On-premises, IaaS, PaaS and SaaS Rob Aragao & Stan Wisseman - - PowerPoint PPT Presentation

#MicroFocusCyberSummit

The Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaS

Rob Aragao & Stan Wisseman

2

Primary Goal of Businesses Today

Drive Digital Transformation !!

3

For Most Organizations, Digital Transformation = Hybrid IT

Hybrid means working with a wide variety of deployment models Designing a payment structure that works within OpEx and CapEx budgets Transformations even with increased demands to drive down IT costs Downward pressure to implement the latest features and functionality into systems Huge increase in data coming into and through your environments

Multiple consumption and financing options Lower IT run budgets Multiple deployment models Pressures to innovate IoT proliferation

The Idea Economy

• Apps Driven
• Agility Focused

Cloud Apps

Traditional Business

• Ops Driven
• Cost Focused

Traditional Apps How can I support both?

?

Organizations Want Hybrid IT

However, many have bi-modal IT operations that won’t scale

Percentage of IT Spend

60% 1 40% 1

Budget Owners Head of IT /CIO Finance, HR, Marketing, Operations, Engineering 2015 Budget Growth 3% 1 12% 1 Managed Systems

Core IT Systems, Data Centers, Infrastructure, ERP

App Dev, Mobile Sites, e-Commerce Sites, Web Business Apps Business Outcome Business as Usual, Keep the Lights On, Improved User Experience Disruptive Innovation, New Business Process, Competitive Advantage

1= Source CEB Analyst Group (UK based)

5

Challenges with the Current State

Multiple pools of IT resources

• Results in under utilization of costly assets
• Unique characteristics of underlying assets

Regulatory & compliance challenges

• No centralized view into data integrity & security
• Difficulties in meeting compliance timeframes

Unique management and security

• No consistency in management tools/procedures
• Inconsistent security creates vulnerabilities
• 3rd party security or data sovereignty challenges

High long-term cost of ownership

• Multiple environments for IT to learn & manage
• Escalating costs of public cloud at scale

A Preferred Architecture Has Evolved in Most Organizations

PaaS

IaaS SaaS On- prem

IaaS is adopted for rapid provisioning of compute, storage, and network resources Common business processes (such as CRM, marketing, and human resources) are migrated to various SaaS services

On-premises servers, storage, and networks are maintained for high-value/high-risk workloads (such as financial data and intellectual property)

PaaS is used for rapid application development and testing before apps are moved to their best execution venue

Source: Dimensional Research – Hybrid Cloud Usage Poses New Challenges for Monitoring Solutions – March 2018

• 92% of organizations are using

multiple cloud vendors

• 88% of cloud-based apps share data

and services with on-premise apps

• 64% of cloud-based apps share data

and services with other cloud-based apps

• The #1 monitoring need for hybrid

environments is Security Monitoring

7

What We Are Seeing

Source: Dimensional Research – Hybrid Cloud Usage Poses New Challenges for Monitoring Solutions – March 2018

8

Complexities Involved with a Hybrid Architecture

Source: 451 Research

Hybrid IT Opens Up Many Opportunities … But it Can Also Expose the Enterprise to Greater Risk

Cloud

Identities Applications Data Secure

On-Premises

10

Top Security Concerns for an Evolving Hybrid Infrastructure

Maintain consistent access security and authorization controls across environments Secure movement of data and workloads across environments Secure data residing and processed in a third-party or hosted environment Maintain consistent network security policies for security domains Ensure compliance with regulatory and policy requirements

Source: 451 Research

Hybrid IT Attacks

Cloud Infrastructure Internet Inbound Attacks: Port Scanning Distributed Denial Of Service SSH/RDP Brute-Force Poor Configurations Advanced Persistent Threats Zero Day Exploits Unpatched VM images Targeting Trust Perimeter: Hypervisor Breakout Exposed Servers Default Configurations Data Exposure Weak Internal Security On-Cloud Services (Workloads, Systems, Applications, Data) Targeting Cloud Services: On-Cloud Pivot Cross-Tenant Attack Insecure Usage Outbound Attacks: Bot Net Zombies Distributed Denial of Service Port Scanning SSH/RDP Brute Force Advanced Persistent Threat Zero Day Phishing / Malware Hosting Infrastructure Attacks: Privilege Escalation Stolen Credentials Known Attack Vectors Poor System Configurations Under-Cloud Pivot Isolation Failures

Assess security investments and posture

• How will attacks likely occur? How will you spot them on each

platform? What corrective action will you take?

Transform from silos to a comprehensive view

• On-prem traditional systems, SaaS, IaaS, and PaaS all of which

should fall under the same security umbrella

Optimize to proactively improve security posture Manage security effectively

• Including internal SLAs and SLAs related to cloud providers. Maintain SLAs

in the context of your security program

Establish a Risk-based Approach

Actionable Security Intelligence

Moving from Reactive to Proactive Information Security & Risk Management

13

Security Management Has also Moved to a New Level

• f Complexity!

Data Applications Identities

Essential to Enterprise Digital Transformation

Secure and enable the relationships between identities, applications, and data… regardless of how

• r where things are deployed

Cloud

Identities Applications Data

&

Secure

On-Premises

Empower

15

Simplified Security for Hybrid IT Environments

Need a single security toolset that covers public, private, and on-premises systems

Source: David Linthicum, “How to choose the right security toolset for hybrid cloud”

An Identity-Centric Approach

A Desired State

• Scale
• Centrally managed identities

providing a single view

• Multiple delivery models

(on-prem, SaaS, hybrid)

• Clear roles and relationships

modelled

• Risk based adaptive security
• Business benefit – solution

architecture

• Clear consistent governance,

privacy controls and privilege management implementations

• Experience embedded at the

beginning

Employees

Identity Powered Security

Customers

B2C

Partners

B2B

IDENTITY IDENTITY IDENTITY

Cloud based IDaaS services can provide core capabilities, but is not suited for complex requirements. Hybrid IAM can offer the best of both.

CLOUD

Data hosted in the cloud Less staff required to maintain Often limited to cloud access management Not suited to complex on-premise use case Standard solution

HYBRID

Data hosted where desired Less staff required to maintain Support for cloud, on-prem, and custom applications and processes Well suited for complex on-premises use cases Standard though extensible solution

ON-PREMISE

Data hosted on-prem Internal staff to maintain Support for cloud, on-prem, and custom applications and processes Well suited for complex on-premises use cases Flexible/extensible solution

IAM as a Service Deployment Architecture

Hybrid IAM as a Service Solution

Client Premises

Secure Connection

Cloud

SSO

Provisioning De- Provisioning Access Management Governance

SSPR 2FA Federation PAM

LDAP JDBC

Customized Connectors

Password Update

On Premise IDP

Hosted Apps

Customers, Clients, External and Remote Users

Authenticate Browser Mobile Device

Enterprise Clients

Local/Internal Authentication

• Policy Engines
• Workflow
• User Self Service
• Administration
• Reporting
• Compliance Dashboards

On Premise Resources

Resource 1 Resource 2 Resource 3 Contractor Database Authentication and Self Service in cloud IAS for accessing internal, external and SaaS applications Secure communication to execute policies on premise Identity Synchronization to cloud

Secure Software Development

Design apps securely and to run in Hybrid IT environments

Attacker Software & data Hardware Network

Intellectual property Customer data Business processes Trade secrets

Data Security

Protecting information wherever it resides

Your Telco’s information about your account Banks’ data about your finances and accounts Your interactions with SaaS applications

Your customers’ data. Your organizational data.

Your private email to and from your smartphone Your credit rating information Your email correspondence Health records your care provider manages for you Payments made to you

21

What does contemporary data-security enable?

Securing government & defense health data privacy Private-public data sharing for AI insights and big data & IoT Adopt xaaS IT solutions for hybrid computing opex economies Modernizing security for legacy data security risks

(C) 2017 Micro Focus

Enabling security leaders to say “Yes” to business demands

• Applies to public, private and

legacy systems

• Proactive security monitoring

mechanisms and approaches can spot and fight attacks in a timely manner

• Security orchestration,

automation, and response (SOAR) solutions can provide efficiencies and repeatability in the handling of high fidelity alerts

22

Security Monitoring for Hybrid IT

AWS IAM Amazon EC2 AWS CloudTrail Amazon CloudWatch

Security Monitoring

23

Enterprise Security Platform in support of Hybrid IT

ANALYTICS & MACHINE LEARNING APP SECURITY DATA SECURITY SECURITY OPERATIONS IDENTITY & ACCESS ENDPOINT SECURITY

• Data de-identification

(encryption/tokenization)

• Key management
• Hardware-based trust assurance
• Messaging security
• Static, Dynamic, & Runtime

application testing

• Application security-as-a-

service

• Lifecycle management
• Patching & containerization
• Application virtualization
• Mobile & server management
• Adaptive Identity governance
• Adaptive access management
• Adaptive privileged users
• Real-time detection
• Workflow automation
• Open source data ingestion
• Hunt and investigation

Thank You.

#MicroFocusCyberSummit

#MicroFocusCyberSummit