Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution RSA Security Conference

2 Agenda Identity Management Objectives Cognizance Solution Demo Features Benefits

3 Identity Management Objectives The problem: Multiple accounts per employee Growing number of applications and platforms Access from employees, business partners, customers & suppliers Open enterprise cannot rely on the disappearing physical perimeter for security Network SAP Citrix VPN Web More … Finance Marketing Sales Service B2B Partners Customers Employees 60% of fraud is internal Increase in portals failure Control over groups Failing policies & procedures

4 Identity Management Objectives The problem: Multiple accounts per employee Growing number of applications and platforms Access from employees, business partners, customers & suppliers Open enterprise cannot rely on the disappearing physical perimeter for security Increase access flexibility and security without budget increase

5 Cognizance Solution The solution: Consolidated security framework: users, policy & applications Consistent user identity combines multiple user accounts Strong authentication and role based access control The right information To the right people Any application Any time Anywhere Role/ Resource SalesLogisticsGuestHR LogonXXX PrintXXX DB AccessX CRMX WebXX Intranet App XXX PayrollX EducationXX This is a Role

6 Cognizance Solution The solution: Consolidated security framework: users, policy & applications Consistent user identity combines multiple user accounts Strong authentication and role based access control Delegated administration and user self-service Centralized Delegated Self Management User Self-Registration

7 Cognizance Solution The solution: Consolidated security framework: users, policy & applications Consistent user identity combines multiple user accounts Strong authentication and role based access control Delegated administration and user self-service Built-in identity applications and services Network logon VPN and Remote Access Single Sign-On PKI support Web Access

8 User Identity User Profile Network accounts Application list Encryption keys Shared tokens Certificates Virtual Tokens Multiple Roles SSO XML scripts Application data Cognizance Identity & Access Management Password Certificates Smart cards Biometrics USB Tokens Virtual tokens Other/Custom Authentication method Time Date range Group/unit membership IP Address range Ports and protocols Business rule based Custom User administration Profile maintenance User registration Group operations Credential store Multi directory support Applications & Services Logon MS & Novell Logon MS & Novell Web Access Self Service Single Sign-On VPN Remote Access VPN Remote Access Citrix Metaframe Citrix Metaframe PKI Client Authentication Authorization Identity Management Identity Management

9 The Market Analyst firm IDC expects this market to grow from $2.6 billion in 2002 to nearly $6 billion by 2006 Based on a Gartner survey of 30 senior security executives in large companies, many organizations already have internal secure identity management initiatives underway: 80% of Financial Services 70% of Retail 70% of High Tech

10 What the analysts are saying… “The typical enterprise must manage increasingly virtual relationships with employees, contractors, customers, partners, suppliers, and a variety of other network constituents. The old way of thinking about corporate boundaries and network security—the firewall as an impenetrable perimeter—no longer apply. Suddenly, the ability to manage identity has a direct impact on your company’s brand and its ability to adapt to new business models. Do it well and your company can make money in new ways. Do it poorly and your company will be damaged severely.” Jamie Lewis CEO and Research Chair Burton Group

11 Cognizance Administration Center Manages users, user profiles, policies and applications from a single administration tool Manages all aspects of user identities across multiple directories Provides a consistent view of the enterprise security model Supports delegated administration Web enabled Includes a complete smart card management system Allows centralized SSO application registration

12 Cognizance Administration Center

13 Cognizance Multifactor Authentication Provides the following authentication methods out-of-the-box: Password Single-use password Smart card and USB token Virtual token (encrypted containers with the user identity) Digital certificates Biometrics Supports any arbitrary combination of the above authentication methods Allows the use of multiple alternative authentication methods per user Supports interface for plug-in authentication methods

14 Cognizance Role-Based Authorization Dynamic and static policy elements Authentication method, time, date, IP address and protocols Automatic policy generation based on business rules User sets allow combining users from different groups and directories Role Based Authorization and Access Control (RBAC) Maps complex policies and business rules to multiple roles Simplifies policy management Reduces the number of policy relationships Simplifies application management Provide both application role and role application views of the enterprise access control

15 Cognizance Role-Based Authorization Role of a Sales Person ADS biometric Logon SSO biometric access CRM biometric access Web – anonymous – ADS authentication Citrix published applications – biometric access VPN access `- password Role of a Sales Person ADS biometric Logon SSO biometric access CRM biometric access Web – anonymous – ADS authentication Citrix published applications – biometric access VPN access `- password Role of a Finance Person ADS biometric Logon SSO biometric access CRM biometric access Web – anonymous – ADS authentication HR – biometric with revalidation SAP – biometric authentication Role of a Finance Person ADS biometric Logon SSO biometric access CRM biometric access Web – anonymous – ADS authentication HR – biometric with revalidation SAP – biometric authentication

16 Cognizance Built-In Applications Logon for Microsoft Windows, NDS and Citrix VPN and Remote Access client for CheckPoint and Microsoft Enterprise Single Sign-On (SSO) MS Windows, Web- or host-based applications Centralized, administrator-initiated and user-based SSO model Built-in XML scripts for popular applications Powerful language for new applications registration PKI client with support for CAPI and PKCS#11 Supports smart cards and virtual tokens Certificate issuance Automatic delivery of the certificates Self-service administration tool Maintains user profiles Manage SSO applications Register credentials New user sign up Allows policy driven new user self-registration

17 Cognizance User Self-Services Single user self-service tool allows: Centrally controlled profile maintenance by the user Register new SSO applications Enroll/change user credentials Register new network/VPN accounts Issue and install new certificates Store/load identity to smartcard, USB or virtual token Launch Panel Instant access to all authorized applications New user sign up Policy driven registration sequence Includes profile creation and credential enrollment

18 Benefit Analysis Productivity increase – Administrator Single administration tool increase administrator efficiency Role-based access control simplifies policy and application management Automatic policy generation reduces administrator workload Unified user identity model reduces number of duplicate accounts Single deployment installs multiple integrated applications, including network logon, SSO, VPN, user self-service and PKI client Easy and flexible smart card/virtual token deployment Simplified PKI deployment and use via user self-services User self-service tool reduces administrative workload Built-in enterprise SSO eliminates multiple password requirements Use of smart cards or biometrics can reduce need for passwords

19 Benefit Analysis –– Continued Productivity increase – User Single easy to learn self-service user interface Launch panel provides immediate access to authorized applications User can add new SSO applications, eliminating need for passwords Biometrics or smart card can reduce needs for passwords Automated sign up: fast productivity for new employees Disconnected user identity with virtual tokens Easy PKI deployment

20 Benefit Analysis –– Continued Security benefits Centralization of the information security Consistent security policy throughout the enterprise Flexible security targets specific danger areas, such as external access or after hours, without complicating regular user access Strong multifactor user authentication Easy deployment of smart card/virtual token combination

21 Benefit Analysis –– Continued Architecture benefits Framework approach: expandable architecture via Cognizance SDK Add custom data sources, authentication methods, policies, and applications High performance authorization architecture does not require fast connection between Cognizance server and authorized applications Special case: user identity on a smart card does not require connection to Cognizance server Large enterprise scalability with a standard load balancer and multiple installations of Cognizance server Can be used as part of managed services to provide security services to multiple enterprises

Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution RSA Security Conference