The Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaS

Transcription

1 The Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaS Rob Aragao & Stan Wisseman #MicroFocusCyberSummit

2 Primary Goal of Businesses Today Drive Digital Transformation!! 2

3 For Most Organizations, Digital Transformation = Hybrid IT Multiple deployment models Multiple consumption and financing options Lower IT run budgets Pressures to innovate IoT proliferation Hybrid means working with a wide variety of deployment models Designing a payment structure that works within OpEx and CapEx budgets Transformations even with increased demands to drive down IT costs Downward pressure to implement the latest features and functionality into systems Huge increase in data coming into and through your environments 3

4 Organizations Want Hybrid IT However, many have bi-modal IT operations that won t scale 60% 1 Percentage of IT Spend 40% 1 Traditional Apps Head of IT /CIO Budget Owners? Finance, HR, Marketing, Operations, Engineering 3% Budget Growth 12% 1 Cloud Apps Core IT Systems, Data Centers, Infrastructure, ERP Ops Driven Cost Focused Traditional Business Business as Usual, Keep the Lights On, Improved User Experience How can I Managed support Systems both? Business Outcome App Dev, Mobile Sites, e-commerce Sites, Web Business Apps The Idea Economy Disruptive Innovation, New Business Process, Competitive Advantage Apps Driven Agility Focused 1= Source CEB Analyst Group (UK based)

5 Challenges with the Current State Multiple pools of IT resources Results in under utilization of costly assets Unique characteristics of underlying assets Regulatory & compliance challenges No centralized view into data integrity & security Difficulties in meeting compliance timeframes Unique management and security No consistency in management tools/procedures Inconsistent security creates vulnerabilities 3 rd party security or data sovereignty challenges High long-term cost of ownership Multiple environments for IT to learn & manage Escalating costs of public cloud at scale 5

6 A Preferred Architecture Has Evolved in Most Organizations PaaS IaaS SaaS Onprem PaaS is used for rapid application development and testing before apps are moved to their best execution venue IaaS is adopted for rapid provisioning of compute, storage, and network resources Common business processes (such as CRM, marketing, and human resources) are migrated to various SaaS services On-premises servers, storage, and networks are maintained for high-value/high-risk workloads (such as financial data and intellectual property) Source: Dimensional Research Hybrid Cloud Usage Poses New Challenges for Monitoring Solutions March 2018

7 What We Are Seeing 92% of organizations are using multiple cloud vendors 88% of cloud-based apps share data and services with on-premise apps 64% of cloud-based apps share data and services with other cloud-based apps The #1 monitoring need for hybrid environments is Security Monitoring 7 Source: Dimensional Research Hybrid Cloud Usage Poses New Challenges for Monitoring Solutions March 2018

8 Complexities Involved with a Hybrid Architecture 8 Source: 451 Research

9 Hybrid IT Opens Up Many Opportunities But it Can Also Expose the Enterprise to Greater Risk Identities Secure Applications On-Premises Data Cloud

10 Top Security Concerns for an Evolving Hybrid Infrastructure Maintain consistent access security and authorization controls across environments Secure movement of data and workloads across environments Secure data residing and processed in a third-party or hosted environment Maintain consistent network security policies for security domains Ensure compliance with regulatory and policy requirements 10 Source: 451 Research

11 Hybrid IT Attacks Inbound Attacks: Port Scanning Distributed Denial Of Service SSH/RDP Brute-Force Poor Configurations Advanced Persistent Threats Zero Day Exploits Unpatched VM images Targeting Trust Perimeter: Hypervisor Breakout Exposed Servers Default Configurations Data Exposure Weak Internal Security Internet On-Cloud Services (Workloads, Systems, Applications, Data) Cloud Infrastructure Outbound Attacks: Bot Net Zombies Distributed Denial of Service Port Scanning SSH/RDP Brute Force Advanced Persistent Threat Zero Day Phishing / Malware Hosting Targeting Cloud Services: On-Cloud Pivot Cross-Tenant Attack Insecure Usage Infrastructure Attacks: Privilege Escalation Stolen Credentials Known Attack Vectors Poor System Configurations Under-Cloud Pivot Isolation Failures

12 Establish a Risk-based Approach Assess security investments and posture How will attacks likely occur? How will you spot them on each platform? What corrective action will you take? Transform from silos to a comprehensive view On-prem traditional systems, SaaS, IaaS, and PaaS all of which should fall under the same security umbrella Actionable Security Intelligence Optimize to proactively improve security posture Manage security effectively Including internal SLAs and SLAs related to cloud providers. Maintain SLAs in the context of your security program Moving from Reactive to Proactive Information Security & Risk Management

13 Security Management Has also Moved to a New Level of Complexity! Identities Applications Data 13

14 Essential to Enterprise Digital Transformation Secure and enable the relationships between identities, applications, and data regardless of how or where things are deployed Identities Secure & Empower Applications On-Premises Data Cloud

15 Simplified Security for Hybrid IT Environments Need a single security toolset that covers public, private, and on-premises systems 15 Source: David Linthicum, How to choose the right security toolset for hybrid cloud

16 An Identity-Centric Approach A Desired State Employees Scale Centrally managed identities providing a single view Customers B2C IDENTITY Identity Powered Security IDENTITY IDENTITY Partners B2B Multiple delivery models (on-prem, SaaS, hybrid) Clear roles and relationships modelled Risk based adaptive security Business benefit solution architecture Clear consistent governance, privacy controls and privilege management implementations Experience embedded at the beginning

17 Cloud based IDaaS services can provide core capabilities, but is not suited for complex requirements. Hybrid IAM can offer the best of both. CLOUD Standard solution HYBRID Standard though extensible solution ON-PREMISE Flexible/extensible solution Data hosted in the cloud Data hosted where desired Data hosted on-prem Less staff required to maintain Often limited to cloud access management Not suited to complex on-premise use case Less staff required to maintain Support for cloud, on-prem, and custom applications and processes Well suited for complex on-premises use cases Internal staff to maintain Support for cloud, on-prem, and custom applications and processes Well suited for complex on-premises use cases

18 IAM as a Service Deployment Architecture Hybrid IAM as a Service Solution Hosted Apps Customers, Clients, External and Remote Users Authenticate Browser Mobile Device Provisioning De- Provisioning SSO Access Management Governance SSPR 2FA Federation PAM Policy Engines Workflow User Self Service Administration Reporting Compliance Dashboards Cloud Authentication and Self Service in cloud IAS for accessing internal, external and SaaS applications Secure Connection Secure communication to execute policies on premise Identity Synchronization to cloud Local/Internal Authentication On Premise IDP Enterprise Clients Password Update On Premise Resources Contractor Database Resource 1 Client Premises LDAP JDBC Customized Connectors Resource 2 Resource 3

19 Secure Software Development Design apps securely and to run in Hybrid IT environments Attacker Software & data Intellectual property Network Hardware Customer data Business processes Trade secrets

20 Data Security Protecting information wherever it resides Health records your care provider manages for you Banks data about your finances and accounts Your credit rating information Your interactions with SaaS applications Payments made to you Your Telco s information about your account Your correspondence Your customers data. Your organizational data. Your private to and from your smartphone

21 What does contemporary data-security enable? Securing government & defense health data privacy Private-public data sharing for AI insights and big data & IoT Enabling security leaders to say Yes to business demands Adopt xaas IT solutions for hybrid computing opex economies Modernizing security for legacy data security risks 21 (C) 2017 Micro Focus

22 Security Monitoring for Hybrid IT Applies to public, private and legacy systems Proactive security monitoring mechanisms and approaches can spot and fight attacks in a timely manner Security orchestration, automation, and response (SOAR) solutions can provide efficiencies and repeatability in the handling of high fidelity alerts Security Monitoring Amazon EC2 AWS IAM Amazon CloudWatch AWS CloudTrail 22

23 Enterprise Security Platform in support of Hybrid IT IDENTITY & ACCESS APP SECURITY Static, Dynamic, & Runtime application testing Application security-as-aservice DATA SECURITY Data de-identification (encryption/tokenization) Key management Hardware-based trust assurance Messaging security Adaptive Identity governance Adaptive access management Adaptive privileged users ANALYTICS & MACHINE LEARNING ENDPOINT SECURITY Lifecycle management Patching & containerization Application virtualization Mobile & server management SECURITY OPERATIONS Real-time detection Workflow automation Open source data ingestion Hunt and investigation 23

24 Thank You. #MicroFocusCyberSummit

25 #MicroFocusCyberSummit