Cloud Access Management Service

Arthur Tagmann, PreSales Consultant28.08.2018

IAM Solution -SafeNet Trusted Access

Who?When?Why?How?

Identity & Access Management (IAM)

> Introduction – Identity & Data Protection> What Auth Challenges are there?> Identity & Access Management

> Identity Management (SAS)> Access Management (STA)> What is the Link between?

> What about Certificate Based Auth?> What are my Next Steps?> Summary

Enterprise & Cyber Security2

This information is intended to outline our general product direction and it should not be relied on in making a purchasing decision. Thedevelopment, release, and timing of any features or functionality described for our products remains at our sole discretion and does not create acommitment, promise or legal obligation on the part of Gemalto Inc.

TAKE THE LEAD

INTRODUCTION

IDENTITY & DATA PROTECTION

28.08.183

TAKE THE LEAD4

What we Do? Deliver Security the Way You Like It

ENCRYPTION KEY MANAGEMENTAND PROTECTION

IDENTITY AND ACCESSMANAGEMENT

• Data-at-rest encryption• Data-in-motion encryption

• Enterprise key lifecyclemanagement

• High assurance key protection• Crypto operations management

• Access management• Multi-factor authentication• PKI credential management

Hybrid

On-PremisesHardware or Software

On DemandCloud-based | as-a-Service

CO

NS

UM

PTI

ON

MO

DE

LSU

NIF

IED

DA

TA S

EC

UR

ITY

SO

LUTI

ON

S

Compliance Blockchain EnterpriseSecurity

Internet ofThings

Big Data CloudPR

OTE

CT

AN

YTH

ING

Marketplace

API’s

Reporting& PolicyControl

Deployment &Orchestration

WHAT AUTH CHALLENGES ARETHERE?

28.08.185

The Choice of Authentication Credentials

TAKE THE LEAD6

It’s me! User: Smurf – Password: Smurf1!Hmm.. Ok… Come in.It’s me! OTP: 123456OK. Come in. but only once.

It’s me! Certificate: ABC – Private key: XYZOK. Come in. I Trust you

Knock! Knock! --- Who’s there?

Enterprise & Cyber Security

Authentication Challenges in a Cloudy World

Enterprise & Cyber SecurityTAKE THE LEAD7

ComplianceRisk

PasswordFatigue

PoorSecurity

InefficientManagement

PasswordResets

IDENTITY MANAGEMENT

SAFENET AUTHENTICATION SERVICE (SAS)

28.08.188

SafeNet Authentication Service - Recap

TAKE THE LEAD9

Broad Choice of 2FA Methods and Tokens• Risk-based, OTP, OOB and pattern-based authentication with HW, SW and tokenless

form factors• Over-the-air provisioning of tokens ideal for remote staff, partners and contractors

Fully Automated Management• Define policies once, and enforce them throughout your IT ecosystem• Automated user & token lifecycle administration, self-service portals• automated alerts and reporting

Standards-based Security• ISO 27001:2013, AICPA SOC-2 Recognition• FIPS 140-2 validated software tokens• Hardware-based root of trust (token secrets and encryption keys secured in an HSM)• DSKPP secure provisioning for software tokens

Shared Services with Multi-tier Multi-tenant Architecture• Allows delegation of administration to local or remote staff• Shared services model enables accounting and inventory management per BU• Fully customizable security policies, fully brandable interface

Cloud Efficiencies• Extend current identities to the cloud with native identity federation via SAML 2.0• Up to 60% savings in deployment and day-to-day administration costs

Broad Use Case Support• VPN, VDI, cloud, network access, portals

SAS Direction

TAKE THE LEAD10

SAS is at the center of Gemalto investments in IAM services:

Gemalto uses agile softwaredevelopment. We refrain fromhardcoding dates becausechronological rollout of featuresmay change dynamically during thedevelopment process.

Risk basedAuthentication

PushOTPintroduced Expand eco-

system forPush OTP &Context

More SAMLintegrations,

ease to configure

ManagementConsole UX

Refresh

MobilePASS+for Windows,

and SDK

New userinitiated

self-enrollment

FrenchDatacenters

ACCESS MANAGEMENT

SAFENET TRUSTED ACCESS (STA)

28.08.1811

TAKE THE LEAD12 Enterprise & Cyber Security

S a f e N e t T r u s t e d A c c e s s

Orchestration / Business Logic

Policy Management Risk Assessment SSO Session Management

OTP Push KerberosPKIWindows

HelloPassword FIDO

AUTHENTICATION DEVICES

Networklogon Cloud IT Legacy

Web VDI

CONTEXT

3rd Party

Geo fencing

STA enables You smooth cloud adoption

TAKE THE LEAD13 Enterprise & Cyber Security

Know who isaccessing whichapp and when,and how their

identity is verified

Visibility

Enforce theappropriate level

of trust

Security Convenience

Add new usergroups, cloud

apps and accesspolicies as needs

evolve

Scalability

Enable SingleSign On (SSO)

with users’current identity

STA Functionality

TAKE THE LEAD14 Enterprise & Cyber Security

MONITOR

APPLY ASSESSAssess identityattributes and

establish a levelof trust

Apply appropriateaccess controls

IDENTIFY

Cloud-based accessmanagement service

SafeNet Trusted Access allows organizations to manage access to cloud applications by validating identities,determining levels of trust and applying appropriate access controls each time the user accesses a cloudservice.

SafeNet Trusted Access allows organizations to manage access to cloud applications by validating identities,determining levels of trust and applying appropriate access controls each time the user accesses a cloudservice.

Monitor

TAKE THE LEAD15 Enterprise & Cyber Security

SafeNet Trusted AccessSupporting the cloud and web-based apps you use…

+

New apps added allthe time

Bring Your Own App

SAML 2.0 generic template

+

C-Suite

Users/GroupsTarget Apps

Define PoliciesDefine Policies

Scenario-driven Compliance-focused Based on context & risk Set Auth rules by policy

Monitor RiskMonitor Risk

AdjustAdjust

IT Admins

Standard Users

C-Suite

Manage risk through scenario-based policies

SafeNet Trusted Access

SafeNet Trusted Access is a service that allows organizations tomanage access to numerous cloud applications by:

> Validating identities> Enforcing access policies, and> Applying appropriate access controls with Smart Single Sign-On

...each time the user logs in to a cloud service.

TAKE THE LEAD18 Enterprise & Cyber Security

19

USER EXPERIENCE

SafeNet Trusted Access offersSmart Single Sign On

Log in from home with anOTP

Login from the officewith a single click

Smart Single Sign On is unique,because it only requiresauthentication when defined by theaccess policy.

Users log in to all their cloud applications with theircurrent enterprise identity. No more passwordresets!

Users are only prompted to authenticate whenYOU decide its needed.

Context-based authentication reduces accessfriction.

21

ACCESS CONTROL

SafeNet Trusted AccessEase in configuring a policy in minutes...

TAKE THE LEAD22 Enterprise & Cyber Security

Powerful policy configuration wrapped in an easy to use policy engine…

Control exactly who, when, why and how users or groups accesses an app

Who: Include individual users or pre-defined groups

When: Specify when groups or users can access an app

Why: Define policies with clear business outcomes:GDPR compliance, privileged access, admin access

How: Determine the authentication method for each policy

STA Offers - Access Control

TAKE THE LEAD23

AuthenticateUser has a valid sessionwith Identity Provider

ORUser credentials are

valid

AuthorizeUser belongs to allowed security

groupAND

User is connecting from a trustednetwork

ANDUser connects from a trusted OS

ANDApplication/resource is normal

criticality

User Attributes Risk Policy App Criticality

User/GroupMapping

SAS user ID, UPN,eMail address,Aliases, andCustom names

EVENTS &REPORTING

Failed/Successful

access attemptsper policy overgiven period of

time

Failed/ Successful accessattempts per application

Failed/Successful

access attemptsper user

25

WHY SAFENET TRUSTED ACCESS?

Why SafeNet Trusted Access?

TAKE THE LEAD27 Enterprise & Cyber Security

• Ease in set up and edit policies• Control exactly who, when, why and how users

accesses apps

Universal authentication

Superior policy engine

• Universal authentication methods• Fit the authentication method to the business need• Leverage already deployed authentication methods

Powerful risk management• Build on your existing MFA schemes• Protect core resources• Optimize convenience and security

28.08.1828

WHAT DO I GET?

What’s in the box?STA offers an all-inclusive license and subscription fee!No hidden fees!

Each STA license includes:> Built in MFA (OTP push, SMS, OTP HW)> Customer support> 100% cloud solution that installs with your current

infrastructure> All the latest features and functionality:

> Smart Single Sign-On> Multi-factor authentication> Granular policies> Easy app integration> Data-driven insights

TAKE THE LEAD29 Enterprise & Cyber Security

WHAT WAS THE LINK BETWEENSAS & STA?

28.08.1830

Upgrading from SafeNet Authentication Serviceto SafeNet Trusted Access> STA is an add-on to SAS that enables single sign on to

numerous applications.> Maintain your current investment in 2FA> Benefit from a single 2FA and Access Management platform> Combined technology platform - No rip and replace, simply

purchase a license> 50+ preconfigured apps, new apps added continuously,

Bring-your-own App Template

TAKE THE LEAD31 Enterprise & Cyber Security

SAS SAS + STA

Multi-factor Authentication

SSO

Session Management

Scenario-based Access Policies

HANG ON, WHAT ABOUT

CERTIFIATE BASED AUTHENTICATION?

28.08.1833

PKI for advanced Enterprise Access Management

TAKE THE LEAD34 Enterprise & Cyber Security

Support standard PKI offeringContinuous update of Smart Card offeringFIDO capabilities in hardware

Expand PKI to new access use-casesSTA accepting PKI credentialMSFT Hello-compliant mobile Companion Device

Adapt PKI to modern use-cases (BYOD/VDI)Virtual (server/cloud side)Enabling PKI from any end-user device

1

2

3

TAKE THE LEAD35 Enterprise & Cyber Security

STA (Access Mgmt.)

SSO Access PolicyManagement

Reporting & Dashboards

Cloud Apps

User DirectoryCMS (Token/SC)

MFA

SAS (Identity Mgmt.)

MFA

OTP Push

PrivilegedUsers

RegularUsers

eMailencryption

DigitalSigning

Root of Trust

WHAT ARE MY NEXT STEPS?

28.08.1836

Next Steps with SafeNet Trusted Access

TAKE THE LEAD37

Try it yourselfStart the conversationExisting SAS customersBrand new customers

DEMO / PoCWin customers

Gain satisfaction

Enterprise & Cyber Security

SUMMARY

28.08.1838

A Clear Choice

TAKE THE LEAD39 Enterprise & Cyber Security

WhyGemalto?

Complete solution of PKI & OTP tokensand smart cards, middleware &management software and out-of-thebox integration with a wide range ofecosystems

Recognized globalleader in PKI & OTPproducts & solutions#1

We have the reach,resources andcapabilities to be along-term partner increating trustedecosystems with secureidentities

We can enable ISVs to extend theirsecurity solutions for the growingmobile demand

THANK YOU!

arthur.tagmann@gemalto.com

28.08.1841