Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia

Similar documents
Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

SAS and F5 integration at F5 Networks. Updates for Version 11.6

Przejmij kontrolę nad użytkownikiem, czyli unifikacja dostępu do aplikacji w zróżnicowanym środowisku

Unified Secure Access Beyond VPN

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

A comprehensive security solution for enhanced mobility and productivity

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

REVISED 4 JANUARY 2018 VMWARE WORKSPACE ONE REFERENCE ARCHITECTURE FOR SAAS DEPLOYMENTS

Enterprise Guest Access

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

Maximize your investment in Microsoft Office 365 with Citrix Workspace

XenApp, XenDesktop and XenMobile Integration

Thomas Lippert Principal Product Manager. Sophos Mobile. Spring 2017

SAP Security in a Hybrid World. Kiran Kola

The Device Has Left the Building

MOBILE SECURITY, SECURE ACCESS AND BYOD AS A SERVICE. Jonas Gyllenhammar NNTF 2012

Google Identity Services for work

Securing Today s Mobile Workforce

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

VMware Hybrid Cloud Solution

Secure Access for Microsoft Office 365 & SaaS Applications

ADC im Cloud - Zeitalter

Design and deliver cloud-based apps and data for flexible, on-demand IT

Architecture: Consolidated Platform. Eddie Augustine Major Accounts Manager: Federal

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

The Context Aware Network A Holistic Approach to BYOD

Secure IT consumeration (BYOD), users will like you How to make secure access for smart mobile devices

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Citrix XenMobile and Windows 10

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

Bring Your Own Device. Peter Silva Technical Marketing Manager

Phil Schwan Technical

Crash course in Azure Active Directory

Secure Access - Update

USP Network Authentication System & MobileIron. Good for mobile security solutions

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers

BIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III

Mobile Access Security & Management Managed and Unmanaged Mobile Access to Windows Applications and Virtual Desktops from Smart phones and Tablets

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Pulse Policy Secure X Network Access Control (NAC) White Paper

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Sichere Applikations- dienste

WHITEPAPER. How to secure your Post-perimeter world

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

BlackBerry Enterprise Identity

Cisco VXI Smart Solution with VMware View

VDI What is it? Virtual Desktop Infrastructure in Plain Vanilla. Clifford Gabriel Data Center and Virtualization Trends and Technologies Inc.

Simplify, Strengthen and Unify your security.

Enterprise Redefined, Mobility Your Way

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Identity Management as a Service

The CISO s Guide to Deploying True Password-less Security. by Bojan Simic and Ed Amoroso

Mobile Devices prioritize User Experience

BlackBerry 2FA. Datasheet. BlackBerry 2FA

Secure & Unified Identity

Microsoft Security Management

SECURE, CENTRALIZED, SIMPLE

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS

Cisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1

Secure Mobile Access to Corporate Applications

Go mobile. Stay in control.

Cloud Customer Architecture for Securing Workloads on Cloud Services

Microsoft Windows Server 2008 R2 Remote Desktop Services Session Virtualization and VDI Microsoft RemoteFX

2013 InterWorks, Page 1

Mohit Saxena Senior Technical Lead Microsoft Corporation

Cisco AnyConnect Secure Mobility & VDI Demo Guide

The threat landscape is constantly

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

Make security part of your client systems refresh

Partner Webinar. AnyConnect 4.0. Rene Straube Cisco Germany. December 2014

Service Description VMware Workspace ONE

Changing face of endpoint security

THE SECURITY LEADER S GUIDE TO SSO

Secure app and data delivery across devices, networks and locations

Connect to the Extended Enterprise with Confidence and Security

Hybrid Identity de paraplu in de cloud

3-Part Guide to Developing a BYOD Strategy

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Total Threat Protection. Whitepaper

Citrix Workspace. Lausanne Laurent Strauss Christophe Beaugrand

BIG-IP APM: Access Policy Manager v11. David Perodin Field Systems Engineer

RHM Presentation. Maas 360 Mobile device management

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

Security Diagnostics for IAM

Access Management Handbook

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Enterprise Product Guide

Transcription:

Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia F5 EMEA Webinar Listopad 2014 Andrzej Kroczek Field Systems Engineer

Today s Network and App Access: So Many Variables! LOCATIONS USERS DEVICES APPS & LOCATIONS Headquarters Branch Mobile Employee Contractor Desktop Laptop Physical Hosted App Cloud Hosted Apps Mobile Storefront Remote Employee Partner Smartphone Tablet Hybrid Cloud Hosted Apps Web-based Apps Home Other Location(s) Office Employee Customer Wearable Camera Mobile Apps Other Apps Other Device(s) Guest Other User(s) Internet F5 Networks, Inc. 2

Mobility is Exploding THE NUMBER OF MOBILE WORKERS IN WESTERN EUROPE IS EXPECTED TO REACH 512 MILLION BY 2015 * * Source: IDC F5 Networks, Inc. 3

Access Management Trends IAM, security, and risk management are overlapping, related disciplines Expansion of risk-based authentication Greater focus on request context Intersection of social, mobile, cloud, and data Standalone SSL VPN market is static Integrated security device market increases including remote/mobile access Remote access plays a vital role in mobile VPN access F5 Networks, Inc. 4

Business Challenge: Managing Access Today Rapidly expanding, changing mobile workforce Explosion in number of users, use cases, in-use devices Increased virtualization Fast rising number of security threats and attacks Need to manage access based on identity and context F5 Networks, Inc. 5

What is Needed to Control and Manage Access Employees Partner Customer Administrator Control access based on granular context-based attributes Differentiate authentication based on context or emerging methods Unify, consolidate, and simplify secure access to all applications Provide fast authentication, SSO, and identity federation across applications Provide simple user experience for authentication, authorization and access F5 Networks, Inc. 6

Control Through Context User/Device Information Network/ + + Connection Application Health & Risk F5 Networks, Inc. 7

User Context in Security OS Device type and integrity Operating system Browser Location Intelligence and visibility F5 Networks, Inc. 8

Network/Connection Context in Security Authentication Access method Network integrity Network quality and availability Connection integrity F5 Networks, Inc. 9

Application Context in Security v3.1???!!! App location App health App type/ version App vulnerability App importance and risk F5 Networks, Inc. 10

Challenge of Enabling Secure Mobile/Remote Access from Any Device, Anywhere Provide full or differentiated network access for employees Provide per app access from BYOD or mobile devices Provide restricted access for partners and guests www.company.com F5 Networks, Inc. 11

Secure, Accelerated Mobile and Remote Access www.f5.com Fast and secure connections maximise productivity for global users Seamless integration minimises cost and simplifies end user experience F5 Networks, Inc. 12

Multifactor Authentication User = HR www.f5.com HR AAA Server F5 Networks, Inc. 13

Endpoint Integrity Inspection Outdated Protection Other Threats DEVICES Malware Hackers Advanced Persistent Threats Hacktivism Bots State Sponsored Attacks Ensure integrity and compliance with organizational and regulatory policies regardless of the type of endpoint and OS being used F5 Networks, Inc. 14

Difficulty in Sharing Identification Across Any Application, Anywhere Silos of identity Identity still on-premise but apps and data moving to the cloud Salesforce Office 365 Concur Google docs Too many different passwords needed for multiple different applications Internet Data Center Devices Identity and Access Management Physical Virtual Applications Applications F5 Networks, Inc. 15

Single Sign-On (SSO) Challenges Mobile Device? Supported Platform? BYOD? Users Decision? Step-Up? Change AuthZ? MIDDLEWARE Agent side Decision Decision? Fake AuthN? Delegate? AGENTS? Public Cloud SSO Server Servers Web Applications Adaptive Authentication? External Resource? Not all tokens work across all domains Some SSO tools must check in with an authorizing decision point Difficult to visualise SSO topology and deployment F5 Networks, Inc. 16

SSO and Identity Federation Require Greater Flexibility Not all applications and identity directories are created equal Reworking identifiers sometimes necessary to compensate for legacy applications Step-up authentication can t be used without having a flexible way to assess what credentials are needed and when F5 Networks, Inc. 17

Adaptive Authentication and Access Users Adaptive Auth Federation (SAML) SSO Selection Endpoint Validation SAML Pass-through Simple Assertion Apps Token Kerberos Delegation Password Step-Up Auth Dynamic Forms Certificates Fraud Protection Certificates Private/Public Cloud Transform one type of authentication into another so an application may understand and use it without installing additional agents Allow flexible selection of SSO technique appropriate to the application Allow for centralized session control of all applications, even SaaS F5 Networks, Inc. 18

Identity Federation and SSO Benefits Provide seamless access to all resources, including web- and cloud-based apps Enhance and simplify the user experience, increase user productivity Instantly provision and de-provision access to cloud apps Salesforce.com Finance Corporate managed device Latest antivirus software AAA Server User = Finance Expense Report App F5 Networks, Inc. 19

Identity Federation Architecture On-Premises Infrastructure Corporate Users Users SAML Identity management Multi-factor authentication Attackers SAML Real-time access control Access policy enforcement Access Management Directory Services Corporate Applications Office 365 Google Apps Salesforce Identity federation SaaS Providers F5 Networks, Inc. 20

Controlling Enterprise Mobile Access and Managing Enterprise Mobility App Wrapping + App Management + Reporting Application Access Management No data transfer Data transfer App Tunnel + App Policy Managed Apps Unmanaged Apps EMM Mobile Users Remote Access Endpoint Inspection + App Tunnel Termination + Authentication + Access Policy Management + Identity Federation + Mobile App Security + Managed App Policy Authentication Store Salesforce.com Data Center Email Mobile Application F5 Networks, Inc. 21

Securing and Managing Mobile Access, Apps, and Devices Deliver enhanced capabilities over existing mobile access gateways: Integrate with existing market-leading MDM/EMM offerings, seamlessly provisioning mobile devices: Per app VPN Secure remote (SSL VPN) access ActiveSync and other proxy services support Granular access policy management Application access management Federated identity/sso Mobile application management (MAM) Mobile device management (MDM) Mobile content management (MCM) Sandboxing Workspace applications File readers and editors File systems and portal access App wrapping Certificate and app provisioning Remote lock and wipe F5 Networks, Inc. 22

Enhanced Web Access Management Create policy Website Administrator 8 3 2 8 4 9 Corporate domain HR Latest AV software Current O/S User = HR AAA server Proxy web applications to provide authentication, authorisation, device inspection F5 Networks, Inc. 23

Simplifying VDI Simplify virtual deployment, with no additional clients needed Improve scale and reliability Provide better user experience + SSO Enable vendor agnostic XenDesktop VDI VDI VDI VDI Hypervisor Virtual desktops VDI VDI VDI VDI Hypervisor VDI VDI VDI RDP Virtual desktops AAA server Horizon View VDI VDI VDI VDI Hypervisor Virtual desktops F5 Networks, Inc. 24

Recent News About Remote/Mobile Access Juniper has sold its Junos Pulse mobile security portfolio for $250 million to Siris Capital, noting that this is consistent with its strategy to focus on "where its customers and the market is heading with High-IQ networks and building the next-generation of clouds. Taking advantage of a Cisco ASA Clientless SSL VPN Information Disclosure and DoS vulnerability could result in disclosure of internal information or, in certain circumstances, a reload of the affected system. Recently published research has found that a quarter of employees breach the company's security guidelines to remote working, putting the confidential business data at risk. Siris Capital announced that it has completed its acquisition of the Junos Pulse business from Juniper Networks, the industry leader in network innovation, and incorporated that business under the name Pulse Secure. F5 Networks, Inc. 25

Migration Strategy Simplify the migration of a legacy access control product to a new access control and management environment Consider and complete the following tasks: Migration planning Architectural and technology review Initial platform setup and configuration Configuration migration and testing Migration Planning Platform Setup and Configuration Policy Creation and Management Configuration Migration and Testing Knowledge Transfer F5 Networks, Inc. 26

Deep Technical Migration Expertise is Needed Leverage best practices to mitigate migration risks Accelerate deployment with skilled resources that know both technologies Optimize availability, performance, and reliability Extend your staff s reach and skills Capitalize quickly on enhanced functionality provided by the ADC F5 Networks, Inc. 27

Transitioning from Legacy Access Products to Emerging Access Solutions Seek vendor programs that will compensate you for trading up from your outdated, legacy access control products Upgrade your existing access control products with a solution that also supports identity federation/sso, integrated secure cloudbased access, web access management, secure mobile access Choose a solution that is flexible, extensible, and highly scalable Select vendors and partners that will deliver and implement a comprehensive migration strategy, including technical expertise F5 Networks, Inc. 28

Identity and Access Management (IAM) Solution Adaptive authentication, authorization, and access to all applications Secure Web Access Internet Web-based Apps Internet Apps Web Access Management Remote/Mobile Access and Application Access Enterprise Apps Mobile Apps Enterprise Mobility Access and Management Identity Federation/Identity Bridge Cloud, SaaS, and Partner Apps F5 Networks, Inc. 29

Solutions for an Application World.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback