Securing your Web Applications Subbaraju Uppalapati Manager, Software

17 Slides397.50 KB

Securing your Web Applications Subbaraju Uppalapati Manager, Software Engineering Identity & Security BU, Novell

Agenda 2 Security Concerns for Web Applications Solutions Products and Vendors Evolving Needs Discussion Novell, Inc. All rights reserved.

Security Concerns

Breaking down security concerns Trust Manageability Provisioning and Deprovisioning of users Roles-based access Policy-driven management Confidentiality Integrity Authentication Authorization Non-repudiation Multiple Identities Financial Audit, logging, reporting Cost to refactor traditional applications 4 Novell, Inc. All rights reserved. Novell, Inc. All rights reserved. Contractual Compliance violations Resource access Monitoring Business service mgmt SLAs, e.g., 99.99% uptime Intellectual property issues

Security Concerns - Solutions

SSL Trust Manageability Provisioning and Deprovisioning of users Roles-based access Policy-driven management Confidentiality Integrity Authentication Authorization Non-repudiation Multiple Identities Financial Audit, logging, reporting Cost to refactor traditional applications 6 Novell, Inc. All rights reserved. Novell, Inc. All rights reserved. Contractual Compliance violations Business service mgmt SLAs, e.g., 99.99% uptime Intellectual property issues

Access Management Trust Manageability Provisioning and Deprovisioning of users Roles-based access Policy-driven management Confidentiality Integrity Authentication Authorization Non-repudiation Multiple Identities Financial Audit, logging, reporting Cost to refactor traditional applications 7 Novell, Inc. All rights reserved. Novell, Inc. All rights reserved. Contractual Compliance violations Business service mgmt SLAs, e.g., 99.99% uptime Intellectual property issues

Access Management User Attributes Authorization Policy Authentication Authorization Decision Password Biometric Smartcard etc. User 8 Novell, Inc. All rights reserved. Novell, Inc. All rights reserved. Assertion Permit or Deny Request Application

Identity Management Trust Manageability Provisioning and Deprovisioning of users Roles-based access Policy-driven management Confidentiality Integrity Authentication Authorization Non-repudiation Multiple Identities Financial Audit, logging, reporting Cost to refactor traditional applications 9 Novell, Inc. All rights reserved. Novell, Inc. All rights reserved. Contractual Compliance violations Business service mgmt SLAs, e.g., 99.99% uptime Intellectual property issues

Identity Management What is the process for Provisioning identities? Guarding them? De-provisioning with role changes? Password synchronization across multiple systems Policy based workflow 10 Novell, Inc. All rights reserved.

SIEM Trust Manageability Provisioning and Deprovisioning of users Roles-based access Policy-driven management Confidentiality Integrity Authentication Authorization Non-repudiation Multiple Identities Financial Audit, logging, reporting Cost to refactor traditional applications 11 Novell, Inc. All rights reserved. Novell, Inc. All rights reserved. Contractual Compliance violations Resource access Monitoring Business service mgmt SLAs, e.g., 99.99% uptime Intellectual property issues

SIEM How do you find out what’s going on inside your vendor’s data center? How do you check up on SLA terms? Can you reconcile information you do receive with the rest of your compliance data? 12 Novell, Inc. All rights reserved.

Products and Vendors IAM IBM – TIM/TAM CA - SiteMinder Oracle IAM Novell – IDM/NAM 13 Novell, Inc. All rights reserved. Novell, Inc. All rights reserved. SIEM ArcSight RSA - enVision Novell - Sentinel

Evolving Needs

Creating IT Administration Nightmare User data/ permissions User data/ permissions User data/ permissions User data/ permissions Users Enterprise Challenge IT Department User data/ permissions Apps Multiple Username/ passwords Multiple identity silos Disparate administration tools 15 ChallengeDirectory User data/ Systems/ in timely de-provisioning accounts of permissions tools ex-employees Novell, Inc. All rights reserved.

Better integration of IAM and SIEM across PVC 16 SaaS adoption is projected to increase three-fold to 14 Billion by 2012 according to Gartner Secure data should reside within Enterprise Increased proliferation of Web Services and Security needs for the same How do I manage secure channel b/w multiple cloud vendors? Novell, Inc. All rights reserved.

Discussion – Thank You

Back to top button