Insert Your Name
Insert Your Title
Insert Date
SafeNet Authentication Service
Introducing Authentication “as-a-Service”
Ro...
2© SafeNet Confidential and Proprietary
Algemeen
Werken met web
applicaties
Bedrijf/organisatie
oogpunt
Met web applicatie...
3© SafeNet Confidential and Proprietary
Situatie - Behoefte
Bring Your Own Device (BYOD)
Tijd / plaats onafhankelijk werke...
4© SafeNet Confidential and Proprietary
Situatie - Behoefte
• Beveiliging
– Indien 1 keer inloggen of gegevens zijn
kritis...
5© SafeNet Confidential and Proprietary
Bent u wel wie u zegt wie u bent?
6© SafeNet Confidential and Proprietary
Bent u wel wie u zegt wie u bent?
7© SafeNet Confidential and Proprietary
Wachtwoorden zijn zwak en onveilig
8© SafeNet Confidential and Proprietary
Wachtwoord en het beleid
9© SafeNet Confidential and Proprietary
Wachtwoord en het beleid
10© SafeNet Confidential and Proprietary
Gebruikers en wachtwoorden
11© SafeNet Confidential and Proprietary
Gebruikers en wachtwoorden
12© SafeNet Confidential and Proprietary
Oplossing
Gebruiker
Multi factor login
Werk met de web
applicaties zonder extra
w...
13© SafeNet Confidential and Proprietary
Welk token past bij mijn gebruikers?
Hardware?
“Tokenless”?
“apps” op smartphone?...
User Directory Sources
16© SafeNet Confidential and Proprietary
BlackShield Cloud supports any user store
 Simple Agent i...
Introduction: Protect Everything: Networks,
Applications and Cloud Services
17
Online
Storage
Application
Hosting
SAML
Tok...
Introduction: Widest Choice of Tokens,
including Tokenless & 3rd Party
 Authenticators for every user type – and an incre...
Token policies and security
 Ability to set token Policies
• Pre-configured to best practice for optimal security
• Recon...
Introduction: Automate everywhere
 SafeNet Authentication Service automates
everything, reducing management time, the mai...
LDAP Changes
 Automatic updates of LDAP changes
21
User Synchronisation
Users
User Changes
Directory
Server
LDAP
Agent
Gr...
Multi-tier, Multi-tenant
• Support multiple companies, divisions, business units,
LDAPs etc. on a single platform.
• Each ...
Multiple Business Unit entities, Groups &
Containers
23
Main Company
USA
R&D Operations Sales
EMEA
R&D Sales Administratio...
Multi-tier / Multi-tenant management
Administration
Portal
Delegated
management
Defining the management structure Roles & Scope
A role decides “what an operator can do”
Hide, show, enable or disable tab...
Customization
Customize
Everything
User
Experiences
Branding
Reporting
Administrator
Experience
Administrator
and
Operator...
Branding
Branding
Branding of
Portal
Dedicated
URLs
Branding of
Documentation
Customisation
of SMS
Messages and
Emails
Tok...
D Customization and Branding
Reporting
 Major additions to reporting
• Security Policy (11)
• Compliance (13)
• Billing (2)
• Inventory (9)
 Fully au...
Simplify SAML registration
 Users can automatically be added to multiple groups
 Sign-in to one service and during your ...
Migrating to your new service
31
SAS-Agents
RADIUS
SAML
RADIUS Access device or
RSA Agent (any 3rd party agent)
RSA Authen...
Referenties
©CRYPTOCARD 2011
User Self-Service Portal
34
Request a new,
replacement or
temporary token
Create workflows
for approving
requests
Allow us...
Rolling out an iPhone token (MP)
This email can be from any address and can be fully customised
Select target
Step 2 Confirm email address for OTA
Download and install App
click link (step 2) to load seed file (key)
User set pin (optional)
Secure login
Safenet Authentication Service, SAS
Safenet Authentication Service, SAS
Safenet Authentication Service, SAS
Safenet Authentication Service, SAS
Safenet Authentication Service, SAS
Safenet Authentication Service, SAS
Upcoming SlideShare
Loading in …5
×

Safenet Authentication Service, SAS

1,543 views

Published on

SAS presentatie, Rob Buddingh'

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,543
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
47
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • We offer complete flexibility of token / authentication method: we believe strongly that different users in an organisation require a different experience now and in the future. We are token agnostic in that we support 3rd party OATH tokens, RSA tokens and will add more tokens / authentication methods in the futureOur architecture means that users of our tokens are NOT vulnerable to a copy of the RSA seed breachOur tokens are designed to provide better value: hardware tokens are metal and don't expire so expected life is c. Double the competitions, our soft tokens are all re-assignable as many times as you want, etcEmphasise the ease of deployment: automation and self-enrolment“We needed a reliable authentication solution that works on mobile devices. The great advantage of the BlackBerry tokens is that passwords can be accessed at any time and tokens cannot be misplaced or lost.” Balfour Beatty“We have been using Blackshield Cloud for over two years now, and have yet to replace a single token or battery. There are obvious cost and resource savings for us when using reliable long-life tokens and we are already seeing those benefits.” Specsavers
  • Key parts of our “more secure” story…Unique policy engine allows centralised control of security postureBest practice settings provided as default but all parameters are flexible so you can implement your company’s policy Automatically monitors and protects against attacks such as brute force and Denial of servicePasscode and PIN length and complexity can be set to reflect your preferred security postureOperational role segregation and delegated managementHighly granular operator role (what they can do) and scope (who they can do it to)Each operator can be given access to (or not) each button of the management UIDefault roles provided for help desk, admin etc, all customisable. See later slide
  • Safenet Authentication Service, SAS

    1. 1. Insert Your Name Insert Your Title Insert Date SafeNet Authentication Service Introducing Authentication “as-a-Service” Rob Buddingh’ IP4SURE
    2. 2. 2© SafeNet Confidential and Proprietary Algemeen Werken met web applicaties Bedrijf/organisatie oogpunt Met web applicaties kunnen we gebruikers meer zelf laten doen: medewerkers, maar ook klanten en leveranciers. Dit bespaart kosten, opent nieuwe markten en levert efficientie op. Beveiligingsoogpunt Web applicaties zijn individueel goed te beveiligen. Echter doordat de gebruiker steeds meer logins krijgt, neemt over het geheel de beveiliging af: men kiest voor hetzelfde wachtwoord of gaat wachtwoorden opschrijven in agenda. Gebruikersoogpunt Ik wordt geconfronteerd met steeds meer web applicaties. Aan de ene kant handig omdat ik altijd en overal bij kan, maar ook een groeiend aantal wachtwoorden die ik moet onderhouden.
    3. 3. 3© SafeNet Confidential and Proprietary Situatie - Behoefte Bring Your Own Device (BYOD) Tijd / plaats onafhankelijk werken Flexibiliteit Afrekenen op output? Een “goede” werkgever zijn
    4. 4. 4© SafeNet Confidential and Proprietary Situatie - Behoefte • Beveiliging – Indien 1 keer inloggen of gegevens zijn kritisch dan alleen extra beveiligd toestaan – Pro-actieve monitoring van wat er gebeurt • Bedrijf /organisatie – Elimineren van apart aanloggen van bestaande en nieuwe web applicaties – Korte implementatietijden tegen acceptabele kosten • Eindgebruiker – Het liefst 1 keer inloggen (Single Sing On) – Situatieonafhankelijk: plaats, tijdstip, computerdevice
    5. 5. 5© SafeNet Confidential and Proprietary Bent u wel wie u zegt wie u bent?
    6. 6. 6© SafeNet Confidential and Proprietary Bent u wel wie u zegt wie u bent?
    7. 7. 7© SafeNet Confidential and Proprietary Wachtwoorden zijn zwak en onveilig
    8. 8. 8© SafeNet Confidential and Proprietary Wachtwoord en het beleid
    9. 9. 9© SafeNet Confidential and Proprietary Wachtwoord en het beleid
    10. 10. 10© SafeNet Confidential and Proprietary Gebruikers en wachtwoorden
    11. 11. 11© SafeNet Confidential and Proprietary Gebruikers en wachtwoorden
    12. 12. 12© SafeNet Confidential and Proprietary Oplossing Gebruiker Multi factor login Werk met de web applicaties zonder extra wachtwoord te hoeven te gebruiken Ik heb mijn eigen extra beveiligde token dat mij toegang geeft tot mijn web applicaties. Er zijn meerdere tokens mogelijk, ik heb gekozen wat voor mij het beste aansluit. Mijn token werkt op alle devices en ik heb op alle devices toegang tot dezelfde web applicaties Computerdevices die ik gebruik Web-, nonweb applicaties, netwerken
    13. 13. 13© SafeNet Confidential and Proprietary Welk token past bij mijn gebruikers? Hardware? “Tokenless”? “apps” op smartphone? SMS authenticatie? Of een combinatie?
    14. 14. User Directory Sources 16© SafeNet Confidential and Proprietary BlackShield Cloud supports any user store  Simple Agent installed on any server • No hardware required  SQL, LDAP, AD ,ODBC, Lotus, Novell, • Others via custom field mapping  Secured using SSL links  Read only / Non intrusive  Multiple domains  Full customisation  Zero schema change In Addition users can be:  bulk imported via .csv files  created locally users LDAP Integration LDAP / Active Directory / User Source Corporate Network Corporate Network LDAP / Active Directory / User Source LDAP / Active Directory / User Source Corporate Network
    15. 15. Introduction: Protect Everything: Networks, Applications and Cloud Services 17 Online Storage Application Hosting SAML Tokens & Users Administrator Agent RADIUS API Private Networks Corporate Network Corporate Network Corporate Network Corporate Network LDAP / Active Directory LDAP / Active Directory LDAP / Active Directory LDAP / Active Directory Private Cloud Services Public Cloud Applications Collaboration Tools SAML SAML
    16. 16. Introduction: Widest Choice of Tokens, including Tokenless & 3rd Party  Authenticators for every user type – and an increasing focus on commoditisation Authenticators that:  Don’t expire  Seed keys can be owned by the subscriber  Can be easily re-assigned to new users  Easy deployment saves cost and time  A token can be included in the service charge H/W SMSBlackBerry iOS Android Microsoft Java Multi Platform USB GridMicrosoftOSx
    17. 17. Token policies and security  Ability to set token Policies • Pre-configured to best practice for optimal security • Reconfigurable to match each customer’s policy • Multiple options can be re-defined • PIN length and complexity • OTP length and complexity • Try attempts • Forced PIN change • Portal shows details of EVERY individual token  Initialisation of tokens • Software/SMS tokens initialised at point of deployment • Hardware tokens can also be initialised Security Policy Application
    18. 18. Introduction: Automate everywhere  SafeNet Authentication Service automates everything, reducing management time, the main cost of a strong authentication solution 20 User Synchronisation Security Policy Application Token Provisioning Self Enrolment SAML Service Registration Alerts Reporting
    19. 19. LDAP Changes  Automatic updates of LDAP changes 21 User Synchronisation Users User Changes Directory Server LDAP Agent GroupsAccess Device or Application Policies & Rules Self Enrollment Authentication
    20. 20. Multi-tier, Multi-tenant • Support multiple companies, divisions, business units, LDAPs etc. on a single platform. • Each appear as a distinct BlackShield server. 22 Service Provider
    21. 21. Multiple Business Unit entities, Groups & Containers 23 Main Company USA R&D Operations Sales EMEA R&D Sales Administration APAC R&D Operations  Gain power and flexibility to support • Delegated administration and localization within business units or departments • Local and centralized user directories • Local and central authentication points: VPNs, applications and network devices • Organizations lower in the hierarchy can inherit policies and settings • Avoid multiple instances of authentication servers
    22. 22. Multi-tier / Multi-tenant management Administration Portal Delegated management
    23. 23. Defining the management structure Roles & Scope A role decides “what an operator can do” Hide, show, enable or disable tabs, modules and actions to form a role The scope decides “who you can do it for” Use organisations and containers to control the scope Roles are defined per Organisation
    24. 24. Customization Customize Everything User Experiences Branding Reporting Administrator Experience Administrator and Operator Role Management Infrastructure Security Policies  Customize Everything • User experiences • User messages such as enrolment, token related (SMS or software) alerts etc • Log-on experience • Self service experience • Administrator experience • Language • Alert messages • Branding • Infrastructure • SMS Gateways • Modems • Reporting • Security • Policy engine • OTP policy • Administrator and operator Role Management
    25. 25. Branding Branding Branding of Portal Dedicated URLs Branding of Documentation Customisation of SMS Messages and Emails Token Branding Options Branding of Self-Service Portal  Brand Everything • Branding of Portal • Branding of Self-Service Portal • Token branding options • Customisation of SMS messages and emails • Default messages • SP text within message • Customer text within message • Customise deployment message • Dedicated URLs • Portal • Self Enrollment • Self Service • Branding of documentation
    26. 26. D Customization and Branding
    27. 27. Reporting  Major additions to reporting • Security Policy (11) • Compliance (13) • Billing (2) • Inventory (9)  Fully automated delivery • Output in html, csv, tab, xml • Delivery via FTP, SFTP, SCP • Restrict access by role 29
    28. 28. Simplify SAML registration  Users can automatically be added to multiple groups  Sign-in to one service and during your session you are automatically signed in to all your services  Sign-out to leave all services 30 SAML Service Registration UserID: Bill Password: “OTP” SAML Assertion bill@gmail.com SAML Assertion blaham@cryptocard.com SAML Assertion bill
    29. 29. Migrating to your new service 31 SAS-Agents RADIUS SAML RADIUS Access device or RSA Agent (any 3rd party agent) RSA Authentication Manager w/RADIUS (any 3rd party auth. Server) RADIUS Add Auth.Manager as an Auth Node Add SAS as a RADIUS Client BEFORE Use any token type AFTER
    30. 30. Referenties ©CRYPTOCARD 2011
    31. 31. User Self-Service Portal 34 Request a new, replacement or temporary token Create workflows for approving requests Allow users to customise their portal Provide language variants to match user needs Users can resolve common problems
    32. 32. Rolling out an iPhone token (MP)
    33. 33. This email can be from any address and can be fully customised
    34. 34. Select target
    35. 35. Step 2 Confirm email address for OTA
    36. 36. Download and install App
    37. 37. click link (step 2) to load seed file (key)
    38. 38. User set pin (optional)
    39. 39. Secure login

    ×