securing your web applications subbaraju uppalapati manager, software engineering identity &...
TRANSCRIPT
Securing your Web Applications
Subbaraju UppalapatiManager, Software EngineeringIdentity & Security BU, Novell
© Novell, Inc. All rights reserved.2
Agenda
• Security Concerns for Web Applications• Solutions• Products and Vendors• Evolving Needs• Discussion
Security Concerns
© Novell, Inc. All rights reserved.4
Breaking down security concerns
Trust
• Confidentiality• Integrity• Authentication• Authorization• Non-repudiation• Multiple Identities
Manageability
• Provisioning and De-provisioning of users
• Roles-based access• Policy-driven management
Financial
• Audit, logging, reporting• Cost to refactor traditional applications
Contractual
• Compliance violations• Resource access Monitoring
• Business service mgmt• SLAs, e.g., 99.99% uptime• Intellectual property issues
© Novell, Inc. All rights reserved.
Security Concerns - Solutions
© Novell, Inc. All rights reserved.6
SSL
Trust
• Confidentiality• Integrity• Authentication• Authorization• Non-repudiation• Multiple Identities
Manageability
• Provisioning and De-provisioning of users
• Roles-based access• Policy-driven management
Financial
• Audit, logging, reporting• Cost to refactor traditional applications
Contractual
• Compliance violations• Business service mgmt• SLAs, e.g., 99.99% uptime• Intellectual property issues
© Novell, Inc. All rights reserved.
© Novell, Inc. All rights reserved.7
Access Management
Trust
• Confidentiality• Integrity• Authentication• Authorization• Non-repudiation• Multiple Identities
Manageability
• Provisioning and De-provisioning of users
• Roles-based access• Policy-driven management
Financial
• Audit, logging, reporting• Cost to refactor traditional applications
Contractual
• Compliance violations• Business service mgmt• SLAs, e.g., 99.99% uptime• Intellectual property issues
© Novell, Inc. All rights reserved.
© Novell, Inc. All rights reserved.8
Access Management
© Novell, Inc. All rights reserved.
Authentication
User Application
User AttributesAuthorization
Policy
PasswordBiometricSmartcard etc.
Assertion
Request
AuthorizationDecision
Permit or Deny
© Novell, Inc. All rights reserved.9
Identity Management
Trust
• Confidentiality• Integrity• Authentication• Authorization• Non-repudiation• Multiple Identities
Manageability
• Provisioning and De-provisioning of users
• Roles-based access• Policy-driven management
Financial
• Audit, logging, reporting• Cost to refactor traditional applications
Contractual
• Compliance violations• Business service mgmt• SLAs, e.g., 99.99% uptime• Intellectual property issues
© Novell, Inc. All rights reserved.
© Novell, Inc. All rights reserved.10
Identity Management
• What is the process for
• Provisioning identities?
• Guarding them?
• De-provisioning with role changes?
• Password synchronization across multiple systems
• Policy based workflow
© Novell, Inc. All rights reserved.11
SIEM
Trust
• Confidentiality• Integrity• Authentication• Authorization• Non-repudiation• Multiple Identities
Manageability
• Provisioning and De-provisioning of users
• Roles-based access• Policy-driven management
Financial
• Audit, logging, reporting• Cost to refactor traditional applications
Contractual
• Compliance violations• Resource access Monitoring
• Business service mgmt• SLAs, e.g., 99.99% uptime• Intellectual property issues
© Novell, Inc. All rights reserved.
© Novell, Inc. All rights reserved.12
SIEM
• How do you find out what’s going on inside your vendor’s data center?
• How do you check up on SLA terms?
• Can you reconcile information you do receive with the rest of your compliance data?
© Novell, Inc. All rights reserved.13
Products and Vendors
IAM
• IBM – TIM/TAM• CA - SiteMinder• Oracle IAM• Novell – IDM/NAM
SIEM
• ArcSight• RSA - enVision• Novell - Sentinel
© Novell, Inc. All rights reserved.
Evolving Needs
© Novell, Inc. All rights reserved.15
Creating IT Administration Nightmare
User data/permissions
Systems/tools
Directory
AppsIT Department
Users
Enterprise Challenge
Multiple Username/ passwords
Multiple identity silos
Disparate administration tools
Challenge in timely de-provisioning accounts of ex-employees
User data/permissions
User data/permissions
User data/permissions
User data/permissions
User data/permissions
© Novell, Inc. All rights reserved.16
Better integration of IAM and SIEM across PVC• SaaS adoption is projected to increase three-fold to $14 Billion by 2012 according to Gartner
• Secure data should reside within Enterprise• Increased proliferation of Web Services and Security needs for the same
• How do I manage secure channel b/w multiple cloud vendors?
Discussion – Thank You