access assurance in the cloud
TRANSCRIPT
2
What is the Cloud?
The cloud is a network of servers, and each server has a different function. Some servers use computing power to run applications or "deliver a service.“*
Basically, it’s a network of servers and computers hosting your information away from your physical device.
*From The Beginners Guide to the Cloud: Mashable
“Thunder and lightning isn’t God being angry, its just Microsoft and Google fighting in the
clouds.” - Anonomyus
3
What is Cloud Computing ?
Noun: the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.
Many different varieties: • IT computing accessible online
• Available from anywhere
• Virtualization
• Interchangeable services
• On-demand for peak loads and needs
• IaaS, PaaS, SaaS
6
Enabling the Business
If business drivers for cloud computing are: • Agility and flexibility
• Performance and scale
• Operational efficiency
• Universal access
Security must be: • Transparent
• Dynamic
• Flexible
• Operationally Efficient
7
The Business Needs for IAM
Transparent compliance Sustained efficiencies Improved business agility Access Assurance visibility to
LOB
8
Access Assurance for the Cloud
Ensuring the right people have the right access to the right resources regardless of where those resources are physically located and managed• Hosted applications
• SaaS applications
• Private clouds
• Public clouds
Providing the basis for:• Access policy definition
• Preventative controls and enforcement via provisioning
• Access verification of user access to cloud applications
9
Cloud Does Not Change Requirements
Same information PHI & privacy data
(HIPPA, etc)
Key financial data (SOX)
Card holder information (PCI)
Other high risk (shareholders)
Same IAM requirements All access must connect to
enterprise identities Access certification Separation of duties for
operators and users Privileged access management Access management
• Who has access?
• Who has accessed?
12
What Comes with the Cloud?
No more closed and controlled surfaces• You no longer have direct control or oversight
You are still accountable to the law and shareholders• You may be subject to new regulations
Vendors will try to lock-in Level of auditability of their controls Key is transparency, embedded controls, and agility
13
Risks and Considerations
Disabling network access does not prevent access to key applications and data
Ensure new users get access quickly and changes are reflected accurately Management of identity information in the cloud
• Delegation and assurance
Where is sensitive data located and how managed? Privacy management Administrative access to sensitive data and users Compliance and regulatory requirements Security aspects as part of partner agreements
22
Courion Access Assurance Suite
Secure the Enterprise, don’t slow it down…
Designed for Your Complex Environment
23
The Secret to Making it All Work
A user interface that business users understand Ability to gather information from numerous sources Information that is actionable for remediation Fast, reliable, scalable implementation Breadth of capability to reach to variety of systems and resources
• Off-premise applications
• Virtualization
• Platform and infrastructure
• Federation
Proven customer success in a cloud environment
24
IAM and the Cloud
Risks and required controls may increase due to cloud:• Removal of corporate network access no longer a compensating control
• Sensitive data is now in different locations and may be: More accessible Subject to different regulations
• Additional technologies for provisioning and access compliance
Must span the traditional enterprise and the cloud• Policy definition
• Accurate tracking and periodic review of access
• Balance of preventative and detective controls
25
Bottom Line
The cloud and cloud computing are a reality Closed and controlled moves to dynamic, open, and accessible Identity plays a critical role in cloud environments Need to deal with…
• Lack of control of data
• Extended reach of administrative privileges
• Privacy and trust
• Complexity of handling identities
An Access Assurance strategy is critical
26
What Now?
If you’re looking for more information on how an Access Assurance Suite can transform your company’s information, contact us today. We can provide a quick scan of your system and let you know where your hidden risks lie and how to take care of them.
www.Courion.com
Get My Quick Scan >>