on premises iaas paas and saas
play

On-premises, IaaS, PaaS and SaaS Rob Aragao & Stan Wisseman - PowerPoint PPT Presentation

The Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaS Rob Aragao & Stan Wisseman #MicroFocusCyberSummit Primary Goal of Businesses Today Drive Digital Transformation !! 2 For Most Organizations, Digital Transformation =


  1. The Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaS Rob Aragao & Stan Wisseman #MicroFocusCyberSummit

  2. Primary Goal of Businesses Today Drive Digital Transformation !! 2

  3. For Most Organizations, Digital Transformation = Hybrid IT Multiple Multiple Pressures Lower IoT deployment consumption and IT run to proliferation models financing options innovate budgets Downward pressure to Hybrid means Designing a payment Transformations Huge increase in implement the latest working with a wide structure that works even with increased data coming into features and variety of within OpEx and demands to drive and through your functionality into deployment models CapEx budgets down IT costs environments systems 3

  4. Organizations Want Hybrid IT However, many have bi- modal IT operations that won’t scale 40% 1 60% 1 Percentage of IT Spend Finance, HR, Marketing, Head of IT Budget Owners /CIO Operations, Engineering ? Cloud Traditional Apps Apps 12% 1 3% 1 2015 Budget Growth App Dev, Mobile Sites, How can I Core IT Systems, Data e-Commerce Sites, Web Managed Systems • Ops Driven Traditional The Idea • Apps Driven support both? Centers, Infrastructure, ERP Business Apps • Cost Focused • Agility Focused Business Economy Disruptive Innovation, Business as Usual, New Business Process, Keep the Lights On, Business Outcome Competitive Advantage Improved User Experience 1= Source CEB Analyst Group (UK based)

  5. Challenges with the Current State Regulatory & compliance challenges Multiple pools of IT resources • • No centralized view into data integrity & security Results in under utilization of costly assets • • Difficulties in meeting compliance timeframes Unique characteristics of underlying assets Unique management and security High long-term cost of ownership • No consistency in management tools/procedures • Multiple environments for IT to learn & manage • Inconsistent security creates vulnerabilities • Escalating costs of public cloud at scale 3 rd party security or data sovereignty challenges • 5

  6. A Preferred Architecture Has Evolved in Most Organizations PaaS is used for rapid application development and PaaS testing before apps are moved to their best execution venue IaaS IaaS is adopted for rapid provisioning of compute, storage, and network resources SaaS Common business processes (such as CRM, marketing, and human resources) are migrated to various SaaS services On- prem On-premises servers, storage, and networks are maintained for high-value/high-risk workloads (such as financial data and intellectual property) Source: Dimensional Research – Hybrid Cloud Usage Poses New Challenges for Monitoring Solutions – March 2018

  7. What We Are Seeing  92% of organizations are using multiple cloud vendors  88% of cloud-based apps share data and services with on-premise apps  64% of cloud-based apps share data and services with other cloud-based apps  The #1 monitoring need for hybrid environments is Security Monitoring Source: Dimensional Research – Hybrid Cloud Usage Poses New Challenges for Monitoring Solutions – March 2018 7

  8. Complexities Involved with a Hybrid Architecture Source: 451 Research 8

  9. Hybrid IT Opens Up Many Opportunities … But it Can Also Expose the Enterprise to Greater Risk Identities Secure Applications Data On-Premises Cloud

  10. Top Security Concerns for an Evolving Hybrid Infrastructure Maintain consistent access security and authorization controls across environments Secure movement of data and workloads across environments Secure data residing and processed in a third-party or hosted environment Maintain consistent network security policies for security domains Ensure compliance with regulatory and policy requirements Source: 451 Research 10

  11. Hybrid IT Attacks Outbound Attacks: Bot Net Zombies Distributed Denial of Service Inbound Attacks: Port Scanning Port Scanning SSH/RDP Brute Force Distributed Denial Of Service Advanced Persistent Threat SSH/RDP Brute-Force Internet Zero Day Poor Configurations Phishing / Malware Hosting Advanced Persistent Threats Zero Day Exploits Targeting Cloud Services: Unpatched VM images On-Cloud Services On-Cloud Pivot (Workloads, Systems, Cross-Tenant Attack Applications, Data) Insecure Usage Targeting Trust Perimeter: Infrastructure Attacks: Hypervisor Breakout Privilege Escalation Exposed Servers Stolen Credentials Cloud Default Configurations Known Attack Vectors Infrastructure Data Exposure Poor System Configurations Weak Internal Security Under-Cloud Pivot Isolation Failures

  12. Establish a Risk-based Approach Assess security investments and posture  How will attacks likely occur? How will you spot them on each platform? What corrective action will you take? Transform from silos to a comprehensive view Actionable Security  On-prem traditional systems, SaaS, IaaS, and PaaS all of which Intelligence should fall under the same security umbrella Optimize to proactively improve security posture Manage security effectively  Including internal SLAs and SLAs related to cloud providers. Maintain SLAs in the context of your security program Moving from Reactive to Proactive Information Security & Risk Management

  13. Security Management Has also Moved to a New Level of Complexity! Identities Applications Data 13

  14. Essential to Enterprise Digital Transformation Secure and enable the relationships between identities, applications, and data… regardless of how or where things are deployed Identities Secure & Empower Applications Data On-Premises Cloud

  15. Simplified Security for Hybrid IT Environments Need a single security toolset that covers public, private, and on-premises systems 15 Source: David Linthicum, “How to choose the right security toolset for hybrid cloud”

  16. An Identity-Centric Approach A Desired State  Scale Employees  Centrally managed identities providing a single view  Multiple delivery models (on-prem, SaaS, hybrid) Identity Powered Security  Clear roles and relationships modelled IDENTITY IDENTITY  Risk based adaptive security Partners Customers  Business benefit – solution IDENTITY B2B B2C architecture  Clear consistent governance, privacy controls and privilege management implementations  Experience embedded at the beginning

  17. Cloud based IDaaS services can provide core capabilities, but is not suited for complex requirements. Hybrid IAM can offer the best of both. CLOUD HYBRID ON-PREMISE Standard solution Standard though extensible solution Flexible/extensible solution Data hosted in the cloud Data hosted where desired Data hosted on-prem Less staff required to maintain Less staff required to maintain Internal staff to maintain Often limited to cloud access Support for cloud, on-prem, and Support for cloud, on-prem, and management custom applications and processes custom applications and processes Not suited to complex on-premise use Well suited for complex on-premises Well suited for complex on-premises case use cases use cases

  18. IAM as a Service Deployment Architecture Hosted Apps Hybrid IAM as a Service Solution Customers, Clients, External and Authenticate Remote Users • Policy Engines Access Provisioning De- Governance • Workflow Management Provisioning • User Self Service • Administration • Reporting Browser Mobile Device • Compliance Dashboards SSO SSPR 2FA Federation PAM Secure Connection Cloud Authentication and Self Service in cloud IAS for accessing internal, external and SaaS applications Secure communication to execute policies on premise Identity Synchronization to cloud Local/Internal Authentication On Premise IDP Password On Premise Enterprise Update Clients Resources Contractor Database Resource 1 LDAP JDBC Resource 2 Customized Client Connectors Resource 3 Premises

  19. Secure Software Development Design apps securely and to run in Hybrid IT environments Attacker Software & data Intellectual property Customer data Hardware Business processes Network Trade secrets

  20. Data Security Health records your care Protecting information wherever it resides provider manages for you Payments made to you Banks’ data about your finances and accounts Your email Your interactions with correspondence SaaS applications Your Telco’s information about your account Your credit rating information Your private email to and from your smartphone Your customers’ data. Your organizational data.

  21. What does contemporary data-security enable? Private-public data sharing for Securing government & AI insights and big data & IoT defense health data privacy Enabling security leaders to say “ Yes ” to business demands Adopt xaaS IT solutions for Modernizing security for legacy hybrid computing opex data security risks economies 21 (C) 2017 Micro Focus

  22. Security Monitoring for Hybrid IT  Applies to public, private and legacy systems AWS IAM Amazon AWS  Proactive security monitoring EC2 CloudTrail Amazon mechanisms and approaches CloudWatch can spot and fight attacks in a timely manner  Security orchestration, automation, and response Security (SOAR) solutions can provide Monitoring efficiencies and repeatability in the handling of high fidelity alerts 22

Recommend


More recommend