Web-based apps Cloud and SaaS

Today’s workforce is

Mobile Cloud and SaaSbased applications are being deployed and used faster than ever Most applications are

Web-based apps

Hybrid Cloud is the new normal.

%

plan to migrate >50% of their Apps to the Cloud

Sources: State of Application Delivery Survey, 2016

Why are Apps moving to the cloud ? Improve Time to Market

Sources: F5 State of Application Delivery Survey, 2016

Reduce OpEx

Reduce CapEx

Sources: ²Forbes, ³F5 State of Application Delivery Survey, 2016

From what we can see in the market … • Majority of our customers adopt the following Hybrid Cloud Strategy • Move non Critical Apps to SaaS • New Apps with a Cloud 1st Strategy • Migrate some existing Apps to a Private Cloud

• Trend to move to Non Mission Critical Apps to SaaS • Focus on their business • Move from Capex to Opex basic IT services

90% Firewalls

Anti Virus

DLP

28% IDS/ IPS

Firewalls

SIEM

Anti Virus

DLP

28% IDS/ IPS

APT

Challenges of Managing Access Today

Rapidly expanding, changing mobile workforce

Explosion in number of users, use cases, in-use devices

Increased virtualization

Fast rising number of security threats and attacks

Need to manage access based on identity and context

• AAA Management with 3rd parties

Apps in the Cloud still need to follow the same security mechanisms

• User Acceptance multiple passwords.

User’s Authentication and Experience Credential in many places?

Password bucket

Pa55W0rd ;PassWor99

?

Pa5Sw)rD! abc123

Office365

L4-7 Services

Identity & Authorization

Concur Expenses

Application Data Center Salesforce

Pa55W0rd

L4-7 Services

Identity & Authorization Application Data Center

User Identity ≠ just User ID

Allow Deny Challenge User ID

Location

OTP Client Cert.

End point Device health Device type Malware

Sensitive Data Human

User ID Location End point Device health Device type Malware Sensitive Data Human

Allow Deny Challenge OTP Client Cert.

User Identity and + Device Information

Network / Connection

Application Health + and Risk

OS Authentication

Browser

Device type and integrity

Operating system

Location

Access method

!!! App location App importance and risk

Network integrity

Network quality and availability

v3.1 App type/ version

Connection integrity

Authentication, authorization, and SSO to all applications

Virtual Apps

VDI

Secure Web Gateway

Remote Access and Application Access

Access Management Apps

Virtual Edition

Mobile Apps

Enterprise Mobility Gateway

Appliance

Websites/Web Applications

Enterprise Apps

Chassis

Identity Federation/SSO

Cloud, SaaS, and Partner Apps

Users

Apps Adaptive Auth

SSO Selection

SAML Pass-through

Federation (SAML)

Endpoint Validation

Simple Assertion

Token

Kerberos Delegation

Password

Step-Up Auth

Dynamic Forms

Certificates

Fraud Protection

Certificates

Private/Public Cloud

• Transforms one type of authentication into another • Supports various standards-based protocols (SAML, Kerberos, NTLM) • Enables flexible selection of SSO techniques appropriate to the application • Allows for centralized session control of all applications, even SaaS apps

Pa55W0rd

SAML SP Office 365

SAML IdP SAML SP

Identity & Authorization Application

Concur Expenses

SAML SP

Data Center SalesForce

Anonymous access to and re-validation of AD, LDAP, or RADIUS flat-file authentication per request within an access session, for accessing additional, sensitive web URIs, or to extend a session

XYZ Corporation

Private Cloud Apps

Enterprise

Public Cloud Apps 8 3 2 8 4 9

XYZ Corporation

LOGIN AD, LDAP, RADIUS

Mobile User

Corporate device, internal user

Corporate Users

Single-factor or multifactor authentication

Corporate or personal device, remote/mobile user

832849

Remote User

LOGIN

Directory Services

AD, LDAP, RADIUS

XYZ Corporation

Contractor

Corporate Applications

8 3 2 8 4 9

F5 Networks & Veracomp

© F5 Networks, Inc

CONFIDENTIAL – INTERNAL USE ONLY

LOGIN AD, LDAP, RADIUS

22

On-Premises Infrastructure

Corporate Users

XYZ Corporation Private Cloud

Public Cloud

SAML Identity management Multi-factor authentication

8 3 2 8 4 9

LOGIN

Users

SAML Real-time access control Access policy enforcement

Attackers

Directory Services

Office 365 Google Apps Salesforce SaaS

Identity federation

Corporate Applications

 Dramatically reduces costs  Delivers seamless access

 Increases user productivity  Simplifies administration  Enhanced adaptive access and authentication

Simplifies Improves performance and usability, while simplifying administration

Secures Enhances application and virtualized apps and desktop security

Protects Expands data loss prevention and guards against web-based attacks

CONTEXT

VISIBILITY

CONTROL

Federated identity

Inbound / Outbound

Web Application Firewall

Single sign-on

Dynamic service chaining

Anti DDoS

Granular access control

Broad ecosystem support

Web fraud

Think differently about security.

Choose a platform for security consolidation that gives you a secure visibility zone for tomorrow.

Protect your apps, secure your data.

Get better value today from existing investments.

(Availability)

(Confidentiality)

(Confidentiality)

(Integrity) (Availability)

(Confidentiality) (Integrity)

(Availability)

(Integrity)