Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing the Cloud Authentication Perspective. Moving to the Cloud is like........ Moving your data from your own personal safe, to a safety deposit box.

Published byMarcia Lindsey Modified over 8 years ago

Similar presentations

Presentation on theme: "Securing the Cloud Authentication Perspective. Moving to the Cloud is like........ Moving your data from your own personal safe, to a safety deposit box."— Presentation transcript:

1 Securing the Cloud Authentication Perspective

2 Moving to the Cloud is like........ Moving your data from your own personal safe, to a safety deposit box in a bank. Access to you safety-deposit box is controlled by the bank, not you. In most cases all you need to supply is the right name and the right “password”

3 The Cloud Is a very public place Everyone knows where your front door is Everyone knows what your username is Just one password away from access! In “The Cloud”, all access is Remote Access (remote from the application at least)

4 It is not Rocket science I know that Dell use Salesforce CRM (source: Salesforce.com) I know that Michael Dell is CEO (source: Wikipedia) I know the format of Dell emails is firstname.lastname@dell.com (source: my inbox) Just one password away from access ?????

5 Passwords in public places are not safe How many different strong passwords can a user safely remember ? NOT ENOUGH! Recent straw poll users accessed at least 20 different password protected services! Passwords and “The Cloud”

6 1 st :123456 6 th :princess 2 nd :12345 7 th :rockyou 3 rd :123456789 8 th :1234567 4 th :password 9 th :12345678 5 th :iloveyou10 th :abc123 Analysis of the 32 million passwords exposed in Jan 2010 in the breach of social media application developer RockYou - who's applications can be used on Facebook and Myspace -revealed the top 10 most commonly used passwords were: (source: www.cxo.eu.com) Strong Passwords ??? Don’t forget for many attacks the strength of the password is no defence

7 Password Reuse Password Reuse is inevitable Cloud breaches (PSN, Sega, Facebook etc) have knock-on impacts Your corporate data may only be as secure as the least secure Cloud service being used by your employees Can we rely on people separating their corporate and social identities No!

8 “…Sega explained that it had reset all passwords and urged customers to change their log-on details on other services and websites where they used the same credentials…” (Source: http://www.bbc.co.uk/news/technology-13829690)

9 Authentication and the Cloud Using Cloud services can mean You delegate authentication policies to the Cloud provider You create multiple control points for user access If you use multiple Cloud services If you use a mix of Cloud and non-Cloud services Forgetting to remove access from ex-employees is a common cause of loss of commercial data. You rely on username/password

10 Authentication and the Cloud The need for strong authentication for (eg VPN) remote access is well understood. Customers purchase Remote Access solutions and an Authentication solution. The same authentication solution is ideally used across all remote access services.

11 Approach Separate Authentication from the Cloud Service Use a single Authentication service for all services Cloud and non-Cloud Keep control over you access policies Apply appropriate authentication If I have access rights to data because I am an employee of an organisation, then that organisation should control my access

12 New Authentication Model Not a new idea, but now becoming possible Enterprise Create/Delete Accounts User-name Credentials Check Credentials Configure Service Request Access Redirect User-name Credentials “If anyone wants to access my data, send them to me!” Traditional Approach Traditional Approach Federated Approach Federated Approach Enterprise

13 “Phone Home” Model Enterprise owns the identity Single point of control Cloud services do not store credentials Cloud services do not set authentication policies Multi-factor where required Risk-based authentication User needs one set of credentials Cloud Applications VPN Access Intranet Core Authentication Platform

14 The “phone home model” is like.. When a user wants to access your safety deposit box, the bank sends them to you. The person confirms their identity to YOU in the manner you decide. You tell the bank that they can access the data

15 Internet ADFS Proxy ADFS Proxy Swivel and Office 365 Active Directory Active Directory ADFS Server ADFS Server filter ADFS Request Response System can be configured so users already on the LAN need not authenticate again to Office 365. Developments will allow the same for other SAML-based cloud services.

16 Swivel and Office 365

17 Swivel and Office 365 (Demo) Forms Based Authentication Customisable Additional Credential only required if user as a PINsafe account (optional) Some users could have 2FA Mandatory

18 Questions

Download ppt "Securing the Cloud Authentication Perspective. Moving to the Cloud is like........ Moving your data from your own personal safe, to a safety deposit box."

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
iRequestManager for MediMizer X3

iRequestManager for MediMizer X3
Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security.

Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.

IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
Important when you launch Yammer Enterprise Create an engaged and trusted community Decide about User Profile Syncs Various User and Admin.

Important when you launch Yammer Enterprise Create an engaged and trusted community Decide about User Profile Syncs Various User and Admin.
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Information Security Phishing Update CTC

Information Security Phishing Update CTC
Passwords are Dead (or how I learned to love my phone)

Passwords are Dead (or how I learned to love my phone)
Cloud Security Julian Lovelock VP, Product Marketing, HID Global.

Cloud Security Julian Lovelock VP, Product Marketing, HID Global.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Active Directory Federation Service 3.0

Active Directory Federation Service 3.0
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.

0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.

Similar presentations

Ads by Google