Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Similar documents
Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

The Cloud Identity Crisis

SAP Security in a Hybrid World. Kiran Kola

April Understanding Federated Single Sign-On (SSO) Process

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Unified Secure Access Beyond VPN

REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: MOBILE SINGLE SIGN-ON. VMware Workspace ONE

ProteggereiDatiAziendalion-premises e nel cloud

The Device Has Left the Building

Use EMS to protect your mobile data and mobile app

Dell One Identity Cloud Access Manager 8.0. Overview

Cloud Access Manager Overview

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

Novell Access Manager 3.1

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

App Gateway Deployment Guide

EM L05 Symantec Mobile Management Managing ios and Android Devices

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

SSO Integration Overview

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Bring Your Own Device. Peter Silva Technical Marketing Manager

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Partner Information. Integration Overview. Remote Access Integration Architecture

Przejmij kontrolę nad użytkownikiem, czyli unifikacja dostępu do aplikacji w zróżnicowanym środowisku

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

SAP Single Sign-On 2.0 Overview Presentation

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

Entrust GetAccess 7.0 Technical Integration Brief for IBM WebSphere Portal 5.0

Integration Patterns for Legacy Applications

BIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

Mobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Access Management Handbook

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

Data Insight Feature Briefing Box Cloud Storage Support

PKI is Alive and Well: The Symantec Managed PKI Service

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

Challenges in Authenticationand Identity Management

Google Identity Services for work

Warm Up to Identity Protocol Soup

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Centrify for Dropbox Deployment Guide

Okta Integration Guide for Web Access Management with F5 BIG-IP

Tivoli Federated Identity Manager. Sven-Erik Vestergaard Certified IT Specialist Security architect SWG Nordic

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

OpenID Cloud Identity Connector. Version 1.3.x. User Guide

Partner Information. Integration Overview Authentication Methods Supported

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

Symantec To Acquire VeriSign s Identity and Authentication Business. May 19, 2010

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Web Security Service. Authentication Guide. Version /NOV

Integrating AirWatch and VMware Identity Manager

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

VMware Identity Manager Administration

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Consumerization: What It Means to IT Operations

Managing outside the firewall and learn what is new in ITMS 7.5

Cloud Access Manager Configuration Guide

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

CA SiteMinder Federation

Azure Active Directory from Zero to Hero

ShareFile Technical Presentation

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

DIGIPASS Authentication to Citrix XenDesktop with endpoint protection

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

User Guide. Version R94. English

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

User Guide. Version R92. English

SAML-Based SSO Solution

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

CAN MICROSOFT HELP MEET THE GDPR

Total Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER

Webthority can provide single sign-on to web applications using one of the following authentication methods:

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Best Practices for Augmenting IDaaS in a Cloud IAM Architecture PAM DINGLE, PING IDENTITY OFFICE OF THE CTO

Horizon Workspace Administrator's Guide

Yubico with Centrify for Mac - Deployment Guide

Cloud Secure. Microsoft Office 365. Configuration Guide. Product Release Document Revisions Published Date

Cloud Secure Integration with ADFS. Deployment Guide

Tech Dive: Microsoft Azure Identity Management and Office 365

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

EM L01 Introduction to Mobile

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

Mohit Saxena Senior Technical Lead Microsoft Corporation

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

Transcription:

Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1

Agenda 2

Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to LOB needs, drive business agility and better manage costs Challenge We lack a comprehensive means to control access, security and compliance across the breadth of cloud services and applications 3

Cloud-mobile: Opportunity And Challenge Cloud Private Cloud Mobile We should embrace BYOD, BYOA and the new mobile platform to augment productivity and innovate new business models Challenge How do we layer common protection across cloud and mobile without undermining the convenience of the mobile experience? 4

Introducing Symantec O 3 A New Cloud Information Protection Platform Access Control Information Protection Cloud Visibility Symantec O 3 Control Security Compliance Private Cloud SR B30 - Inside Symantec O3 SYMANTEC VISION 2012 5

A Platform To Meet The Challenge In Three Dimensions Control Convenience Compliance Single control point Context-based Layered security as-a-service Easy access/sso for cloud/web apps Use the apps you like Any device, including mobile SIEM and forensics for the cloud Log and audit trail management Policy audit and reporting 6

Symantec O 3 Identity and Access Control Architecture User Admin Leverages Existing IDM Infrastructure Any corporate directory or identity store Single ID SSO Strong Authentication VIP OTP Stepped up (per application policy) Other forms using custom integration Authorization Context-based policy engine Who (identity-based) What (device-based) Federation/Password Management SAML & OpenID Gateway-based keychain and wizard Apps catalog (+ connectors) 7

O 3 Services ID Broker And Authentication Model End-user SSO login options to O 3 : 1. At O 3 gateway portal 2. Custom portal in front of O 3 -GW 3. External IDP with redirect 4. SAML based SP with redirect O 3 End-user User Devices Client App IDP initiated SAML SP initiated SAML Service access O 3 SSO Login Custom portal O 3 Admin Console IDP IDP portal O 3 Gateway GW Portal O 3 Intelligence Center IDP IDP SAML Assertion Identity and Access Broker Information Gateway Policies and Configuration Enterprise Customer AD/ LDAP Dir Auth and Attributes portal SP SAML Assertion SAML handler SAML Cloud Service HTTP POST Login ceremony portal Cloud Service 8

Application Integration IDP SAML HTTP-Fed O 3 End-user User Devices Client App O 3 Gateway Identity and Access Broker SSO portal Cloud Services and Information Gateway Credential Keychain Web-enabled applications SAML Gateway proxies user store as IDP Redirect or proxy mode option Point and click SAML setup (no SAML expertise required) HTTP-Federation HTTP form stuffing Credential stored in local keychain Reverse proxy Trusted headers (internal web apps) Gateway Credential Keychain Password vault storing SaaS app credentials Encrypted and locally stored in GW, 1 per user Work with any web apps (catalog and custom adaptors) Keychain Tool Java tool to pre-populate SaaS app username-passwords in keychain Prevents user login @ SaaS app with machine-generated username-password Input: spreadsheet of uid/pswd 9

Demonstration! https://intelcenter.symanteco3.com https://ea0-o3-gw1.symanteco3.com SR B30 - Inside Symantec O3 10

Deployment: Symantec cloud, Your cloud, hybrid Managed Devices Unmanaged Devices Acme Inc Network A D Private Cloud Symantec O 3 Gateway (single-tenant) Symantec O 3 Gateway Cloud or Partner Virtualized Infrastructure Symantec O 3 Gateway (single-tenant on IAAS) Policy Synch Symantec O 3 Secure Infrastructure Intelligence Center (multi-tenant policy mgmt.) Identity Sec Policy Information Sec Policy SAAS Any SAAS IAAS/PAAS Any Public Cloud 11

Customer-Hosted Deployment Overview Customer Network Customer Administrator A Policies and configuration Symantec O3 Intelligence Center Employees C Symantec O 3 Gateway D F F E B C Roaming Employees Symantec Network Cloud Applications Customer AD/LDAP Internal SaaS Applications A. Customer admin defines employee access policies at hosted O 3 IC B. Policies published to on-prem O 3 gateway(s) C. Internal and External Employees authenticate to O 3 gateway to gain access to applications D. O 3 gateway delegates authentication to customer AD/LDAP E. O 3 gateway enforces Identity based access and information protection policies F. Employees gain access to applications upon successful authorization 12

Symantec-Hosted Deployment Overview Customer Network Customer Administrator A B Symantec O 3 Intelligence Center Employees Symantec O 3 ID Link Roaming Employees C D E Symantec O 3 Gateway Symantec Network F F Cloud Applications Customer AD/LDAP Internal SaaS Applications A. Customer admin defines employee access policies at hosted O 3 IC B. Policies published to Symantec Hosted O 3 gateway(s) C. Internal and External Employees authenticate to O 3 gateway to gain access to applications D. O 3 gateway delegates authentication to customer AD/LDAP E. O 3 gateway enforces Identity based access and information protection policies F. Employees gain access to applications upon successful authorization SR B30 - Inside Symantec O3 SYMANTEC VISION 2012 13

Roadmap SR B30 - Inside Symantec O3 14

Roadmap Disclaimer This information is about pre-release software. Any unreleased update to the product or other planned modification is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec products should make their purchase decision based upon features that are currently available. 15

Symantec O 3 Information Security Architecture DLP for information classification Leverages existing DLP deployment Identity context Any device, any cloud Silent File Encryption Leverages existing PGP deployment Key management option Other forms using custom portal integration ipad Secure Sandbox App Bring your ipad to work Integrated with gateway (SSL VPN with 2FA) Sandbox data at rest encryption Availability: 2H CY2012 16

Demonstration! https://gw.ea7.symanteco3.com/ SR B30 - Inside Symantec O3 17

Roadmap Disclaimer This information is about pre-release software. Any unreleased update to the product or other planned modification is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec products should make their purchase decision based upon features that are currently available. 18

O 3 As The Cloud Information Protection Platform Cloud Access and Information Protection 1. End-user SSO session portal 2. Brokered authentication and authorization 3. Policy and configuration synchronization 4. Information protection 5. Audit and access logs Symantec VIP OTP O3 connectors AD/LDAP ID-link AD IWA External User-Store OpenID SAML Oauth Enterprise User-Dir. AD / LDAP ODBC / JDBC WS / REST IDP / Usr-Store Connectors O 3 Gateway Default SSO portal Authentication delegation Legacy web-enabled applications User Devices Client App Custom portal Context Based Policy Enforcement Federation Services (SAML, OA, OID, WSF) Cloud SP connectors Gateway web-services Reverse Proxy services Non-native 2FA IC sync esso HTTP-FED External Cloud Applications O 3 Logs Audit and Access System logs Symantec 2FA MPKI FDS 3 rd party 2FA RSA Certificates O 3 Intelligence Center Multi-tenant Policy Management GW configuration and status Info Protection (ICAP) DLP PGP / Key-management Archiving / ediscovery Symantec Log Management SSIM Minimum Security Standards (MSS) Log management Symantec DeepSight, Symantec Global Intelligence Network 19

Thank you! Sergi Isasi Copyright 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. SR B30 - Inside Symantec O3 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback