SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS
|
|
- Rodney Burns
- 6 years ago
- Views:
Transcription
1 WHITE PAPER SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS The Challenges Of Securing AWS Access and How To Address Them In The Modern Enterprise Executive Summary When operating in Amazon Web Services (AWS) it is important to understand your responsibility when it comes to security. AWS operates under a shared security responsibility model, where AWS is responsible for the security of the underlying cloud infrastructure and you, the AWS customer, are responsible for securing workloads you deploy in AWS. IT administrators and Security Officers should educate themselves on how to leverage AWS Identity and Access Management (IAM) configuration to protect access to AWS resources in a way that enhances security yet doesn t hinder productivity. The path to securing AWS access in the enterprise runs through securing AWS sign-in and configuring least privilege access across multiple accounts. The solution is elimination of passwords with Single Sign-On (SSO) and automated provisioning of AWS roles across all AWS accounts. This is made possible by integrating with a modern identity solution such as OneLogin s cloud directory. The benefits are improved security by reducing risk of identity theft, an increase in productivity with faster access to applications and services, and significant savings for IT with automation and end-user self-service. In this whitepaper we articulate the technical challenges of securing AWS access and the value proposition of an identity platform for the modern enterprise. In addition, we offer a brief introduction to OneLogin and instructions on how to create a free account. Content Executive Summary AWS Security And Enterprise SaaS Challenges Single-Sign On: Eliminating Passwords And Enhancing Access Management Automating Least Privilege Access: Provisioning AWS Roles Across Multiple Accounts Putting It All Together: Modern Identity for Cloud Apps And Services Securing Corporate-Wide Access OneLogin Roles & Mappings: Automating Complex Access Management Summary of Value and Getting Started With OneLogin AWS Security And Enterprise SaaS Challenges When operating in Amazon Web Services (AWS) it is important to understand your responsibility when it comes to security. AWS operates under a shared security responsibility model, where AWS is responsible for the security of the underlying cloud infrastructure and you are responsible for securing workloads you deploy in AWS. This gives you the flexibility and agility you need to implement the most applicable security controls for your business functions in the AWS environment. You can tightly restrict access to environments
2 2 that process sensitive data, or deploy less stringent controls for information you want to make public. This shared security responsibility model can reduce your operational burden in many ways, and in some cases may even improve your default security posture without additional action on your part. AWS security is a full set of products to meet security infrastructure needs, such as protection from various network attacks, data storage encryption, monitoring and logging. IT administrators should educate themselves on ways to leverage these products, starting with AWS Identity and Access Management (IAM) configuration to protect access to AWS resources. Effective security requires granular access control, and AWS IAM provides the ability to implement a level of fine grained access. With AWS IAM, admins are able to quickly create users and groups, and assign each a fine-grained policy for accessing just the AWS services and actions that the user needs. As an admin, you have the power to give engineers the privileges they need for their tasks while restricting them from risky actions such as restarting production instances on EC2, modifying parts of the network configuration on VPC, or deleting files from certain S3 accounts. These are merely examples, and what is important to remember is that it is possible to apply a policy that lets the engineer do exactly what she needs to do and ensure that she cannot do things that are not part of her job, ensuring that there are no intentional or accidental actions taken. With the functionality provided by AWS IAM, organizations are able to implement the right level of access controls to allow employee productivity while maintaining the appropriate security controls. While AWS offers a robust set of IAM tools designed to secure your AWS account, AWS does not have organizational context which is critical to determine access to sensitive resources. While AWS offers a robust set of IAM tools designed to secure your AWS account, AWS does not have organizational context such as the reporting structure and roles, organization-wide security policies, HR processes, and productivity needs - all critical to accurately determine who should have access to sensitive resources at any point in time. Authentication and authorization of employees should be unified across all corporate applications, services and resources into a Single Sign-On (SSO) solution, and combined with the right means of additional security such as multi-factor authentication (MFA). To accomplish this effectively and efficiently, administrators would need a single integration point for applications, services, corporate directories and security layers. Without extending AWS security to the organization, administrators face the dual challenge of 24x7 uptime for applications built on top of AWS, along with the task of constantly aligning their AWS security with the organization to protect AWS resources from both internal and external threats such as warranted or malicious application access to sensitive data.
3 3 So, while AWS offers granularity and flexibility for protecting access to all AWS platform resources, what remains critical for security champions such as IT administrators and Security Officers to do is educate themselves on how to leverage the power of AWS IAM in a way that enhances security yet doesn t hinder productivity. A modern identity platform plays a big role in making that a reality. Single-Sign On: Eliminating Passwords And Enhancing Access Management Identity theft accounted for 64% 1 of all data breaches in the first half of To understand the reason for it, consider the challenges of deploying and supporting an average of SaaS applications and services, such as Box, AWS and Slack, in the average enterprise. As a result, companies seek to protect their sensitive data by eliminating app-specific passwords, and govern the authentication policy with means like IP-based restrictions, multi-factor authentication, password policies and organizational context - e.g. executive functions need stronger security. IT administrators are tasked with reducing user authentication complexity and risks by unifying all authentication into a Single Sign-On solution that applies to all corporate employees. AWS enables you to tie an identity solution into your AWS account to control access to your AWS resources, thus enabling administrators to simplify and automate secure sign-in and and access control. The first step to implementing and benefiting from this kind of integration is to understand the power of SAML. The challenges of supporting an average of 730 SaaS apps in the modern enterprise lead companies to protect their sensitive data by eliminating app-specific passwords, and using advanced means like multi-factor authentication. SAML (Security Assertion Markup Language) is an XML-based standard which passes login information through a browser between an identity provider server (e.g. appears to the user as a login page) and a 3rd party web application or service. SAML provides apps with tokens instead of credentials for logging in users. End-users only have to signin once to an identity provider which can forward the secure tokens to any app that supports SAML. Key benefits include: 1. Administrators do not need to manually align app-specific access with the corporate directory. After a 5-minute setup for any given app or service that supports SAML, only corporate users would be able to login to corporate apps, with the option of advanced policies like role-based access. 2. End-users enjoy a frictionless sign-in experience. If they are already signed in to their corporate account, they can immediately access 1 Source: Gemalto data breach statistics, Sep Source: Cisco
4 4 the AWS Management Console securely and simply click through to the desired service, significantly reducing the threat of phishing. 3. The identity provider maintains organizational integrity and verifies that only active users are logged in. This significantly reduces the risk of compromised accounts and minimizes orphan accounts. Fortunately for administrators, AWS was built with highly flexible and advanced SAML support that enables administrators to extend AWS access to their organization, with the help of a modern identity solution. AWS, paired with an identity solution, enables companies to accomplish frictionless and secure SSO based on a corporate directory, but there is another challenge: scaling this secure solution across multiple AWS accounts, and tightening security with least privilege access using multiple roles. AWS, paired with an identity solution, enables companies to accomplish frictionless and secure SSO based on a corporate directory. Automating Least Privilege Access: Provisioning AWS Roles Across Multiple Accounts When looking at a large or a fast-growing engineering organization, companies are dealing with serious security concerns for the more critical parts of their business. For example, engineers, technical marketers, and solutions architects should have the freedom to spin up test instances, but only a subset of engineers in dev operations and tech operations roles should have any access to production instances. This simple requirement becomes a true challenge when taking into account complex deployments, multiple engineering departments with different resources and needs, and requirements such as compliance and auditing, e.g. every access must be accounted for. To deal with this critical security requirement, companies seek a secure access solution that separates AWS environments based on security and productivity concerns and applies an access control policy that takes into consideration all security and engineering needs across the organization. With this approach in place, organizations can scale the AWS solution across many environments, including multiple test, staging and production accounts, as well as enable engineers to use least privilege access when performing critical AWS tasks. Fortunately, AWS supports highly granular user policies, even across multiple accounts. For example, one policy could give users only read access to a specific Amazon S3 bucket, while another policy could give users only execute access to launch Amazon EC2 instances. This role granularity is the IT administrator s best friend, but it requires extending it to the organization for role assignments to be meaningful.
5 5 This is where a full-fledged identity platform comes to the rescue, by providing smart and flexible mapping of roles from your corporate directory to roles in your AWS accounts. This mapping can leverage employee metadata such as internal department or job function in order to provide AWS with a list of AWS roles and AWS accounts that the user is allowed to access. Then, with every new login to AWS, the identity platform first calculates the right privileges for the user and passes the information to AWS to provide the right level of access. This is accomplished in real-time such that the employee metadata is always fresh and the privileges are always true to the employee s current role status and organizational role. ROLE-BASED ACCESS FIREWALL CLOUD Active Directory OneLogin AWS Optional external directory, such as on-premise AD or LDAP Role: TechOps Lead Role: DevOps Engineer Role: DevOps Lead Role: TechOps Engineer S3 Admin, VPC User, RDS Power User, Route 53 Admin EC2 Power User, IAM Admin, Route 53 User EC2 Admin, IAM Admin, Route 53 User, VPC Power User Route 53 User, S3 Power User, VPC User With the mapping of corporate metadata to AWS roles complete, users can now sign-in to their AWS Account(s). Depending on the number of roles and accounts the user has access to, she will be presented a list of all accounts and roles in the AWS Management Console dashboard, and she will be able to switch to any account and role for the task at hand. By way of extending AWS security using organizational context, we gain both maximum security and increased productivity. Putting It All Together: Modern Identity for Cloud Apps And Services We have seen how AWS enables administrators and security personnel to protect AWS access in two key ways: Secure token-based signin with SAML, and access control with granular AWS policies. In order to streamline identity information and access control in a way that enables fast and secure access to apps or services like AWS, organizations need a strong identity provider to leverage organizational context for overarching authentication and role-based access control. Modern identity platforms can be a standalone cloud directory for your users or a key integration point for all apps, services and directories, and they enable Single Sign-On as well as passing of employee metadata to apps in a number of standard ways. Organizations need a strong identity provider to leverage organizational context for overarching authentication and role-based access control.
6 6 They also support multiple security layers such as Multi-Factor Authentication IP-based restriction. In the next few sections we will look at how a solution like OneLogin can help you gain the level of security and productivity that you need. Securing Corporate-Wide Access A key strength of OneLogin is the ease of adding a new app with secure corporate-wide access. Within an hour, you can stand up a new OneLogin account that is either a standalone cloud directory with all your corporate users, or it is syncing from one or more external directories such as Active Directory or LDAP. OneLogin has over 5,000 pre-integrated apps, including the AWS Management Console for a one-click access to the AWS dashboard. As you can see in the snippet below, since the app is pre-integrated, the only thing you need is your unique AWS account identifier which you can find in your Amazon account.
7 7 You can allow select users access to the AWS Management Console within seconds, using OneLogin s app policy. Every user who is allowed to access AWS can access it directly or through OneLogin s app portal which is customized for each user with only the apps she is allowed to use: A single click and the user is signed into AWS. At this point, only active corporate users can sign into AWS. Companies gain both security and productivity. With AWS specifically, access to all AWS available accounts and services is reduced to a single access point, which can be protected with a flexible security policy. Interested in learning more about single sign-on or advanced security policies? Visit onelogin.com/aws for more information or request access to OneLogin
8 8 OneLogin Roles & Mappings: Automating Complex Access Management Moreover, an identity provider like OneLogin can make it easier to securely pass key metadata such as user identifiers and roles to integrated apps and services, like AWS and all your other corporate applications. This feature is often called user provisioning, and it can take place in the background between OneLogin and other apps, or in real-time at login, depending on the supported integration. Only advanced identity providers, like OneLogin, can separate application assignment from permission assignment. This gives administrators the flexibility to do a clean application deployment so they can configure role-based access without worrying about any users getting immediate access, and then gradually give access to users when approved and ready. A good rules engine uses simple conditions, with no need for complex code-like expressions to determine whether a user should get access. Only advanced identity providers, like OneLogin, can separate application assignment from permission assignment for SaaS apps. In this OneLogin screenshot, the Active Directory group called IT Administrators corresponds to several AWS Roles such as S3 Full Access and Route 53 Full Access. The end result is that through one connection, administrators are able to utilize a centralized administrative portal to set up multiple application rules that build on top of each other. Because these rules
9 9 all correlate to Active Directory attributes or groups, administrators can handle multiple employee joins, moves or leaves at scale. An AWS multi-role provisioning functionality greatly eases the administrative overhead to secure AWS, allowing IT to move at the speed of the business to fulfill their mandate of delivering end-user productivity. Summary of Value and Getting Started With OneLogin Cloud identity platforms, like OneLogin, provide a comprehensive solution for managing user identities both in the cloud and behind the firewall. OneLogin integrates with cloud and on-premise apps using open standards like SAML and OpenID, to provide services such as Single Sign-On with Multi-Factor Authentication for web and mobile, user provisioning into apps, multiple directory integration, and more. OneLogin comes pre-integrated with thousands of applications. With OneLogin, organizations have an identity provider that moves at the speed of their business. With OneLogin, organizations have an identity provider that moves at the speed of their business. As new applications are created or onboarded, IT can automatically provide access to the correct users. Day 1 productivity for new employees can be achieved in any new application, greatly reducing time to value and increasing productivity for the business. Learn more about user provisioning or role-based access for AWS and activate a free OneLogin account for AWS by visiting onelogin.com/aws.
10 10 Appendix A: How SAML Works SAML (Security Assertion Markup Language) is an XML-based standard which passes login information through a browser between an identity provider server (e.g. appears to the user as a login page) and a 3rd party web application or service. Below is a snippet of a typical SAML response. A full response has additional attributes, a digital signature and encryption. An AWS account is configured to accept logins via the identity solution for single sign-on, and the identity solution is configured with the information of the AWS account. The identity solution authenticates the user with corporate credentials and verifies access, and sends the user immediately to the AWS Management Console to continue working. If the user is accessing the app from a special app portal with all the apps she has access to, then she is already signed in and can launch the AWS Management Console in a single click. It is a smooth and frictionless user experience. Behind the scenes, the user is redirected from the identity solution to the AWS Management Console with a secure token which identifies the user who is associated with additional meta information such as the account identifier and permitted roles. SAML 2.0 FLOW IdP-Initiated Service Provider (e.g. AWS) User (e.g. via browser) Identity Provider (e.g. OneLogin) Request SSO Service Authenticate the user Request access to service Auth request is verified SAML token is verified Redirect to service with SAML token User is logged into service SAML token is generated with user attributes
11 11 Appendix B: How AWS Roles Work In AWS a role is essentially a set of permissions that grant access to actions and resources in AWS. Instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Additionally, a role does not have any credentials associated with it. Instead, when the identity provider requests user access to the role temporary credentials will be issued to allow the user access to AWS resources. When a role is created, a permission policy is also created for the role. This permission policy defines what actions, within the AWS account, the role is allowed to perform. For identity providers an additional policy is tied to the role which states which identity providers are allowed to use the role. SAML messages, which are used to sign-in users with user identifiers as well as other metadata, include multiple Amazon Resource Names (ARN) that point to permitted accounts and roles for the user. The metadata is sourced by your identity provider based on role mappings, and it is digitally signed by the identity provider to ensure that only a trusted provider is signing in the user to the correct accounts and roles. AWS IAM Policy sample. Source: AWS
12 12 About OneLogin, Inc. OneLogin brings speed and integrity to the modern enterprise with an award-winning SSO and identity-management platform. Our portfolio of solutions secure connections across all users, all devices, and every application, helping enterprises drive new levels of business integrity and operational velocity across their entire app portfolios. The choice for innovators of all sizes such as Condé Nast, Pinterest and Steelcase, OneLogin manages and secures millions of identities across more than 200 countries around the globe. We are headquartered in San Francisco, California. For more information, log on to Facebook, Twitter, or LinkedIn. About Amazon Web Services In 2006, Amazon Web Services (AWS) began offering IT infrastructure services to businesses in the form of web services now commonly known as cloud computing. One of the key benefits of cloud computing is the opportunity to replace up-front capital infrastructure expenses with low variable costs that scale with your business. With the Cloud, businesses no longer need to plan for and procure servers and other IT infrastructure weeks or months in advance. Instead, they can instantly spin up hundreds or thousands of servers in minutes and deliver results faster. Today, Amazon Web Services provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world. With data center locations in the U.S., Europe, Brazil, Singapore, Japan, and Australia, customers across all industries are taking advantage of the benefits of AWS.
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS 03 EXECUTIVE OVERVIEW 05 INTRODUCTION 07 MORE CLOUD DEPLOYMENTS MEANS MORE ACCESS 09 IDENTITY FEDERATION IN
More informationCisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY
Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY CASE STUDY ADOBE 2 About Adobe Adobe Systems provides digital media and marketing solutions to customers around the world including
More informationA Practical Step-by-Step Guide to Managing Cloud Access in your Organization
GUIDE BOOK 4 Steps to Cloud Access Management A Practical Step-by-Step Guide to Managing Cloud Access in your Organization Cloud Access Challenges in the Enterprise Cloud apps in the enterprise have become
More informationSOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK
RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK KEY BENEFITS AT A GLANCE Ensure your journey to the cloud is secure and convenient, without compromising either. Drive business agility
More informationGoogle Identity Services for work
INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new
More informationCentrify for Dropbox Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Centrify for Dropbox Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of
More informationFIVE REASONS IT S TIME FOR FEDERATED SINGLE SIGN-ON
FIVE REASONS IT S TIME FOR FEDERATED SINGLE SIGN-ON W HI T E P A P ER TABLE OF CONTENTS 03 04 06 06 07 08 09 10 10 EXECUTIVE OVERVIEW INTRODUCTION IMPROVING CUSTOMER ENGAGEMENT IS ON YOUR CMO S RADAR BYOD
More informationSailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities
SailPoint IdentityIQ Integration with the BeyondInsight Platform Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 5 BeyondTrust
More informationCentrify Identity Services for AWS
F R E Q U E N T L Y A S K E D Q U E S T I O N S Centrify Identity Services for AWS Service Description and Capabilities What is included with Centrify Identity Services for AWS? Centrify Identity Services
More informationAccess Management Handbook
Access Management Handbook Contents An Introduction 3 Glossary of Access Management Terms 4 Identity and Access Management (IAM) 4 Access Management 5 IDaaS 6 Identity Governance and Administration (IGA)
More informationCrash course in Azure Active Directory
Crash course in Azure Active Directory Crash course in Azure Active Directory Competing today requires a focus on digital transformation and empowering everyone to be creative and work together securely.
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationAccess Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions
Access Governance in a Cloudy Environment Nabeel Nizar VP Worldwide Solutions Engineering @nabeelnizar Nabeel.Nizar@saviynt.com How do I manage multiple cloud instances from a single place? Is my sensitive
More informationExecutive Summary Spear 150 Spear Street, Street, Suite 1400, San Francisco, CA CA
Executive Summary As a collaboration suite, Google Apps contains some of the most sensitive business data of any IT system. Everything from emails, contracts, product designs, customer lists and more can
More informationSingle Secure Credential to Access Facilities and IT Resources
Single Secure Credential to Access Facilities and IT Resources HID PIV Solutions Securing access to premises, applications and networks Organizational Challenges Organizations that want to secure access
More informationMinfy-Vara Migration Use Case
Document Details Use Case Name Minfy Migration - Use Case01 First Draft 30 Jul 2018 Author Amrendra Kumar Reviewed By Pradeep Narayanaswamy Contents Scope... 4 About Customer... 4 Use Case Description...
More informationIntermedia s Private Cloud Exchange
Intermedia s Private Cloud Exchange This is a practical guide to implementing Intermedia s Private Cloud Exchange on AWS. Intermedia, the world s independent provider of Hosted Exchange, and AWS, the leading
More informationWHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365
WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365 Airwatch Support for Office 365 One of the most common questions being asked by many customers recently is How does AirWatch support Office 365? Customers often
More informationFive Reasons It s Time For Secure Single Sign-On
Five Reasons It s Time For Secure Single Sign-On From improved security to increased customer engagement, secure single sign-on is a smart choice. Executive Overview While cloud-based applications provide
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationDirectory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA
Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta
More informationRelated Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)
PRESENTED BY: Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced) One of the main problems that customers face with the adoption of SaaS and cloud-based apps is how to deliver the
More informationMinfy MS Workloads Use Case
Contents Scope... 3 About CUSTOMER... Error! Bookmark not defined. Use Case Description... 3 Technical Stack... 3 AWS Architecture... Error! Bookmark not defined. AWS Solution Overview... 4 Risk Identified
More informationSecurity and Privacy Overview
Security and Privacy Overview Cloud Application Security, Data Security and Privacy, and Password Management 1 Overview Security is a growing concern and should not be taken lightly across an organization.
More informationOverview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT
DigitalPersona Premium Data Sheet Overview DigitalPersona s Composite Authentication transforms the way IT executives protect the integrity of the digital organization by going beyond traditional two-factor
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationDefining Security for an AWS EKS deployment
Defining Security for an AWS EKS deployment Cloud-Native Security www.aporeto.com Defining Security for a Kubernetes Deployment Kubernetes is an open-source orchestrator for automating deployment, scaling,
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationAUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs
AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs WITH PALO ALTO NETWORKS AND REAN CLOUD 1 INTRODUCTION EXECUTIVE SUMMARY Organizations looking to provide developers with a free-range development environment
More informationSecuring Amazon Web Services (AWS) EC2 Instances with Dome9. A Whitepaper by Dome9 Security, Ltd.
Securing Amazon Web Services (AWS) EC2 Instances with Dome9 A Whitepaper by Dome9 Security, Ltd. Amazon Web Services (AWS) provides business flexibility for your company as you move to the cloud, but new
More informationMaximize your move to Microsoft in the cloud
Citrix and Microsoft 365: Maximize your move to Microsoft in the cloud 3 reasons to manage Office 365 with Citrix Workspace Pg. 2 Pg. 4 Citrix.com e-book Maximize your Citrix Workspace 1 Content Introduction...3
More informationApp Gateway Deployment Guide
C E N T R I F Y D E P L O Y M E N T G U I D E App Gateway Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical
More informationMake Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)
Make Cloud the Most Secure Environment for Business Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks) Enterprise cloud apps Consumer cloud apps The average organization now uses
More informationAdopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security
Adopting Modern Practices for Improved Cloud Security Cox Automotive - Enterprise Risk & Security 1 About Cox Automotive Cox Automotive is a leading provider of products and services that span the automotive
More informationMinfy MS Workloads Use Case
Contents Scope... 3 About Customer... 3 Use Case Description... 3 Technical Stack... 3 AWS Solution... 4 Security... 4 Benefits... 5 Scope This document provides a detailed use case study on Hosting GSP
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationHow Microsoft s Enterprise Mobility Suite Provides helps with those challenges
2 Agenda Enterprise challenges for mobility How Microsoft s Enterprise Mobility Suite Provides helps with those challenges Hybrid identity With Azure Active Directory and Azure Active Directory Premium
More informationManaging Your Privileged Identities: The Choke Point of Advanced Attacks
Managing Your Privileged Identities: The Choke Point of Advanced Attacks Shirief Nosseir EMEA Alliances Director Identity & API Management Tuesday, 16 May 2017 Agenda Why Privileged Access Management Why
More informationOFFICE 365 GOVERNANCE: Top FAQ s & Best Practices. Internal Audit, Risk, Business & Technology Consulting
OFFICE 365 GOVERNANCE: Top FAQ s & Best Practices Internal Audit, Risk, Business & Technology Consulting CLOUD ADOPTION Business demands faster, more agile and less costly solutions to achieve digital
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationHow Identity as a Service Makes UCaaS/SaaS Integrations More Scalable, Productive, and Secure
White Paper How Identity as a Service Makes UCaaS/SaaS Integrations More Scalable, Productive, and Secure 1 Executive summary The huge shift to cloud communications and collaboration is happening in parallel
More informationTHE SECURITY LEADER S GUIDE TO SSO
THE SECURITY LEADER S TO SSO When security leaders think of single sign-on (SSO), they usually think of user convenience and experience. But SSO also plays a critical role in delivering security for data
More informationPasswords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist
Passwords Are Dead Long Live Multi-Factor Authentication Chris Webber, Security Strategist Copyright 2015 Centrify Corporation. All Rights Reserved. 1 Threat Landscape Breach accomplished Initial attack
More informationCompleting your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT
Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Introduction Amazon Web Services (AWS) provides Infrastructure as a Service (IaaS) cloud offerings for organizations. Using AWS,
More informationAKAMAI WHITE PAPER. Enterprise Application Access Architecture Overview
AKAMAI WHITE PAPER Enterprise Application Access Architecture Overview Enterprise Application Access Architecture Overview 1 Providing secure remote access is a core requirement for all businesses. Though
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationThe Device Has Left the Building
The Device Has Left the Building Mobile Security Made Easy With Managed PKI Christian Brindley Principal Systems Engineer, Symantec Identity and Information Protection Agenda 1 2 3 Mobile Trends and Use
More informationVirtual Machine Encryption Security & Compliance in the Cloud
Virtual Machine Encryption Security & Compliance in the Cloud Pius Graf Director Sales Switzerland 27.September 2017 Agenda Control Your Data In The Cloud Overview Virtual Machine Encryption Architecture
More informationSingle Sign-On Best Practices
AUGUST 2018 WHITE PAPER Single Sign-On Best Practices Protecting Access in the Cloud Table of Contents Executive Summary... 3 Objectives... 3 Security Challenges... 4 Standards... 5 Conclusion... 6 Additional
More informationWhite Paper. The North American Electric Reliability Corporation Standards for Critical Infrastructure Protection
White Paper The North American Electric Reliability Corporation Standards for Critical Infrastructure Protection February, 2017 Introduction The North American Electric Reliability Corporation (NERC) maintains
More informationIT professionals are grappling with
THE ESSENTIAL GUIDE TO Managing Access to SaaS Applications By Sean Deuby SPONSORED BY IT professionals are grappling with not one, but three revolutions at the same time. First, cloud computing provides
More informationZero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers
Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere How Okta enables a Zero Trust solution for our customers Okta Inc. 301 Brannan Street, Suite 300 San Francisco, CA 94107 info@okta.com
More informationISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems
ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built
More informationIdentity Management as a Service
Identity Management as a Service The Challenge Today s technological landscape is one of permanent change. While connections to digital services and mobile devices grow, securing the data generated by
More informationO365 Solutions. Three Phase Approach. Page 1 34
O365 Solutions Three Phase Approach msfttechteam@f5.com Page 1 34 Contents Use Cases... 2 Use Case One Advanced Traffic Management for WAP and ADFS farms... 2 Use Case Two BIG-IP with ADFS-PIP... 3 Phase
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationREVISED 4 JANUARY 2018 VMWARE WORKSPACE ONE REFERENCE ARCHITECTURE FOR SAAS DEPLOYMENTS
REVISED 4 JANUARY 2018 VMWARE WORKSPACE ONE REFERENCE ARCHITECTURE FOR SAAS DEPLOYMENTS Table of Contents Executive Summary VMware Reference Architectures Audience Reference Architecture Design Methodology
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationCracking the Access Management Code for Your Business
White Paper Security Cracking the Access Management Code for Your Business As the digital transformation expands across your business, delivering secure access to it has made a modern identity and access
More informationSecurity Overview. Technical Whitepaper. Secure by design. End to end security. N-tier Application Architecture. Data encryption. User authentication
Technical Whitepaper Security Overview As a team, we have a long history of developing and delivering HR software solutions to customers worldwide, including many of the world s most-demanding organisations.
More informationSecurity Readiness Assessment
Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS
More informationDocker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications
Technical Brief Docker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications As application teams deploy their Dockerized applications into production environments,
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationProtect Yourself Against VPN-Based Attacks: Five Do s and Don ts
White Paper Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts Don t let stolen VPN credentials jeopardize your security March 2015 A TECHTARGET WHITE PAPER Most IT professionals take for
More informationHOW SNOWFLAKE SETS THE STANDARD WHITEPAPER
Cloud Data Warehouse Security HOW SNOWFLAKE SETS THE STANDARD The threat of a data security breach, someone gaining unauthorized access to an organization s data, is what keeps CEOs and CIOs awake at night.
More informationINCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.
INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS Protect Critical Enterprise Applications and Cardholder Information with Enterprise Application Access Scope and Audience This guide is for
More informationSecure single sign-on for cloud applications
Secure single sign-on for cloud applications Secure single sign-on for cloud applications Traditional on-premises tools used to rule the IT environments of most organizations, but now cloud applications
More informationNext Generation Privilege Identity Management
White Paper Next Generation Privilege Identity Management Nowadays enterprise IT teams are focused on adopting and supporting newer devices, applications and platforms to address business needs and keep
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationOptimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution
DATASHEET Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution Features & Benefits Best-in-class VPN and vadc solutions A single point of access for all
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationAre You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus
Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus 1 60 Second AWS Security Review 2 AWS Terminology Identity and Access Management (IAM) - AWS Security Service to manage
More informationGo mobile. Stay in control.
Go mobile. Stay in control. Enterprise Mobility + Security Jeff Alexander Sr. Technical Evangelist http://about.me/jeffa36 Mobile-first, cloud-first reality 63% 80% 0.6% Data breaches Shadow IT IT Budget
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationDATAOPS.BARCELONA SIMPLIFYING IDENTITY MANAGEMENT WITH SSO TOOLS
SIMPLIFYING IDENTITY MANAGEMENT WITH SSO TOOLS WHO AM I & WHAT DO WE DO? Pol Jane - Senior DevOps Engineer DevOps IoT Big Data Software Development Migrations Automation Cost Optimization WE RE WOLDWIDE!
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationBlackBerry Enterprise Identity
Datasheet BlackBerry Enterprise Identity The Challenge: Cloud services are critical in today s enterprises, yet a reliance on the cloud comes with real and growing security risks. Enterprises want a simple,
More informationRoadmap to the Efficient Cloud: 3 Checkpoints for the Modern Enterprise
Roadmap to the Efficient Cloud: 3 Checkpoints for the Modern Enterprise Roadmap for the Modern Enterprise As your AWS environment grows, the importance of instilling governance and following best practice
More informationHCX SERVER PRODUCT BRIEF & TECHNICAL FEATURES SUMMARY
PRODUCT BRIEF & TECHNICAL FEATURES SUMMARY PRODUCT BRIEF A SERVER OPTIMIZED FOR A HYBRID WORLD The HCX Server is a Windows Server pre-bundled with integrated core IT services designed for small and midsize
More informationBest Practices for Augmenting IDaaS in a Cloud IAM Architecture PAM DINGLE, PING IDENTITY OFFICE OF THE CTO
Best Practices for Augmenting IDaaS in a Cloud IAM Architecture PAM DINGLE, PING IDENTITY OFFICE OF THE CTO W HI T E P A P ER TABLE OF CONTENTS 03 EXECUTIVE OVERVIEW 04 BEST PRACTICE #1: IMPLEMENT ADMINISTRATIVE
More informationSalesforce External Identity Implementation Guide
Salesforce External Identity Implementation Guide Salesforce, Spring 17 @salesforcedocs Last updated: March 11, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationThe Business Case for Network Segmentation
Modern network segmentation to reduce risk and cost Abstract Modern network segmentation, also known as microsegmentation, offers a new way of managing and securing your network, offering tremendous benefits
More informationDeploying Cisco SD-WAN on AWS
How to Guide Deploying Cisco SD-WAN on AWS Introduction: Why use an SD-WAN solution for the cloud? Organizations leveraging branch office locations, IoT devices, and distributed network devices face a
More informationTotal Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER
Total Cost of Ownership Overview vs OneLogin WHITEPAPER Are you really going to double down on machines, software and professional services to extend Active Directory (AD)? Executive Summary Are you planning
More informationAerohive and IntelliGO End-to-End Security for devices on your network
Aerohive and IntelliGO End-to-End Security for devices on your network Introduction Networks have long used a password to authenticate users and devices. Today, many cyber attacks can be used to capture
More informationUnlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.
Unlocking Office 365 without a password How to Secure Access to Your Business Information in the Cloud without needing to remember another password. Introduction It is highly likely that if you have downloaded
More informationby Cisco Intercloud Fabric and the Cisco
Expand Your Data Search and Analysis Capability Across a Hybrid Cloud Solution Brief June 2015 Highlights Extend Your Data Center and Cloud Build a hybrid cloud from your IT resources and public and providerhosted
More informationYubico with Centrify for Mac - Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Yubico with Centrify for Mac - Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component
More informationSalesforce External Identity Implementation Guide
Salesforce External Identity Implementation Guide Salesforce, Summer 17 @salesforcedocs Last updated: September 28, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationAXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure
AXIAD IDS CLOUD SOLUTION Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure Logical Access Use Cases ONE BADGE FOR CONVERGED PHYSICAL AND IT ACCESS Corporate ID badge for physical
More informationAdaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia
Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia F5 EMEA Webinar Listopad 2014 Andrzej Kroczek Field Systems Engineer Today s Network and App Access: So Many Variables! LOCATIONS USERS DEVICES
More informationPerfect Balance of Public and Private Cloud
Perfect Balance of Public and Private Cloud Delivered by Fujitsu Introducing A unique and flexible range of services, designed to make moving to the public cloud fast and easier for your business. These
More informationRSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief
Providing Secure Access to Corporate Resources from BlackBerry Devices Leveraging Two-factor Authentication Augmenting the BlackBerry Enterprise Solution BlackBerry devices are becoming ubiquitous throughout
More informationSecurity & Compliance in the AWS Cloud. Amazon Web Services
Security & Compliance in the AWS Cloud Amazon Web Services Our Culture Simple Security Controls Job Zero AWS Pace of Innovation AWS has been continually expanding its services to support virtually any
More informationInside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1
Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1 Agenda 2 Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to
More informationDeploying Tableau at Enterprise Scale in the Cloud
# T C 1 8 Deploying Tableau at Enterprise Scale in the Cloud Calvin Chaney Senior Systems Analyst Enterprise Analytics / Tableau Enterprise Analytics supports Tableau s mission of driving self-service
More informationSecure & Unified Identity
Secure & Unified Identity for End & Privileged Users Copyright 2015 Centrify Corporation. All Rights Reserved. 1 Key Point #1: Perimeter is Dissolving Making Identity Matter Most You must plant a strong
More informationCentrify for Google G Suite Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Centrify for Google G Suite Deployment Guide Abstract Centrify protects against the leading point of attack used in data breaches compromised credentials. Centrify Application
More informationMaking Security a Business Enabler
no.linkedin.com/in/ronnystavem/ Making Security a Business Enabler Ronny Stavem, Sales Specialist IAM, CISSP Dell Software Twitter: @RonnyStavem LinkedIn: no.linkedin.com/in/ronnystavem Technology trends
More information