Mais conteúdo relacionado Semelhante a Optimizing IAM with Single Sign-On From the Cloud to On-Premise (20) Optimizing IAM with Single Sign-On From the Cloud to On-Premise1. • Why SSO?
• A Challenge for the Enterprise
• Deployment models
• Hybrid IAM
• Q & A
Optimizing IAM with Single Sign-On from the Cloud to On-Premise
Copyright ©2013 Mycroft Inc. All rights reserved
2. Moderator
Shanley Stern, Sr. Director
Marketing, Mycroft Inc.
Presenter
Lester Rivera, Sr. Business Solutions Architect,
Mycroft Inc.
Presenter
Herb Mehlhorn, Product Manager,
CA Technologies
INTRODUCTIONS
Copyright ©2013 Mycroft Inc. All rights reserved
3. Why Single Sign-On?
WHY SSO?
A CHALLENGE FOR THE ENTERPRISE
DEPLOYMENT MODELS
HYBRID IAM
Q & A
Copyright ©2013 Mycroft Inc. All rights reserved
4. SSO – SIMPLY STATED
Copyright ©2013 CA. All rights reserved
Mobile
employee
or
Customer
Partner
User
Internal
Employee
Enterprise or
Partner Apps
Cloud
Apps/Platforms
& Web Services
SaaS
Data
Identities
App/Resource
App/Resource
ClientSide
5. A Challenge for the Enterprise
WHY SSO?
A CHALLENGE FOR THE ENTERPRISE
DEPLOYMENT MODELS
HYBRID IAM
Q & A
Copyright ©2013 Mycroft Inc. All rights reserved
6. WHAT TO LOOK FOR IN SSO PRODUCTS –
CLIENT SIDE
Copyright ©2013 CA. All rights reserved
User Administrator
Resources
Supported
Devices
Supported
User
Interfaces
Browser
Mobile
Application
Terminal
Emulator
Desktop/
Laptop Tablet
Smart
Phone
7. WHAT TO LOOK FOR IN SSO PRODUCTS –
RESOURCE SIDE
Copyright ©2013 CA. All rights reserved
User Administrator
Resources
Apps/Resources
Location of App
On Premise Partner Site
Partner App
Access Path
PaaS SiteSaaS App
Rest API via
Gateway
Http over corp.
Network
Http over
Internet
Web Services
8. WHAT TO LOOK FOR IN SSO PRODUCTS –
FROM CLIENT TO RESOURCE
Copyright ©2013 CA. All rights reserved
Administrator
Resources
Authentication
User Experience
User
Password SmartCard +
X.509
ArcotID®
OpenID
OAuth
Single Sign on
Personalized
Experience
Single Logoff
Enforcement
Context of the
authentication
Web Agent Proxy Gateway Native to the App
9. WHAT TO LOOK FOR IN SSO PRODUCTS –
ADMINISTRATION
Copyright ©2013 CA. All rights reserved
User Administrator
Resources
• Managing SSO
• Ability to manage the authentication and access via a UI or
programmatic interface
• …with efficiency
• for all resource types via a single UI
• for all access paths via a single UI
• for all authentication policies via single UI
• ….with confidence
• provide ability to flexibly segregate and delegate administration
• generating necessary log and audit data for governance and
compliance purposes
10. SSO also requires:
DON’T FORGET THESE OTHER KEY REQUIREMENTS
Copyright ©2013 CA. All rights reserved
User Administrator
Resources
Identity life cycle management
Effective monitoring
Efficient delivery if using physical authentication methods
11. WHAT’S AVAILABLE IN THE MARKET
Thick Client
SSO
Web/Html
Client SSO
TIME
Web/Html
Client SSO via
Federation
Web/SOAP
Client SSO via
WS-*
Web & Mobile
native SSO via
REST & API
• Similarities across each of these developments:
- SSO experience for the end user
- Needed security characteristics of the solution
• Differences
- Location of the resource
- Access path to the resource
Copyright ©2013 CA. All rights reserved
12. Deployment Models
WHY SSO?
A CHALLENGE FOR THE ENTERPRISE
DEPLOYMENT MODELS
HYBRID IAM
Q & A
Copyright ©2013 Mycroft Inc. All rights reserved
13. CHOOSE YOUR DEPLOYMENT MODEL
Copyright ©2013 Mycroft Inc. All rights reserved
On-Demand
• Deployed in third-
party datacenter
• Subscription pricing
model, no hardware
required
• Federated SSO
everywhere
• No VPN, no Firewall
changes
• Fully managed
On-Premise
• Deployed at
enterprise
datacenter
• Allows for
customization
• Requires
professional
services, longer
deployment
times
Hosted
• Deployed in third-
party datacenter
(private cloud)
• Connected to
enterprise thru
VPN
• Available as
Managed Service
14. CHOOSE YOUR DEPLOYMENT MODEL
Copyright ©2013 Mycroft Inc. All rights reserved
On-Demand
Important to me:
• Tactical solution
• Very quick to market
• OpEX rather than
CapEX
• Standardized & ooB
• Local market
• No hardware hassle
• Very small TCO
On-Premise
Important to me:
• Strategic solution
• Innovation
• Individuality
• Differentiate also
by services
• Tend to prefer
CapEx
• International
market
• Ownership
Hosted
Important to me:
• Quick time to
market
• Some individuality
• Some innovation
• Tend to prefer OpEx
• Sense of ownership
• TCO
• Differentiate from
competition by
assortment & price
15. HOW DO THEY COMPARE?
Not only about CAPEX vs. OPEX
• About optimizing 3 Es
• Effectiveness
• Economy
• Efficiency
On-Premise Hosted On Demand Benefits of Hosted
Infrastructure Hardware acquisition not
required
Implementation SMEs readily available
Operation 24x7 SOC, no internal
management needed
Security Top tier
Most effective, economical & efficient
More effective, economical & efficient
Effective, economical & efficient
Copyright ©2013 Mycroft Inc. All rights reserved
16. THINGS TO CONSIDER
SSO…is even MORE important
• Federate, Federate, Federate, Federate, Federate, Federate, Federate, F.E.D.E.R.A.T.E.
• Request for access needs to be simple, powerful, pervasive…not just about user accounts!
• SAML, OAuth, OpenID, WS-FED (Office365)
Provisioning goes Just-In-Time
• More SaaS applications supports it
• BUT, no real automated de-provisioning
Identity Governance continues to be important
• Governance, risk, & compliance (GRC)
• Ignores the enterprise “fence”; Data and users are mobile
Think APIs…Everything is an API
• Keep simple & authorize well
• BUT not every API requires user accounts; sometimes you authorize device, source, etc.
• AND sometimes the point is really identify the source
Security is Policy-based
• Security takes place outside of the app
• Programmatic vs. declarative
Copyright ©2013 Mycroft Inc. All rights reserved
17. Hybrid IAM
WHY SSO?
A CHALLENGE FOR THE ENTERPRISE
DEPLOYMENT MODELS
HYBRID IAM
Q & A
Copyright ©2013 Mycroft Inc. All rights reserved
20. A single log-on, launch any SaaS application available to you
Copyright ©2013 Mycroft Inc. All rights reserved
MYCROFT XSPECTRA ON-DEMAND SERVICE
21. IN A NUTSHELL
SSO…is critical
• Simple, powerful access to applications a single log on - whether on-premise, in the cloud or
hosted
• Increased user productivity & overall company efficiency
• Essential for security
Deployment Models
• Your organization has options
• Cloud vs on-premise vs on-demand. Examine the pros and cons as it relates to your
environment, as well as the overall efficiency, effectiveness & economy of each option
Hybrid IAM
• It doesn’t matter where your application is – behind the firewall or in the cloud
• Scalable – seamless end-user experience between on-premise & cloud-based applications
Security is Policy-based
• Security takes place outside of the app
• Programmatic vs. declarative
Copyright ©2013 Mycroft Inc. All rights reserved
22. Q & A
Contact Mycroft:
212-983-2656
info@mycroftinc.com
www.mycroftcloud.com
@MycroftXSpectra
Sales Inquiries:
Nicole Koopman
347-244-5481
Nicole.koopman@mycroftinc.com
Notas do Editor Proactive MonitoringIncident ManagementProblem Management & Problem ReportingProblem Resolution and RoutingChange ManagementRelease ManagementConfiguration ManagementService Level ManagementQuery ManagementService ReportingData Collection Development ManagementRequest Management