CLOUDREADINESSSecuring Access to Your

Private Cloud

EXECUTIVE SUMMARY

MOVING APPLICATIONS TO A PRIVATE

CLOUD HAS SIGNIFICANT UPSIDES

Many enterprises have cloud initiatives that include moving enterprise applications from on-premises to an infrastructure

as a service (IaaS) or private cloud environment, such as Amazon Web Services™ (AWS).

KEY DRIVERS OF THE

PRIVATE CLOUD:

1. COST SAVINGS Savings from applications moved to the cloud are significant. IDC did a study on AWS and found that the average savings was over $500,000 per application moved to AWS1.

2. SCALABILITYIaaS environments, like AWS, have almost limitless, instant scalability.

3. AGILITYCloud environments offer the flexibility needed to respond to business requirements influenced by changing market conditions.

READINESS EVALUATION

IS KEY

Organizations such as Gartner® speak about

the importance of an evaluation checklist to

measure the readiness of your applications

and environment for a move to the cloud. One

of the most significant portions of assessing

readiness is understanding how you are going

to secure your private cloud and provide access

controls as good or better than your current

WAM inside your firewall.

Highlighting the importance of readiness, a

recent Ponemon Institute study revealed that

cloud data breaches increase the economic

impact by as much as three times 2.

NOT ALL IAM SYSTEMS SUFFICE

FOR THE CLOUD

Will your existing IAM stack easily support your security needs for your private cloud? We at Ping Identity® have been

working with customers to answer this exact question. These customers have found that there are several significant

challenges to making traditional IAM systems work in an IaaS cloud environment, including:

Performance DegradationIf you take the ‘easy route’ and simply use your on-premises

IAM system to gain access to your cloud-migrated applications

through a VPN, you will more than likely find it untenable

due to very poor performance. The cause is high latency

mixed with a high number of interactions required by

traditional IAM systems.

Fragile ArchitecureWhen replicating their systems designed for on-premises

use to the cloud, customers also found that it was difficult

to get these systems configured properly and working

reliably because they were not designed for this use case.

High Cost of Implementation

and AdministrationAnother option is replicating your IAM in the cloud. However,

this is quite time consuming, expensive to license, and our

customers found it ate significantly into the cost savings

they were targeting.

USE THE 4 A’S TO EVALUATE

YOUR IAM SOLUTION

For a successful move to a private cloud or IaaS environment, it is critical that you have a simple, but comprehensive

evaluation checklist to measure the readiness of potential IAM solutions. To help you get started, we have created some

guidelines based on the 4 A’s: authentication, authorization, account management and auditing.

Authentication

The process of verifying that the user is who they claim

they are. Federation is a critical factor as you begin to have

applications hosted in different places, such as on-premises,

in your private cloud and with third-party SaaS providers. As

part of your authentication strategy, we highly recommend

that you consider a multi-factor or strong authentication solution.

Finally, consider the end-user experience for authentication,

because you want to enhance productivity, not hinder it.

Account Management

The process by which users and their access are created,

updated and disabled. The key with account management

is making sure that it is as automated as possible and that

any solution can tie into existing directories. You should

also ensure that the solution supports standards, such

as SCIM, and offers cloud-based identity management.

Authorization

The process by which someone is allowed to access

applications. The critical items to consider within a single

solution are (a) support for web applications and (b) security for

APIs and mobile apps. In addition, the solution should support

both role-based and attribute-based access management.

Auditing

The process of inspection of a user’s access and activity.

The IAM system you select will either make the process

of auditing easy or practically impossible. If the solution

does a good job of logging access and activity, the needed

reports can be generated easily. If the solution fails to log

this data, auditing will likely fail or at least be flawed.

LEARN LESSONS FROM OTHER

ENTERPRISES MOVING TO THE

PRIVATE CLOUD AND IAAS

We have worked with many customers on evaluating and implementing IAM solutions for their move of hundreds,

and even thousands, of applications to an IaaS environment such as AWS. The primary motivator is generally the cost

savings and, in all cases, such customers have determined that using their existing IAM solutions is much too costly

and heavyweight to implement and administer. They see their move to the cloud as an opportunity to modernize

and streamline their IAM infrastructure.

A federated solution that is simple to implement and

maintain, and works with existing infrastructures.

A flexible proxy and agent based access management

capabilities.

Workability for extended use cases, such as API and

mobile application security.

Proven and easily scalable solutions and support for

all applicable standards.

01

02

03

04

One particular customer established a pilot program where they moved 50 applications to

AWS and evaluated several solution options. In the end, the choice to go with Ping Identity

solutions was clear because Ping Identity offers:

CONCLUSION

Evaluate IAM solutions for your move to IaaS using the 4 A’s. To realize the cost savings of IaaS, you may have to

look beyond traditional IAM systems. A modern, next generation identity and access management architecture will

serve you well for IaaS and all your other IAM use cases.

#3042 | 07.05 | v00a

ABOUT PING IDENTITY: Ping Identity leads a new era of digital enterprise freedom, ensuring seamless, secure access for every user to all applications across the hyper-connected, open digital enterprise. Protecting over one billion identities worldwide, more than half of the Fortune 100, including Boeing, Cisco, Disney, GE, Kraft Foods, TIAA-CREF and Walgreens trust Ping Identity to solve modern enterprise security challenges created by their use of cloud, mobile, APIs and IoT. Visit pingidentity.com.