Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building a Fully Trusted Authentication Environment

Published byHortense Fletcher Modified over 9 years ago

Similar presentations

Presentation on theme: "Building a Fully Trusted Authentication Environment"— Presentation transcript:

1 Building a Fully Trusted Authentication Environment
IBM-SafeNet Joint Solutions Strong Authentication for ISAM-Protected Resources An Introduction to IBM-SafeNet’s Joint Solutions 2014 Hi, Today we’ll review IBM and SafeNet’s joint solutions for providing strong authentication to online resources protected by IBM’s Secure Access Manager for Web.

2 Who we Are Trusted to protect the world’s most sensitive data We control access to the most sensitive corporate information– more than 35 million identities protected via tokens, smartcards, and mobile devices managed on-premise and in the cloud. We protect the most money that moves–over 80% of the world’s intra-bank fund transfers and nearly $1 trillion per day. We monetize the most high-value software–more than 100 million license keys protect and manage on-premise, embedded, and cloud applications globally. We are the de facto root of trust–deploying more than 86,000 key managers and protecting up to 750,000,000 encryption keys. FOUNDED 1983 Baltimore, MD OWNERSHIP Private REVENUE ~330m GLOBAL FOOTPRINT +25,000 Customers in 100 countries EMPLOYEES +1,400 In 25 countries ACCREDITED Products certified to the highest security standard

3 Gartner Magic Quadrant for User Authentication 2013
The most highly ranked vendor Considered the most visionary Cited for the best execution Recognized as having: Very sound market understanding Very strong product strategy Innovation

4 Today’s Enterprise Challenges
Web Mobile / PC Network IT SECURITY BOUNDARIES CHANGING PASSWORDS EASILY COMPROMISED IBM has recently partnered with SafeNet for the purpose of extending strong, two factor authentication to web resources protected by ISAM, or IBM Secure Access Manager for Web. Before we delve into how the solution works, let’s take a look at the challenge the joint solution aims to solve. Threats [] Traditional enterprise IT security boundaries are disappearing due to tablets, smartphones, a growing number of critical web-based applications, and increased workforce mobility. [] And while an increasing amount of sensitive information is being moved outside the on-premises firewall, usernames and passwords still serve as the main authentication method to sensitive resources, such as , VPNs, CRMs and ERPs. This means that an organization’s most important resources—its network, its data and its applications--are being accessed using one-factor authentication solutions which we all know are easily compromised by phishing attacks, keyloggers, and password-hacking techniques. [] On top of that, organizations are increasingly required to comply with regulations as well as conduct security audits. This challenges organizations to balance regulatory requirements with considerations such as usability and increased overhead. So how can you safeguard access to sensitive applications and resources, without relying on username/password combinations? IGNORE from this point on: This means that in order to access the corporate network, an office, CRM or ERP application, the user will also be required to enter a one-time password. Leading identity and access management solutions address security concerns for the traditional enterprise perimeter, which is limited to a Windows-based network, enterprise applications such as Microsoft Office and Oracle iprocurement, and may include internally-hosted ERP or CRM applications. As a result of these emerging challenges, enterprises are starting to ask themselves how they can strengthen security to their online resources, without creating So how can enterprises provide their employees, contractors, partners with access to critical web and network resources, without depending on weak username/password credentials, and w Sensitive information, is whether it’s financial, personal, or operational, now resides outside. And despite an information being Usernames and passwords, once adequate to defend sensitive information inside the perimeter, often prove to be the weakest link in the security chain, as they can easily be compromised by phishing, leaked databases, or hacking. As online corporate resources increase, however, organizations become more vulnerable because passwords serve as the main gating factor in granting access, and more and more passwords are required for average users to do their jobs. COMPLIANCE WITH REGULATIONS REQUIRED POLICIES

5 The Solution: Comprehensive IAM Solution + Strong, Two-Factor Authentication
The answer is that you can safeguard these critical resources by adding strong, two-factor authentication to your access control procedures. This in turn gives you a higher level of assurance that the person attempting to access the protected resource is in fact who they claim to be. SafeNet and IBM have joined hands to offer you a seamlessly integrated solution to resources protected by IBM Secure Access Manager for Web/Mobile, or ISAM for Web/Mobile. In ISAM for Web/Mobile’s case, strong authentication can protect any web-based resource hosted within the enterprise network, such as an ERP application, IT administration applications, intranets and wikis, partner portals, and development platforms, among others. Strong, two factor authentication can be based on two technologies –the first being PKI certificate-based (or CBA) authentication, which is based on public key infrastructure, and the second being one-time-passwords (or OTPs).

6 IBM and SafeNet’s Joint Solution
Combines two best-in-class products: IBM Security Access Manager (ISAM for Web/Mobile) SafeNet Authentication Solutions Streamlines and hardens access to resources by providing: Identity and Access Management (ISAM for Web/Mobile) Web SSO (ISAM for Web/Mobile) Strong multi-factor authentication (SafeNet Authentication) Offers added layer of protection via: One-time passwords (OTPs) Certificate-based authentication (CBA) Is certified by IBM as Ready for IBM Security Intelligence Let’s take a closer look at the joint solution. The joint solution -- Combines two best-in-class products: IBM Security Access Manager (ISAM for Web/Mobile) SafeNet Authentication Solutions Streamlines and hardens access to resources by providing: Identity and Access Management (ISAM for Web/Mobile) Web SSO (ISAM for Web/Mobile) Strong multi-factor authentication (SafeNet Authentication) Offers added layer of protection via: One-time passwords (OTPs) Certificate-based authentication (CBA) Now let’s take a look at how each of these technologies is used with ISAM for Web/Mobile.

7 ISAM for Web/Mobile with SafeNet Authentication
In an authentication scenario that leverages one-time-passwords, the user would go to the resource’s login page or click a login button, and then be prompted to enter their LDAP (or regular network) credentials, as well as their 2nd factor credentials – in this case, a one-time-password. ISAM would verify the LDAP credentials against the LDAP server, and then redirect the user’s OTP to SafeNet Authentication Service (or SAS) for verification. In this scenario, SAS would serve as the OTP-authentication platform, verifying the user’s OTP, and returning an ‘accept’ or ‘reject’ response to ISAM. Since ISAM functions as a reverse proxy, the user does not directly access the resource, but rather the resource is provided to the user through ISAM.

8 ISAM for Web/Mobile with SafeNet Certificate-based Solutions
In an authentication scenario that leverages certificate-based authentication, the user would log on to the network as usual, and when accessing a protected enterprise resource, such as an ERP application, Office application, or intranet, ISAM would intercept their access attempt and prompt them for their x.509 certificate credentials. The user would then enter their USB token and type their PIN, thereby authenticating to ISAM and gaining access to the protected resource. Acting as a reverse proxy, ISAM would then provide the resource to the user on behalf of the protected server.

9 Key Benefits of IBM and SafeNet’s Joint Solution
Enables secure access to corporate resources Identity and access control policies centrally managed from ISAM Limits the number of passwords vulnerable to compromise Restricts user access to the corporate resources necessary to a job function Provides organizational efficiencies IBM/SafeNet solution reduces the total cost of ownership for an organization’s identity management and user authentication scheme Deploys without changing existing architecture Supports a wide range of authentication methods Supports existing investment in authentication solutions and incremental migration OTP authentication provided by SafeNet Authentication Service–a 100% cloud-based service that does not require additional hardware or infrastructure Certificate-based authentication–performed locally on user’s system, eliminating need for architectural changes Mobile Access – Supports strong authentication to web-based applications Supports numerous use cases, for example, requiring strong authentication for privileged users, such as IT admins, mandating strong authentication for remote access (VPNs) or remote workforce (contractors and partners, etc.) Key Benefits of IBM and SafeNet’s Joint Solution Enables secure access to corporate resources Identity and access control policies centrally managed from ISAM Limits the number of passwords vulnerable to compromise [for example, instead of 1000 users’ passwords being vulnerable to a phishing or hacking incident, the number can be reduced to 500, if only users are required to use strong authentication in addition to their standard passwords.] Restricts user access to the corporate resources necessary to a job function Provides organizational efficiencies IBM/SafeNet solution reduces the total cost of ownership for an organization’s identity management and user authentication scheme Deploys without changing existing architecture Supports a wide range of authentication methods Supports existing investment in authentication solutions and incremental migration OTP authentication provided by SafeNet Authentication Service–a 100% cloud-based service that does not require additional hardware or infrastructure Certificate-based authentication–performed locally on user’s system, eliminating need for architectural changes Mobile Access – Supports strong authentication to web-based applications Supports numerous use cases, for example, requiring strong authentication for privileged users, such as IT admins, mandating strong authentication for remote access (VPNs) or remote workforce (contractors and partners, etc.)

10 Why SafeNet? Next Generation Authentication from the Leading Authentication Vendor Frictionless Authentication Choice of delivery platforms Automated administration, user & token management Broadest range of authentication methods Broad use case support Security and Trust Use of industry standards Hardware-based root of trust Control over authentication data Certified products Transparency and Visibility Extensive reporting and auditing

11 Thank You Questions? Thank You 11

Download ppt "Building a Fully Trusted Authentication Environment"

Similar presentations

Govern the Flow of Data: Moving from Chaos to Control

Govern the Flow of Data: Moving from Chaos to Control
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.

EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.
© 2013 IBM Corporation IBM Security Systems 1 © 2013 IBM Corporation Identity Management And Session Recording A Partnership with IBM and ObserveIT.

© 2013 IBM Corporation IBM Security Systems 1 © 2013 IBM Corporation Identity Management And Session Recording A Partnership with IBM and ObserveIT.
1 © Copyright 2013 EMC Corporation. All rights reserved. Online File Synchronization and Sharing for the Enterprise.

1 © Copyright 2013 EMC Corporation. All rights reserved. Online File Synchronization and Sharing for the Enterprise.
Driving Efficient Cross-Border Trade Angela Baumann Solution Management SAP GTS SAP AG, 2005.

Driving Efficient Cross-Border Trade Angela Baumann Solution Management SAP GTS SAP AG, 2005.
Dell Compellent and SafeNet KeySecure

Dell Compellent and SafeNet KeySecure
eToken Virtual and MobilePASS

eToken Virtual and MobilePASS
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -

Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Virtual techdays INDIA │ 9-11 February 2011 Introduction to Windows Intune: Cloud Based Desktop Management Service Arun Subramanian │ Product Marketing.

Virtual techdays INDIA │ 9-11 February 2011 Introduction to Windows Intune: Cloud Based Desktop Management Service Arun Subramanian │ Product Marketing.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
All Rights Reserved © Alcatel-Lucent 2010 1 | Presentation Title | 2010 Gianvero Durly, Craig Walker Product Marketing October 2010 Drive Business Performance.

All Rights Reserved © Alcatel-Lucent | Presentation Title | 2010 Gianvero Durly, Craig Walker Product Marketing October 2010 Drive Business Performance.
E-Learning, Human Capital Management and the Banking Sector Dimitris Baltas, ATC ROM.

E-Learning, Human Capital Management and the Banking Sector Dimitris Baltas, ATC ROM.
Private Cloud: Application Transformation Business Priorities Presentation.

Private Cloud: Application Transformation Business Priorities Presentation.
Solution Briefing Business Productivity in Action Keynote.

Solution Briefing Business Productivity in Action Keynote.
Piilo Makes HR Easy for Businesses of Any Size, Thanks to the Convenience of Its Mobile App and the Power of the Microsoft Azure Cloud Platform MICROSOFT.

Piilo Makes HR Easy for Businesses of Any Size, Thanks to the Convenience of Its Mobile App and the Power of the Microsoft Azure Cloud Platform MICROSOFT.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Similar presentations

Ads by Google