moving from a data center to a hybrid it environment securely
TRANSCRIPT
Moving from a Data Center to a Hybrid IT Environment Securely Jeff Green SVP Product & Customer Service
Agenda
• The Hybrid IT Challenge
• The new security stack
• 10 Strategies for securing Hybrid IT
IT is Transforming
IDG Research Services Gartner Gartner
BYOD is here for 85% Cloud is an option for 55% IOT is coming for 40%
Endpoints Shadow IT & Cloud Services
Auth-n, Compliance & Control Nightmare
PS Connect Secure
Pulse Client
Datacenter Cloud
Data Center & Cloud Secure Access Comparison
Access Policy
Endpoint Compliance
Access Visibility
Device trust
Device
iOS
Android
Win.
Mac
Chrome
NAC
VPN
Management
Secure Sign-on
Contextual Access Policies
Cloud Access
Identity and Access Management
Brillo
Free RTOS
End-Point Mobile Management
The New Hybrid IT Security Stack
v
v Network
10 Strategies to Securing HYBRID IT
8
Understand cloud services in your organization
Understand access patterns
1 Use tools and technology to understand how Cloud apps/technologies are being used in your company
Understand devices connecting to your apps
Strategy 1 – Visibility
9
Policy, Compliance, Access Control
2 Use your VPN technology to secure the data center
3 Use your secure access technology (VPN) to secure cloud services
PS Connect Secure
Pulse Client
Strategy 2 & 3 – Secure Data in Motion
Datacenter
Use VPN/IDP gateway to hairpin access, compliance and identity
• Restricted IP • Internal IDP and DNS
10
Public Cloud
Policy and Compliance
Datacenter
Private Cloud
Pulse Data Membrane™ Technology
Pulse One Management
Pulse Workspace
4 Use endpoint containerization to protect your data
Strategy 4 – Protect Your Mobile Data
PS Connect Secure
Access Policy & Compliance is controlled whether through
VPN or Direct to cloud
11
• Push a certificate using SCEP and Certificate Authority • Use the certificate as part of the authentication process
5 Use certification to create trusted devices
6 Assess the devices posture during access
Threat protection installed?
Device encrypted or container? Is it a trusted device?
Any indication of compromise? Is it correctly patched or vulnerable?
Is it unlocked? Is it running risky apps?
Strategy 5 & 6 – Trust the Device
12
Access decision based on contextual information to improve secure access
7 Use contextual information to control access decisions
Strategy 7 – Leverage Context
Device Location
Data Network
13
Federation
Cloud and SaaS based services can be set up to use SAML and point at a Identity Provider
SSO needs to move beyond the browser
Identity Federation plays many important roles in securing access.
Strategy 8 – Identity Federation 8 Use SAML/Oauth and IDP federation
Public Cloud Private Cloud Data Center
14
Trust Elevation • Use Step-up authentication for high value resources
Create group and role-based rules • Authentication chains for sensitive data access.
Use data from multiple places • Use identity attributes from multiple sources like
external identity repositories.
Create simplicity and great user experience • Biometrics are becoming common • Great user experience mean adoption
Strategy 9 – Modernize Your 2FA/MFA 9 Use more modern MFA solutions
+
Something you know
Something you have
+ +
Multifactor Authentication
Something you know
Something you have
Something you are
Knowledge questions
One time password
Biometrics
15
Strategy 10 – Find the glue 10 Evaluated the vendor you are selecting. Find a vendor
or multiple vendor that can be the glue or be glued.
2FA/MFA Authentication
Identity Federation
Contextual Access Control
Device Compliance
Data Protection
Secure Data Center Access
Secure Cloud Access
Visibility
16
• The perimeter is dissolving
• Hybrid is here to stay – some companies will never be 100% cloud or stay 100% data center
• Identity with a trusted device becomes critically important
• You can only secure what you can see so visibility is key
• There are tools available to you today but search for the glue to center your solution
It’s a Wrap! Some final thoughts
