SlideShare une entreprise Scribd logo

IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticators benefits security and reduces cost

Entrust Datacard
Entrust Datacard

Identity and authentication management, or IAM, represents the greatest security return on investment an organization can make. Former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, Richard Clarke, once famously said, "If you spend more on coffee than on IT security, then you will be hacked." Many analysts concur that spending on strong authentication provides the greatest security return on investment. This educational white paper, written by Richard Stiennon, Chief Research Analyst at IT-Harvest and Executive Editor of securitycurrent, explores the concept of identity platforms. • How to fix intrinsic weaknesses in authentication regimes that result in gaping and trivially exploitable vulnerabilities • Explore the core features of an authentication and identity platform • Examine specific features and components organizations should require in a software authentication platform

Technologie
1  sur  5
Télécharger pour lire hors ligne
© 2014 IT-Harvest | 1IDENTITY PLATFORMS This paper is sponsored by Entrust. IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticators benefits security and reduces cost Identity and authentication management represents the greatest security return on investment an organization can make. Former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, Richard Clarke, once famously said, “If you spend more on coffee than on IT security, then you will be hacked.” An internal discussion at Gartner arising from Clarke’s statement led to the conclusion that spending on authentication would provide the greatest security return on investment. Since his 2002 tirade against complacent industry practices, there has been tremendous investment in IT security with strong authentication mechanisms and identity management representing a healthy segment. Yet, deployment of physical access cards, one-time- passcode-generating tokens, digital certificates, biometrics, and even fingerprint readers on the latest iPhones, has led to new problems. In examining the most pressing issues of communications and information confidentiality, the two largest categories of vulnerabilities in the current systems employed by enterprises are authentication and encryption key management. While recent attacks on encryption infrastructure are eroding trust, we are reminded by Bruce Schneier to “trust the math.” Encryption is still fundamentally sound. The way encryption and keys are deployed and managed are the problem. Furthermore, intrinsic weaknesses in authentication regimes have created gaping and trivially exploitable vulnerabilities that are procedural and operational — not technical — in nature. As an example, the sheer complexity of many enterprises’ authentication regimes has led to users undermining and abusing the very systems put in place to assure adherence to company security policies. Shared credentials for server administration is just one of the ways IT departments still introduce holes in an otherwise good security architecture. Identity Platforms January 2014 Entrust Mobile Solutions Device certificates MDM integration Application Protection Analytics Strong Authentication (OTP, Grid, SMS) Smart Credentials Transaction Signing
© 2014 IT-Harvest | 2IDENTITY PLATFORMS This paper is sponsored by Entrust. Mobile devices and the growth of cloud-enabled applications highlight, but by no means define, the acuteness of this enterprise identity crisis. For decades, users have wrestled with frustrating password regimes and two-factor schemes and have created security problems ranging from petty revolts (e.g., re-using the same easy-to-guess password until forced to change) to fundamentally-human coping mechanisms (e.g., taping the doctor’s one-time-passcode token to the monitor at the nurse’s station). These problems have multiplied under stress from mobility; with each employee who is issued a mobile device by the company possessing at least two (and often more) such devices, and with increasing amounts of each employee’s online lives (including social media, Web browsing, news and entertainment Web-surfing, etc.), enterprises are experiencing a critical need for centralized, authoritative identity management whose reach extends from deep in the heart of the corporate core all the way out to these mobile devices. One thing we know to be true: policy, training and awareness campaigns will not stop or even slow employees’ adoption and use of these devices. It is essential that enterprises provide a technical framework capable of permitting activities that employees will engage in — all in a manner that is controllable or at least understandable by the security organization. This paper examines the core features required of an authentication and identity platform. First and foremost, in addition to handling heterogeneous device and mobile device certificates, the easy management of identities is essential. The ability for employees to use multiple devices for multiple purposes, role-based and fine-grained access control and easily defined permissions based on the appropriate role and identity are fundamental. Hand in hand with these capabilities goes the requirement to quickly replace or revoke lost or misappropriated credentials as soon as the untrusted status of a credential is understood. Identity Platforms January 2014 Entrust: Widest Range Of Digital Certificates In The Market User certificates Device certificates Server certificates Specialty Certificates (National ID Cards)
© 2014 IT-Harvest | 3IDENTITY PLATFORMS This paper is sponsored by Entrust. ELEMENTS OF A COMPLETE IDENTITY PLATFORM ARE: Deployable across multiple domains: Physical. Create, deploy and manage authenticators for access to secure facilities, data centers and segmented work environments. Logical: Control access to networks and devices. Solve the privileged user problem. Cloud: Control authentication to hosted environments for administrators and end- users of cloud applications. Mobile: Not only to secure mobile devices but leverage their unique characteristics to provide device centric assurance from strong authentication. It is in the category of mobile device access that authentication platforms are most crucial. The most common threat to enterprise data posed by mobile devices is careless, but well- intentioned people who travel with un- protected or under-protected mobile devices that have been set to access corporate applications, data stores and, especially, email. Many users, feeling that they simply must have access to all their email wherever they are, set their mobile device mail client to download their entire corporate inbox, and to keep it synchronized. By allowing role, persona and Geo-IP-based authentication tools and integrating well with an MDM, an authentication platform can help protect employees (and the enterprise) from themselves by automatically limiting the type and volume of data that may be accessed via a mobile device based on a range of circumstances such as country location. Identity Platforms January 2014 User Certificates Device Certificates Server Certificates Specialty Certificates • Reporting • Workflow • Discovery • Notifications • Management • Auditing • Online help • Licensing • Personalization • eCommerce • API’s • Communicator AdminSelfServiceAPI’s Entrust ® IdentityGuard Cloud Services
© 2014 IT-Harvest | 4IDENTITY PLATFORMS This paper is sponsored by Entrust. Identity Platforms January 2014 FLEXIBLE AND EXTENSIBLE Many organizations have large investments in identity solutions. An identity platform should allow for the co-deployment of new authenticators alongside legacy solutions. Integrations into legacy systems and modern cloud-based applications will also improve the investment made in an identity-based security framework. A robust API should allow rapid integration with existing solutions. To improve authentication beyond traditional factor-based methods will also improve security by providing rich context- and risk-appropriate measures that enable trust elevation, when necessary. This is accomplished through the use of a flexible policy engine, leveraging context about the user’s environment and scoring the risk associated with transactions or access requests. By combining these mechanisms, a more intelligent decision can be made and, if necessary, an elevation of trust in the user’s identity required or potentially the request denied outright. EASE OF MANAGEMENT An identity platform should have a Web front-end that is easy to access, has strong security controls,and can handle all forms of authentication with role assignments, and graduated strength depending on use case (e.g., location, time, etc.). Users should be able to enroll and get the required credentials quickly and with the least pain. To the lay-user, the authentication platform will cause the most pain, and will be most expensive in terms of support. This will likely occur at the personal-authentication level with password and multi-factor authentication methods, including one-time passcode hardware or software tokens, biometric devices, USB, virtual or physical access cards. When these are combined with other factors such as Geo-IP limiting, cross-method compatibility is essential to provide a smooth experience. Nothing is more frustrating to a user than entering the correct credentials but being locked out of a critical business application, outside business hours, because of a security measure outside his control. Federation is one of the most difficult scenarios to accomplish, especially when multiple entities must be able to provide access to each other’s users. An identity platform should have the capability to overcome the complexities of federation. SAML (Security Assertion Markup Language) remains the dominant method used by enterprises and governments alike. This enables the use of third-party applications and systems without requiring user credentials to leave the secure environment. As cloud-based business practices expand, this capability will improve the user’s experience and drastically reduce the risk associated with relying on third-party security measures and the explosion of corresponding identities. Entrust Identity Platform Mobile Traditional Authentication Cloud/Federation Physical/Logical Access Transaction Signing X.509 as-a-service
© 2014 IT-Harvest | 5IDENTITY PLATFORMS This paper is sponsored by Entrust. Leveraging open standards (e.g., SAML, OATH (Open Authentication) or x.509) is a crucial exercise for all security practices. The improved interoperability afforded by these standards helps streamline integration across various endpoints and systems that have no traditional ways of communicating. This also allows security assertions to be passed from an identity platform to a system that does not include built-in security mechanisms. In addition, the very nature of an open ecosystem is meant to increase collaboration to improve security and efficiency of the protocols. A prime example is the cryptography community’s focus on constantly improving the mathematical underpinnings of ciphers, algorithms and random- number generation, to name a few. By supporting authentication in such a modular, “as-a-service” or on-premise architecture, the inherent flexibility of the system will lend itself to a more secure experience. The simpler and more transparent the platform, the less likely will be efforts by users to subvert it. A robust identity platform will finally end the Tower-of-Babble of authentication solutions that most enterprises have struggled with as their identity solutions proliferate. Consolidation into a single identity platform will offer measurable op-ex savings while providing the best “security return on investment.” Richard Stiennon Chief Research Analyst IT-Harvest January, 2014 Identity Platforms January 2014

Recommandé

Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Arx brochure - Intellect Design
Arx brochure - Intellect DesignArx brochure - Intellect Design
Arx brochure - Intellect DesignRajat Jain
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperMartin Ruubel
 
9697 aatf sb_0808
9697 aatf sb_08089697 aatf sb_0808
9697 aatf sb_0808Hai Nguyen
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guideNis
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integrationMarco Essomba
 
Access management
Access managementAccess management
Access managementVenkatesh Jambulingam
 

Recommandé

Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Arx brochure - Intellect Design
Arx brochure - Intellect DesignArx brochure - Intellect Design
Arx brochure - Intellect DesignRajat Jain
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperMartin Ruubel
 
9697 aatf sb_0808
9697 aatf sb_08089697 aatf sb_0808
9697 aatf sb_0808Hai Nguyen
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guideNis
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integrationMarco Essomba
 
Access management
Access managementAccess management
Access managementVenkatesh Jambulingam
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Martin Ruubel
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Imperva
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperMartin Ruubel
 
76 s201923
76 s20192376 s201923
76 s201923IJRAT
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationIRJET Journal
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210Hai Nguyen
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions www.ijeijournal.com
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Martin Ruubel
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET Journal
 
The day when role based access control disappears
The day when role based access control disappearsThe day when role based access control disappears
The day when role based access control disappearsUlf Mattsson
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the CloudChirag Joshi, CISA, CISM, CRISC
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 
Zero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesZero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesEntrust Datacard
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust Datacard
 

Contenu connexe

Tendances

Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Martin Ruubel
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Imperva
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperMartin Ruubel
 
76 s201923
76 s20192376 s201923
76 s201923IJRAT
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationIRJET Journal
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210Hai Nguyen
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Martin Ruubel
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET Journal
 
The day when role based access control disappears
The day when role based access control disappearsThe day when role based access control disappears
The day when role based access control disappearsUlf Mattsson
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 

Tendances (20)

Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
 
Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
 
Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime Whitepaper
 
76 s201923
76 s20192376 s201923
76 s201923
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous Authentication
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
 
Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
 
The day when role based access control disappears
The day when role based access control disappearsThe day when role based access control disappears
The day when role based access control disappears
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 

En vedette

Zero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesZero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesEntrust Datacard
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust Datacard
 
Entrust Solutions Portfolio
Entrust Solutions PortfolioEntrust Solutions Portfolio
Entrust Solutions PortfolioEntrust Datacard
 
INFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL CertificatesINFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL CertificatesEntrust Datacard
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareEntrust Datacard
 
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)Entrust Datacard
 

En vedette (6)

Zero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesZero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutes
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard Mobile
 
Entrust Solutions Portfolio
Entrust Solutions PortfolioEntrust Solutions Portfolio
Entrust Solutions Portfolio
 
INFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL CertificatesINFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL Certificates
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser Malware
 
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
 

Similaire à IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticators benefits security and reduces cost

Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Datacard
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security modelMicro Focus
 
Enterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftEnterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftHendrix Bodden
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Datacard
 
Entrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Datacard
 
School of Computer & Information SciencesITS-532 Cloud C.docx
School of Computer & Information SciencesITS-532 Cloud C.docxSchool of Computer & Information SciencesITS-532 Cloud C.docx
School of Computer & Information SciencesITS-532 Cloud C.docxjeffsrosalyn
 
2FA Advanced Authentication for Public Safety
2FA Advanced Authentication for Public Safety2FA Advanced Authentication for Public Safety
2FA Advanced Authentication for Public Safety2FA, Inc.
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Entrust datacard --Authentication solutions overview
Entrust datacard --Authentication solutions overviewEntrust datacard --Authentication solutions overview
Entrust datacard --Authentication solutions overviewAbhishek Sood
 
10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop Virtualization10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop VirtualizationCitrix
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information securityAhmed Banafa
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignRajat Jain
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
4192 sslvpn sb_0412
4192 sslvpn sb_04124192 sslvpn sb_0412
4192 sslvpn sb_0412Hai Nguyen
 
E-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxE-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxArchana833240
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachPortalGuard
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Radhakrishnan Govindan
 
Manage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageManage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageCitrix
 

Similaire à IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticators benefits security and reduces cost (20)

Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise Authentication
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model
 
Enterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftEnterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoft
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
 
Entrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Mobile Security Solutions
Entrust Mobile Security Solutions
 
School of Computer & Information SciencesITS-532 Cloud C.docx
School of Computer & Information SciencesITS-532 Cloud C.docxSchool of Computer & Information SciencesITS-532 Cloud C.docx
School of Computer & Information SciencesITS-532 Cloud C.docx
 
2FA Advanced Authentication for Public Safety
2FA Advanced Authentication for Public Safety2FA Advanced Authentication for Public Safety
2FA Advanced Authentication for Public Safety
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Entrust datacard --Authentication solutions overview
Entrust datacard --Authentication solutions overviewEntrust datacard --Authentication solutions overview
Entrust datacard --Authentication solutions overview
 
10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop Virtualization10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop Virtualization
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect Design
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
 
4192 sslvpn sb_0412
4192 sslvpn sb_04124192 sslvpn sb_0412
4192 sslvpn sb_0412
 
E-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxE-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptx
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless Approach
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)
 
Manage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageManage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usage
 

Dernier

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Dernier (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticators benefits security and reduces cost

  • 1. © 2014 IT-Harvest | 1IDENTITY PLATFORMS This paper is sponsored by Entrust. IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticators benefits security and reduces cost Identity and authentication management represents the greatest security return on investment an organization can make. Former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, Richard Clarke, once famously said, “If you spend more on coffee than on IT security, then you will be hacked.” An internal discussion at Gartner arising from Clarke’s statement led to the conclusion that spending on authentication would provide the greatest security return on investment. Since his 2002 tirade against complacent industry practices, there has been tremendous investment in IT security with strong authentication mechanisms and identity management representing a healthy segment. Yet, deployment of physical access cards, one-time- passcode-generating tokens, digital certificates, biometrics, and even fingerprint readers on the latest iPhones, has led to new problems. In examining the most pressing issues of communications and information confidentiality, the two largest categories of vulnerabilities in the current systems employed by enterprises are authentication and encryption key management. While recent attacks on encryption infrastructure are eroding trust, we are reminded by Bruce Schneier to “trust the math.” Encryption is still fundamentally sound. The way encryption and keys are deployed and managed are the problem. Furthermore, intrinsic weaknesses in authentication regimes have created gaping and trivially exploitable vulnerabilities that are procedural and operational — not technical — in nature. As an example, the sheer complexity of many enterprises’ authentication regimes has led to users undermining and abusing the very systems put in place to assure adherence to company security policies. Shared credentials for server administration is just one of the ways IT departments still introduce holes in an otherwise good security architecture. Identity Platforms January 2014 Entrust Mobile Solutions Device certificates MDM integration Application Protection Analytics Strong Authentication (OTP, Grid, SMS) Smart Credentials Transaction Signing
  • 2. © 2014 IT-Harvest | 2IDENTITY PLATFORMS This paper is sponsored by Entrust. Mobile devices and the growth of cloud-enabled applications highlight, but by no means define, the acuteness of this enterprise identity crisis. For decades, users have wrestled with frustrating password regimes and two-factor schemes and have created security problems ranging from petty revolts (e.g., re-using the same easy-to-guess password until forced to change) to fundamentally-human coping mechanisms (e.g., taping the doctor’s one-time-passcode token to the monitor at the nurse’s station). These problems have multiplied under stress from mobility; with each employee who is issued a mobile device by the company possessing at least two (and often more) such devices, and with increasing amounts of each employee’s online lives (including social media, Web browsing, news and entertainment Web-surfing, etc.), enterprises are experiencing a critical need for centralized, authoritative identity management whose reach extends from deep in the heart of the corporate core all the way out to these mobile devices. One thing we know to be true: policy, training and awareness campaigns will not stop or even slow employees’ adoption and use of these devices. It is essential that enterprises provide a technical framework capable of permitting activities that employees will engage in — all in a manner that is controllable or at least understandable by the security organization. This paper examines the core features required of an authentication and identity platform. First and foremost, in addition to handling heterogeneous device and mobile device certificates, the easy management of identities is essential. The ability for employees to use multiple devices for multiple purposes, role-based and fine-grained access control and easily defined permissions based on the appropriate role and identity are fundamental. Hand in hand with these capabilities goes the requirement to quickly replace or revoke lost or misappropriated credentials as soon as the untrusted status of a credential is understood. Identity Platforms January 2014 Entrust: Widest Range Of Digital Certificates In The Market User certificates Device certificates Server certificates Specialty Certificates (National ID Cards)
  • 3. © 2014 IT-Harvest | 3IDENTITY PLATFORMS This paper is sponsored by Entrust. ELEMENTS OF A COMPLETE IDENTITY PLATFORM ARE: Deployable across multiple domains: Physical. Create, deploy and manage authenticators for access to secure facilities, data centers and segmented work environments. Logical: Control access to networks and devices. Solve the privileged user problem. Cloud: Control authentication to hosted environments for administrators and end- users of cloud applications. Mobile: Not only to secure mobile devices but leverage their unique characteristics to provide device centric assurance from strong authentication. It is in the category of mobile device access that authentication platforms are most crucial. The most common threat to enterprise data posed by mobile devices is careless, but well- intentioned people who travel with un- protected or under-protected mobile devices that have been set to access corporate applications, data stores and, especially, email. Many users, feeling that they simply must have access to all their email wherever they are, set their mobile device mail client to download their entire corporate inbox, and to keep it synchronized. By allowing role, persona and Geo-IP-based authentication tools and integrating well with an MDM, an authentication platform can help protect employees (and the enterprise) from themselves by automatically limiting the type and volume of data that may be accessed via a mobile device based on a range of circumstances such as country location. Identity Platforms January 2014 User Certificates Device Certificates Server Certificates Specialty Certificates • Reporting • Workflow • Discovery • Notifications • Management • Auditing • Online help • Licensing • Personalization • eCommerce • API’s • Communicator AdminSelfServiceAPI’s Entrust ® IdentityGuard Cloud Services
  • 4. © 2014 IT-Harvest | 4IDENTITY PLATFORMS This paper is sponsored by Entrust. Identity Platforms January 2014 FLEXIBLE AND EXTENSIBLE Many organizations have large investments in identity solutions. An identity platform should allow for the co-deployment of new authenticators alongside legacy solutions. Integrations into legacy systems and modern cloud-based applications will also improve the investment made in an identity-based security framework. A robust API should allow rapid integration with existing solutions. To improve authentication beyond traditional factor-based methods will also improve security by providing rich context- and risk-appropriate measures that enable trust elevation, when necessary. This is accomplished through the use of a flexible policy engine, leveraging context about the user’s environment and scoring the risk associated with transactions or access requests. By combining these mechanisms, a more intelligent decision can be made and, if necessary, an elevation of trust in the user’s identity required or potentially the request denied outright. EASE OF MANAGEMENT An identity platform should have a Web front-end that is easy to access, has strong security controls,and can handle all forms of authentication with role assignments, and graduated strength depending on use case (e.g., location, time, etc.). Users should be able to enroll and get the required credentials quickly and with the least pain. To the lay-user, the authentication platform will cause the most pain, and will be most expensive in terms of support. This will likely occur at the personal-authentication level with password and multi-factor authentication methods, including one-time passcode hardware or software tokens, biometric devices, USB, virtual or physical access cards. When these are combined with other factors such as Geo-IP limiting, cross-method compatibility is essential to provide a smooth experience. Nothing is more frustrating to a user than entering the correct credentials but being locked out of a critical business application, outside business hours, because of a security measure outside his control. Federation is one of the most difficult scenarios to accomplish, especially when multiple entities must be able to provide access to each other’s users. An identity platform should have the capability to overcome the complexities of federation. SAML (Security Assertion Markup Language) remains the dominant method used by enterprises and governments alike. This enables the use of third-party applications and systems without requiring user credentials to leave the secure environment. As cloud-based business practices expand, this capability will improve the user’s experience and drastically reduce the risk associated with relying on third-party security measures and the explosion of corresponding identities. Entrust Identity Platform Mobile Traditional Authentication Cloud/Federation Physical/Logical Access Transaction Signing X.509 as-a-service
  • 5. © 2014 IT-Harvest | 5IDENTITY PLATFORMS This paper is sponsored by Entrust. Leveraging open standards (e.g., SAML, OATH (Open Authentication) or x.509) is a crucial exercise for all security practices. The improved interoperability afforded by these standards helps streamline integration across various endpoints and systems that have no traditional ways of communicating. This also allows security assertions to be passed from an identity platform to a system that does not include built-in security mechanisms. In addition, the very nature of an open ecosystem is meant to increase collaboration to improve security and efficiency of the protocols. A prime example is the cryptography community’s focus on constantly improving the mathematical underpinnings of ciphers, algorithms and random- number generation, to name a few. By supporting authentication in such a modular, “as-a-service” or on-premise architecture, the inherent flexibility of the system will lend itself to a more secure experience. The simpler and more transparent the platform, the less likely will be efforts by users to subvert it. A robust identity platform will finally end the Tower-of-Babble of authentication solutions that most enterprises have struggled with as their identity solutions proliferate. Consolidation into a single identity platform will offer measurable op-ex savings while providing the best “security return on investment.” Richard Stiennon Chief Research Analyst IT-Harvest January, 2014 Identity Platforms January 2014