who? when? why? how? iam solution - safenet trusted access · • dskpp secure provisioning for...
TRANSCRIPT
Cloud Access Management Service
Arthur Tagmann, PreSales Consultant28.08.2018
IAM Solution -SafeNet Trusted Access
Who?When?Why?How?
Identity & Access Management (IAM)
> Introduction – Identity & Data Protection> What Auth Challenges are there?> Identity & Access Management
> Identity Management (SAS)> Access Management (STA)> What is the Link between?
> What about Certificate Based Auth?> What are my Next Steps?> Summary
Enterprise & Cyber Security2
This information is intended to outline our general product direction and it should not be relied on in making a purchasing decision. Thedevelopment, release, and timing of any features or functionality described for our products remains at our sole discretion and does not create acommitment, promise or legal obligation on the part of Gemalto Inc.
TAKE THE LEAD
INTRODUCTION
IDENTITY & DATA PROTECTION
28.08.183
TAKE THE LEAD4
What we Do? Deliver Security the Way You Like It
ENCRYPTION KEY MANAGEMENTAND PROTECTION
IDENTITY AND ACCESSMANAGEMENT
• Data-at-rest encryption• Data-in-motion encryption
• Enterprise key lifecyclemanagement
• High assurance key protection• Crypto operations management
• Access management• Multi-factor authentication• PKI credential management
Hybrid
On-PremisesHardware or Software
On DemandCloud-based | as-a-Service
CO
NS
UM
PTI
ON
MO
DE
LSU
NIF
IED
DA
TA S
EC
UR
ITY
SO
LUTI
ON
S
Compliance Blockchain EnterpriseSecurity
Internet ofThings
Big Data CloudPR
OTE
CT
AN
YTH
ING
Marketplace
API’s
Reporting& PolicyControl
Deployment &Orchestration
WHAT AUTH CHALLENGES ARETHERE?
28.08.185
The Choice of Authentication Credentials
TAKE THE LEAD6
It’s me! User: Smurf – Password: Smurf1!Hmm.. Ok… Come in.It’s me! OTP: 123456OK. Come in. but only once.
It’s me! Certificate: ABC – Private key: XYZOK. Come in. I Trust you
Knock! Knock! --- Who’s there?
Enterprise & Cyber Security
Authentication Challenges in a Cloudy World
Enterprise & Cyber SecurityTAKE THE LEAD7
ComplianceRisk
PasswordFatigue
PoorSecurity
InefficientManagement
PasswordResets
IDENTITY MANAGEMENT
SAFENET AUTHENTICATION SERVICE (SAS)
28.08.188
SafeNet Authentication Service - Recap
TAKE THE LEAD9
Broad Choice of 2FA Methods and Tokens• Risk-based, OTP, OOB and pattern-based authentication with HW, SW and tokenless
form factors• Over-the-air provisioning of tokens ideal for remote staff, partners and contractors
Fully Automated Management• Define policies once, and enforce them throughout your IT ecosystem• Automated user & token lifecycle administration, self-service portals• automated alerts and reporting
Standards-based Security• ISO 27001:2013, AICPA SOC-2 Recognition• FIPS 140-2 validated software tokens• Hardware-based root of trust (token secrets and encryption keys secured in an HSM)• DSKPP secure provisioning for software tokens
Shared Services with Multi-tier Multi-tenant Architecture• Allows delegation of administration to local or remote staff• Shared services model enables accounting and inventory management per BU• Fully customizable security policies, fully brandable interface
Cloud Efficiencies• Extend current identities to the cloud with native identity federation via SAML 2.0• Up to 60% savings in deployment and day-to-day administration costs
Broad Use Case Support• VPN, VDI, cloud, network access, portals
SAS Direction
TAKE THE LEAD10
SAS is at the center of Gemalto investments in IAM services:
Gemalto uses agile softwaredevelopment. We refrain fromhardcoding dates becausechronological rollout of featuresmay change dynamically during thedevelopment process.
Risk basedAuthentication
PushOTPintroduced Expand eco-
system forPush OTP &Context
More SAMLintegrations,
ease to configure
ManagementConsole UX
Refresh
MobilePASS+for Windows,
and SDK
New userinitiated
self-enrollment
FrenchDatacenters
ACCESS MANAGEMENT
SAFENET TRUSTED ACCESS (STA)
28.08.1811
TAKE THE LEAD12 Enterprise & Cyber Security
S a f e N e t T r u s t e d A c c e s s
Orchestration / Business Logic
Policy Management Risk Assessment SSO Session Management
OTP Push KerberosPKIWindows
HelloPassword FIDO
AUTHENTICATION DEVICES
Networklogon Cloud IT Legacy
Web VDI
CONTEXT
3rd Party
Geo fencing
STA enables You smooth cloud adoption
TAKE THE LEAD13 Enterprise & Cyber Security
Know who isaccessing whichapp and when,and how their
identity is verified
Visibility
Enforce theappropriate level
of trust
Security Convenience
Add new usergroups, cloud
apps and accesspolicies as needs
evolve
Scalability
Enable SingleSign On (SSO)
with users’current identity
STA Functionality
TAKE THE LEAD14 Enterprise & Cyber Security
MONITOR
APPLY ASSESSAssess identityattributes and
establish a levelof trust
Apply appropriateaccess controls
IDENTIFY
Cloud-based accessmanagement service
SafeNet Trusted Access allows organizations to manage access to cloud applications by validating identities,determining levels of trust and applying appropriate access controls each time the user accesses a cloudservice.
SafeNet Trusted Access allows organizations to manage access to cloud applications by validating identities,determining levels of trust and applying appropriate access controls each time the user accesses a cloudservice.
Monitor
TAKE THE LEAD15 Enterprise & Cyber Security
SafeNet Trusted AccessSupporting the cloud and web-based apps you use…
+
New apps added allthe time
Bring Your Own App
SAML 2.0 generic template
+
C-Suite
Users/GroupsTarget Apps
Define PoliciesDefine Policies
Scenario-driven Compliance-focused Based on context & risk Set Auth rules by policy
Monitor RiskMonitor Risk
AdjustAdjust
IT Admins
Standard Users
C-Suite
Manage risk through scenario-based policies
SafeNet Trusted Access
SafeNet Trusted Access is a service that allows organizations tomanage access to numerous cloud applications by:
> Validating identities> Enforcing access policies, and> Applying appropriate access controls with Smart Single Sign-On
...each time the user logs in to a cloud service.
TAKE THE LEAD18 Enterprise & Cyber Security
19
USER EXPERIENCE
SafeNet Trusted Access offersSmart Single Sign On
Log in from home with anOTP
Login from the officewith a single click
Smart Single Sign On is unique,because it only requiresauthentication when defined by theaccess policy.
Users log in to all their cloud applications with theircurrent enterprise identity. No more passwordresets!
Users are only prompted to authenticate whenYOU decide its needed.
Context-based authentication reduces accessfriction.
21
ACCESS CONTROL
SafeNet Trusted AccessEase in configuring a policy in minutes...
TAKE THE LEAD22 Enterprise & Cyber Security
Powerful policy configuration wrapped in an easy to use policy engine…
Control exactly who, when, why and how users or groups accesses an app
Who: Include individual users or pre-defined groups
When: Specify when groups or users can access an app
Why: Define policies with clear business outcomes:GDPR compliance, privileged access, admin access
How: Determine the authentication method for each policy
STA Offers - Access Control
TAKE THE LEAD23
AuthenticateUser has a valid sessionwith Identity Provider
ORUser credentials are
valid
AuthorizeUser belongs to allowed security
groupAND
User is connecting from a trustednetwork
ANDUser connects from a trusted OS
ANDApplication/resource is normal
criticality
User Attributes Risk Policy App Criticality
User/GroupMapping
SAS user ID, UPN,eMail address,Aliases, andCustom names
EVENTS &REPORTING
Failed/Successful
access attemptsper policy overgiven period of
time
Failed/ Successful accessattempts per application
Failed/Successful
access attemptsper user
25
WHY SAFENET TRUSTED ACCESS?
Why SafeNet Trusted Access?
TAKE THE LEAD27 Enterprise & Cyber Security
• Ease in set up and edit policies• Control exactly who, when, why and how users
accesses apps
Universal authentication
Superior policy engine
• Universal authentication methods• Fit the authentication method to the business need• Leverage already deployed authentication methods
Powerful risk management• Build on your existing MFA schemes• Protect core resources• Optimize convenience and security
28.08.1828
WHAT DO I GET?
What’s in the box?STA offers an all-inclusive license and subscription fee!No hidden fees!
Each STA license includes:> Built in MFA (OTP push, SMS, OTP HW)> Customer support> 100% cloud solution that installs with your current
infrastructure> All the latest features and functionality:
> Smart Single Sign-On> Multi-factor authentication> Granular policies> Easy app integration> Data-driven insights
TAKE THE LEAD29 Enterprise & Cyber Security
WHAT WAS THE LINK BETWEENSAS & STA?
28.08.1830
Upgrading from SafeNet Authentication Serviceto SafeNet Trusted Access> STA is an add-on to SAS that enables single sign on to
numerous applications.> Maintain your current investment in 2FA> Benefit from a single 2FA and Access Management platform> Combined technology platform - No rip and replace, simply
purchase a license> 50+ preconfigured apps, new apps added continuously,
Bring-your-own App Template
TAKE THE LEAD31 Enterprise & Cyber Security
SAS SAS + STA
Multi-factor Authentication
SSO
Session Management
Scenario-based Access Policies
HANG ON, WHAT ABOUT
CERTIFIATE BASED AUTHENTICATION?
28.08.1833
PKI for advanced Enterprise Access Management
TAKE THE LEAD34 Enterprise & Cyber Security
Support standard PKI offeringContinuous update of Smart Card offeringFIDO capabilities in hardware
Expand PKI to new access use-casesSTA accepting PKI credentialMSFT Hello-compliant mobile Companion Device
Adapt PKI to modern use-cases (BYOD/VDI)Virtual (server/cloud side)Enabling PKI from any end-user device
1
2
3
TAKE THE LEAD35 Enterprise & Cyber Security
STA (Access Mgmt.)
SSO Access PolicyManagement
Reporting & Dashboards
Cloud Apps
User DirectoryCMS (Token/SC)
MFA
SAS (Identity Mgmt.)
MFA
OTP Push
PrivilegedUsers
RegularUsers
eMailencryption
DigitalSigning
Root of Trust
WHAT ARE MY NEXT STEPS?
28.08.1836
Next Steps with SafeNet Trusted Access
TAKE THE LEAD37
Try it yourselfStart the conversationExisting SAS customersBrand new customers
DEMO / PoCWin customers
Gain satisfaction
Enterprise & Cyber Security
SUMMARY
28.08.1838
A Clear Choice
TAKE THE LEAD39 Enterprise & Cyber Security
WhyGemalto?
Complete solution of PKI & OTP tokensand smart cards, middleware &management software and out-of-thebox integration with a wide range ofecosystems
Recognized globalleader in PKI & OTPproducts & solutions#1
We have the reach,resources andcapabilities to be along-term partner increating trustedecosystems with secureidentities
We can enable ISVs to extend theirsecurity solutions for the growingmobile demand