Professional Documents
Culture Documents
new perimeter:
securely embracing
cloud, mobile
and social media
agility
made possible
02
Mobile Employee
Network Perimeter
VPN
On Premise
Enterprise Apps
Internal Employee
Cloud
Apps/Pla?orms
&
Web
Services
Customer
SaaS
Mobile
Employee
Network Perimeter
VPN
On Premise
Internal Employee
Enterprise Apps
03
IT
04
Partner User
Customer
Cloud
Apps/Pla?orms
&
Web
Services
SaaS
Mobile
Employee
On Premise
Internal Employee
Enterprise Apps
05
Application
Middle
ware
Business
Service Brokerage
Application
Middle
ware
DB
BUSINESS
SERVICE
DB
Operating System
Operating System
Virtualization
Virtualization
BUSINESS
SERVICE
BUSINESS
SERVICE
NETWORK
USER
USER
06
Employees
While employees can still be authenticated against the
corporate directory, contextual, multi-factor authentication
should be available for high-value transactions or access to
sensitive applications. For example, if a user normally logs in
from the office or his/her home in the U.S. during normal
business hours, but a log-in attempt is made from Europe in the
middle of the night, the service should refuse the authentication
or demand additional credentials.
Privileged Administrators
Privileged administrators can be a challenge, because they
often have more access entitlements than they need, and they
share the use of a common account (e.g., root). To combat this,
a central authentication service should act much like it does
for employees, but when a privileged user logs in, he/she will
be given a single-use password for that individual session
eliminating the lack of accountability that is endemic to
shared account use.
07
Customers
Todays customers have already amassed a multitude of usernames and passwords, so organizations should only ask them to
create new credentials for high-value transactions. For example,
an organization might integrate with social media identities to
provide a frictionless login experience for its customers. Then, if
a customer pursues a high-value transaction, the centralized
identity service could initiate a more traditional authentication
process that will protect the sensitive applications and data.
The common thread in each of these user scenarios is a centralized identity service that controls access
to all enterprise applications, whether on-premise or in the cloud.
08
continued
Step 1:
Step 2:
Step 3:
Gartner The Growing Adoption of Cloud-based Security Services by Kelly M. Kavanagh, May 3, 2012.
09
10
11
Copyright 2013 CA. All rights reserved. Microsoft and the Microsoft Logo are registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries. All trademarks, trade names, service marks and logos referenced herein
belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for
the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is
without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular
purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this
document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised
in advance of the possibility of such damages.