From Virtualization to the Cloud and Beyond
Many companies have started virtualization quite a while ago. Nevertheless, they still frequently are in the first wave of virtualization, focusing on Windows servers and their virtualization. The second wave with virtualizing business-critical applications is still at the beginning in many data centers. These systems often have a continuously high workload, so the benefit of reducing the number of servers is somewhat limited. And they are business-critical, so touching them is something organizations don’t tend to do that quickly. However, things are moving forward and for business-critical apps, the (private) clouds offer interesting benefits. So virtualizing them is just logical. But what follows then? Is it sufficient to virtualize and cloud-enable the infrastructure? Or what is next? We put this in the context of the KuppingerCole IT model and look not only at the waves you have to ride (or avoid to ride), but also at the new horizons behind the waves. The real business benefits.
Security for Virtualized Environments, Privileged Users and PCI Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is one of the most detailed compliance requirements published to date. A new version was released in October of 2010 along with supplemental guidance for virtual environments. In this session leading access control and endpoint security vendors will provide their insight on emerging compliance solutions and strategies for virtualization and PCI compliance. The session will also address PCI DSS requirements with an emphasis on their applicability to virtualized infrastructure, the overall desire to reduce scope versus the cost of implementing and maintaining the necessary controls and the new challenges from privilege user management perspectives.
What Federation is About – in Theory and in Practice
Synchronization of Identities and their distribution to many different identity stores is a common approach in IAM. However, Federation is gaining momentum massively – and that will further increase with the growth in Cloud Computing. However, even there you’ll find synchronization approaches, like the ones supported by the upcoming SCIM standard. Finding the balance between Federation and Synchronization is an art of itself. In this session, you’ll learn how to deal with that.
In our advisories we’ve learned that customers in practice have a much broader understanding of Cloud Computing than in theory. In theory, Identity Federation is limited to some few standards like SAML, Shibboleth, and some others. In practice, federation is understood as a much broader concept which involves sometimes proprietary integration with the “login” into social networks. It includes classical Web Access Management. And it requires Federation in different ways. Understanding the different concepts and approaches and finding your path through the jungle of opportunities is a challenge – this session is your compass.
Federation or Synchronization – the Future of the Cloud
In this panel industry experts will discuss the evolution in the cloud. For quite a while, SAML was the de-facto standard. Right now, other lightweight approaches (with somewhat different features) like OAuth are gaining momentum as well as SCIM, which supports the proprietary APIs of cloud services. What is the future? Will some approach win or will they co-exist? What fits really to the needs of the customer? Or do we need fundamentally different approaches?
Exchanging Metadata through Different Federations on a Global Scale
One of the most successful advancements in IT within the education and research sector in recent years has been the emergence of identity federations. There are now over 27 identity federations worldwide, operating a very successful standards-based solution for access and identity transactions. The REFEDs group, coordinated by TERENA, is a working group representing all of these federations. REFEDs is actively developing new tools and concepts to improve and enhance the work of identity federations. Nicole will talk about the evolving nature of metadata within the context of identity federations and the challenges involved in exchanging this metadata on a global scale – including legal challenges, the PEER project, eduGain and bilateral federation.
Database Firewalls: Advancing Security for Enterprise Data
Millions of organizations worldwide have been breached using SQL injection attacks. Network firewalls protect networks, however, they fail to protect the target of these attacks: data. Two thirds of critical data in organizations resides in databases, and hence the need for protecting databases. In this session, we will look into the will describe this new product category, typical capabilities, how they work with other firewalls, and successes in protecting data and addressing compliance.