securing your web applications subbaraju uppalapati manager, software engineering identity &...

Post on 05-Jan-2016

217 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Securing your Web Applications

Subbaraju UppalapatiManager, Software EngineeringIdentity & Security BU, Novell

© Novell, Inc. All rights reserved.2

Agenda

• Security Concerns for Web Applications• Solutions• Products and Vendors• Evolving Needs• Discussion

Security Concerns

© Novell, Inc. All rights reserved.4

Breaking down security concerns

Trust

• Confidentiality• Integrity• Authentication• Authorization• Non-repudiation• Multiple Identities

Manageability

• Provisioning and De-provisioning of users

• Roles-based access• Policy-driven management

Financial

• Audit, logging, reporting• Cost to refactor traditional applications

Contractual

• Compliance violations• Resource access Monitoring

• Business service mgmt• SLAs, e.g., 99.99% uptime• Intellectual property issues

© Novell, Inc. All rights reserved.

Security Concerns - Solutions

© Novell, Inc. All rights reserved.6

SSL

Trust

• Confidentiality• Integrity• Authentication• Authorization• Non-repudiation• Multiple Identities

Manageability

• Provisioning and De-provisioning of users

• Roles-based access• Policy-driven management

Financial

• Audit, logging, reporting• Cost to refactor traditional applications

Contractual

• Compliance violations• Business service mgmt• SLAs, e.g., 99.99% uptime• Intellectual property issues

© Novell, Inc. All rights reserved.

© Novell, Inc. All rights reserved.7

Access Management

Trust

• Confidentiality• Integrity• Authentication• Authorization• Non-repudiation• Multiple Identities

Manageability

• Provisioning and De-provisioning of users

• Roles-based access• Policy-driven management

Financial

• Audit, logging, reporting• Cost to refactor traditional applications

Contractual

• Compliance violations• Business service mgmt• SLAs, e.g., 99.99% uptime• Intellectual property issues

© Novell, Inc. All rights reserved.

© Novell, Inc. All rights reserved.8

Access Management

© Novell, Inc. All rights reserved.

Authentication

User Application

User AttributesAuthorization

Policy

PasswordBiometricSmartcard etc.

Assertion

Request

AuthorizationDecision

Permit or Deny

© Novell, Inc. All rights reserved.9

Identity Management

Trust

• Confidentiality• Integrity• Authentication• Authorization• Non-repudiation• Multiple Identities

Manageability

• Provisioning and De-provisioning of users

• Roles-based access• Policy-driven management

Financial

• Audit, logging, reporting• Cost to refactor traditional applications

Contractual

• Compliance violations• Business service mgmt• SLAs, e.g., 99.99% uptime• Intellectual property issues

© Novell, Inc. All rights reserved.

© Novell, Inc. All rights reserved.10

Identity Management

• What is the process for

• Provisioning identities?

• Guarding them?

• De-provisioning with role changes?

• Password synchronization across multiple systems

• Policy based workflow

© Novell, Inc. All rights reserved.11

SIEM

Trust

• Confidentiality• Integrity• Authentication• Authorization• Non-repudiation• Multiple Identities

Manageability

• Provisioning and De-provisioning of users

• Roles-based access• Policy-driven management

Financial

• Audit, logging, reporting• Cost to refactor traditional applications

Contractual

• Compliance violations• Resource access Monitoring

• Business service mgmt• SLAs, e.g., 99.99% uptime• Intellectual property issues

© Novell, Inc. All rights reserved.

© Novell, Inc. All rights reserved.12

SIEM

• How do you find out what’s going on inside your vendor’s data center?

• How do you check up on SLA terms?

• Can you reconcile information you do receive with the rest of your compliance data?

© Novell, Inc. All rights reserved.13

Products and Vendors

IAM

• IBM – TIM/TAM• CA - SiteMinder• Oracle IAM• Novell – IDM/NAM

SIEM

• ArcSight• RSA - enVision• Novell - Sentinel

© Novell, Inc. All rights reserved.

Evolving Needs

© Novell, Inc. All rights reserved.15

Creating IT Administration Nightmare

User data/permissions

Systems/tools

Directory

AppsIT Department

Users

Enterprise Challenge

Multiple Username/ passwords

Multiple identity silos

Disparate administration tools

Challenge in timely de-provisioning accounts of ex-employees

User data/permissions

User data/permissions

User data/permissions

User data/permissions

User data/permissions

© Novell, Inc. All rights reserved.16

Better integration of IAM and SIEM across PVC• SaaS adoption is projected to increase three-fold to $14 Billion by 2012 according to Gartner

• Secure data should reside within Enterprise• Increased proliferation of Web Services and Security needs for the same

• How do I manage secure channel b/w multiple cloud vendors?

Discussion – Thank You

top related