Realizing the Promise of Web Networks with Unified Access Management

__________________

Web-based Networks are Exploding

A. The building blocks of web eCommerce, including:

• Extranets

• Intranets

• Portal Networks

• ASPs

• Digital Marketplaces

Q. What is a Web-based Network?

Quantity and Diversity of Users are GrowingWeb-based Networks can include:

• Employees

• Partners

• Customers

• Suppliers

• Investors

• Distributors

• Resellers

• Retailers

Despite Fantastic Growth Everything is not Perfect in the Web Enabled World

Organizations are facing a number of specific problems, including:

• Controlling access to information of varying sensitivity.

• Preventing fraudulent transactions.

• Managing users with greatly differing access privileges.

• Scaling to meet user numbers leaping into the hundreds of thousands, and even millions.

• Avoiding “Password Insanity” and managing dozens of authentication methods.

• Detecting threats and abnormal behavior once a user has been authenticated and is using an application.

Organizations Faced With Difficult Decision

Because of these challenges, enterprises must either:

A. Scale to meet an increasing number of users but keep user personalization simple, transaction value low and security requirements minimized.

OR

B. Maintain a high level of authentication, authorization and security, but limit number of users to keep administration manageable.

Neither Option is Acceptable To realize the economies of scale and high transaction

values important to the success of eBusiness initiatives neither scalability nor security can be marginalized.

• Without the ability to scale to millions of users of various types (customers, employees, suppliers, partners, etc.), Web-based Networks obviously limit their potential as transaction sizes escalate.

• Likewise, scalability without security and personalization limits the potential value of transactions and the type of products and services that can be offered.

So, how can you scale e-Business securely?

ClearTrust SecureControlClearTrust SecureControlTMTM

The Leading Solution for Enterprise Access Management

• Centralized Authorization and Policy Management• Web Single Sign-on • Personalization• Authentication Management• Delegated Administration• Fraud Detection and Audit

Authorization & Policy Management• Centrally managing user access rights to all resources on a given

Web-based Network, including Applications, Dynamic Content, Transactions and HTML Pages.

• Providing fine-grain authorization determining which functions of applications users are allowed to use. For example, a user may be allowed to access an application, however within that application only specific types of transactions could be appropriate for their position.

• Authorization can be based on either Roles (such as Job Title, Division, Company, etc.) or dynamically changing Smart RulesTM

(such as account balance, program level, etc.).

• Centralized Policy Management allows Security Policy to be set in a single place across an entire Web-based Network.

• Policy Management also incorporates Policy Assessment, or real time evaluation of security policy for holes and failure.

Web Single Sign-on• Users are only prompted for authentication one time across an entire

Web-based Network, improving their experience.

• By implementing WSSO, password resets and management costs are significantly reduced.

• Password management is one of the most labor-intensive and risk-prone IT functions, and costs between $200 and $300 per year per user, assuming a organization does not have WSSO.

• Security is improved due to a consolidated password policy management capability.

• WSSO is enhanced significantly through cross-domain SSO because users are able to pass along credentials when switching domains.

Personalization• Personalization is key to creating a rich Portal experience.

• Integration capabilities are important in being able to take existing Portal code and make changes to take advantage of the WSSO system for profile information to drive personalization.

• User Self Registration and Profile Administration are important areas for cost savings and automation of administrative tasks.

• Allowing users to manage their own passwords is another area of cost savings and reduction of administrative overhead.

• None of these personalization capabilities can be realized unless they are easy to implement, secure and auditable.

• Securant’s full Security API sets in Java, C and COM enable personalization without major integration efforts.

Authentication Management• Manage multiple types of authentication for different resources.

• Plug-and-play interoperability with most common authentication methods including Digital Certificates, RSA SecurIDTM Tokens, NT Domains, LDAP and username/password.

• API integration with other forms of authentication such as biometrics or smart cards.

• Support for multi-tier authentication. For example, access to the State Portal may require only username/password, however access to DMV applications or Retirement Account may require digital certificate or token.

Delegated Administration• Delegated Administration is accomplished using a technology called

Virtual Business UnitsTM (VBUs), which allows administrators to push user and resource management out to divisions, groups, partners, employees, etc.

• VBUs are groups of users and resources which are managed by their associated local administrators.

• Administrators are given specific management rights, such as the ability to create new users, reset passwords, or assign access to a given application.

• Privacy can be maintained between VBUs to protect confidential data, for example DMV adminstrators would never see the users associated with State Retirement Fund application.

• VBU’s enable a common infrastructure approach that extends the security model while sharing the supporting infrastructure.

Fraud Detection & Audit• By monitoring user activity within applications and setting specific

limits, organizations are able to detect threats before a fraudulent transaction is made.

• Once a threat is detected at the application level, responses vary from notifying an administrator, suspending the account or to closing the network port being used for access.

• Audit logs track all user, admin and API activities and can provide documentation of transactions, authentications, administration, etc.

• End-to-end audit: you only have to look in one place for all activity and reporting therefore simplifying administration.

What are the advantages?What are the advantages?• User Experience is improved• Administration is improved• Security is improved

User Experience is Improved

• Seamless access to multiple sites within a Web-based network saves users time and frustration.

• Web Single Sign-on means users no longer have to remember multiple passwords.

• Personalized user experience means users can only see and access applications applicable to their jobs or roles.

• Through delegated administration, users work with their local administrators for common problems, such as resetting passwords and changing access privileges.

• Self-service capability allows users to register, manage their own password, change application profiles, etc..

Administration is Improved• IT is no longer a bottle neck because administration of users and

resources is delegated to internal divisions, partners or customers.

• Single Sign-on means fewer password resets for administrators, saving time and money.

• Tight integration with existing infrastructure (databases, directories, etc.) minimizes the need for duplicate data input.

• Rule-based Access Control allows access privileges to change dynamically, based on user properties or attributes.

• User access can be revoked from all Web-based resources with a single action.

Security is Improved• Users only have access to applications and information appropriate

for their role or position.

• Ability to control access to resources using dynamic conditions such as account status, training, program level, etc.

• Single Sign-on decreases likelihood user passwords are simple, written down, or re-used.

• Authentication management means more sensitive applications can require higher levels of authentication.

• Application Monitoring and Fraud Detection provide the only available application-level user activity monitoring and response.

• Integration with network level security allows application misuse to be responded to with network level user elimination.

Integration With Industry Leading Technology

Who is Using ClearTrustTM

Securant Overview

• 5 Years Providing Secure eBusiness Solutions to Fortune 500 Firms

• Headquartered in San Francisco• Global Capability - Offices in NYC, London,

Chicago, Denver, LA, Toronto, Phoenix, Minneapolis, Dallas, DC, Philadelphia, Paris, Houston, Atlanta, Munich, Sydney

• 260+ Employees; 400 by year end• Commitment to total product concept, including

professional services, training, technical support, ongoing development, testing and integration

Securant Enables eBusiness with Scalable Security!

• Centralized Authorization and Policy Management

• Web Single Sign-on

• Personalization

• Authentication Management

• Delegated Administration

• Fraud Detection and Audit

Thank You

For More Information on SecurantVisit our Web Site:

http://www.securant.com/