Embed Size (px)
Citation preview
TRANSFORMING ENTERPRISE
PRODUCTIVITY WITH HYBRID IT
A look into the mixed environment of mobile, cloud and data centerWWW.PULSESECURE.NET
Introduction
The New Three-Legged Stool
Managing The Security Risk
Leveraging the Cloud and Datacenter
The New Mobile Platform
Secure Access is Key
Embracing The CASB Model for Hybrid IT
Conclusion
Table of Contents
4
5
6
7
8
10
12
13
PULSE SECURE PARTNERED
WITH RENOWNED IT SECURITY
WRITER JIM ROMEO TO EXPLORE
THE TOPIC OF HYBRID IT
AND THE IMPACT IT HAS ON
ORGANIZATIONS.
THE RISE OF HYBRID IT
www.pulsesecure.net 32 Transforming Enterprise Productivity with Hybrid IT
Mobile devices proliferate. So do applications. Cloud
computing is robust and growing. Organic databases
and applications residing at the IT datacenter have and
will likely always be accessed and utilized. All these
venues make up a Hybrid IT platform - or “three-legged
stool” for today’s knowledge worker to rest and rely on
for improved productivity.
The first leg of the stool is the mobile device. Knowledge
workers rely greatly on smartphones and tablets to access
sensitive data that may be in the cloud or datacenter.
At present, there are more mobile devices than people
on this planet; the number of devices entering the world
is growing five times faster than our world population.
Mobile users are now surpassing desktop users and over
80% of their usage is via applications. Applications are
growing and improving to enable access of all types and
are used to access the cloud.
The second leg of the stool is the cloud. Cloud computing
is expected to grow at 44% over the next five years.
Companies are spending about $13 billion per year on
it. Over 80% of companies say they are saving money by
moving operations to the cloud and over half of company
workloads are now conducted in the cloud.
The third leg is the existing silos of data, information
and applications that are home-based in the traditional
IT enterprise; they reside on company turf and have
never migrated elsewhere. The cloud, in conjunction with
devices, is used with legacy databases and home-based IT
infrastructure to perform many business functions. This
entire model has already been widely adopted and is likely
to continue in popularity and utility in the years to come.
“IT organizations are taking an ‘adopt and go’ strategy
to satisfy internal customer IT consumerization and
democratization requirements,” according to Chris
Howard, Vice President and Chief of Research at Gartner.
The success of Hybrid IT relies on a new robust security
perimeter with policy at its core; it makes the three-
legged stool strong and secure. This includes compliance,
authentication and a secure gateway to and from dispersed
endpoints. With the right tools and technology, the knowledge
worker of today and tomorrow will be most productive with
all the information that abounds in the public and private
cloud as well as their corporate network.
The New Three-Legged Stool of Today’s (and Tomorrow’s) Knowledge Worker: Mobility, Cloud Computing and the
Traditional IT Enterprise
In case you didn’t get the message, Hybrid IT has arrived.
We are living in a new business environment where
mobile devices connect to cloud computing and legacy IT
infrastructure.
Hybrid IT, an important infrastructure to enable efficiency
in today’s global IT environment, includes the use of cloud-
based applications and data with organic applications and
databases found in-house.
Cloud computing offers useful Software as a Service (SaaS)
applications, as well as cloud and data services. When cloud
computing is combined with mobile assets and organic
corporate databases and applications, workers enjoy great
productivity; the enterprise flourishes.
With Hybrid IT, workloads move between internal and
external IT infrastructures. This complementary relationship
allows workers to be nimble and flexible with regard to
where they work, what data they use, and when and how
they access that data to perform a task. Hybrid IT allows
them to do things they couldn’t do just a few short years ago.
Having said all of that, Hybrid IT has its challenges. Security
risks from a distributed workforce and a growing population
of mobile devices and apps, present concerns for today’s Chief
Information Security Officers (CISOs). How an organization
rises to meet demands and challenges of Hybrid IT is crucial.
Secure access to Hybrid IT when managed appropriately,
can positively transform enterprise IT.
“Hybrid IT is the new IT and is here to stay,” says Chris
Howard, Vice President and Chief of Research at Gartner.
“While the cloud market matures, IT organizations must
adopt a hybrid IT strategy that not only builds internal clouds
to house critical IT services and compete with public CSPs
(Cloud Solution Providers), but also utilizes the external cloud
to house non-critical IT services and data, augment internal
capacity, and increase IT agility. Hybrid IT creates symmetry
between internal and external IT services that will force an IT
and business paradigm shift for years to come.”
IT leaders must monitor this business paradigm shift in the
years ahead and embrace the change in order to harness its
full potential.
INTRODUCTIONWill Hybrid IT be the New Game Changer for Enterprises?
“Many IT organizations are adopting public cloud computing for non-critical IT services such as
development and test applications, or for turnkey software as a service (SaaS) applications such as Web analytics and CRM that can holistically
replace internal applications and enable access for a mobile workforce.”
54 www.pulsesecure.netTransforming Enterprise Productivity with Hybrid IT
Major IT security breaches dot the landscape of today’s
engaged knowledge worker. Hardly a day goes by
without another major breach making international
news. Think - Sony, Target, Home Depot, U.S. Office of
Personnel Management; they all told security officers
that in spite of their spending and investing, hackers get
in and steal sensitive data. Every IT leader knows the
consequences when hackers find a chink in the IT supply
chain somewhere. Damage from a security breach can be
devastating and detrimental.
This threat raises concern for security risk in a Hybrid IT
environment as data is accessed from anywhere, at any
time, operating in a Hybrid IT model sends a signal to CIOs
and CISOs: proceed with caution.
The prevalence of multiple points of entry poses additional
security risk. Mobile device access and asset management
pose risk and must be controlled. The apps they use are
also a source of breach. While CISOs have worked hard
to build security to bolster against such risk and intrusion,
the pathways followed in a Hybrid IT environment demand
more. As the popularity of Hybrid IT grows, its adoption
and success depends on the management of security risk
to enable its success.
MANAGING THE SECURITY RISKSecurtiy: The Challenge to a Fully Functional Hybrid IT Environment
A world renowned global commodities and financial
derivatives exchange processes 3 billion contracts that are
worth approximately $1 quadrillion annually. Thousands
of worldwide users engage with their electronic trading
platform daily to access financial derivatives markets.
The exchange has implemented Identity-as-a-Service
(IdaaS) via a VPN gateway to enable access to thousands of
laptop users scattered about the globe. The IdaaS enables
Security Assertion Markup Language (SAML) enabled apps
for access to the cloud and datacenter applications.
The exchange experienced problems with the user
experience for logins to the IdaaS and VPN gateway.
Because of the sensitive nature of the data and the global
access requires of multiple users from many different
locations and many different devices, a multi-layered
security access was required. This, however, required
multiple logins. Users however found that multiple logins
is cumbersome since they require swift access to data
and the real-time operations of the exchange. In addition,
device compliance had relaxed. A robust approach to
device compliance enforcement was needed that also
enabled expedited sign-on for user access.
They exchanged implement a smarter solution with secure
access via Single Sign-On (SSO) technology integrated with
their existing VPN. This allowed users to log in once and then
have access to data center and cloud applications. It also
enabled uniformed device compliance enforcement through
VPN host checking. Thus it reinstated required enforcement
of device compliance that had previously fallen.
Expediting identity and access at a world renowned
institution of financial trade exemplifies the challenges that
IT security faced and a swift response with the right security
tools and solutions. By acting on this, traders and investors
who access the cloud and data centers at the exchange
are able to be very productive from around the world in
a secure environment without losing the user experience.
Leveraging the Cloud and Datacenter At A Major Financial Exchange
HYBRID
PUBLICPRIVATE
76 Transforming Enterprise Productivity with Hybrid IT www.pulsesecure.net
There are about 7.22 billion mobile devices in the world;
there are about 7.19 billion people on the planet. Research
from GSMA intelligence who tracks data on mobile
devices notes that their prevalence is growing about five
times faster than the population. About half the world’s
population subscribes to a mobile service of some kind.
This is because mobile devices are useful for everyday
life. Through a myriad of available apps, they allow
quick access to information and utilization of different
software applications – all in the cloud. Workers now
want the same utility from their employers letting them
access their corporate email and applications with their
personal mobile devices via Bring Your Own Device
(BYOD) practices. Workers can find customer data, create
a document and access financial information with the
same agility they have in their personal lives.
But it is important that enterprise information be managed
and controlled as secure mobile device containers that
allow, through appropriate software and applications,
a separation of personal business data. Mobile devices
must be compliant with existing security policies. Risk is
inherent with personal devices – Gartner found that one
in four business users surveyed admitted to having a
security issue on their private device in 2013.
In addition, apps on mobile phones are numerous and
enable entry into cloud applications. From a device, a
worker can be logged in and working from anywhere
and anytime. But apps must also be secure. The very
same convenience of access that mobile phones afford,
is also a source of intrusion. According to Pulse Secure’s
2014 Mobile Threat Report which researched some 2.5
million mobile applications, there were nearly one million
(931,620) unique malicious applications – a 391 percent
increase from 2013 alone.
Traceability and control of devices further challenge CISOs
in maintaining a secure perimeter. Identity and Access
Management (IAM), given the popularity and utilization of
mobile devices, has become the new IT perimeter.
“Authenticating users on a variety of endpoints should
provide the right balance of user experience, security and
workforce productivity,” according to Gartner’s research
report Refresh Authentication Choices to Improve Mobile
Workforce Remote Access (28 January 2015, by Gartner
Analysts Anmol Singh and John Girard). CISOs and IAM
leaders need to keep pace with new methods of remote
access for the mobile workforce in a constantly changing
work environment.
THE NEW MOBILE PLATFORMMobile device access is essential for productivity but security must continue to be a priority.
Securing this perimeter in real time as utilization grows is the challenge of CISOs. Melding the effective control of user identity and device identity
with device compliance is the new objective for CISOs in a Hybrid IT environment. Such identities represent their new IT security perimeter.
www.pulsesecure.net 98 Transforming Enterprise Productivity with Hybrid IT
Challenging the Security of Hybrid ITWhen mobile workers utilize BYOD to access sensitive
corporate data, there is a risk of non-compliance and
exposure of sensitive data to unwanted parties.
SaaS is very useful for today’s business entity. However,
such platforms pose security risk. 53% of respondents
in KPGM’s 2014 Cloud Survey Report cited “data loss and
privacy risk” as the greatest concern when adopting the cloud.
Sensitive corporate information will reside into the cloud
through SaaS vendors such as Dropbox, Office 365,
Salesforce and Concur. This data may become a target
for artful hackers to use their tricks and methods to
exfiltrate data. Users rely on a safe gateway or tunnel to
and through the cloud.
Secure the Tunnel To the Cloud and the DatacenterGetting a grip on securing the pathways between devices
and data, involves securing the tunnel between them. The
clincher for IT leadership is to allow secure access and
insure the tunnel is protected and controlled.
How does this happen?
Principally, by implementing authorization access control
services for employees and users – from any device,
anywhere, at any time, it happens. This means using
existing Secure Sockets Layer virtual private network
(SSL VPN) gateways to access the datacenter while also
SECURE ACCESS IS KEYEnterprises require a secure tunnel to the cloud and data center
53%
relying on a Cloud Access Security Broker (CASB) to insure
a secure pathway between users and the cloud provider.
Enforcing device compliance is key in both cases to protect
the integrity of enterprise data. Such tools insure the
tunnel of Hybrid IT use is not only accessible, but secure.
Secure the Data not the DeviceBuilding a gateway is part of meeting the security challenge
of Hybrid IT. Because workers take advantage of the BYOD
approach, and managing the access and authentication of their
device must be a critical component of any security strategy.
This requires the use of a device container, so workers can
utilize BYOD securely and peacefully coexist with personal
and corporate applications on their device. The container
eliminates the enterprise need to manage the entire
device and protects worker privacy.
Securing the tunnel using identity management tools and
technology, and ultimately securing the device container,
affords today’s competitive knowledge worker the freedom
to collaborate and work together globally in a secure
environment – with any device accessing information in
the datacenter or in the cloud, wheneverand wherever
they choose.
Personal Productivity: The PayoffLocation, location, location – it really doesn’t matter
anymore. Because users work anywhere, at any time,
and are much more productive. Thanks to advances in
technology, this productivity gain is possible, even though
evolving security risk continuously challenges it.
Secure the tunnels to the datacenter and the cloud, enable
workers to use any secured device – be it their own or not,
and you have the ingredients for a very productive and
secure work environment. Insuring remote and mobile
security should encompass multilayered access that is
easy on the user without sacrificing security risk. With the
right solutions and tools, expediting access will also aid in
making Hybrid IT the productive platform that it is.
Today’s worker is able to do things they could not do
before – simply because secure access technology allows
them to do it. And they can produce not just from their
cubicle, office or desk, but anywhere, in any time zone,
from anywhere in the world.
This is a game changer.
www.pulsesecure.net 1110 Transforming Enterprise Productivity with Hybrid IT
A CASB model is ideal to enable Hybrid IT. It allows access
to numerous common cloud-based SaaS applications via
mobile devices and use cloud applications and corporate
data parked in legacy databases and servers at their
parent company. It is a value-added approach.
However, proceed with caution.
Its full embrace must honestly ask and answer some
key questions before taking this route. Here are seven
questions to consider to accelerate its success:
1.What skill sets and IT competencies will be required
to maintain this model once in place? There are new
apps, new IT silos, and perhaps several new ways of doing
business. Is everyone ready and trained to embrace them
and work with a CASB model?
2. What about Scalability? What will we face when it’s
time to scale upward – when that time comes (and it likely
will)? As the enterprises continue to advance and scale is
the CASB model ready and able to scale with it?
3. How will we manage increasing operational
complexity as new technology and new approaches
come about and are required to compete? Everyday
a new wave of technology arrives. Often this adds to
operational complexity. So how will this all be incorporated
and anticipated with CASB?
4. What about extending existing services and apps?
Will Hybrid IT afford a seamless blend? Anticipate expected
challenges and difficulties ahead of time in order to link
services with devices and apps. Focus on swiftly making
them available and integrate this with CASB.
5. What is our plan for compliance enforcement?
A dispersed workforce with multiple devices presents
compliance risk. Will device compliance and enforcement
be incorporated into your CASB model so that it does not
fall wayward?
6. How much can we rely on CASB? Will CASB’s proxy
technology – sitting right smack dab in the data path,
deliver the service we demand and require? How reliable
is it and will it interfere at all with data access?
7. Will this all be transparent to the user experience
once CASB is in place? Users want easy access to data – be
it from the datacenter or the cloud; they do not want to sign
on several times and even get kicked out, only to have to
start over. Will this happen? It shouldn’t. Insure transparency
is part of initial planning, but ongoing plans as well.
CASB can be a very effective approach. Any pitfalls in its
embrace may be overcome. However, such questions need
to be on the table when partnering with a CASB solutions
provider. Retooling your network and providing users
trusted seamless access to your datacenter and the cloud
is a wonderful advanced strategy.
Take time upfront to answer important questions and
stimulate discussion so that CASB yields the true dividends
and ROI you expect and ultimately avoid any pitfalls.
Embracing The Cloud Access Security Broker (CASB) Model for Hybrid IT: Seven Key Questions You Need
To Ask and Answer To Avoid Common Pitfalls
As mobile device ownership and usage grows and
matures, knowledge workers increasingly fill their
personal mobile devices with the rich offerings of SaaS
applications. Enterprises must adapt their compliance,
authorization and access security solutions to provide
multi-layered protection without making application and
information cumbersome to the user.
CISOs are challenged to make Hybrid IT safe and secure
by meeting all the challenges that it poses. Namely, they
must authenticate user and device identity and through
cutting-edge identity management tools and solutions,
provide a safe tunnel by which applications in the cloud and
on their very own premises may be accessed and utilized.
In the end, this is the great benefit that allows Hybrid IT
to flourish. And when Hybrid IT flourishes, so too does
employee productivity and the entire organization.
About Pulse SecurePulse Secure, LLC is a leading provider of access and
mobile security solutions to both enterprises and service
providers. Enterprises from every vertical and of all sizes
utilize the company’s Pulse virtual private network (VPN),
network access control and mobile security products to
enable end user mobility securely and seamlessly in their
organizations. Pulse Secure’s mission is to enable open,
integrated enterprise system solutions that empower
business productivity through seamless mobility.
About the AuthorJim Romeo is a freelance copywriter, workshop and
seminar leader, speaker, coach, and author, with a focus
on business and technology topics. He has written more
than 800 feature articles on a wide array of topics, including
IT, IT security, engineering design, marketing, supply chain
management, telecommunications, emerging technologies,
and leadership and professional development. His
writing credits include Desktop Engineering, The Maritime
Executive, SC Magazine and many more. He has a
background in engineering and holds an MBA in marketing
from Columbia University in New York.
Copyright 2015 Pulse Secure, LLC. All rights reserved. Pulse Secure and the Pulse Secure logo are registered trademarks or Pulse Secure, LLC. All trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Pulse Secure assumes no responsibility for any inaccuracies in this document. Pulse Secure reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
CONCLUSIONWith Robust Security Measures, Hybrid IT Flourishes
1312 www.pulsesecure.netTransforming Enterprise Productivity with Hybrid IT
Pulse Secure LLC
2700 Zanker Rd. Suite 200
San Jose, CA 95134
www.pulsesecure.net
