EXECUTIVE SUMMARY CLOUD READINESS Securing Access to Your Private Cloud MOVING APPLICATIONS TO A PRIVATE CLOUD HAS SIGNIFICANT UPSIDES Many enterprises have cloud initiatives that include moving enterprise applications from on-premises to an infrastructure as a service (IaaS) or private cloud environment, such as Amazon Web Services™ (AWS). KEY DRIVERS OF THE PRIVATE CLOUD: READINESS EVALUATION IS KEY Organizations such as Gartner® speak about 1. COST SAVINGS Savings from applications moved to the cloud are significant. IDC did a study on AWS and found that the average savings was over $500,000 per application moved to AWS1. the importance of an evaluation checklist to measure the readiness of your applications and environment for a move to the cloud. One of the most significant portions of assessing readiness is understanding how you are going to secure your private cloud and provide access 2. SCALABILITY controls as good or better than your current IaaS environments, like AWS, have almost limitless, instant scalability. WAM inside your firewall. Highlighting the importance of readiness, a 3. AGILITY recent Ponemon Institute study revealed that Cloud environments offer the flexibility needed to respond to business requirements influenced by changing market conditions. cloud data breaches increase the economic impact by as much as three times 2. NOT ALL IAM SYSTEMS SUFFICE FOR THE CLOUD Will your existing IAM stack easily support your security needs for your private cloud? We at Ping Identity® have been working with customers to answer this exact question. These customers have found that there are several significant challenges to making traditional IAM systems work in an IaaS cloud environment, including: High Cost of Implementation and Administration Another option is replicating your IAM in the cloud. However, this is quite time consuming, expensive to license, and our customers found it ate significantly into the cost savings they were targeting. Performance Degradation If you take the ‘easy route’ and simply use your on-premises IAM system to gain access to your cloud-migrated applications through a VPN, you will more than likely find it untenable due to very poor performance. The cause is high latency mixed with a high number of interactions required by traditional IAM systems. Fragile Architecure When replicating their systems designed for on-premises use to the cloud, customers also found that it was difficult to get these systems configured properly and working reliably because they were not designed for this use case. USE THE 4 A’S TO EVALUATE YOUR IAM SOLUTION For a successful move to a private cloud or IaaS environment, it is critical that you have a simple, but comprehensive evaluation checklist to measure the readiness of potential IAM solutions. To help you get started, we have created some guidelines based on the 4 A’s: authentication, authorization, account management and auditing. Authentication Account Management The process of verifying that the user is who they claim The process by which users and their access are created, they are. Federation is a critical factor as you begin to have updated and disabled. The key with account management applications hosted in different places, such as on-premises, is making sure that it is as automated as possible and that in your private cloud and with third-party SaaS providers. As any solution can tie into existing directories. You should part of your authentication strategy, we highly recommend also ensure that the solution supports standards, such that you consider a multi-factor or strong authentication solution. as SCIM, and offers cloud-based identity management. Finally, consider the end-user experience for authentication, because you want to enhance productivity, not hinder it. Authorization Auditing The process by which someone is allowed to access The process of inspection of a user’s access and activity. applications. The critical items to consider within a single The IAM system you select will either make the process solution are (a) support for web applications and (b) security for of auditing easy or practically impossible. If the solution APIs and mobile apps. In addition, the solution should support does a good job of logging access and activity, the needed both role-based and attribute-based access management. reports can be generated easily. If the solution fails to log this data, auditing will likely fail or at least be flawed. LEARN LESSONS FROM OTHER ENTERPRISES MOVING TO THE PRIVATE CLOUD AND IAAS We have worked with many customers on evaluating and implementing IAM solutions for their move of hundreds, and even thousands, of applications to an IaaS environment such as AWS. The primary motivator is generally the cost savings and, in all cases, such customers have determined that using their existing IAM solutions is much too costly and heavyweight to implement and administer. They see their move to the cloud as an opportunity to modernize and streamline their IAM infrastructure. One particular customer established a pilot program where they moved 50 applications to AWS and evaluated several solution options. In the end, the choice to go with Ping Identity solutions was clear because Ping Identity offers: 01 A federated solution that is simple to implement and maintain, and works with existing infrastructures. 02 A flexible proxy and agent based access management capabilities. 03 Workability for extended use cases, such as API and mobile application security. 04 Proven and easily scalable solutions and support for all applicable standards. CONCLUSION Evaluate IAM solutions for your move to IaaS using the 4 A’s. To realize the cost savings of IaaS, you may have to look beyond traditional IAM systems. A modern, next generation identity and access management architecture will serve you well for IaaS and all your other IAM use cases. ABOUT PING IDENTITY: Ping Identity leads a new era of digital enterprise freedom, ensuring seamless, secure access for every user to all applications across the hyper-connected, open digital enterprise. Protecting over one billion identities worldwide, more than half of the Fortune 100, including Boeing, Cisco, Disney, GE, Kraft Foods, TIAA-CREF and Walgreens trust Ping Identity to solve modern enterprise security challenges created by their use of cloud, mobile, APIs and IoT. Visit pingidentity.com. #3042 | 07.05 | v00a