SlideShare uma empresa Scribd logo

Safenet Authentication Service, SAS

Transferir como PPTX, PDF
R
robbuddingh

This document introduces SafeNet Authentication Service's authentication "as-a-service" offering. It discusses replacing passwords with multi-factor authentication using tokens. Users can log in once across devices and applications. The service supports a wide choice of tokens including hardware, software, SMS-based and mobile app options. It also allows for automated provisioning, self-enrollment and single sign-on across applications.

Tecnologia
1 de 45
Insert Your Name Insert Your Title Insert Date SafeNet Authentication Service Introducing Authentication “as-a-Service” Rob Buddingh’ IP4SURE
2© SafeNet Confidential and Proprietary Algemeen Werken met web applicaties Bedrijf/organisatie oogpunt Met web applicaties kunnen we gebruikers meer zelf laten doen: medewerkers, maar ook klanten en leveranciers. Dit bespaart kosten, opent nieuwe markten en levert efficientie op. Beveiligingsoogpunt Web applicaties zijn individueel goed te beveiligen. Echter doordat de gebruiker steeds meer logins krijgt, neemt over het geheel de beveiliging af: men kiest voor hetzelfde wachtwoord of gaat wachtwoorden opschrijven in agenda. Gebruikersoogpunt Ik wordt geconfronteerd met steeds meer web applicaties. Aan de ene kant handig omdat ik altijd en overal bij kan, maar ook een groeiend aantal wachtwoorden die ik moet onderhouden.
3© SafeNet Confidential and Proprietary Situatie - Behoefte Bring Your Own Device (BYOD) Tijd / plaats onafhankelijk werken Flexibiliteit Afrekenen op output? Een “goede” werkgever zijn
4© SafeNet Confidential and Proprietary Situatie - Behoefte • Beveiliging – Indien 1 keer inloggen of gegevens zijn kritisch dan alleen extra beveiligd toestaan – Pro-actieve monitoring van wat er gebeurt • Bedrijf /organisatie – Elimineren van apart aanloggen van bestaande en nieuwe web applicaties – Korte implementatietijden tegen acceptabele kosten • Eindgebruiker – Het liefst 1 keer inloggen (Single Sing On) – Situatieonafhankelijk: plaats, tijdstip, computerdevice
5© SafeNet Confidential and Proprietary Bent u wel wie u zegt wie u bent?
6© SafeNet Confidential and Proprietary Bent u wel wie u zegt wie u bent?
7© SafeNet Confidential and Proprietary Wachtwoorden zijn zwak en onveilig
8© SafeNet Confidential and Proprietary Wachtwoord en het beleid
9© SafeNet Confidential and Proprietary Wachtwoord en het beleid
10© SafeNet Confidential and Proprietary Gebruikers en wachtwoorden
11© SafeNet Confidential and Proprietary Gebruikers en wachtwoorden
12© SafeNet Confidential and Proprietary Oplossing Gebruiker Multi factor login Werk met de web applicaties zonder extra wachtwoord te hoeven te gebruiken Ik heb mijn eigen extra beveiligde token dat mij toegang geeft tot mijn web applicaties. Er zijn meerdere tokens mogelijk, ik heb gekozen wat voor mij het beste aansluit. Mijn token werkt op alle devices en ik heb op alle devices toegang tot dezelfde web applicaties Computerdevices die ik gebruik Web-, nonweb applicaties, netwerken
13© SafeNet Confidential and Proprietary Welk token past bij mijn gebruikers? Hardware? “Tokenless”? “apps” op smartphone? SMS authenticatie? Of een combinatie?
User Directory Sources 16© SafeNet Confidential and Proprietary BlackShield Cloud supports any user store  Simple Agent installed on any server • No hardware required  SQL, LDAP, AD ,ODBC, Lotus, Novell, • Others via custom field mapping  Secured using SSL links  Read only / Non intrusive  Multiple domains  Full customisation  Zero schema change In Addition users can be:  bulk imported via .csv files  created locally users LDAP Integration LDAP / Active Directory / User Source Corporate Network Corporate Network LDAP / Active Directory / User Source LDAP / Active Directory / User Source Corporate Network
Introduction: Protect Everything: Networks, Applications and Cloud Services 17 Online Storage Application Hosting SAML Tokens & Users Administrator Agent RADIUS API Private Networks Corporate Network Corporate Network Corporate Network Corporate Network LDAP / Active Directory LDAP / Active Directory LDAP / Active Directory LDAP / Active Directory Private Cloud Services Public Cloud Applications Collaboration Tools SAML SAML
Introduction: Widest Choice of Tokens, including Tokenless & 3rd Party  Authenticators for every user type – and an increasing focus on commoditisation Authenticators that:  Don’t expire  Seed keys can be owned by the subscriber  Can be easily re-assigned to new users  Easy deployment saves cost and time  A token can be included in the service charge H/W SMSBlackBerry iOS Android Microsoft Java Multi Platform USB GridMicrosoftOSx
Token policies and security  Ability to set token Policies • Pre-configured to best practice for optimal security • Reconfigurable to match each customer’s policy • Multiple options can be re-defined • PIN length and complexity • OTP length and complexity • Try attempts • Forced PIN change • Portal shows details of EVERY individual token  Initialisation of tokens • Software/SMS tokens initialised at point of deployment • Hardware tokens can also be initialised Security Policy Application
Introduction: Automate everywhere  SafeNet Authentication Service automates everything, reducing management time, the main cost of a strong authentication solution 20 User Synchronisation Security Policy Application Token Provisioning Self Enrolment SAML Service Registration Alerts Reporting
LDAP Changes  Automatic updates of LDAP changes 21 User Synchronisation Users User Changes Directory Server LDAP Agent GroupsAccess Device or Application Policies & Rules Self Enrollment Authentication
Multi-tier, Multi-tenant • Support multiple companies, divisions, business units, LDAPs etc. on a single platform. • Each appear as a distinct BlackShield server. 22 Service Provider
Multiple Business Unit entities, Groups & Containers 23 Main Company USA R&D Operations Sales EMEA R&D Sales Administration APAC R&D Operations  Gain power and flexibility to support • Delegated administration and localization within business units or departments • Local and centralized user directories • Local and central authentication points: VPNs, applications and network devices • Organizations lower in the hierarchy can inherit policies and settings • Avoid multiple instances of authentication servers
Multi-tier / Multi-tenant management Administration Portal Delegated management
Defining the management structure Roles & Scope A role decides “what an operator can do” Hide, show, enable or disable tabs, modules and actions to form a role The scope decides “who you can do it for” Use organisations and containers to control the scope Roles are defined per Organisation
Customization Customize Everything User Experiences Branding Reporting Administrator Experience Administrator and Operator Role Management Infrastructure Security Policies  Customize Everything • User experiences • User messages such as enrolment, token related (SMS or software) alerts etc • Log-on experience • Self service experience • Administrator experience • Language • Alert messages • Branding • Infrastructure • SMS Gateways • Modems • Reporting • Security • Policy engine • OTP policy • Administrator and operator Role Management
Branding Branding Branding of Portal Dedicated URLs Branding of Documentation Customisation of SMS Messages and Emails Token Branding Options Branding of Self-Service Portal  Brand Everything • Branding of Portal • Branding of Self-Service Portal • Token branding options • Customisation of SMS messages and emails • Default messages • SP text within message • Customer text within message • Customise deployment message • Dedicated URLs • Portal • Self Enrollment • Self Service • Branding of documentation
D Customization and Branding
Reporting  Major additions to reporting • Security Policy (11) • Compliance (13) • Billing (2) • Inventory (9)  Fully automated delivery • Output in html, csv, tab, xml • Delivery via FTP, SFTP, SCP • Restrict access by role 29
Simplify SAML registration  Users can automatically be added to multiple groups  Sign-in to one service and during your session you are automatically signed in to all your services  Sign-out to leave all services 30 SAML Service Registration UserID: Bill Password: “OTP” SAML Assertion bill@gmail.com SAML Assertion blaham@cryptocard.com SAML Assertion bill
Migrating to your new service 31 SAS-Agents RADIUS SAML RADIUS Access device or RSA Agent (any 3rd party agent) RSA Authentication Manager w/RADIUS (any 3rd party auth. Server) RADIUS Add Auth.Manager as an Auth Node Add SAS as a RADIUS Client BEFORE Use any token type AFTER
Referenties ©CRYPTOCARD 2011
User Self-Service Portal 34 Request a new, replacement or temporary token Create workflows for approving requests Allow users to customise their portal Provide language variants to match user needs Users can resolve common problems
Rolling out an iPhone token (MP)
This email can be from any address and can be fully customised
Select target
Step 2 Confirm email address for OTA
Download and install App
click link (step 2) to load seed file (key)
User set pin (optional)
Secure login
Safenet Authentication Service, SAS

Recomendados

A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise Applications
SafeNet
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection Company
ASBIS SK
 
SafeNet overview 2014
SafeNet overview 2014SafeNet overview 2014
SafeNet overview 2014
Sectricity
 
SafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto ManagementSafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto Management
Sectricity
 
Protect Your Sensitive Data with Gemalto Guidebook
Protect Your Sensitive Data with Gemalto Guidebook Protect Your Sensitive Data with Gemalto Guidebook
Protect Your Sensitive Data with Gemalto Guidebook
Exclusive Networks ME
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0
Shamun Mahmud
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Sangfor SSL VPN Datasheet
Sangfor SSL VPN DatasheetSangfor SSL VPN Datasheet
Sangfor SSL VPN Datasheet
Sangfor Technologies USA
 

Recomendados

A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise Applications
SafeNet
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection Company
ASBIS SK
 
SafeNet overview 2014
SafeNet overview 2014SafeNet overview 2014
SafeNet overview 2014
Sectricity
 
SafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto ManagementSafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto Management
Sectricity
 
Protect Your Sensitive Data with Gemalto Guidebook
Protect Your Sensitive Data with Gemalto Guidebook Protect Your Sensitive Data with Gemalto Guidebook
Protect Your Sensitive Data with Gemalto Guidebook
Exclusive Networks ME
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0
Shamun Mahmud
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Sangfor SSL VPN Datasheet
Sangfor SSL VPN DatasheetSangfor SSL VPN Datasheet
Sangfor SSL VPN Datasheet
Sangfor Technologies USA
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windows
arpit06055
 
Rsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentationRsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentation
Zeev Shetach
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Cryptzone
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
Shiu-Fun Poon
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
Amazon Web Services
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Amazon Web Services
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210
Hai Nguyen
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications
Array Networks
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
Cisco Canada
 
Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3
Ricardo Resnik
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical Architecture
Cryptzone
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
Shiu-Fun Poon
 
Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Study: State of Web Security
Cisco Study: State of Web Security
Cisco Canada
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
Maxim Salnikov
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
Cisco Canada
 
Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...
Xylos
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
Cryptzone
 
Bright talk mapping the right aut solution for you 2014 final (1)
Bright talk mapping the right aut solution for you 2014 final (1)Bright talk mapping the right aut solution for you 2014 final (1)
Bright talk mapping the right aut solution for you 2014 final (1)
Sectricity
 
Cyberoam SSL VPN
Cyberoam SSL VPNCyberoam SSL VPN
Cyberoam SSL VPN
Ajay Nawani
 

Mais conteúdo relacionado

Mais procurados

Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
Amazon Web Services
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210
Hai Nguyen
 

Mais procurados (20)

RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windows
 
Rsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentationRsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentation
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
 
Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical Architecture
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
 
Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Study: State of Web Security
Cisco Study: State of Web Security
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
 
Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
 

Semelhante a Safenet Authentication Service, SAS

Bright talk mapping the right aut solution for you 2014 final (1)
Bright talk mapping the right aut solution for you 2014 final (1)Bright talk mapping the right aut solution for you 2014 final (1)
Bright talk mapping the right aut solution for you 2014 final (1)
Sectricity
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
Array Networks
 
Bridging the Cloud Sign-On Gap
Bridging the Cloud Sign-On GapBridging the Cloud Sign-On Gap
Bridging the Cloud Sign-On Gap
OracleIDM
 
Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)
Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)
Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)
Okta-Inc
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
Nordic Infrastructure Conference
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
Security Innovation
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
Kurtis Kemple
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
uberbaum
 
Data power use cases
Data power use casesData power use cases
Data power use cases
sflynn073
 

Semelhante a Safenet Authentication Service, SAS (20)

Bright talk mapping the right aut solution for you 2014 final (1)
Bright talk mapping the right aut solution for you 2014 final (1)Bright talk mapping the right aut solution for you 2014 final (1)
Bright talk mapping the right aut solution for you 2014 final (1)
 
Cyberoam SSL VPN
Cyberoam SSL VPNCyberoam SSL VPN
Cyberoam SSL VPN
 
MMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itMMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure it
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
 
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
 
Bridging the Cloud Sign-On Gap
Bridging the Cloud Sign-On GapBridging the Cloud Sign-On Gap
Bridging the Cloud Sign-On Gap
 
Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)
Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)
Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
 
Synergies across APIs and IAM
Synergies across APIs and IAMSynergies across APIs and IAM
Synergies across APIs and IAM
 
Proven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementProven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and Management
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Data power use cases
Data power use casesData power use cases
Data power use cases
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Último (20)

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Safenet Authentication Service, SAS

  • 1. Insert Your Name Insert Your Title Insert Date SafeNet Authentication Service Introducing Authentication “as-a-Service” Rob Buddingh’ IP4SURE
  • 2. 2© SafeNet Confidential and Proprietary Algemeen Werken met web applicaties Bedrijf/organisatie oogpunt Met web applicaties kunnen we gebruikers meer zelf laten doen: medewerkers, maar ook klanten en leveranciers. Dit bespaart kosten, opent nieuwe markten en levert efficientie op. Beveiligingsoogpunt Web applicaties zijn individueel goed te beveiligen. Echter doordat de gebruiker steeds meer logins krijgt, neemt over het geheel de beveiliging af: men kiest voor hetzelfde wachtwoord of gaat wachtwoorden opschrijven in agenda. Gebruikersoogpunt Ik wordt geconfronteerd met steeds meer web applicaties. Aan de ene kant handig omdat ik altijd en overal bij kan, maar ook een groeiend aantal wachtwoorden die ik moet onderhouden.
  • 3. 3© SafeNet Confidential and Proprietary Situatie - Behoefte Bring Your Own Device (BYOD) Tijd / plaats onafhankelijk werken Flexibiliteit Afrekenen op output? Een “goede” werkgever zijn
  • 4. 4© SafeNet Confidential and Proprietary Situatie - Behoefte • Beveiliging – Indien 1 keer inloggen of gegevens zijn kritisch dan alleen extra beveiligd toestaan – Pro-actieve monitoring van wat er gebeurt • Bedrijf /organisatie – Elimineren van apart aanloggen van bestaande en nieuwe web applicaties – Korte implementatietijden tegen acceptabele kosten • Eindgebruiker – Het liefst 1 keer inloggen (Single Sing On) – Situatieonafhankelijk: plaats, tijdstip, computerdevice
  • 5. 5© SafeNet Confidential and Proprietary Bent u wel wie u zegt wie u bent?
  • 6. 6© SafeNet Confidential and Proprietary Bent u wel wie u zegt wie u bent?
  • 7. 7© SafeNet Confidential and Proprietary Wachtwoorden zijn zwak en onveilig
  • 8. 8© SafeNet Confidential and Proprietary Wachtwoord en het beleid
  • 9. 9© SafeNet Confidential and Proprietary Wachtwoord en het beleid
  • 10. 10© SafeNet Confidential and Proprietary Gebruikers en wachtwoorden
  • 11. 11© SafeNet Confidential and Proprietary Gebruikers en wachtwoorden
  • 12. 12© SafeNet Confidential and Proprietary Oplossing Gebruiker Multi factor login Werk met de web applicaties zonder extra wachtwoord te hoeven te gebruiken Ik heb mijn eigen extra beveiligde token dat mij toegang geeft tot mijn web applicaties. Er zijn meerdere tokens mogelijk, ik heb gekozen wat voor mij het beste aansluit. Mijn token werkt op alle devices en ik heb op alle devices toegang tot dezelfde web applicaties Computerdevices die ik gebruik Web-, nonweb applicaties, netwerken
  • 13. 13© SafeNet Confidential and Proprietary Welk token past bij mijn gebruikers? Hardware? “Tokenless”? “apps” op smartphone? SMS authenticatie? Of een combinatie?
  • 14.
  • 15.
  • 16. User Directory Sources 16© SafeNet Confidential and Proprietary BlackShield Cloud supports any user store  Simple Agent installed on any server • No hardware required  SQL, LDAP, AD ,ODBC, Lotus, Novell, • Others via custom field mapping  Secured using SSL links  Read only / Non intrusive  Multiple domains  Full customisation  Zero schema change In Addition users can be:  bulk imported via .csv files  created locally users LDAP Integration LDAP / Active Directory / User Source Corporate Network Corporate Network LDAP / Active Directory / User Source LDAP / Active Directory / User Source Corporate Network
  • 17. Introduction: Protect Everything: Networks, Applications and Cloud Services 17 Online Storage Application Hosting SAML Tokens & Users Administrator Agent RADIUS API Private Networks Corporate Network Corporate Network Corporate Network Corporate Network LDAP / Active Directory LDAP / Active Directory LDAP / Active Directory LDAP / Active Directory Private Cloud Services Public Cloud Applications Collaboration Tools SAML SAML
  • 18. Introduction: Widest Choice of Tokens, including Tokenless & 3rd Party  Authenticators for every user type – and an increasing focus on commoditisation Authenticators that:  Don’t expire  Seed keys can be owned by the subscriber  Can be easily re-assigned to new users  Easy deployment saves cost and time  A token can be included in the service charge H/W SMSBlackBerry iOS Android Microsoft Java Multi Platform USB GridMicrosoftOSx
  • 19. Token policies and security  Ability to set token Policies • Pre-configured to best practice for optimal security • Reconfigurable to match each customer’s policy • Multiple options can be re-defined • PIN length and complexity • OTP length and complexity • Try attempts • Forced PIN change • Portal shows details of EVERY individual token  Initialisation of tokens • Software/SMS tokens initialised at point of deployment • Hardware tokens can also be initialised Security Policy Application
  • 20. Introduction: Automate everywhere  SafeNet Authentication Service automates everything, reducing management time, the main cost of a strong authentication solution 20 User Synchronisation Security Policy Application Token Provisioning Self Enrolment SAML Service Registration Alerts Reporting
  • 21. LDAP Changes  Automatic updates of LDAP changes 21 User Synchronisation Users User Changes Directory Server LDAP Agent GroupsAccess Device or Application Policies & Rules Self Enrollment Authentication
  • 22. Multi-tier, Multi-tenant • Support multiple companies, divisions, business units, LDAPs etc. on a single platform. • Each appear as a distinct BlackShield server. 22 Service Provider
  • 23. Multiple Business Unit entities, Groups & Containers 23 Main Company USA R&D Operations Sales EMEA R&D Sales Administration APAC R&D Operations  Gain power and flexibility to support • Delegated administration and localization within business units or departments • Local and centralized user directories • Local and central authentication points: VPNs, applications and network devices • Organizations lower in the hierarchy can inherit policies and settings • Avoid multiple instances of authentication servers
  • 24. Multi-tier / Multi-tenant management Administration Portal Delegated management
  • 25. Defining the management structure Roles & Scope A role decides “what an operator can do” Hide, show, enable or disable tabs, modules and actions to form a role The scope decides “who you can do it for” Use organisations and containers to control the scope Roles are defined per Organisation
  • 26. Customization Customize Everything User Experiences Branding Reporting Administrator Experience Administrator and Operator Role Management Infrastructure Security Policies  Customize Everything • User experiences • User messages such as enrolment, token related (SMS or software) alerts etc • Log-on experience • Self service experience • Administrator experience • Language • Alert messages • Branding • Infrastructure • SMS Gateways • Modems • Reporting • Security • Policy engine • OTP policy • Administrator and operator Role Management
  • 27. Branding Branding Branding of Portal Dedicated URLs Branding of Documentation Customisation of SMS Messages and Emails Token Branding Options Branding of Self-Service Portal  Brand Everything • Branding of Portal • Branding of Self-Service Portal • Token branding options • Customisation of SMS messages and emails • Default messages • SP text within message • Customer text within message • Customise deployment message • Dedicated URLs • Portal • Self Enrollment • Self Service • Branding of documentation
  • 29. Reporting  Major additions to reporting • Security Policy (11) • Compliance (13) • Billing (2) • Inventory (9)  Fully automated delivery • Output in html, csv, tab, xml • Delivery via FTP, SFTP, SCP • Restrict access by role 29
  • 30. Simplify SAML registration  Users can automatically be added to multiple groups  Sign-in to one service and during your session you are automatically signed in to all your services  Sign-out to leave all services 30 SAML Service Registration UserID: Bill Password: “OTP” SAML Assertion bill@gmail.com SAML Assertion blaham@cryptocard.com SAML Assertion bill
  • 31. Migrating to your new service 31 SAS-Agents RADIUS SAML RADIUS Access device or RSA Agent (any 3rd party agent) RSA Authentication Manager w/RADIUS (any 3rd party auth. Server) RADIUS Add Auth.Manager as an Auth Node Add SAS as a RADIUS Client BEFORE Use any token type AFTER
  • 33.
  • 34. User Self-Service Portal 34 Request a new, replacement or temporary token Create workflows for approving requests Allow users to customise their portal Provide language variants to match user needs Users can resolve common problems
  • 35. Rolling out an iPhone token (MP)
  • 36. This email can be from any address and can be fully customised
  • 38. Step 2 Confirm email address for OTA
  • 39.
  • 41.
  • 42. click link (step 2) to load seed file (key)
  • 43. User set pin (optional)

Notas do Editor

  1. We offer complete flexibility of token / authentication method: we believe strongly that different users in an organisation require a different experience now and in the future. We are token agnostic in that we support 3rd party OATH tokens, RSA tokens and will add more tokens / authentication methods in the futureOur architecture means that users of our tokens are NOT vulnerable to a copy of the RSA seed breachOur tokens are designed to provide better value: hardware tokens are metal and don't expire so expected life is c. Double the competitions, our soft tokens are all re-assignable as many times as you want, etcEmphasise the ease of deployment: automation and self-enrolment“We needed a reliable authentication solution that works on mobile devices. The great advantage of the BlackBerry tokens is that passwords can be accessed at any time and tokens cannot be misplaced or lost.” Balfour Beatty“We have been using Blackshield Cloud for over two years now, and have yet to replace a single token or battery. There are obvious cost and resource savings for us when using reliable long-life tokens and we are already seeing those benefits.” Specsavers
  2. Key parts of our “more secure” story…Unique policy engine allows centralised control of security postureBest practice settings provided as default but all parameters are flexible so you can implement your company’s policy Automatically monitors and protects against attacks such as brute force and Denial of servicePasscode and PIN length and complexity can be set to reflect your preferred security postureOperational role segregation and delegated managementHighly granular operator role (what they can do) and scope (who they can do it to)Each operator can be given access to (or not) each button of the management UIDefault roles provided for help desk, admin etc, all customisable. See later slide