Date post: | 30-Jun-2015 |
Category: |
Technology |
Upload: | ca-technologies |
View: | 394 times |
Download: | 0 times |
ca Securecenter
Identity As A Service Evaluation, Implementation, Realized Benefits
Drew Koenig
SCT10S @binaryblogger #CAWorld
Manager of Information Security & Risk ManagementUnivita Health
2 © 2014 CA. ALL RIGHTS RESERVED.
Abstract
How to evaluate IAM offerings and the trade-off between the customization level available on-premises, and the speed/cost model benefits of SaaS. How CA Secure Cloud (formerly CA CloudMinder™) can efficiently enable the business with faster implementation times, improved compliance and a reduction in infrastructure and support costs.
Drew Koenig
Univita Health
Manager of Information Security & Risk Management
@BinaryBlogger
Binaryblogger.com
3 © 2014 CA. ALL RIGHTS RESERVED.
Agenda
INTRO
IDENTITY MANAGEMENT BACKGROUND
Q&A
THE MOVE TO THE CLOUD
JUSTIFICATION – COSTS AND TIME
REALIZED BENEFITS
1
2
3
4
5
6
4 © 2014 CA. ALL RIGHTS RESERVED.
Introduction
Information security professional for over 15 years
– Financial and health industry
– Focused on IAM for a majority of the career
Made the move from on-premises IdM to the cloud
– CA Identity Manager to CA Secure Cloud
– Primary reason was speed of enablement and overall cost value
Drew Koenig – Manager of Information Security and Risk Management
5 © 2014 CA. ALL RIGHTS RESERVED.
Identity Management Background
On-premises for 2 years, hand built from the ground up.
– Windows based, SQL DBs
– Out-of-the-box CA Identity Manager installation (JBOSS, CA Directory, etc…)
– Dev and prod, internally accessible only, no CA Single Sign-On
The team was only 1 to 1 ½ FTE to maintain and advance it
The expanding business use became time consuming
On-premises Environment
CA Identity Manager 12.6 SP2 on-premise
6 © 2014 CA. ALL RIGHTS RESERVED.
Identity Management Background
Self-service password reset
– Limited to internal access only, need for internet capability
Service Desk features for resets, unlocks and other account maintenance
features
Basic account provisioning with heavy custom flows and processes
On-premises Environment
CA Identity Manager 12.6 SP2 on-premise
7 © 2014 CA. ALL RIGHTS RESERVED.
The Move To The Cloud
Participated in the early alpha tests of CA Secure Cloud
Accomplished more in 1 week than 3 months on-premises start to finish
– Build, configuration, test
Made the strategic decision to move
Alpha to Production
CA Secure Cloud (formerly know as CA CloudMinder™)
8 © 2014 CA. ALL RIGHTS RESERVED.
The Move To The Cloud
The early proposal was declined immediately
Initially management only looked at the license costs vs. subscription
costs, ignored the proposed value
The business looked at IAM as a technology project,
not as business enablement
Initial Proposal
CA Secure Cloud
X
9 © 2014 CA. ALL RIGHTS RESERVED.
Justification
Went back and broke down the full set of CA Secure Cloud services
Laid out exactly what the subscription delivered
Built a cost model to show a comparable on-premises build out
Expanded internally with HR and Compliance to gain support
True Business Value, Look At Everything
IAM
10 © 2014 CA. ALL RIGHTS RESERVED.
Identity Management Components
IdentityManagement Stack
Directory Services
Provisioning Engine
WorkflowsIdentity and Role Admin
Identity Verification
Authentication/Authorization/ Federation
IT Platform DatabasesOperatingSystems /
VirtualizationStorage Networking Hardware HA / DR
Consumable Identity Service
Service Interfaces Customer Specific Configurations Customizations
To do a legitimate comparison, I laid out the costs to build an on-premises environment that could provide the same set of services that we would receive from CA Secure Cloud
11 © 2014 CA. ALL RIGHTS RESERVED.
Justification
– CA Identity Manager
– CA Single Sign-On
– CA Federation
– CA Advanced Authentication
– Microsoft Windows, SQL
– NetApp Storage, VMWare, HP
The Cost To Build Secure Cloud Capabilities On-Premises
Required Components
12 © 2014 CA. ALL RIGHTS RESERVED.
Justification
Build three environments
– Preview, Staging, Production
– Approx. 5 servers per environment
Patching, troubleshooting, maintenance
– Java, Microsoft, CA, backups
All outages, issues, problem resolution are yours to solve
– Even with vendor assistance
Infrastructure
Footprint
Preview
Staging
Production
13 © 2014 CA. ALL RIGHTS RESERVED.
IDaaS Allows Full Focus On IdM
IdentityManagement Stack
Directory Services
Provisioning Engine
WorkflowsIdentity and Role Admin
Identity Verification
Authentication/Authorization
/Federation
IT Platform DatabasesOperatingSystems /
VirtualizationStorage Networking Hardware HA / DR
Consumable Identity Service
Service Interfaces Customer Specific Configurations Customizations
• Eliminated busy work and trouble shooting• Allowed the Identity Management team to focus on Identity Management
14 © 2014 CA. ALL RIGHTS RESERVED.
Decision to Move
Total cost to build was less than pure license vs. subscription
Maintenance was a fraction of previous cost
– Patching alone saved 20-40 company man-hours a month
Complete justification model made it an easy business decision
This approach is now used for all cloud service evaluations
– Cloud service or ‘build it ourselves’ total cost assessment
Value Prevailed Over Cost
Components
15 © 2014 CA. ALL RIGHTS RESERVED.
Instant Benefits
Within hours of the service being enabled we were online
Small JCS server to hook into AD for resets took
less than an hour
One “Explore and Correlate” and all the users were
in Secure Cloud and we were resetting passwords
through internet
Off and Running
Days not months
16 © 2014 CA. ALL RIGHTS RESERVED.
Instant Benefits
Unique application model required B2B users deep account access
Until CA Secure Cloud the only way they could manage
accounts was to call the Service Desk – hundreds a month
Now they go to CA Secure Cloud - calls reduced 80 percent
in days for B2B calls
Off and Running
Days not months
17 © 2014 CA. ALL RIGHTS RESERVED.
SummaryImprovements In All Areas
Overall the move to CA Secure Cloud will save the company money in time, resources and speed to deliver new identity management services to our employees and customers. There is no pressing need to grow the internal team as the capabilities grow. Through the CA Secure Cloud services we have closed several audit findings, strengthened partnership confidence and are able to focus more on improving advanced offerings such as deeper role based provisioning, federation portal capabilities and reporting.
The success of the move was not to look at the costs alone but the total value of what those costs brought in terms of services, then compare those to what it would take to do it yourself.
18 © 2014 CA. ALL RIGHTS RESERVED.
For More Information
To learn more about Security,
please visit:
http://bit.ly/10WHYDm
Insert appropriate screenshot and text overlayfrom following “More Info Graphics” slide here;
ensure it links to correct pageSecurity
19 © 2014 CA. ALL RIGHTS RESERVED.
For Informational Purposes Only
This presentation provided at CA World 2014 is intended for information purposes only and does
not form any type of warranty. Content provided in this presentation has not been reviewed for
accuracy and is based on information provided by CA Partners and Customers.
Terms of this Presentation