Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CIS13: The Need for Advanced Authentication: A Service Provider Case Study

608 views

Published on

Kurt Hagerman, Director of Information Security, FireHost
Hear how one cloud service provider implemented advanced authentication for both its own internal use and for its customers. We’ll lay out the process they followed, from building use cases and gathering requirements, to vendor selection and product implementation.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

CIS13: The Need for Advanced Authentication: A Service Provider Case Study

  1. 1. Cloud Identity 2013 Summit 10 July, 2013 The Need for Advanced Authentication – a Service Provider Case Study Kurt Hagerman Director of Information Security
  2. 2. Agenda •  Defining the Business Problem •  Identifying Use cases •  Defining the Requirements •  Vendor Selection •  Product Implementation The Need for Advanced Authentication A CASE STUDY
  3. 3. Defining the Business Problem •  Ability to achieve and maintain compliance with PCI and HIPAA as a service provider/business associate •  Segment users from infrastructure and customer systems •  Implement “best practice” authentication, especially for administrative access •  Provide for secure remote access for corporate and administrative uses as well as customers worldwide •  Be able to clearly articulate our authentication process The Need for Advanced Authentication A CASE STUDY
  4. 4. Identifying Use Cases CORPORATE •  Provide secure remote access to corporate network •  Provide secure administrative access (local and remote) to both cloud infrastructure and customer servers CUSTOMER •  Provide secure remote administrative access to virtual servers •  Enable secure access to customer portal The Need for Advanced Authentication A CASE STUDY FireHost faced multiple uses cases involving both corporate and customer users.
  5. 5. Defining the Requirements •  Easy to use •  Tokenless solution •  No client side software required •  PIN based authentication •  LDAP / AD integration •  API for automated provisioning •  On-premise solution option The Need for Advanced Authentication A CASE STUDY
  6. 6. Vendor Selection •  Researched potential vendor sites to develop a short list for further consideration •  Contacted vendors and scheduled meetings to discuss their solutions and get more technical detail as well as pricing information •  Created a features matrix for each vendor and selected a desired solution for POC •  Executed POC testing of leading candidate solution •  After successful POC, recommendation made to purchase and implement the lead solution •  PhoneFactor was purchased and implemented for all use cases. The Need for Advanced Authentication A CASE STUDY
  7. 7. Lessons Learned The Need for Advanced Authentication A CASE STUDY •  Understand your business requirements •  Fully define your use cases before reviewing vendors •  Understand vendor’s feature roadmap •  Review vendor implementation documentation •  Vet the vendors backend system environment for availability, scalability and geographic coverage •  Understand vendor SLAs
  8. 8. Thank You Questions? Kurt Hagerman Email kurt.hagerman@firehost.com Phone +1 877 262 3473 x8073 The Need for Advanced Authentication A CASE STUDY

×