2. 2
What is the Cloud?
The cloud is a network of
servers, and each server has a
different function. Some servers
use computing power to run
applications or "deliver a
service.“*
Basically, it’s a network of
servers and computers hosting
your information away from your
physical device.
*From The Beginners Guide to the Cloud: Mashable
“Thunder and lightning
isn’t God being angry,
its just Microsoft and
Google fighting in the
clouds.”
- Anonomyus
3. 3
What is Cloud Computing ?
Noun: the practice of using a network of remote servers hosted on the
Internet to store, manage, and process data, rather than a local server or a
personal computer.
Many different varieties:
• IT computing accessible online
• Available from anywhere
• Virtualization
• Interchangeable services
• On-demand for peak loads and needs
• IaaS, PaaS, SaaS
6. 6
Enabling the Business
If business drivers for cloud
computing are:
• Agility and flexibility
• Performance and scale
• Operational efficiency
• Universal access
Security must be:
• Transparent
• Dynamic
• Flexible
• Operationally Efficient
7. 7
The Business Needs for IAM
Transparent compliance
Sustained efficiencies
Improved business agility
Access Assurance visibility to
LOB
8. 8
Access Assurance for the Cloud
Ensuring the right people have the right access to the right resources
regardless of where those resources are physically located and managed
• Hosted applications
• SaaS applications
• Private clouds
• Public clouds
Providing the basis for:
• Access policy definition
• Preventative controls and enforcement via provisioning
• Access verification of user access to cloud applications
9. 9
Cloud Does Not Change Requirements
Same information
PHI & privacy data
(HIPPA, etc)
Key financial data
(SOX)
Card holder information
(PCI)
Other high risk
(shareholders)
Same IAM requirements
All access must connect to
enterprise identities
Access certification
Separation of duties for
operators and users
Privileged access management
Access management
• Who has access?
• Who has accessed?
12. 12
What Comes with the Cloud?
No more closed and controlled surfaces
• You no longer have direct control or oversight
You are still accountable to the law and shareholders
• You may be subject to new regulations
Vendors will try to lock-in
Level of auditability of their controls
Key is transparency, embedded controls, and agility
13. 13
Risks and Considerations
Disabling network access does not prevent access to key applications and
data
Ensure new users get access quickly and changes are reflected accurately
Management of identity information in the cloud
• Delegation and assurance
Where is sensitive data located and how managed?
Privacy management
Administrative access to sensitive data and users
Compliance and regulatory requirements
Security aspects as part of partner agreements
22. 22
Courion Access Assurance Suite
Secure the Enterprise, don’t slow it down…
Designed for Your Complex Environment
23. 23
The Secret to Making it All Work
A user interface that business users understand
Ability to gather information from numerous sources
Information that is actionable for remediation
Fast, reliable, scalable implementation
Breadth of capability to reach to variety of systems and resources
• Off-premise applications
• Virtualization
• Platform and infrastructure
• Federation
Proven customer success in a cloud environment
24. 24
IAM and the Cloud
Risks and required controls may increase due to cloud:
• Removal of corporate network access no longer a compensating control
• Sensitive data is now in different locations and may be:
More accessible
Subject to different regulations
• Additional technologies for provisioning and access compliance
Must span the traditional enterprise and the cloud
• Policy definition
• Accurate tracking and periodic review of access
• Balance of preventative and detective controls
25. 25
Bottom Line
The cloud and cloud computing are a reality
Closed and controlled moves to dynamic, open, and accessible
Identity plays a critical role in cloud environments
Need to deal with…
• Lack of control of data
• Extended reach of administrative privileges
• Privacy and trust
• Complexity of handling identities
An Access Assurance strategy is critical
26. 26
What Now?
If you’re looking for more information on how an Access Assurance Suite
can transform your company’s information, contact us today. We can
provide a quick scan of your system and let you know where your hidden
risks lie and how to take care of them.
info@Courion.com
www.Courion.com
Get My Quick Scan >>