Next  Genera*on  Privileged  Iden*ty  Management:  A  Market  Overview  

Patrick  McBride  Vice  President,  Marke0ng  

June  2013   ©  Copyright  2013,  Xceedium,  Inc.   2  

Patrick  McBride  –  Old  Security  Guy…  

PMB Consulting!

Presentation Sponsored by:

§  Security  soKware  company  providing  Next-­‐Genera*on  Privileged  Iden*ty  Management  solu*ons  

§  Global  Fortune  1000  and  Government  customer  base  

§  Headquartered  in  Herndon,  VA  

§  XsuiteTM  PlaSorm  

June  2013   ©  Copyright  2013,  Xceedium,  Inc.   3  

Xceedium  

Cool Vendor

Best Overall IT Company

Top 100 Global Company

Hot Company to Watch

RSA 2011 Hot New Security Product

Best Privileged Access Management

Solution

June  2013   ©  Copyright  2013,  Xceedium,  Inc.   4  

Privileged  Iden;ty  Management  

June  2013   ©  Copyright  2013,  Xceedium,  Inc.   5  

The  “Two  Man”  Rule…Really?    REALLY?  

June  2013   ©  Copyright  2013,  Xceedium,  Inc.   6  

Who  Are  Privileged  Users?  On  Premise  

Employees/Partners  •  Systems  Admins  •  Network  Admins  •  DB  Admins  •  Applica*on  Admins  

Partners  Systems/NW/DB/Application Admins

Employees  Systems/NW/DB/Application Admins

Public  Cloud  

Apps  

Apps  

Unauthorized User Hacker (Malware/APT)

VMware  Administrator  

AWS  Administrator  

MicrosoK    Office  365  Administrator  

Internet  

Ops Automation & DevOps

What  Else  is  Privileged?  Let’s  Talk  APIs…  

June  2013   7  

Public  Cloud  Private  Cloud  Tradi;onal  IT  

Home  Grown  Scripts  

Infrastructure  Configura*on  APIs  (SDN/SDC)  

Business  Applica*on  APIs  

©  Copyright  2013,  Xceedium,  Inc.  

APIs  

“All APIs are equal, but some APIs are more equal than others.” George Orwell, Animal Farm (1945)

June  2013   ©  Copyright  2013,  Xceedium,  Inc.   8  

A  Brief  History  of  Privileged  Iden;ty  Management  

Do  It  Yourself  •  Jump  Boxes/Bas*on  Hosts  •  SSL/VPN  •  Network  Access  Control  (NAC)  •  Firewall  Rules  •  Router  ACL/Logical  NW  Segmenta*on  •  Physical  NW  Segmenta*on  

(Third  Party)  Access  Control  Systems  

Password  Vaul*ng  Systems  

Logging  &  Recording  Systems  

Iden*ty  Bridges  Modern  PIM  (circa  2011)  

June  2013   ©  Copyright  2013,  Xceedium,  Inc.   9  

What’s  New?  Migra;on  to  the  New  Enterprise  

Figure 2. The Virtualization Road Map Through Private Cloud Computing

Source: Gartner (February 2012)

•  Consolida*on  •  Capital  expense  

•  Capital  expense  elimina*on  

•  Increased  flexibility  (up  and  down)  

•  Flexibility  and  speed  •  Opera*onal  expense  automa*on  

•  Less  down*me  

•  Self-­‐serve  agility  •  Standardiza*on  •  IT  as  a  business  •  Usage  metering  

STAGE 1: Server

Virtualization

STAGE 5: Public Cloud

STAGE 2: Distributed

Virtualization

STAGE 3: Private Cloud

STAGE 4: Hybrid Cloud

•  Costs  for  peak  loads  •  Flexibility  for  peak  loads  

MANAGEMENT PLANE

Business Drivers: § Cost Reduction § Speed § Agility § New Applications

Software Defined IT Infrastructure New IT Operations Model New Risk/Compliance Issues

STAGE 1: Server

Virtualization

STAGE 5: Public Cloud

STAGE 2: Distributed

Virtualization

STAGE 3: Private Cloud

STAGE 4: Hybrid Cloud

Com

plex

ity

Cloud Evolution

Security & Compliance Risks •  Extended Management Plane & Risk Surface Area

•  Shared Security and Audit Model

•  On Demand Procurement Paradigm

•  Federated Privileged Identity & Attribution

•  New Regulatory Mandates & Auditor Scrutiny

•  Highly Dynamic, Elastic Environments

June  2013   ©  Copyright  2013,  Xceedium,  Inc.   10  

New  Enterprise  New  Security,  Risk,  Opera;onal  Challenges  

1.  Comprehensive/Integrated  Control  Set    Table  stakes…point  products  need  not  apply  

2.  Protect  Systems/Applica*ons/Consoles  Across  Hybrid-­‐Cloud  Environments  

3.  Architected  Specifically  for  Highly  Dynamic  Cloud    No  Cloud  Washing  

June  2013   ©  Copyright  2013,  Xceedium,  Inc.   11  

Next  Genera;on  PIM  Requirements  

Attribute Identity for Shared Accounts (e.g., Root/Admin)

Control Access to Target Systems

Prevent Leapfrogging

Monitor Sessions & Prevent Unauthorized Commands

Record Sessions

Positively Authenticate Users

Before: ID: abc123 PW: Redskins

After: ID: abc123 PW:x8km&eie10$

Vault & Manage Credentials

Least  Privilege  &  Layering  PIM  Controls  

12  

Iden*ty  Integra*on   Enterprise-­‐Class  Core  

Hardware Appliance AWS AMI OVF Virtual Appliance

Unified  Policy  Management  

Control  and  Audit  All  Privileged  Access  •  Vault Credentials •  Centralized Authentication •  Federated Identity •  Privileged Single Sign-on

•  Role-Based Access Control •  Prevent Leapfrogging •  Monitor & Record Sessions •  Full Attribution

June  2013   ©  Copyright  2013,  Xceedium,  Inc.   13  

Xsuite™  Next  Genera*on  Privileged  Iden*ty  Management  

New Enterprise

Tradi;onal  Data  Center  

Mainframe,  Windows,  Linux,  Unix,  Networking  

Virtualized  Data  Center  

vCenter  Server  

SaaS  Applica;ons  

Office  365  Admin  Center  

                 Public  Cloud  -­‐  IaaS  

AWS  Management  Console  

“I  bet  you  $50.00  that  you  can’t  integrate  all  of  the  following  into  your  Cloud  Iden*ty  Summit  Presenta*on.”    

•  Authors  Washington  Irving  &  George  Orwell  •  Where’s  Waldo  •  A  Saturday  Night  Live  Quote  •  Grecian  Formula  •  “A  half  a  bowl  of  fruit  went  out  of  style  100  years  ago.”  

-­‐Mo  Rosen,  EVP  Corporate  Development,  Xceedium    Twi]er    “@xceedium:  Next  Gen  PIM  &  a  half  bowl  of  fruit!”  

 June  2013   ©  Copyright  2013,  Xceedium,  Inc.   14  

Now  I  need  your  help…  

2214  Rock  Hill  Road,  Suite  100  Herndon,  VA  20170  Phone:  866-­‐636-­‐5803  

June  2013   ©  Copyright  2013,  Xceedium,  Inc.   15  

Contact  Us  

facebook.com/xceedium  

info@xceedium.com

@Xceedium @pmcbrideva1