cis13: next generation privileged identity management: a market overview
DESCRIPTION
Patrick McBride, Vice President of Marketing, Xceedium Cloud and Virtualization have dramatically altered the landscape for privileged identity management (PIM). In this session we will discuss the impact of these trends and the requirements next generation PIM solutions will need to address.TRANSCRIPT
Next Genera*on Privileged Iden*ty Management: A Market Overview
Patrick McBride Vice President, Marke0ng
June 2013 © Copyright 2013, Xceedium, Inc. 2
Patrick McBride – Old Security Guy…
PMB Consulting!
Presentation Sponsored by:
§ Security soKware company providing Next-‐Genera*on Privileged Iden*ty Management solu*ons
§ Global Fortune 1000 and Government customer base
§ Headquartered in Herndon, VA
§ XsuiteTM PlaSorm
June 2013 © Copyright 2013, Xceedium, Inc. 3
Xceedium
Cool Vendor
Best Overall IT Company
Top 100 Global Company
Hot Company to Watch
RSA 2011 Hot New Security Product
Best Privileged Access Management
Solution
June 2013 © Copyright 2013, Xceedium, Inc. 4
Privileged Iden;ty Management
June 2013 © Copyright 2013, Xceedium, Inc. 5
The “Two Man” Rule…Really? REALLY?
June 2013 © Copyright 2013, Xceedium, Inc. 6
Who Are Privileged Users? On Premise
Employees/Partners • Systems Admins • Network Admins • DB Admins • Applica*on Admins
Partners Systems/NW/DB/Application Admins
Employees Systems/NW/DB/Application Admins
Public Cloud
Apps
Apps
Unauthorized User Hacker (Malware/APT)
VMware Administrator
AWS Administrator
MicrosoK Office 365 Administrator
Internet
Ops Automation & DevOps
What Else is Privileged? Let’s Talk APIs…
June 2013 7
Public Cloud Private Cloud Tradi;onal IT
Home Grown Scripts
Infrastructure Configura*on APIs (SDN/SDC)
Business Applica*on APIs
© Copyright 2013, Xceedium, Inc.
APIs
“All APIs are equal, but some APIs are more equal than others.” George Orwell, Animal Farm (1945)
June 2013 © Copyright 2013, Xceedium, Inc. 8
A Brief History of Privileged Iden;ty Management
Do It Yourself • Jump Boxes/Bas*on Hosts • SSL/VPN • Network Access Control (NAC) • Firewall Rules • Router ACL/Logical NW Segmenta*on • Physical NW Segmenta*on
(Third Party) Access Control Systems
Password Vaul*ng Systems
Logging & Recording Systems
Iden*ty Bridges Modern PIM (circa 2011)
June 2013 © Copyright 2013, Xceedium, Inc. 9
What’s New? Migra;on to the New Enterprise
Figure 2. The Virtualization Road Map Through Private Cloud Computing
Source: Gartner (February 2012)
• Consolida*on • Capital expense
• Capital expense elimina*on
• Increased flexibility (up and down)
• Flexibility and speed • Opera*onal expense automa*on
• Less down*me
• Self-‐serve agility • Standardiza*on • IT as a business • Usage metering
STAGE 1: Server
Virtualization
STAGE 5: Public Cloud
STAGE 2: Distributed
Virtualization
STAGE 3: Private Cloud
STAGE 4: Hybrid Cloud
• Costs for peak loads • Flexibility for peak loads
MANAGEMENT PLANE
Business Drivers: § Cost Reduction § Speed § Agility § New Applications
Software Defined IT Infrastructure New IT Operations Model New Risk/Compliance Issues
STAGE 1: Server
Virtualization
STAGE 5: Public Cloud
STAGE 2: Distributed
Virtualization
STAGE 3: Private Cloud
STAGE 4: Hybrid Cloud
Com
plex
ity
Cloud Evolution
Security & Compliance Risks • Extended Management Plane & Risk Surface Area
• Shared Security and Audit Model
• On Demand Procurement Paradigm
• Federated Privileged Identity & Attribution
• New Regulatory Mandates & Auditor Scrutiny
• Highly Dynamic, Elastic Environments
June 2013 © Copyright 2013, Xceedium, Inc. 10
New Enterprise New Security, Risk, Opera;onal Challenges
1. Comprehensive/Integrated Control Set Table stakes…point products need not apply
2. Protect Systems/Applica*ons/Consoles Across Hybrid-‐Cloud Environments
3. Architected Specifically for Highly Dynamic Cloud No Cloud Washing
June 2013 © Copyright 2013, Xceedium, Inc. 11
Next Genera;on PIM Requirements
Attribute Identity for Shared Accounts (e.g., Root/Admin)
Control Access to Target Systems
Prevent Leapfrogging
Monitor Sessions & Prevent Unauthorized Commands
Record Sessions
Positively Authenticate Users
Before: ID: abc123 PW: Redskins
After: ID: abc123 PW:x8km&eie10$
Vault & Manage Credentials
Least Privilege & Layering PIM Controls
12
Iden*ty Integra*on Enterprise-‐Class Core
Hardware Appliance AWS AMI OVF Virtual Appliance
Unified Policy Management
Control and Audit All Privileged Access • Vault Credentials • Centralized Authentication • Federated Identity • Privileged Single Sign-on
• Role-Based Access Control • Prevent Leapfrogging • Monitor & Record Sessions • Full Attribution
June 2013 © Copyright 2013, Xceedium, Inc. 13
Xsuite™ Next Genera*on Privileged Iden*ty Management
New Enterprise
Tradi;onal Data Center
Mainframe, Windows, Linux, Unix, Networking
Virtualized Data Center
vCenter Server
SaaS Applica;ons
Office 365 Admin Center
Public Cloud -‐ IaaS
AWS Management Console
“I bet you $50.00 that you can’t integrate all of the following into your Cloud Iden*ty Summit Presenta*on.”
• Authors Washington Irving & George Orwell • Where’s Waldo • A Saturday Night Live Quote • Grecian Formula • “A half a bowl of fruit went out of style 100 years ago.”
-‐Mo Rosen, EVP Corporate Development, Xceedium Twi]er “@xceedium: Next Gen PIM & a half bowl of fruit!”
June 2013 © Copyright 2013, Xceedium, Inc. 14
Now I need your help…
2214 Rock Hill Road, Suite 100 Herndon, VA 20170 Phone: 866-‐636-‐5803
June 2013 © Copyright 2013, Xceedium, Inc. 15
Contact Us
facebook.com/xceedium
@Xceedium @pmcbrideva1