

• Operationally Efficient

7

The Business Needs for IAM

Transparent compliance Sustained efficiencies Improved business agility Access Assurance visibility to

LOB

8

Access Assurance for the Cloud

Ensuring the right people have the right access to the right resources regardless of where those resources are physically located and managed• Hosted applications

• SaaS applications

• Private clouds

• Public clouds

Providing the basis for:• Access policy definition

• Preventative controls and enforcement via provisioning

• Access verification of user access to cloud applications

9

Cloud Does Not Change Requirements

Same information PHI & privacy data

(HIPPA, etc)

Key financial data (SOX)

Card holder information (PCI)

Other high risk (shareholders)

Same IAM requirements All access must connect to

enterprise identities Access certification Separation of duties for

operators and users Privileged access management Access management

• Who has access?

• Who has accessed?

10

Seamless to Users

11

So Must Access Assurance Be

12

What Comes with the Cloud?

No more closed and controlled surfaces• You no longer have direct control or oversight

You are still accountable to the law and shareholders• You may be subject to new regulations

Vendors will try to lock-in Level of auditability of their controls Key is transparency, embedded controls, and agility

13

Risks and Considerations

Disabling network access does not prevent access to key applications and data

Ensure new users get access quickly and changes are reflected accurately Management of identity information in the cloud

• Delegation and assurance

Where is sensitive data located and how managed? Privacy management Administrative access to sensitive data and users Compliance and regulatory requirements Security aspects as part of partner agreements

14

Access Assurance

15

To Achieve Access Assurance You Must

16

To Achieve Access Assurance You Must

17

To Achieve Access Assurance You Must

18

Access Assurance

19

Access Assurance Components

20

Critical Need Across IT Services

21

Courion Access Assurance Suite

22

Courion Access Assurance Suite

Secure the Enterprise, don’t slow it down…

Designed for Your Complex Environment

23

The Secret to Making it All Work

A user interface that business users understand Ability to gather information from numerous sources Information that is actionable for remediation Fast, reliable, scalable implementation Breadth of capability to reach to variety of systems and resources

• Off-premise applications

• Virtualization

• Platform and infrastructure

• Federation

Proven customer success in a cloud environment

24

IAM and the Cloud

Risks and required controls may increase due to cloud:• Removal of corporate network access no longer a compensating control

• Sensitive data is now in different locations and may be: More accessible Subject to different regulations

• Additional technologies for provisioning and access compliance

Must span the traditional enterprise and the cloud• Policy definition

• Accurate tracking and periodic review of access

• Balance of preventative and detective controls

25

Bottom Line

The cloud and cloud computing are a reality Closed and controlled moves to dynamic, open, and accessible Identity plays a critical role in cloud environments Need to deal with…

• Lack of control of data

• Extended reach of administrative privileges

• Privacy and trust

• Complexity of handling identities

An Access Assurance strategy is critical

26

What Now?

If you’re looking for more information on how an Access Assurance Suite can transform your company’s information, contact us today. We can provide a quick scan of your system and let you know where your hidden risks lie and how to take care of them.

info@Courion.com

www.Courion.com

Get My Quick Scan >>