Securing the Mobile, Cloud-connected Enterprise
What is a Mobile, Cloud-connected Enterprise? The rise of mobile users and apps, coupled with the continued growth in software as a service (SaaS), has transformed traditional business environments. Enterprise applications and data no longer reside exclusively on-premise and within the confines of a network perimeter. Today s successful and innovative businesses are mobile and cloud-connected. According to a recent Ponemon study, 79% of organizations are using SaaS.1 And by 2020, there will be 50 billion connected devices.2 Not surprisingly, businesses are feeling the pressure to deliver new applications and to provide anywhere, anytime access to all users from any device. 1 2 Ponemon Institute, Security of Cloud Computing Users Study, March, 2013. CA Technologies, TechInsights Research: Enterprise Mobility It s All About the Apps, November, 2013. As IT races to enable the business through the deployment of cloud services and the accommodation of mobile users, it must also continue to protect critical business assets. The externalization of applications and data outside of the enterprise perimeter has resulted in a fragmented and dispersed IT environment. As a result, the security models of the past do not necessarily apply to today s more distributed IT environments. 79% of organizations are using SaaS By 2020, there will be 50 billion connected devices 02
Identity Is the New Network Perimeter In this new hybrid IT environment where data exists on-premise, in the cloud or both, and geographically dispersed, highly mobile employees, partners and customers gain access to these resources from a variety of devices the one constant is identity. In short, identity has become the new network perimeter. By establishing a centralized Identity Access Management (IAM) service across this hybrid IT environment, it is possible to: Set context-based authentication requirements Grant appropriate user access to select enterprise resources Audit user activity Centrally disable user access when needed Simplify user experience through single sign-on (SSO) and federation Customer Partner user Mobile employee Internal employee Identity is the New Perimeter Cloud Apps/Platforms & Web Services SaaS Enterprise Apps On-premise 03
The Needs of a Mobile, Cloud-connected Enterprise So, how can IT better meet the needs of the mobile, cloudconnected business? To understand, organizations must evaluate the challenges imposed by mobile and the cloud and determine how the enterprise can address these barriers successfully. To meet this growing demand, businesses must: Today, employees and partners are demanding access to new applications and services that can increase productivity, improve operational efficiencies and create new revenue streams. Additionally, the proliferation of mobile devices has created an expectation for an always-on and always-available state of access to enterprise resources. Adopt cloud Services Cloud computing allows businesses to quickly implement new services and applications that increase user capability and productivity. Facilitate Collaboration Organizations need to collaborate internally, as well as with partners and customers to reach new markets, grow the business and maintain user satisfaction. Enable Mobility More than half of all network devices are wireless, and that figure will continue to rise. 3 Streamline and Govern User Access IT needs a quick and automated way to provide secure and appropriate employee, partner and customer access to enterprise systems. 3 Greengard, Samuel, Pervasive Mobility Creates New Business Challenges, Baseline. 2013. 04
What Challenges Stand in the Way? Before an organization can make the necessary initiatives a reality, IT must first overcome the associated obstacles. In many cases, concerns over security and its usability have inhibited the growth of the mobile, cloud-connected enterprise. In fact, 46% of surveyed IT professionals reported that the adoption of cloud services has stopped or slowed as a result of security concerns. 4 What challenges stand in the way? Click to review additional information. Difficulty Enabling Mobility Without Increasing Risk Inability to Quickly Leverage New Cloud Computing Services The cause: The proliferation of personal devices and the lack of enterprise visibility into and control of these devices The inability to confirm that the device owner is the device user Potential data loss from mobile device loss or theft Inability to Enable Secure Collaboration Quickly Costly Identity Administration 4 Ponemon Institute, Security of Cloud Computing Users Study, March, 2013. 05
What Challenges Stand in the Way? Before an organization can make the necessary initiatives a reality, IT must first overcome the associated obstacles. In many cases, concerns over security and its usability have inhibited the growth of the mobile, cloud-connected enterprise. In fact, 46% of surveyed IT professionals reported that the adoption of cloud services has stopped or slowed as a result of security concerns. 4 What challenges stand in the way? Click to review additional information. Difficulty Enabling Mobility Without Increasing Risk Inability to Quickly Leverage New Cloud Computing Services Inability to Enable Secure Collaboration Quickly The cause: The lack of consistent security across on-premise and cloud environments The inability to centrally manage cloud services Concerns over increased risk of data loss or theft from moving to the cloud Costly Identity Administration 4 Ponemon Institute, Security of Cloud Computing Users Study, March, 2013. 06
What Challenges Stand in the Way? Before an organization can make the necessary initiatives a reality, IT must first overcome the associated obstacles. In many cases, concerns over security and its usability have inhibited the growth of the mobile, cloud-connected enterprise. In fact, 46% of surveyed IT professionals reported that the adoption of cloud services has stopped or slowed as a result of security concerns. 4 What challenges stand in the way? Click to review additional information. Difficulty Enabling Mobility Without Increasing Risk Inability to Quickly Leverage New Cloud Computing Services Inability to Enable Secure Collaboration Quickly The cause: The struggle to control usage of sensitive data across mobile and cloud platforms Cumbersome manual processes to enable secure user access to data across security domains Difficulties incorporating higher level authentication Costly Identity Administration 4 Ponemon Institute, Security of Cloud Computing Users Study, March, 2013. 07
What Challenges Stand in the Way? Before an organization can make the necessary initiatives a reality, IT must first overcome the associated obstacles. In many cases, concerns over security and its usability have inhibited the growth of the mobile, cloud-connected enterprise. In fact, 46% of surveyed IT professionals reported that the adoption of cloud services has stopped or slowed as a result of security concerns. 4 What challenges stand in the way? Click to review additional information. Difficulty Enabling Mobility Without Increasing Risk Inability to Quickly Leverage New Cloud Computing Services Inability to Enable Secure Collaboration Quickly Costly Identity Administration The cause: The inability to quickly and accurately answer, Who has access to what? Manual time-consuming processes for provisioning users to new apps and services Increasing audit and compliance reporting requirements 4 Ponemon Institute, Security of Cloud Computing Users Study, March, 2013. 08
Four Ways to Secure the Mobile, Cloud-connected Enterprise The right IAM solution can help organizations secure the mobile, cloud-connected enterprise in four ways: Secure access to new applications by leveraging cloud-based IAM services that uniformly manage risk across all environments cloud and on-premise. Enable mobile use by extending advanced, easy-to-use authentication into the mobile channel. Improve secure collaboration with strong, non-intrusive and consistent methods of authentication across all channels. Streamline and govern user access by centralizing and automating processes like user provisioning and entitlement certification. The following pages explore these topics in greater detail and illustrate the critical role IAM plays in securing the mobile, cloud-connected enterprise. 09
Secure Access to New Applications The reality for most organizations is that they are managing a highly distributed heterogeneous, hybrid IT environment that is a mix of on-premise apps and SaaS services. IT professionals are tasked with extending and ensuring that the same policies and procedures for on-premise security systems apply to the cloud. The right IAM solution can unify security across the cloud and on-premise environments, keeping risks in check and enabling greater business agility. What capabilities to look for Centralized Provisioning: Provisioning automates the process of adding, modifying and deleting user accounts across on-premise apps and the cloud. Robust Identity Governance: Ability to verify that users access to on-premise and cloud apps is appropriate with their job function or role. Federated SSO: Universal SSO across cloud services and on-premise applications. What s to gain? Increased business agility Risk mitigation Improved user productivity Reduced administrative costs 10
Improve Secure Collaboration Collaboration is key to productivity. According to Andrew Horne, U.K.-based managing director at CEB, 50% of successful performance now depends on it. 6 But questions remain: How does it deliver consistent and effective security to geographically dispersed users across various device channels? And, how does it prevent inappropriate access to and distribution of sensitive content? The answer lies in an IAM solution that provides flexible, risked-based authentication and identity and access management. What capabilities to look for Advanced Authentication: Risk-based authentication helps prevent malicious access or accidental use of an application by checking contextual factors, such as device ID, geo-location and IP address, to assess risk. Based on the assigned score, a stronger form of authentication such as two-factor verification may be required. Data Protection: Provides automatic classification and encryption of sensitive information. Access to files is based not only on the privileges of the user, but also on the sensitivity of the content. Federated SSO: Allows users to authenticate once and securely access multiple applications and data across partner sites. What s to gain? End-to-end security across device channels Insiders Consumer Partner User Mobile Employee Internal Employee Classification of Sensitive Data PII, IP, NPI, PCI, etc Encryption E-mail Policy-based control Risk reduction through stronger centralized controls over data Consistent and hassle-free user experiences 6 InformationWeek, CIOs Ignore Collaboration Tools Too Much, CEB Says, January, 2013. 11
Enable Mobile Employees The business world is undeniably on the go. As a result, corporate mobile device management is oftentimes not permitted. The right IAM solution can extend the reach of business into mobile environments while mitigating risks. What capabilities to look for Advanced Authentication: Through mechanisms such as two-factor and risk-based authentication, it is possible to securely authenticate a user to a device and an application. Mobile SSO: Extends the SSO policies of an enterprise into the mobile environment to maintain ease-of-access and a consistent user experience. Identity Management Mobile Environments: Ability to offer functions such as user self-service from the convenience of mobile devices to increase productivity. What s to gain? Enhanced employee productivity Improved user experiences Risk reduction Extended mobile reach 12
Streamline and Govern User Access In today s mobile, cloud-connected enterprise, manual identity management and access governance is a costly endeavor that consumes IT resources and opens the enterprise to risk. An effective IAM solution provides quick and automated mechanisms to grant users access to enterprise systems. Additionally, automated monitoring of user entitlements helps to ensure the right users have access to the appropriate enterprise resources. What capabilities to look for Automated Provisioning: Ability to provide centralized policy-based user provisioning and management. Automated Entitlement Certification: Capacity to automate entitlement certification processes with analytics and ongoing review of user s access to IT resources. Interoperability: Support for provisioning and governance across on-premise and cloud environments. Complete Identity Lifecycle Role Mining & Cleanup Ongoing Role-based user Refinement Provisioning What s to gain? Improved user productivity; grant users access to new apps in hours not weeks Reduced administrative overhead Simplified compliance audits Reduced risk generated by fewer users with excess privileges Automated Automated Entitlement Entitlement Certification Certification Centralized Centralized Identity Identity Administration Administration 13
About the Solutions from CA Technologies The CA Technologies IAM offering enables businesses to uniformly govern access to applications and services across cloud and on-premise IT environments. By automating such IAM functions as user provisioning and entitlement certification, organizations will experience an increase in operational efficiencies. The solution includes the following key components: CA Advanced Authentication delivers strong authentication capabilities, including unique two-factor credential and riskbased authentication. CA Identity Manager offers identity management, provisioning and user management capabilities. CA Identity Governance automates identity governance processes, including entitlements, certification and role management. CA Single Sign-on provides SSO, federation, authorization and session management. CA Privileged Identity Manager offers privileged user password management, fine-grained access control, user activity reporting and UNIX authentication bridging across servers, applications and devices from a central management console. CA Data Protection helps reduce the loss and misuse of data by controlling the information and access to it across the enterprise. CA Secure Cloud delivers a set of identity management, SSO and strong authentication capabilities as a hosted cloud service. 14
For More Information To learn more about CA Technologies mobile, cloud-connected IAM solution, visit ca.com/us/enterprise-access.aspx or call 1-800-255-5224. CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate across mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com. Copyright 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages. The information and results illustrated here are based upon the speaker s experiences with the referenced software product in a variety of environments, which may include production and nonproduction environments. Past performance of the software products in such environments is not necessarily indicative of the future performance of such software products in identical, similar or different environments. CS200-86777