cloud readiness

advertisement
EXECUTIVE SUMMARY
CLOUD
READINESS
Securing Access to Your
Private Cloud
MOVING APPLICATIONS TO A PRIVATE
CLOUD HAS SIGNIFICANT UPSIDES
Many enterprises have cloud initiatives that include moving enterprise applications from on-premises to an infrastructure
as a service (IaaS) or private cloud environment, such as Amazon Web Services™ (AWS).
KEY DRIVERS OF THE
PRIVATE CLOUD:
READINESS EVALUATION
IS KEY
Organizations such as Gartner® speak about
1. COST SAVINGS
Savings from applications moved to the cloud are significant.
IDC did a study on AWS and found that the average savings was
over $500,000 per application moved to AWS1.
the importance of an evaluation checklist to
measure the readiness of your applications
and environment for a move to the cloud. One
of the most significant portions of assessing
readiness is understanding how you are going
to secure your private cloud and provide access
2. SCALABILITY
controls as good or better than your current
IaaS environments, like AWS, have almost limitless, instant
scalability.
WAM inside your firewall.
Highlighting the importance of readiness, a
3. AGILITY
recent Ponemon Institute study revealed that
Cloud environments offer the flexibility needed to respond to
business requirements influenced by changing market conditions.
cloud data breaches increase the economic
impact by as much as three times 2.
NOT ALL IAM SYSTEMS SUFFICE
FOR THE CLOUD
Will your existing IAM stack easily support your security needs for your private cloud? We at Ping Identity® have been
working with customers to answer this exact question. These customers have found that there are several significant
challenges to making traditional IAM systems work in an IaaS cloud environment, including:
High Cost of Implementation
and Administration
Another option is replicating your IAM in the cloud. However,
this is quite time consuming, expensive to license, and our
customers found it ate significantly into the cost savings
they were targeting.
Performance Degradation
If you take the ‘easy route’ and simply use your on-premises
IAM system to gain access to your cloud-migrated applications
through a VPN, you will more than likely find it untenable
due to very poor performance. The cause is high latency
mixed with a high number of interactions required by
traditional IAM systems.
Fragile Architecure
When replicating their systems designed for on-premises
use to the cloud, customers also found that it was difficult
to get these systems configured properly and working
reliably because they were not designed for this use case.
USE THE 4 A’S TO EVALUATE
YOUR IAM SOLUTION
For a successful move to a private cloud or IaaS environment, it is critical that you have a simple, but comprehensive
evaluation checklist to measure the readiness of potential IAM solutions. To help you get started, we have created some
guidelines based on the 4 A’s: authentication, authorization, account management and auditing.
Authentication
Account Management
The process of verifying that the user is who they claim
The process by which users and their access are created,
they are. Federation is a critical factor as you begin to have
updated and disabled. The key with account management
applications hosted in different places, such as on-premises,
is making sure that it is as automated as possible and that
in your private cloud and with third-party SaaS providers. As
any solution can tie into existing directories. You should
part of your authentication strategy, we highly recommend
also ensure that the solution supports standards, such
that you consider a multi-factor or strong authentication solution.
as SCIM, and offers cloud-based identity management.
Finally, consider the end-user experience for authentication,
because you want to enhance productivity, not hinder it.
Authorization
Auditing
The process by which someone is allowed to access
The process of inspection of a user’s access and activity.
applications. The critical items to consider within a single
The IAM system you select will either make the process
solution are (a) support for web applications and (b) security for
of auditing easy or practically impossible. If the solution
APIs and mobile apps. In addition, the solution should support
does a good job of logging access and activity, the needed
both role-based and attribute-based access management.
reports can be generated easily. If the solution fails to log
this data, auditing will likely fail or at least be flawed.
LEARN LESSONS FROM OTHER
ENTERPRISES MOVING TO THE
PRIVATE CLOUD AND IAAS
We have worked with many customers on evaluating and implementing IAM solutions for their move of hundreds,
and even thousands, of applications to an IaaS environment such as AWS. The primary motivator is generally the cost
savings and, in all cases, such customers have determined that using their existing IAM solutions is much too costly
and heavyweight to implement and administer. They see their move to the cloud as an opportunity to modernize
and streamline their IAM infrastructure.
One particular customer established a pilot program where they moved 50 applications to
AWS and evaluated several solution options. In the end, the choice to go with Ping Identity
solutions was clear because Ping Identity offers:
01
A federated solution that is simple to implement and
maintain, and works with existing infrastructures.
02
A flexible proxy and agent based access management
capabilities.
03
Workability for extended use cases, such as API and
mobile application security.
04
Proven and easily scalable solutions and support for
all applicable standards.
CONCLUSION
Evaluate IAM solutions for your move to IaaS using the 4 A’s. To realize the cost savings of IaaS, you may have to
look beyond traditional IAM systems. A modern, next generation identity and access management architecture will
serve you well for IaaS and all your other IAM use cases.
ABOUT PING IDENTITY: Ping Identity leads a new era of digital enterprise freedom, ensuring seamless, secure access for every user to
all applications across the hyper-connected, open digital enterprise. Protecting over one billion identities worldwide, more than half of the Fortune
100, including Boeing, Cisco, Disney, GE, Kraft Foods, TIAA-CREF and Walgreens trust Ping Identity to solve modern enterprise security challenges
created by their use of cloud, mobile, APIs and IoT. Visit pingidentity.com.
#3042 | 07.05 | v00a
Download