Download pptx - Optimizing IAM with Single Sign-On From the Cloud to On-Premise

• Why SSO?

• A Challenge for the Enterprise

• Deployment models

• Hybrid IAM

• Q & A

Optimizing IAM with Single Sign-On from the Cloud to On-Premise

Copyright ©2013 Mycroft Inc. All rights reserved

ModeratorShanley Stern, Sr. Director Marketing, Mycroft Inc.

PresenterLester Rivera, Sr. Business Solutions Architect,Mycroft Inc.

PresenterHerb Mehlhorn, Product Manager, CA Technologies

INTRODUCTIONS


Why Single Sign-On?

WHY SSO?A CHALLENGE FOR THE ENTERPRISEDEPLOYMENT MODELSHYBRID IAMQ & A


SSO – SIMPLY STATED

Copyright ©2013 CA. All rights reserved

Mobile employee or Customer

Partner User

Internal Employee

Enterprise or Partner Apps

Cloud Apps/Platfor

ms& Web

Services

SaaS

Data

Identities

App/Resource

App/Resource

Clien

t S

ide

http://www.terinea.co.uk/blogs/terineatechtips/wp-content/uploads/2007/07/image45.png

http://images.google.com/imgres?imgurl=http://blog.protectwebform.com/images/microsoft_logo.jpg&imgrefurl=http://blog.protectwebform.com/p/category/ocr&usg=__QAcezF51rme7VC65VTQcoL_ZK54=&h=360&w=450&sz=35&hl=en&start=1&um=1&tbnid=MiRo0V9oQGxE8M:&tbnh=102&tbnw=127&prev=/images?q=Microsoft&hl=en&rlz=1T4GGIH_enUS278US278&um=1








A Challenge for the Enterprise



WHAT TO LOOK FOR IN SSO PRODUCTS – CLIENT SIDE


User AdministratorResources

SupportedDevices

SupportedUser

InterfacesBrowser

Mobile Applicatio

nTerminal Emulator

Desktop/Laptop Tablet

Smart Phone

WHAT TO LOOK FOR IN SSO PRODUCTS – RESOURCE SIDE



Apps/Resources

Location of App

On Premise

Partner Site

Partner App

Access Path

PaaS SiteSaaS App

Rest API via Gateway

Http over corp. Network

Http over Internet

Web Services

http://www.netegrity.com/Partners/index.cfm?leveltwo=Alliance&levelthree=directory&partner_id=66




WHAT TO LOOK FOR IN SSO PRODUCTS – FROM CLIENT TO RESOURCE


Administrator

Resources

Authentication

User Experience

User

Password SmartCard + X.509

ArcotID®

OpenIDOAuth

Single Sign onPersonalized Experience

Single Logoff

Enforcement

Context of the authentication

Web Agent Proxy Gateway Native to the App

WHAT TO LOOK FOR IN SSO PRODUCTS – ADMINISTRATION


User Administrator

Resources

• Managing SSO• Ability to manage the authentication and access via a UI or

programmatic interface

• …with efficiency• for all resource types via a single UI• for all access paths via a single UI• for all authentication policies via single UI

• ….with confidence• provide ability to flexibly segregate and delegate

administration• generating necessary log and audit data for governance and

compliance purposes

SSO also requires:

DON’T FORGET THESE OTHER KEY REQUIREMENTS



Identity life cycle management

Effective monitoring

Efficient delivery if using physical authentication methods

WHAT’S AVAILABLE IN THE MARKET

Thick Client SSO

Web/Html Client SSO

TIME

Web/Html Client SSO

via Federation

Web/SOAP Client SSO via WS-*

Web & Mobile

native SSO via REST &

API

• Similarities across each of these developments:- SSO experience for the end user- Needed security characteristics of the solution

• Differences- Location of the resource- Access path to the resource


Deployment Models



CHOOSE YOUR DEPLOYMENT MODEL


On-Demand

• Deployed in third-party datacenter

• Subscription pricing model, no hardware required

• Federated SSO everywhere

• No VPN, no Firewall changes

• Fully managed

On-Premise

• Deployed at enterprise datacenter

• Allows for customization

• Requires professional services, longer deployment times

Hosted

• Deployed in third-party datacenter (private cloud)

• Connected to enterprise thru VPN

• Available as Managed Service

CHOOSE YOUR DEPLOYMENT MODEL


On-Demand

Important to me:

• Tactical solution

• Very quick to market

• OpEX rather than CapEX

• Standardized & ooB

• Local market

• No hardware hassle

• Very small TCO

On-Premise

Important to me:

• Strategic solution

• Innovation

• Individuality

• Differentiate also by services

• Tend to prefer CapEx

• International market

• Ownership

Hosted

Important to me:

• Quick time to market

• Some individuality

• Some innovation

• Tend to prefer OpEx

• Sense of ownership

• TCO

• Differentiate from competition by assortment & price

HOW DO THEY COMPARE?

Not only about CAPEX vs. OPEX

• About optimizing 3 Es • Effectiveness• Economy• Efficiency

On-Premise

HostedOn

DemandBenefits of Hosted

Infrastructure Hardware acquisition not required

Implementation

SMEs readily available

Operation 24x7 SOC, no internal management needed

Security Top tier

Most effective, economical & efficientMore effective, economical & efficientEffective, economical & efficient


THINGS TO CONSIDER

SSO…is even MORE important• Federate, Federate, Federate, Federate, Federate, Federate, Federate, F.E.D.E.R.A.T.E.

• Request for access needs to be simple, powerful, pervasive…not just about user accounts!

• SAML, OAuth, OpenID, WS-FED (Office365)

Provisioning goes Just-In-Time• More SaaS applications supports it

• BUT, no real automated de-provisioning

Identity Governance continues to be important• Governance, risk, & compliance (GRC)

• Ignores the enterprise “fence”; Data and users are mobile

Think APIs…Everything is an API• Keep simple & authorize well

• BUT not every API requires user accounts; sometimes you authorize device, source, etc.

• AND sometimes the point is really identify the source

Security is Policy-based• Security takes place outside of the app

• Programmatic vs. declarative


Hybrid IAM



HYBRID IAM


On-Premise Enterprise Apps

Customers

Partners

Federated SSO

Advanced Authentication

Employees

Privileged Identity Mgt

Identity Governance

Identity Management

Identity Management

Identity Governance

Advanced Authentication

Access Management

Privileged Identity Mgt

On-Premise Connector

Cloud Platforms

SaaS

Enterprise Datacenter


MYCROFT XSPECTRA ON-DEMAND SERVICE ARCHITECTURE




A single log-on, launch any SaaS application available to you


MYCROFT XSPECTRA ON-DEMAND SERVICE

IN A NUTSHELL

SSO…is critical• Simple, powerful access to applications a single log on - whether on-premise, in the

cloud or hosted

• Increased user productivity & overall company efficiency

• Essential for security

Deployment Models• Your organization has options

• Cloud vs on-premise vs on-demand. Examine the pros and cons as it relates to your environment, as well as the overall efficiency, effectiveness & economy of each option

Hybrid IAM• It doesn’t matter where your application is – behind the firewall or in the cloud

• Scalable – seamless end-user experience between on-premise & cloud-based applications

Security is Policy-based• Security takes place outside of the app

• Programmatic vs. declarative


Q & A

Contact Mycroft:[email protected] @MycroftXSpectra

Sales Inquiries:Nicole Koopman

[email protected]

om