The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is...

25
#MicroFocusCyberSummit The Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaS Rob Aragao & Stan Wisseman

Transcript of The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is...

Page 1: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

#MicroFocusCyberSummit

The Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaSRob Aragao & Stan Wisseman

Page 2: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

2

Primary Goal of Businesses Today

Drive DigitalTransformation !!

Page 3: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

3

For Most Organizations, Digital Transformation = Hybrid IT

Hybrid means working with a wide

variety of deployment models

Designing a payment structure that works

within OpEx and CapEx budgets

Transformations even with increased

demands to drive down IT costs

Downward pressure to implement the latest

features and functionality into

systems

Huge increase in data coming into and through your

environments

Multipleconsumption andfinancing options

LowerIT run

budgets

Multipledeployment

models

Pressuresto

innovate

IoT proliferation

Page 4: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

The Idea Economy

• Apps Driven• Agility Focused

CloudApps

TraditionalBusiness

• Ops Driven• Cost Focused

TraditionalApps

How can Isupport both?

?

Organizations Want Hybrid ITHowever, many have bi-modal IT operations that won’t scale

Percentage of IT Spend 60% 1 40% 1

Budget OwnersHead of IT/CIO

Finance, HR, Marketing, Operations, Engineering

2015 Budget Growth3% 1 12% 1

Managed SystemsCore IT Systems, Data

Centers, Infrastructure, ERP

App Dev, Mobile Sites, e-Commerce Sites, Web

Business Apps

Business OutcomeBusiness as Usual,

Keep the Lights On, Improved User Experience

Disruptive Innovation, New Business Process, Competitive Advantage

1= Source CEB Analyst Group (UK based)

Page 5: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

5

Challenges with the Current State

Multiple pools of IT resources

• Results in under utilization of costly assets

• Unique characteristics of underlying assets

Regulatory & compliance challenges

• No centralized view into data integrity & security

• Difficulties in meeting compliance timeframes

Unique management and security• No consistency in management tools/procedures

• Inconsistent security creates vulnerabilities

• 3rd party security or data sovereignty challenges

High long-term cost of ownership

• Multiple environments for IT to learn & manage

• Escalating costs of public cloud at scale

Page 6: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

A Preferred Architecture Has Evolved in Most Organizations

PaaS

IaaS

SaaS

On-prem

IaaS is adopted for rapid provisioning of compute, storage, and network resources

Common business processes (such as CRM, marketing, and human resources) are migrated to various SaaS services

On-premises servers, storage, and networks are maintained for high-value/high-risk workloads (such as financial data and intellectual property)

PaaS is used for rapid application development and testing before apps are moved to their best execution venue

Source: Dimensional Research – Hybrid Cloud Usage Poses New Challenges for Monitoring Solutions – March 2018

Page 7: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

92% of organizations are using multiple cloud vendors

88% of cloud-based apps share data and services with on-premise apps

64% of cloud-based apps share data and services with other cloud-based apps

The #1 monitoring need for hybrid environments is Security Monitoring

7

What We Are Seeing

Source: Dimensional Research – Hybrid Cloud Usage Poses New Challenges for Monitoring Solutions – March 2018

Page 8: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

8

Complexities Involved with a Hybrid Architecture

Source: 451 Research

Page 9: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

Hybrid IT Opens Up Many Opportunities … But it Can Also Expose the Enterprise to Greater Risk

Cloud

Identities

Applications

Data

Secure

On-Premises

Page 10: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

10

Top Security Concerns for an Evolving Hybrid Infrastructure

Maintain consistent access security and authorization controls across environments

Secure movement of data and workloads across environments

Secure data residing and processed in a third-party or hosted environment

Maintain consistent network security policies for security domains

Ensure compliance with regulatory and policy requirements

Source: 451 Research

Page 11: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

Hybrid IT Attacks

Cloud Infrastructure

Internet

Inbound Attacks:Port ScanningDistributed Denial Of ServiceSSH/RDP Brute-ForcePoor ConfigurationsAdvanced Persistent ThreatsZero Day ExploitsUnpatched VM images

Targeting Trust Perimeter:Hypervisor BreakoutExposed ServersDefault ConfigurationsData ExposureWeak Internal Security

On-Cloud Services (Workloads, Systems,

Applications, Data)

Targeting Cloud Services:On-Cloud PivotCross-Tenant AttackInsecure Usage

Outbound Attacks:Bot Net ZombiesDistributed Denial of ServicePort ScanningSSH/RDP Brute ForceAdvanced Persistent ThreatZero DayPhishing / Malware Hosting

Infrastructure Attacks:Privilege Escalation Stolen CredentialsKnown Attack VectorsPoor System ConfigurationsUnder-Cloud PivotIsolation Failures

Page 12: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

Assess security investments and posture How will attacks likely occur? How will you spot them on each

platform? What corrective action will you take?

Transform from silos to a comprehensive view On-prem traditional systems, SaaS, IaaS, and PaaS all of which

should fall under the same security umbrella

Optimize to proactively improve security posture

Manage security effectively Including internal SLAs and SLAs related to cloud providers. Maintain SLAs

in the context of your security program

Establish a Risk-based Approach

ActionableSecurity

Intelligence

Moving from Reactive to Proactive Information Security & Risk Management

Page 13: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

13

Security Management Has also Moved to a New Level of Complexity!

Data

Applications

Identities

Page 14: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

Essential to Enterprise Digital TransformationSecure and enable the relationships between identities, applications, and data… regardless of how or where things are deployed

Cloud

Identities

Applications

Data

&

Secure

On-Premises

Empower

Page 15: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

15

Simplified Security for Hybrid IT EnvironmentsNeed a single security toolset that covers public, private, and on-premises systems

Source: David Linthicum, “How to choose the right security toolset for hybrid cloud”

Page 16: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

An Identity-Centric Approach

A Desired State

Scale

Centrally managed identities providing a single view

Multiple delivery models (on-prem, SaaS, hybrid)

Clear roles and relationships modelled

Risk based adaptive security

Business benefit – solution architecture

Clear consistent governance, privacy controls and privilege management implementations

Experience embedded at the beginning

Employees

Identity PoweredSecurity

CustomersB2C

PartnersB2B

IDENTITY

IDENTITYIDENTITY

Page 17: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

Cloud based IDaaS services can provide core capabilities, but is not suited for complex requirements. Hybrid IAM can offer the best of both.

CLOUD

Data hosted in the cloud

Less staff required to maintain

Often limited to cloud access management

Not suited to complex on-premise use case

Standard solution

HYBRID

Data hosted where desired

Less staff required to maintain

Support for cloud, on-prem, and custom applications and processes

Well suited for complex on-premises use cases

Standard though extensible solution

ON-PREMISE

Data hosted on-prem

Internal staff to maintain

Support for cloud, on-prem, and custom applications and processes

Well suited for complex on-premises use cases

Flexible/extensible solution

Page 18: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

IAM as a Service Deployment ArchitectureHybrid IAM as a Service Solution

Client Premises

Secure ConnectionCloud

SSO

Provisioning De-Provisioning

Access Management Governance

SSPR 2FA Federation PAM

LDAP JDBCCustomizedConnectors

PasswordUpdate

On Premise IDP

Hosted Apps

Customers, Clients,

External and Remote Users

Authenticate

Browser Mobile Device

Enterprise Clients

Local/Internal Authentication

• Policy Engines• Workflow• User Self Service• Administration• Reporting• Compliance Dashboards

On Premise Resources

Resource 1

Resource 2

Resource 3

ContractorDatabase

Authentication and Self Service in cloud IAS for accessing internal, external and SaaS applications

Secure communication to execute policies on premiseIdentity Synchronization to cloud

Page 19: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

Secure Software DevelopmentDesign apps securely and to run in Hybrid IT environments

AttackerSoftware & data

Hardware

Network

Intellectual property

Customerdata

Businessprocesses

Tradesecrets

Page 20: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

Data SecurityProtecting information wherever it resides

Your Telco’s information about your account

Banks’ data about your finances and accounts

Your interactions with SaaS applications

Your customers’ data. Your organizational data.

Your private email to and from your smartphone

Your credit rating information

Your email correspondence

Health records your care provider manages for you

Payments made to you

Page 21: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

21

What does contemporary data-security enable?

Securing government & defense health data privacy

Private-public data sharing for AI insights and big data & IoT

Adopt xaaS IT solutions for hybrid computing opex

economies

Modernizing security for legacy data security risks

(C) 2017 Micro Focus

Enabling security leaders to say “Yes”

to business demands

Page 22: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

Applies to public, private and legacy systems

Proactive security monitoring mechanisms and approaches can spot and fight attacks in a timely manner

Security orchestration, automation, and response (SOAR) solutions can provide efficiencies and repeatability in the handling of high fidelity alerts

22

Security Monitoring for Hybrid IT

AWS IAM

Amazon EC2 AWS

CloudTrailAmazon

CloudWatch

Security Monitoring

Page 23: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

23

Enterprise Security Platform in support of Hybrid IT

ANALYTICS & MACHINE LEARNING

APPSECURITY

DATASECURITY

SECURITYOPERATIONS

IDENTITY& ACCESS

ENDPOINTSECURITY

• Data de-identification (encryption/tokenization)

• Key management• Hardware-based trust assurance• Messaging security

• Static, Dynamic, & Runtime application testing

• Application security-as-a-service

• Lifecycle management• Patching & containerization• Application virtualization• Mobile & server management

• Adaptive Identity governance• Adaptive access management• Adaptive privileged users

• Real-time detection• Workflow automation• Open source data ingestion• Hunt and investigation

Page 24: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

Thank You.

#MicroFocusCyberSummit

Page 25: The Hybrid Enterprise: Working Across On-premises, IaaS ...€¦ · PaaS IaaS SaaS On-prem IaaS is adopted for rapid provisioning of compute, storage, and network resources Common

#MicroFocusCyberSummit