modern web access management zero trust security from on
play

Modern Web Access Management Zero Trust Security from onpremises to - PowerPoint PPT Presentation

Oct 08, 2022 •261 likes •529 views

Modern Web Access Management Zero Trust Security from onpremises to the Cloud Single Sign On, Access Controls, Session Management and how to use Access Management to protect applications both on premises and in the Cloud Agenda

  1. Modern Web Access Management ‐ Zero Trust Security ‐ from on‐premises to the Cloud Single Sign On, Access Controls, Session Management and how to use Access Management to protect applications both on premises and in the Cloud

  2. Agenda 1.Zero Trust Web Access Management 2.The Access Management Transformation – moving applications from the data center to the Cloud with Zero Trust Security 2 www.idfconnect.com

  3. Part 1 – Zero Trust Web Access Management 3 www.idfconnect.com

  4. Why Web Access Management? Ensure EVERY request is vetted and scored before Ensure EVERY request is vetted and scored before ever touching your application ever touching your application (Use a “Zero Trust” Architecture) (Use a “Zero Trust” Architecture) Central enforcement and audit of access policies Central enforcement and audit of access policies and activity and activity Continuous Authentcation, Single Sign On, Session Continuous Authentcation, Single Sign On, Session Management,and across all apps EVERYWHERE Management,and across all apps EVERYWHERE 4 www.idfconnect.com

  5. Applications in the Traditional Data Center SSO‐ Access Integrated Mgmt Access Management Agent / Proxy Apps Traffic (vendor‐specific) Active Directory SSO‐ Access Database, etc. Integrated Mgmt Local Users Agent / Proxy Apps SSO‐ Access Integrated Mgmt Agent / Proxy LDAP Apps Access Local Users Manager 5 www.idfconnect.com

  6. 5 Modern Access Management Challenges Applications in the Cloud "Agent‐less" Infrastructure AJAX / Mobile / Thick Client Application Integration Use Cases Server‐side Application Access Management Integration as‐a‐Service 6 www.idfconnect.com

  7. A Complete Zero Trust Access Management Solution 01 06 Authentication Centralized Management Audit 05 02 Web Access Session Management Access Control Management Enforcement Risk Scoring Single 04 03 & Analytics Sign On 7 www.idfconnect.com

  8. Common Access Management Gaps in the Cloud 01 06 Authentication Centralized Centralized Management Audit Audit 05 02 Web Access Management Session Session Access Control Access Control (Gaps in the Management Maximum Enforcement Enforcement Time‐to‐Live Cloud) Risk Scoring Idle Session Single 04 03 & Analytics Timeout Sign On 8 www.idfconnect.com

  9. The IDF Connect Solution – SSO/Rest A Rest based‐ lightweight Modern engineering – SSO/Rest combines existing B orchestration, metrics, analytics and emerging technologies to extend the perimeter of your Easy to use, handles latency, C transparent…. IAM solution safely and securely into your public Cloud D Risk scoring, strong platforms authentication SSO/Rest! 9 www.idfconnect.com

  10. But… is this just Federation? NO! Ticket Continuous authentication or Claims‐ Perimeter access management based approaches Block attacks before they touch your applications are not enough: Application security alone is not enough 10 www.idfconnect.com

  11. Remember: Federation is NOT the Same as Web Access Management Federation Web Access Management (WAM) future business www.yourwebsite.com future business www.yourwebsite.com Policy Enforcement Point (PEP) Authentication Policy Decision Point (PDP) One‐time handoff from partner IDP Perimeter Defense Access control Limited logout capability Session lifecycle Audit management 11 www.idfconnect.com

  12. Proven Success Stories Seamless and Secure Integration Fortune 50 retail company makes an acquisition, and has HTML5 js CSS3 seamlessly and securely integrated the new web apps with its XML eCommerce portal, without having to bring the apps in‐house PHP Cloud or creating a VPN to the new company Acquired Company Existing Web Apps eCommerce Portal Successfully Moving .Net applications to Microsoft Azure ASP.NET .NET Fortune 50 finance company successfully moves its .Net C# IIS applications to Microsoft Azure while preserving all of its SSO integrations, authentication and access policies, and audit capabilities .Net Applications Microsoft Azure 12 www.idfconnect.com

  13. You should be interested in this technology if… • You have an existing SSO/WAM solution and are moving applications to the Cloud • You want or need the assurance that every request is VETTED and SCORED before ever touching your application • You require fine grained access controls and centralized policy management • You require a complete audit trail of end‐user activity within a given session • You need a web access management solution that is modern and leverages today’s tools and capabilities (e.g. ELK, Docker, Kubernetes) • You are interesting in offering Web Access Management as a managed service • You have an API Gateway and want a modern Policy Decision Point for its Auth & Auth requirements • You are building rich applications (mobile, AJAX) and require web services for all manner of seamless access management integrations 13 www.idfconnect.com

  14. Part 2 The Access Management Transformation Moving applications from the data center to the Cloud with Zero Trust Security 14 www.idfconnect.com

  15. Zero Trust Security in any Cloud Data Center Application SSO integration requests to SSO/Rest (optional) External Firewall IDF Connect SSO/Rest Gateway Application IDF Connect 1 in the SSO/Rest SSO/Rest Plugin Plugin (JSON over HTTPS) Cloud Browser HTTP(s) requests to application Internal Firewall PEP to PDP Browser AJAX SSO integration Traffic requests to SSO/Rest (optional) • SSO/Rest w/ XACML engine • CA SSO • Oracle AM Policy Decision • OpenAM Point 15 www.idfconnect.com

  16. Data Center IDF Connect SSO‐ SSO/Rest IDF Connect SSO/Rest Plugin Integrated Gateway SSO/Rest (JSON over HTTPS) Apps Plugin SSO‐ Policy Active Directory Integrated Enforcement Database, etc. Point Apps Local Users SSO‐ Policy Integrated Enforcement LDAP Point Apps Policy Decision Local Users Point 16 www.idfconnect.com

  17. Cloud Platform Data Center SSO/Rest Plugin IDF Connect (JSON over HTTPS) SSO/Rest SSO‐ Gateway IDF Connect Integrated SSO/Rest Apps Plugin SSO‐ Policy Active Dir, Integrated Enforcement Database etc. Point Apps Local Users SSO‐ Policy Integrated Enforcement LDAP Point Apps Policy Decision Local Users Point 17 www.idfconnect.com

  18. Data Center SSO‐ IDF Connect IDF Connect Integrated SSO/Rest XACML SSO/Rest SSO/Rest XACML Apps Plugin SSO/Rest Plugin Policy Store Gateway queries (JSON over HTTPS) Policy Evaluation SSO‐ IDF Connect Integrated Active Dir, SSO/Rest Apps Plugin Database etc. Local Users SSO‐ Policy Integrated Enforcement LDAP Point Apps Policy Decision Local Users Point 18 www.idfconnect.com

  19. Data Center SSO‐ SSO/Rest XACML IDF Connect IDF Connect queries Integrated SSO/Rest XACML SSO/Rest Apps Plugin SSO/Rest Plugin Authentication Policy Store Gateway (JSON over HTTPS) Session tokens only! SSO‐ IDF Connect Policy Active Dir, Integrated SSO/Rest Evaluation Databases, etc. Apps Plugin Local Users SSO‐ Policy Integrated Enforcement LDAP Point Apps Policy Decision Local Users Point 19 www.idfconnect.com

  20. Data Center Authentication Cloud Multi‐Factor Authentication SSO‐ IDF Connect IDF Connect Integrated SSO/Rest XACML SSO/Rest SSO/Rest XACML Apps Plugin SSO/Rest Plugin Policy Store queries Gateway (JSON over HTTPS) Session tokens only! SSO‐ IDF Connect Active Dir, Integrated SSO/Rest Database, etc. Cloud Directory / Apps Plugin IDaaS Provider Local Users Policy Evaluation SSO‐ Policy Integrated Enforcement LDAP Point Apps Policy Decision Local Users Point 20 www.idfconnect.com

  21. Data Center Authentication Cloud Multi‐Factor Authentication SSO‐ IDF Connect IDF Connect Integrated SSO/Rest XACML SSO/Rest SSO/Rest XACML Apps Plugin SSO/Rest Plugin Policy Store queries Gateway (JSON over HTTPS) Session tokens only! SSO‐ IDF Connect Active Dir, Integrated SSO/Rest Database, etc. Cloud Directory / Apps Plugin IDaaS Provider Local Users Policy Evaluation SSO‐ IDF Connect Integrated SSO/Rest LDAP Apps Plugin Policy Decision Local Users Point 21 www.idfconnect.com

  22. Data Center Authentication Cloud Multi‐ Factor Authentication SSO‐ SSO/Rest Plugin IDF Connect (JSON over HTTPS) IDF Connect Integrated SSO/Rest SSO/Rest SSO/Rest XACML Apps Plugin queries Gateway SSO‐ Policy Cloud Directory / IDF Connect Integrated Evaluation IDaaS Provider XACML SSO/Rest Policy Store Apps Plugin SSO‐ IDF Connect Integrated SSO/Rest Apps Plugin 22 www.idfconnect.com

  23. Complete enterprise‐grade IAM‐as‐a‐Service! Cloud Multi‐ Cloud Directory / Factor IDaaS Provider Authentication Data Center SSO‐ IDF Connect Integrated SSO/Rest SSO/Rest Plugin Cloud Access Apps Plugin (JSON over HTTPS) Management Service SSO‐ IDF Connect Integrated SSO/Rest Apps Plugin SSO‐ IDF Connect Integrated SSO/Rest Apps Plugin 23 www.idfconnect.com

  24. Platform support Web Servers: App Servers: Web services for all manner of integrations App Platforms: …and other thick clients! 24 www.idfconnect.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

VisITMeta Visualizing the security of modern IT environments by using metadata Project

VisITMeta Visualizing the security of modern IT environments by using metadata Project

VisITMeta Visualizing the security of modern IT environments by using metadata Project presentation Bastian Hellmann Trust@FHH Research group Hochschule Hannover May 30th, 2012 6th ESUKOM Workshop, Nuremberg Trust@FHH B. Hellmann

378 views • 20 slides
Sponsors.. A well-defined security plan? A document with Security Plan on the top of it

Sponsors.. A well-defined security plan? A document with Security Plan on the top of it

Sponsors.. A well-defined security plan? A document with Security Plan on the top of it SURVEY SAYS Identity & Access Management Multi-Factor Authentication Life Cycle Management Network Access Control

382 views • 24 slides
Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL

Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL

Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL Bob Morgan University of Washington and Internet2 TERENA TF-EMC2 Florence, Italy March 2007 Trust management in SAML Trust management in SAML

566 views • 9 slides
#MicroFocusCyberSummit Access Management: The Glue between Business Value and Security Kent

#MicroFocusCyberSummit Access Management: The Glue between Business Value and Security Kent

#MicroFocusCyberSummit Access Management: The Glue between Business Value and Security Kent Purdy Chan Yoon Product Marketing Manager Director of Product Management #MicroFocusCyberSummit security leaders regard achieving and 68 %

700 views • 26 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides
Outline Capability-based access control CSci 5271 OS trust and assurance Introduction to

Outline Capability-based access control CSci 5271 OS trust and assurance Introduction to

Outline Capability-based access control CSci 5271 OS trust and assurance Introduction to Computer Security Day 11: OS security: higher assurance Assignment debrief and announcements Stephen McCamant University of Minnesota, Computer Science

534 views • 8 slides
Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust Today

Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust Today

Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust Today Today 1. Review/Summary of security technologies Crypto and certificates 2. Combination of techniques in SSL The basis for secure HTTP, ssh

564 views • 40 slides
Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONEs Security Anders Dalskov

Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONEs Security Anders Dalskov

Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONEs Security Anders Dalskov Claudio Orlandi Aarhus University RWC 2018 Agenda I A Threat Model for Encrypted Cloud Storage (ECS). I A high-level look into a modern ECS service

770 views • 47 slides
Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal

Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal

Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal Holloway, University of London 7th International Workshop on Security and Trust Management Risk-Aware RBAC Introduction Introduction

604 views • 16 slides
Outline OS trust and assurance CSci 5271 Introduction to Computer Security Announcements

Outline OS trust and assurance CSci 5271 Introduction to Computer Security Announcements

Outline OS trust and assurance CSci 5271 Introduction to Computer Security Announcements intermission Day 11: OS security: higher assurance Stephen McCamant Unix access control University of Minnesota, Computer Science & Engineering

401 views • 6 slides
Meta-data management issues underpinning Grid and P2P development Experiences from GRASP,

Meta-data management issues underpinning Grid and P2P development Experiences from GRASP,

Meta-data management issues underpinning Grid and P2P development Experiences from GRASP, SWAD-Europe, PELLUCID and CORAS projects at CCLRC/BITD Emphasis: trust & security policy management Emphasis: trust & security policy management

1.09k views • 39 slides
User Access Administrator (UAA) Form and Access to Resource Interconnection Management System

User Access Administrator (UAA) Form and Access to Resource Interconnection Management System

User Access Administrator (UAA) Form and Access to Resource Interconnection Management System (RIMS 5) Massih Ahmadi 11/28/2017 <add security classification here; go to View, then click on <add security classification here; go to View,

567 views • 17 slides
The Role of Trust Management in Distributed Systems Security (KeyNote) Darrell Hyatt

The Role of Trust Management in Distributed Systems Security (KeyNote) Darrell Hyatt

The Role of Trust Management in Distributed Systems Security (KeyNote) Darrell Hyatt Introduction For secure distributed systems, ACLs are inadequate Password-based protocols are insecure in a networked environment Centralized

252 views • 12 slides
Outline Multilevel and mandatory access control CSci 5271 Capability-based access control

Outline Multilevel and mandatory access control CSci 5271 Capability-based access control

Outline Multilevel and mandatory access control CSci 5271 Capability-based access control Introduction to Computer Security Announcements intermission Day 11: OS security: higher assurance Stephen McCamant OS trust and assurance University

303 views • 9 slides
Cyber Security A Modern Tale of a Dissonant Relationship BTB Security and me BTB Security

Cyber Security A Modern Tale of a Dissonant Relationship BTB Security and me BTB Security

Cyber Security A Modern Tale of a Dissonant Relationship BTB Security and me BTB Security Founded in 2006 Technical security services, MDR Me Ron Schlecht German word for BAD Ron.Schlecht@btbsecurity.com

432 views • 8 slides
Metastore About Metastore Solutions Timeline Mainframe ICT Security Threat and Vulnerability

Metastore About Metastore Solutions Timeline Mainframe ICT Security Threat and Vulnerability

Metastore About Metastore Solutions Timeline Mainframe ICT Security Threat and Vulnerability Management z/OS Security Management Identity, Access and Entitlement Management z/OS Operations Management 1992 2016 Windows Server Data

304 views • 9 slides
For personal use only NWR Small Cap Virtual Conference RCW:ASX | 26 March 2020 Agenda For

For personal use only NWR Small Cap Virtual Conference RCW:ASX | 26 March 2020 Agenda For

For personal use only NWR Small Cap Virtual Conference RCW:ASX | 26 March 2020 Agenda For personal use only Covid-19 Update RightCrowd Market Financial Information Summary Covid-19 Update For personal use only RightCrowd overseas office

472 views • 20 slides
Learning Objectives At the end of the this session, Participant will: Have introduction to

Learning Objectives At the end of the this session, Participant will: Have introduction to

SDiB ( Safety Design in Buildings) Access Control & Egress Planning Altaf A. Afridi, PMP, LEED AP, FDAI June 2014 altaf.afridi@dorma.com, 00971-50-5507892 Learning Objectives At the end of the this session, Participant will: Have

954 views • 46 slides
Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F.

Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F.

Photos placed in horizontal position with even amount of white space between photos and header Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F. Clem IAEA-CN-254-298 Sandia National Laboratories is

503 views • 17 slides
Electronic Access Control Policy Presented by Thomas Sonoff, Director of College Safety What is

Electronic Access Control Policy Presented by Thomas Sonoff, Director of College Safety What is

Electronic Access Control Policy Presented by Thomas Sonoff, Director of College Safety What is Access Control The ability to regulate or restrict building access via a centralized electronic control system Electronic Access Control System

292 views • 4 slides
SMO Airport Security Enhancement Project ITEM 5(c) Presented to: Santa Monica Municipal

SMO Airport Security Enhancement Project ITEM 5(c) Presented to: Santa Monica Municipal

SMO Airport Security Enhancement Project ITEM 5(c) Presented to: Santa Monica Municipal Airport January 28, 2019 723 East Green Street, Pasadena, CA 91101 Agenda 1. Introductions 2. Project Background a. Contract Scope b. Project

297 views • 12 slides
Access Control in a Decentralized Collaboration Platform Nicolas Ritter Professor: Supervisor:

Access Control in a Decentralized Collaboration Platform Nicolas Ritter Professor: Supervisor:

Access Control in a Decentralized Collaboration Platform Nicolas Ritter Professor: Supervisor: Bryan Ford Kirill Nikitin DEDIS DEDIS Introduction - Peerdoc platform 2 Introduction - The cost of centralization Having to share potentially

448 views • 20 slides
ISONAS ACCESS CONTROL IP TO THE DOOR About ISONAS In business 13 years consulting lead

ISONAS ACCESS CONTROL IP TO THE DOOR About ISONAS In business 13 years consulting lead

ISONAS ACCESS CONTROL IP TO THE DOOR About ISONAS In business 13 years consulting lead to innovation and establishment of ISONAS as it exists today Growing dramatically Greater than +40% yr/yr revenue growth each of the last 3

576 views • 18 slides
MaxSec Merger Update www.fftsecurity.com Forward Looking Statements This presentation is given

MaxSec Merger Update www.fftsecurity.com Forward Looking Statements This presentation is given

MaxSec Merger Update www.fftsecurity.com Forward Looking Statements This presentation is given on behalf of Future Fibre Technologies Limited (FFT). Information in this presentation is for general information purposes only, and is not an offer

299 views • 16 slides

More recommend