Organizations that leverage the AWS Management Console with multiple AWS accounts and cross-account roles can find it challenging to manage secure and simplified access to it. Okta makes it easy to secure the AWS Management Console as well as other frequently used AWS services. Ellucian, a higher education software provider, turned to Okta to help it reduce friction caused by inconsistent user passwords. Join our upcoming webinar to hear from Okta, AWS, and Ellucian about the importance of a seamless security experience for both employees and customers.
Secure and Streamline Access to Your AWS Management Console with Okta PPT
1. Secure and Streamline Access to Your AWS
Management Console with Okta
Patrick McDowell, Partner Solutions Architect, AWS
Kyle Diedrich, Sr. Technical Marketing Manager, Okta
Lee Congdon, Chief Information Officer, Ellucian
October 17th, 2017
2. $6.53M 56% 70%
https://www.csid.com/resources/stats/data-breaches/
Increase in theft of hard
intellectual property
http://www.pwc.com/gx/en/issues/cyber-
security/information-security-survey.html
Of consumers indicated
they’d avoid businesses
following a security breach
https://www.csid.com/resources/stats/data-breaches/
Average cost of a
data breach
Your Data and IPAre Your Most Valuable Assets
3. In a recent IDC report which found that most customers can be more secure
in AWS than their on-premises environment. How?
Automating logging
and monitoring
Simplifying
resource access
Making it easy to
encrypt properly
Enforcing strong
authentication
AWS Can Be More Secure than
Your Existing Environment
5. Constantly Monitored
The AWS infrastructure is protected by extensive
network and security monitoring systems:
Network access is monitored by AWS
security managers daily
AWS CloudTrail lets you monitor
and record all API calls
Amazon Inspector automatically assesses
applications for vulnerabilities
6. Highly Available
The AWS infrastructure footprint helps protect your data from costly
downtime
44 Availability Zones in 16 regions for
multi-synchronous geographic redundancy
Retain control of where your data resides
for compliance with regulatory requirements
Mitigate the risk of DDoS attacks using
services like Route 53
Dynamically grow to meet unforeseen demand
using Auto Scaling
7. Integrated with Your Existing Resources
AWS enables you to improve your security using many
of your existing tools and practices
Integrate your existing Active Directory
Use dedicated connections as a secure,
low-latency extension of your data center
Provide and manage your own encryption
keys if you choose
9. Simplifying and Securing AWS Access
with Okta
Kyle Diedrich, Sr. Technical Marketing Manager, Okta
10. About Okta
• Leading Identity and Access Platform
• Born and built in the cloud on AWS
• Millions of Users, 1000s of Enterprises
• 3x Leader in Gartner IDaaS MQ
• Always On
11. The Okta Identity Cloud
Single
Sign-On
Universal
Directory
Lifecycle
Management
API Access
Management
Adaptive
Multi-Factor
Authentication
Mobility
Management
Developer
SDKs
15. Okta Helps Simplify and Secure Access to AWS for
1000s of Customers
Platform, Applications, Identity and Access Management
16. AWS Business Initiatives from our Customers
Secure Access to Your AWS Infrastructure:
Single-Sign On into the AWS Management Console for one or many accts
Context-Aware Multi-factor Authentication
Automated access deprovisioning as users leave your organization
Simplify and Scale Management:
Automatic group / role based assignment to the right AWS resources
Seamless access across roles and accounts for end-users
Extend directory users and groups to AWS
17. Single Sign On to AWS
Set up in minutes
Standards based (SAML 2.0)
Grant access to specific roles
Seamless end-user experience
Scales across many AWS accounts
DevOps Support
Database Engineers
IAM Roles
EC2_Read_Only
S3_Read_Only
RDS_Full_Access
Dynamo_Full_Access
18. Single Sign On to AWS – Across Multiple Accounts
Connect Okta to all of your AWS
accounts
Read a list of all roles from all
accounts
Assign accounts & roles to users &
groups from the Okta Console
Provide a single centralized page to
access your roles across all
accounts
1 to N AWS Accounts
End-User Experience Administration
19. Context-Aware Multi-Factor Authentication
Capture rich user context
Build a robust policy framework
Comprehensive set of modern factors
Make access decisions in real-time
User1
On-Network
Trusted Device
Employee
Grant Access
User2
Off-Network
UnrecognizedDevice
Employee Require MFA
User3
Off-Network
Trusted Device
Contractor
User4
Known MaliciousIP
UntrustedDevice
Contractor
Block Access
Require MFA
X
20. Directory User & Group Integration
Extend directory users to AWS
Light-weight on-prem agent
Set-up in minutes
No fire-wall changes
Deploy multiple for HA / DR
LDAP
21. Automated Role Based Access & Deprovisioning
Import users as soon as they are
created in AD, HR, or other sources
Use Okta group rules to place users
in appropriate groups
Grant specific access to AWS and
other apps based off entitlements
Automatically deactivate and
revoke access as soon as users are
deactivated
User Created
Imported into Okta &
Placed in a Group
User Deactivated
User Deactivated In Okta
Granted AWS access
+ other apps based on
entitlements
Access Removed to AWS
+ other apps
+
22.
23. Other Ways Okta Can Help with AWS
SSO and Multi-Factor Auth to More AWS Core Services
Amazon
QuickSight
Amazon
WorkSpaces
Amazon
AppStream
Single Sign-On & MFA MFA
Amazon
WorkDocs
Amazon
WorkMail
Amazon
Chime
24. Other Ways Okta Can Help with AWS
Streamlined, Secure Access to Your AWS-Built Applications
Oktaadds authentication, authorization, and
user management to your web or mobile app withinminutes. Authentication
Multi-FactorAuth
OpenID Connect
AD/LDAP
Authorization
SocialLogin
Single Sign-On
Token Authentication
With CompleteDocs & SDKS@
developer.okta.com
25. Other Ways Okta Can Help with AWS
Simple, Scalable Access to the AWS CLI
Authenticate with your Okta Credentials to Gain Temporary Access to an
IAM Role
Even Provide a 2nd Factor of Authentication for Additional
Security & Protection
Okta Push Verify
SMS
GoogleAuthenticator
And More
26. How Ellucian Delivers Higher Education
Solutions with AWS and Okta
Lee Congdon, Chief Information Officer, Ellucian
27. About Ellucian
Ellucian is the world’s leading provider of software and services
that power the essential work of colleges and universities.
Visit Ellucian at www.ellucian.com
28. Challenges
Respond to rapid growth
in demand
Insure secure and controlled
access to services
Increase technology
process efficiencies
Provide outstanding
user experience
29. Why AWS?
Ability to Scale Broad Range of Leading
Solutions
Flexibility and Efficiency
31. Why Okta on AWS?
Ability to Scale Flexibility and Agility Secure,
Controlled Access
32. Benefits & Results
Ability to Scale in Response
to Customer Demand
Flexibility for Future
Enhancements and Extensions
Increased Operational
Efficiency Frees Resources
to Add Business Value
Significantly Improved
Administrator Experience
Security Benefits from
Consistent Implementation
33. Q & A
Moderator
Patrick McDowell, mcdowep@amazon.com
Speakers
Kyle Diedrich, kyle.diedrich@okta.com
Lee Congdon, lee.congdon@ellucian.com