the hybrid enterprise: working across on-premises, iaas ...€¦ · paas iaas saas on-prem iaas is...
TRANSCRIPT
#MicroFocusCyberSummit
The Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaSRob Aragao & Stan Wisseman
2
Primary Goal of Businesses Today
Drive DigitalTransformation !!
3
For Most Organizations, Digital Transformation = Hybrid IT
Hybrid means working with a wide
variety of deployment models
Designing a payment structure that works
within OpEx and CapEx budgets
Transformations even with increased
demands to drive down IT costs
Downward pressure to implement the latest
features and functionality into
systems
Huge increase in data coming into and through your
environments
Multipleconsumption andfinancing options
LowerIT run
budgets
Multipledeployment
models
Pressuresto
innovate
IoT proliferation
The Idea Economy
• Apps Driven• Agility Focused
CloudApps
TraditionalBusiness
• Ops Driven• Cost Focused
TraditionalApps
How can Isupport both?
?
Organizations Want Hybrid ITHowever, many have bi-modal IT operations that won’t scale
Percentage of IT Spend 60% 1 40% 1
Budget OwnersHead of IT/CIO
Finance, HR, Marketing, Operations, Engineering
2015 Budget Growth3% 1 12% 1
Managed SystemsCore IT Systems, Data
Centers, Infrastructure, ERP
App Dev, Mobile Sites, e-Commerce Sites, Web
Business Apps
Business OutcomeBusiness as Usual,
Keep the Lights On, Improved User Experience
Disruptive Innovation, New Business Process, Competitive Advantage
1= Source CEB Analyst Group (UK based)
5
Challenges with the Current State
Multiple pools of IT resources
• Results in under utilization of costly assets
• Unique characteristics of underlying assets
Regulatory & compliance challenges
• No centralized view into data integrity & security
• Difficulties in meeting compliance timeframes
Unique management and security• No consistency in management tools/procedures
• Inconsistent security creates vulnerabilities
• 3rd party security or data sovereignty challenges
High long-term cost of ownership
• Multiple environments for IT to learn & manage
• Escalating costs of public cloud at scale
A Preferred Architecture Has Evolved in Most Organizations
PaaS
IaaS
SaaS
On-prem
IaaS is adopted for rapid provisioning of compute, storage, and network resources
Common business processes (such as CRM, marketing, and human resources) are migrated to various SaaS services
On-premises servers, storage, and networks are maintained for high-value/high-risk workloads (such as financial data and intellectual property)
PaaS is used for rapid application development and testing before apps are moved to their best execution venue
Source: Dimensional Research – Hybrid Cloud Usage Poses New Challenges for Monitoring Solutions – March 2018
92% of organizations are using multiple cloud vendors
88% of cloud-based apps share data and services with on-premise apps
64% of cloud-based apps share data and services with other cloud-based apps
The #1 monitoring need for hybrid environments is Security Monitoring
7
What We Are Seeing
Source: Dimensional Research – Hybrid Cloud Usage Poses New Challenges for Monitoring Solutions – March 2018
8
Complexities Involved with a Hybrid Architecture
Source: 451 Research
Hybrid IT Opens Up Many Opportunities … But it Can Also Expose the Enterprise to Greater Risk
Cloud
Identities
Applications
Data
Secure
On-Premises
10
Top Security Concerns for an Evolving Hybrid Infrastructure
Maintain consistent access security and authorization controls across environments
Secure movement of data and workloads across environments
Secure data residing and processed in a third-party or hosted environment
Maintain consistent network security policies for security domains
Ensure compliance with regulatory and policy requirements
Source: 451 Research
Hybrid IT Attacks
Cloud Infrastructure
Internet
Inbound Attacks:Port ScanningDistributed Denial Of ServiceSSH/RDP Brute-ForcePoor ConfigurationsAdvanced Persistent ThreatsZero Day ExploitsUnpatched VM images
Targeting Trust Perimeter:Hypervisor BreakoutExposed ServersDefault ConfigurationsData ExposureWeak Internal Security
On-Cloud Services (Workloads, Systems,
Applications, Data)
Targeting Cloud Services:On-Cloud PivotCross-Tenant AttackInsecure Usage
Outbound Attacks:Bot Net ZombiesDistributed Denial of ServicePort ScanningSSH/RDP Brute ForceAdvanced Persistent ThreatZero DayPhishing / Malware Hosting
Infrastructure Attacks:Privilege Escalation Stolen CredentialsKnown Attack VectorsPoor System ConfigurationsUnder-Cloud PivotIsolation Failures
Assess security investments and posture How will attacks likely occur? How will you spot them on each
platform? What corrective action will you take?
Transform from silos to a comprehensive view On-prem traditional systems, SaaS, IaaS, and PaaS all of which
should fall under the same security umbrella
Optimize to proactively improve security posture
Manage security effectively Including internal SLAs and SLAs related to cloud providers. Maintain SLAs
in the context of your security program
Establish a Risk-based Approach
ActionableSecurity
Intelligence
Moving from Reactive to Proactive Information Security & Risk Management
13
Security Management Has also Moved to a New Level of Complexity!
Data
Applications
Identities
Essential to Enterprise Digital TransformationSecure and enable the relationships between identities, applications, and data… regardless of how or where things are deployed
Cloud
Identities
Applications
Data
&
Secure
On-Premises
Empower
15
Simplified Security for Hybrid IT EnvironmentsNeed a single security toolset that covers public, private, and on-premises systems
Source: David Linthicum, “How to choose the right security toolset for hybrid cloud”
An Identity-Centric Approach
A Desired State
Scale
Centrally managed identities providing a single view
Multiple delivery models (on-prem, SaaS, hybrid)
Clear roles and relationships modelled
Risk based adaptive security
Business benefit – solution architecture
Clear consistent governance, privacy controls and privilege management implementations
Experience embedded at the beginning
Employees
Identity PoweredSecurity
CustomersB2C
PartnersB2B
IDENTITY
IDENTITYIDENTITY
Cloud based IDaaS services can provide core capabilities, but is not suited for complex requirements. Hybrid IAM can offer the best of both.
CLOUD
Data hosted in the cloud
Less staff required to maintain
Often limited to cloud access management
Not suited to complex on-premise use case
Standard solution
HYBRID
Data hosted where desired
Less staff required to maintain
Support for cloud, on-prem, and custom applications and processes
Well suited for complex on-premises use cases
Standard though extensible solution
ON-PREMISE
Data hosted on-prem
Internal staff to maintain
Support for cloud, on-prem, and custom applications and processes
Well suited for complex on-premises use cases
Flexible/extensible solution
IAM as a Service Deployment ArchitectureHybrid IAM as a Service Solution
Client Premises
Secure ConnectionCloud
SSO
Provisioning De-Provisioning
Access Management Governance
SSPR 2FA Federation PAM
LDAP JDBCCustomizedConnectors
PasswordUpdate
On Premise IDP
Hosted Apps
Customers, Clients,
External and Remote Users
Authenticate
Browser Mobile Device
Enterprise Clients
Local/Internal Authentication
• Policy Engines• Workflow• User Self Service• Administration• Reporting• Compliance Dashboards
On Premise Resources
Resource 1
Resource 2
Resource 3
ContractorDatabase
Authentication and Self Service in cloud IAS for accessing internal, external and SaaS applications
Secure communication to execute policies on premiseIdentity Synchronization to cloud
Secure Software DevelopmentDesign apps securely and to run in Hybrid IT environments
AttackerSoftware & data
Hardware
Network
Intellectual property
Customerdata
Businessprocesses
Tradesecrets
Data SecurityProtecting information wherever it resides
Your Telco’s information about your account
Banks’ data about your finances and accounts
Your interactions with SaaS applications
Your customers’ data. Your organizational data.
Your private email to and from your smartphone
Your credit rating information
Your email correspondence
Health records your care provider manages for you
Payments made to you
21
What does contemporary data-security enable?
Securing government & defense health data privacy
Private-public data sharing for AI insights and big data & IoT
Adopt xaaS IT solutions for hybrid computing opex
economies
Modernizing security for legacy data security risks
(C) 2017 Micro Focus
Enabling security leaders to say “Yes”
to business demands
Applies to public, private and legacy systems
Proactive security monitoring mechanisms and approaches can spot and fight attacks in a timely manner
Security orchestration, automation, and response (SOAR) solutions can provide efficiencies and repeatability in the handling of high fidelity alerts
22
Security Monitoring for Hybrid IT
AWS IAM
Amazon EC2 AWS
CloudTrailAmazon
CloudWatch
Security Monitoring
23
Enterprise Security Platform in support of Hybrid IT
ANALYTICS & MACHINE LEARNING
APPSECURITY
DATASECURITY
SECURITYOPERATIONS
IDENTITY& ACCESS
ENDPOINTSECURITY
• Data de-identification (encryption/tokenization)
• Key management• Hardware-based trust assurance• Messaging security
• Static, Dynamic, & Runtime application testing
• Application security-as-a-service
• Lifecycle management• Patching & containerization• Application virtualization• Mobile & server management
• Adaptive Identity governance• Adaptive access management• Adaptive privileged users
• Real-time detection• Workflow automation• Open source data ingestion• Hunt and investigation
Thank You.
#MicroFocusCyberSummit
#MicroFocusCyberSummit